Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
File: 28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa (raw, json)
Hash identifier: 7Ld7uF34j6vkR1BUtqp8Lzk5ntySHTshhgcmHjSFkww=
Subject key identifier: A2:04:81:DF:B6:6B:B1:8B:C7:9B:D9:D7:01:89:5C:FE:71:06:E9:FC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7728EC430A5FB3E666AC6E015349356EA3ECA386
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
Signing time: Tue 05 Aug 2025 19:20:23 +0000
ROA not before: Tue 05 Aug 2025 19:20:23 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:80e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:28:ec:43:0a:5f:b3:e6:66:ac:6e:01:53:49:35:6e:a3:ec:a3:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:20:23 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=c6fab69b63119ee91bdde589c33e3890b8ec6da58135ba8d17a95a4a927f35df, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:42:4b:e0:13:0e:6c:e1:87:4b:76:d4:ab:d9:
53:87:38:1f:ca:9c:57:8c:c4:ec:bc:1d:88:55:d4:
13:43:74:69:1a:cd:d2:ae:05:75:2d:9b:e8:1d:45:
83:6b:87:61:cf:cc:b7:ca:e2:bc:6d:88:d2:73:9b:
0b:c7:fa:d6:90:a6:63:bb:20:e2:0a:cf:38:16:33:
22:46:f7:ce:8e:39:51:3a:4f:a2:34:81:96:0d:a3:
ff:2f:73:c8:f8:f1:4d:69:28:f7:28:bf:5f:f0:d3:
32:8a:b4:24:88:10:25:be:8a:41:27:34:75:7f:22:
d3:73:c4:d7:8a:04:2f:4b:e4:68:ca:ba:e7:f7:3b:
42:02:e1:bd:3c:70:1e:c9:3f:20:1d:28:2e:31:14:
01:4f:44:87:f9:fa:30:63:2e:78:e8:75:32:17:47:
19:98:72:11:af:ac:a1:db:a1:35:77:bd:69:7d:68:
a2:48:49:1b:1f:c6:39:b9:ff:53:15:ea:39:38:dd:
87:7f:00:6f:e6:40:b5:3e:10:85:26:74:01:aa:0e:
28:88:8b:5a:9a:b3:01:77:0e:31:a8:0b:7b:e2:92:
bc:4a:c3:b4:22:68:73:67:a2:1d:e6:be:17:2f:18:
55:ed:8e:1e:6d:3e:98:15:f2:78:f8:20:0e:62:85:
27:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:04:81:DF:B6:6B:B1:8B:C7:9B:D9:D7:01:89:5C:FE:71:06:E9:FC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:80e0::/48
Signature Algorithm: sha256WithRSAEncryption
9a:dc:b0:21:5e:6f:1a:3c:2a:c1:f7:f0:b8:2d:27:5f:f7:dc:
22:14:a5:bd:bb:50:bc:db:fd:e7:d1:28:1c:25:62:17:0a:d2:
31:f4:3d:1e:61:4f:10:0e:43:ac:c3:32:73:d6:24:4c:77:02:
9c:56:07:e5:cd:d9:10:4e:fa:3d:42:e1:1b:fd:2a:b3:4e:89:
4d:c8:56:f3:93:5e:32:65:8f:bc:f3:7e:a2:2e:2b:63:32:a8:
39:f0:7d:75:3b:df:58:07:9b:65:8b:76:0e:6e:a1:d9:b5:0c:
2a:a1:70:5e:34:50:88:5d:7f:73:a8:bf:fa:86:e8:83:07:cb:
dc:0b:8e:18:0f:b6:fd:66:ba:03:b9:92:17:3b:82:49:fe:90:
64:84:11:7b:78:3d:03:7c:8d:02:2f:84:3e:62:56:7e:5f:a7:
4f:1e:74:dc:f7:25:2e:f2:50:af:e3:a8:3c:6f:2b:63:80:7f:
21:0b:ff:5a:3f:3c:78:14:ce:1b:b0:18:6b:c8:9f:f5:1f:95:
45:25:0a:03:c4:5d:20:3d:dd:fd:fa:de:18:ab:af:9d:8d:35:
a7:7d:77:2d:9d:5d:b2:4a:b4:ee:bf:15:26:e4:2b:d9:fe:76:
65:d1:07:25:5c:8a:8a:e0:89:f2:2d:d3:fb:11:cb:6c:9e:19:
65:d4:3c:36
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUdyjsQwpfs+ZmrG4BU0k1bqPso4YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTIwMjNaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2ZmFiNjliNjMxMTllZTkxYmRkZTU4OWMzM2UzODkwYjhlYzZkYTU4MTM1
YmE4ZDE3YTk1YTRhOTI3ZjM1ZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZCS+ATDmzhh0t21KvZU4c4H8qcV4zE7LwdiFXUE0N0aRrN0q4FdS2b6B1F
g2uHYc/Mt8rivG2I0nObC8f61pCmY7sg4grPOBYzIkb3zo45UTpPojSBlg2j/y9z
yPjxTWko9yi/X/DTMoq0JIgQJb6KQSc0dX8i03PE14oEL0vkaMq65/c7QgLhvTxw
Hsk/IB0oLjEUAU9Eh/n6MGMueOh1MhdHGZhyEa+soduhNXe9aX1ookhJGx/GObn/
UxXqOTjdh38Ab+ZAtT4QhSZ0AaoOKIiLWpqzAXcOMagLe+KSvErDtCJoc2eiHea+
Fy8YVe2OHm0+mBXyePggDmKFJ8kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSiBIHf
tmuxi8eb2dcBiVz+cQbp/DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjhmYzQzYWQtMGMzYi00ZDc3LWFhMzItNWVmYzQzMWU2OWMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
4DANBgkqhkiG9w0BAQsFAAOCAQEAmtywIV5vGjwqwffwuC0nX/fcIhSlvbtQvNv9
59EoHCViFwrSMfQ9HmFPEA5DrMMyc9YkTHcCnFYH5c3ZEE76PULhG/0qs06JTchW
85NeMmWPvPN+oi4rYzKoOfB9dTvfWAebZYt2Dm6h2bUMKqFwXjRQiF1/c6i/+obo
gwfL3AuOGA+2/Wa6A7mSFzuCSf6QZIQRe3g9A3yNAi+EPmJWfl+nTx503PclLvJQ
r+OoPG8rY4B/IQv/Wj88eBTOG7AYa8if9R+VRSUKA8RdID3d/freGKuvnY01p313
LZ1dskq07r8VJuQr2f52ZdEHJVyKiuCJ8i3T+xHLbJ4ZZdQ8Ng==
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:53:58 2025 by rpki-client