Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: mEI5PM5oLgBxV0wq6JMQoM6fFkXLuzDUq9Qrb5190Qk=
Subject key identifier: 3B:62:63:53:16:7D:1A:41:9D:83:0B:F0:3C:15:0F:09:EE:AA:8C:3C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 25D34B793CF36A12884D3DA32502B5C4416DD415
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Tue 05 Aug 2025 19:41:22 +0000
ROA not before: Tue 05 Aug 2025 19:41:22 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:d3:4b:79:3c:f3:6a:12:88:4d:3d:a3:25:02:b5:c4:41:6d:d4:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:41:22 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=c49fad59e128c656e572337d3ded84e74d10ec54150cc5f387976ab6e0aacc88, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:6b:a0:5c:a9:85:b2:3c:f3:7d:49:de:b6:e4:
f5:9a:f5:e9:63:f2:0a:d4:31:32:fb:42:ab:a0:23:
4d:f3:c1:58:cf:44:d7:81:99:92:19:41:31:c6:29:
59:3a:98:7b:0c:7c:91:0c:27:66:59:7d:ea:7c:d8:
23:af:09:54:aa:a2:8e:c7:55:67:c2:2c:6b:36:cb:
b3:95:a0:77:a0:39:a8:f2:8f:7a:99:0f:0a:38:e6:
27:a3:59:bf:ad:95:ae:8f:73:59:7d:0a:50:fe:1f:
81:88:2d:4e:1f:ec:80:0d:10:c7:41:4e:47:76:70:
a5:3d:55:50:61:fc:e7:f8:32:56:c4:1d:d9:0b:d3:
72:3a:d5:ec:5d:63:bc:29:c3:ab:c7:8b:b3:e2:bc:
43:ce:1d:a1:2c:1d:46:be:00:fa:f5:51:b1:38:cd:
80:1a:6d:8c:e7:aa:4f:ef:84:a6:cc:ab:92:27:1e:
74:21:c0:21:6c:f7:71:1a:76:dd:4e:90:f7:92:f4:
1e:90:27:c0:1d:54:ed:af:7b:2a:fe:36:ab:ee:24:
90:17:b9:cb:1d:76:2a:4b:be:f7:99:46:97:35:36:
95:1d:91:96:52:3e:03:94:fc:f3:c4:b3:85:b0:48:
88:48:20:46:aa:f3:8a:a5:cb:22:a0:17:e1:e5:e4:
e6:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:62:63:53:16:7D:1A:41:9D:83:0B:F0:3C:15:0F:09:EE:AA:8C:3C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
2a:30:4f:1e:25:95:e8:05:33:c6:5e:60:08:9c:e9:aa:83:5f:
b1:f4:1c:63:c2:72:8b:73:5d:1d:d5:9f:7f:a8:40:75:eb:8b:
41:60:25:b2:91:8e:58:ae:1d:a3:c8:36:16:c0:28:da:f1:d6:
ac:80:c9:ff:16:45:2e:6f:67:d0:3d:f5:b1:5d:18:46:98:49:
7b:2e:ff:f4:c5:66:d1:7b:a4:48:7f:ae:a7:0b:38:51:13:62:
51:bc:65:8d:66:c2:f3:08:4d:cf:62:46:56:6c:8d:bc:55:32:
58:b2:29:be:7b:d2:98:9f:40:7a:08:05:cd:86:c7:bb:f0:8d:
e0:46:11:6c:54:81:59:e6:0b:9c:83:ef:95:f0:9c:8d:f2:d0:
25:d4:e4:b2:a8:4e:07:79:f9:9d:b2:7b:be:fb:15:23:fb:ab:
20:a9:12:e9:0b:85:8a:7c:f2:1c:d7:74:e5:b7:2e:35:3e:52:
1d:a3:f7:4e:b4:1f:78:84:a1:03:33:24:e7:87:19:97:c9:29:
00:09:fc:67:50:a5:b4:cc:50:c9:00:22:a3:2a:22:46:e5:aa:
35:d6:18:01:14:bd:33:c5:a7:c9:94:14:3c:50:42:aa:7e:9f:
fb:33:12:2d:b1:0a:3f:ae:72:e0:11:f6:bd:43:45:f4:e1:14:
54:3e:91:93
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJdNLeTzzahKITT2jJQK1xEFt1BUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQxMjJaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0OWZhZDU5ZTEyOGM2NTZlNTcyMzM3ZDNkZWQ4NGU3NGQxMGVjNTQxNTBj
YzVmMzg3OTc2YWI2ZTBhYWNjODgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI1roFyphbI8831J3rbk9Zr16WPyCtQxMvtCq6AjTfPBWM9E14GZkhlBMcYp
WTqYewx8kQwnZll96nzYI68JVKqijsdVZ8IsazbLs5Wgd6A5qPKPepkPCjjmJ6NZ
v62Vro9zWX0KUP4fgYgtTh/sgA0Qx0FOR3ZwpT1VUGH85/gyVsQd2QvTcjrV7F1j
vCnDq8eLs+K8Q84doSwdRr4A+vVRsTjNgBptjOeqT++EpsyrkicedCHAIWz3cRp2
3U6Q95L0HpAnwB1U7a97Kv42q+4kkBe5yx12Kku+95lGlzU2lR2RllI+A5T888Sz
hbBIiEggRqrziqXLIqAX4eXk5s0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ7YmNT
Fn0aQZ2DC/A8FQ8J7qqMPDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQAqME8eJZXoBTPGXmAInOmqg1+x9BxjwnKLc10d
1Z9/qEB164tBYCWykY5Yrh2jyDYWwCja8dasgMn/FkUub2fQPfWxXRhGmEl7Lv/0
xWbRe6RIf66nCzhRE2JRvGWNZsLzCE3PYkZWbI28VTJYsim+e9KYn0B6CAXNhse7
8I3gRhFsVIFZ5gucg++V8JyN8tAl1OSyqE4Hefmdsnu++xUj+6sgqRLpC4WKfPIc
13Tlty41PlIdo/dOtB94hKEDMyTnhxmXySkACfxnUKW0zFDJACKjKiJG5ao11hgB
FL0zxafJlBQ8UEKqfp/7MxItsQo/rnLgEfa9Q0X04RRUPpGT
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:51:47 2025 by rpki-client