Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
File: 4e84f0a8-9d20-4219-b641-9a6905a033d9.roa (raw, json)
Hash identifier: YBgXpvE/4uWWKHoMM2+By3qzKI25cg4WfCl0bKeb1jo=
Subject key identifier: 44:BA:B5:9A:F9:35:ED:13:E1:E7:33:9E:2E:A2:66:52:F2:DE:30:6C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 11994839907FE3366633F95A3AB9F581164B1D57
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
Signing time: Tue 05 Aug 2025 18:50:14 +0000
ROA not before: Tue 05 Aug 2025 18:50:14 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:a040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:99:48:39:90:7f:e3:36:66:33:f9:5a:3a:b9:f5:81:16:4b:1d:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 18:50:14 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=6beb80cef388adaf11d3577ba8cd307724f2949e3b3ed704842c629368ca422c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:7f:1e:14:a6:84:b3:a1:9a:f4:65:e3:c4:81:
8c:e4:82:d1:19:47:b3:d6:f5:cd:cf:4f:42:d3:ed:
a5:72:d9:cc:6d:6b:f0:b6:96:4e:bd:02:89:40:7c:
26:d0:76:51:d8:8d:2d:2d:fb:59:6b:6b:a9:99:f2:
11:d7:c2:b4:9f:5f:aa:88:12:b2:2d:dd:4f:5d:34:
d4:f9:ac:3d:2d:8c:b9:90:c6:57:16:fe:64:4c:00:
8f:5f:ed:12:fd:d6:99:ed:c0:43:48:38:27:44:21:
b0:89:97:35:30:9c:e6:c4:34:43:55:c4:e9:c0:a7:
84:1a:b4:4e:04:0b:80:40:fc:76:9e:1a:40:09:ed:
bb:54:bc:1a:d4:a1:b5:f5:06:b5:8c:c9:7e:e9:79:
e6:c6:e6:75:26:5d:a7:a9:4c:f5:bd:b5:b8:20:85:
7f:c5:70:7a:4f:29:44:16:a3:4f:dc:3d:70:60:c2:
fb:5d:80:ac:48:c5:48:c6:d9:a8:b8:cf:0b:a0:8d:
6f:51:04:f2:16:94:31:30:1b:fe:a8:c5:23:77:f8:
31:e9:11:12:0c:04:2d:6a:40:17:9a:5c:a3:9e:97:
6c:5b:7c:34:38:57:7c:cb:2c:d6:89:2e:f7:c8:66:
25:a8:55:ee:0c:9d:62:b7:d1:76:89:7a:ba:d4:47:
bd:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:BA:B5:9A:F9:35:ED:13:E1:E7:33:9E:2E:A2:66:52:F2:DE:30:6C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:a040::/48
Signature Algorithm: sha256WithRSAEncryption
63:c7:cc:d9:23:e0:70:1e:50:b2:7f:30:04:6b:33:30:6c:18:
4c:2a:aa:09:6b:24:2e:d6:1b:f6:e1:0e:71:07:7a:bb:59:63:
50:ff:8e:ce:b9:73:f2:2c:00:65:58:3a:88:c9:30:6c:2f:cf:
90:cd:a4:79:f5:64:30:a6:b2:33:69:d2:3f:d1:6d:d2:3e:81:
71:74:80:1e:b8:81:38:d3:fe:a0:19:d3:82:17:6b:a4:f1:89:
35:26:d5:4a:3b:c7:e2:e2:e8:25:e0:ed:8c:dd:ee:03:84:8a:
13:7f:e5:1a:fc:35:89:85:86:66:ca:65:b9:1c:a6:d8:b0:fc:
46:c6:66:6c:ef:08:ff:20:50:4c:4b:10:9a:63:f4:03:11:2b:
cd:67:b7:ea:8e:fb:c3:7b:4a:bc:cf:66:00:86:d9:c9:ee:b2:
a7:db:3c:b9:4d:ac:b6:1b:e9:38:f6:bf:24:2c:9c:de:6d:9b:
6f:a3:da:07:dd:64:38:23:08:08:8b:a5:e2:61:14:13:f9:cb:
0f:2f:e6:c2:ed:54:b5:f6:46:99:7c:1d:cb:fd:f1:99:ef:ea:
a6:88:15:e3:6a:71:26:1c:53:4e:a4:7a:45:90:99:7a:8a:6a:
25:97:3a:29:bd:4d:48:ef:ed:9b:f1:d4:02:87:0c:fd:45:74:
8d:8b:ee:40
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEZlIOZB/4zZmM/laOrn1gRZLHVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxODUwMTRaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiZWI4MGNlZjM4OGFkYWYxMWQzNTc3YmE4Y2QzMDc3MjRmMjk0OWUzYjNl
ZDcwNDg0MmM2MjkzNjhjYTQyMmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMB/HhSmhLOhmvRl48SBjOSC0RlHs9b1zc9PQtPtpXLZzG1r8LaWTr0CiUB8
JtB2UdiNLS37WWtrqZnyEdfCtJ9fqogSsi3dT1001PmsPS2MuZDGVxb+ZEwAj1/t
Ev3Wme3AQ0g4J0QhsImXNTCc5sQ0Q1XE6cCnhBq0TgQLgED8dp4aQAntu1S8GtSh
tfUGtYzJful55sbmdSZdp6lM9b21uCCFf8Vwek8pRBajT9w9cGDC+12ArEjFSMbZ
qLjPC6CNb1EE8haUMTAb/qjFI3f4MekREgwELWpAF5pco56XbFt8NDhXfMss1oku
98hmJahV7gydYrfRdol6utRHvQUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBREurWa
+TXtE+HnM54uomZS8t4wbDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGU4NGYwYTgtOWQyMC00MjE5LWI2NDEtOWE2OTA1YTAzM2Q5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKg
QDANBgkqhkiG9w0BAQsFAAOCAQEAY8fM2SPgcB5Qsn8wBGszMGwYTCqqCWskLtYb
9uEOcQd6u1ljUP+Ozrlz8iwAZVg6iMkwbC/PkM2kefVkMKayM2nSP9Ft0j6BcXSA
HriBONP+oBnTghdrpPGJNSbVSjvH4uLoJeDtjN3uA4SKE3/lGvw1iYWGZspluRym
2LD8RsZmbO8I/yBQTEsQmmP0AxErzWe36o77w3tKvM9mAIbZye6yp9s8uU2sthvp
OPa/JCyc3m2bb6PaB91kOCMICIul4mEUE/nLDy/mwu1UtfZGmXwdy/3xme/qpogV
42pxJhxTTqR6RZCZeopqJZc6Kb1NSO/tm/HUAocM/UV0jYvuQA==
-----END CERTIFICATE-----
Generated at Sat Aug 23 10:04:29 2025 by rpki-client