Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
File: 599e0695-4b67-4a37-994a-8c71d61260b3.roa (raw, json)
Hash identifier: Hcd9EmKjWgWg8czAKTN0D/5w9cWCJeiuZBjvUryYxwQ=
Subject key identifier: FB:D4:A1:5C:9D:9D:5E:EA:A4:F6:E1:C0:7F:C1:B3:7E:7B:29:24:D5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 47F89ED10D1D8C5A75B87031D98B31AF5A5AA005
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
Signing time: Tue 05 Aug 2025 19:10:16 +0000
ROA not before: Tue 05 Aug 2025 19:10:16 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:f8:9e:d1:0d:1d:8c:5a:75:b8:70:31:d9:8b:31:af:5a:5a:a0:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:10:16 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=07e7530e06b4d4acd287b411acf5bea7403e8e136d1dcc2cc24f470ce21b5ab1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:13:39:bf:03:2d:64:de:4a:42:e7:ef:46:7c:
4d:68:7a:1b:a0:16:fe:72:a3:6c:a0:1e:d2:ac:c3:
fe:fc:d0:8a:f6:f8:cf:17:f6:d4:c9:91:d0:6d:66:
df:d2:d0:4d:ac:1e:dd:99:cd:7e:74:9a:60:e1:ca:
be:ea:cd:b6:47:ba:af:f3:ec:3d:8c:b1:ae:f3:27:
1e:22:8a:fb:b9:fe:6c:f1:c2:a4:af:0b:83:ab:20:
c5:85:1b:e8:e7:f7:11:10:85:aa:cc:40:89:03:45:
aa:59:17:54:d6:b7:93:68:ef:96:42:6a:44:08:b5:
1c:5e:3e:d8:4d:2c:07:b3:9b:5f:83:73:9a:6b:b8:
ff:9f:42:da:9d:c2:d0:82:28:8e:46:17:58:4c:85:
da:bb:b5:5d:05:06:02:b2:72:7b:4f:43:b8:16:e7:
04:ea:51:01:70:1c:f0:88:7a:89:af:32:ea:31:16:
5e:1e:ad:a1:79:b5:a3:af:52:25:71:f2:78:78:49:
d0:60:24:1d:a8:16:14:76:96:70:02:5d:4a:22:c5:
ca:20:45:42:b4:a3:18:38:e7:93:f6:75:d5:9c:e5:
bf:5b:93:5e:37:9d:69:55:3b:66:cc:44:18:34:5e:
f7:1d:dd:da:36:0d:fc:c2:fa:0b:27:bc:1f:3c:2d:
f5:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:D4:A1:5C:9D:9D:5E:EA:A4:F6:E1:C0:7F:C1:B3:7E:7B:29:24:D5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
24:3f:d3:78:79:4b:59:f5:7a:d5:99:11:22:14:7d:f4:05:9a:
e3:f3:fb:2b:62:5d:5c:12:d4:ef:d7:04:c9:bd:70:98:70:2f:
35:52:c9:13:22:59:31:bc:5b:4b:97:6a:49:1d:0c:01:ba:b0:
26:ad:45:b7:ee:f9:56:a6:3f:8e:44:ce:c4:85:ad:da:20:fa:
f1:6b:ca:e0:cd:45:a6:a8:34:0f:7b:7a:5e:cc:f9:51:a0:f2:
ce:9a:84:f0:f9:26:c7:cb:fb:c0:5e:f2:24:23:59:39:83:c0:
42:f6:dc:05:21:2c:c3:6d:d0:3d:74:fa:83:bf:a3:4d:e8:d0:
4a:84:87:da:44:3e:29:e9:4b:bd:6b:a0:71:87:90:60:e1:6a:
ed:ca:bd:31:6e:e0:b1:65:8a:55:a8:7a:f7:e5:b4:b6:76:b6:
a6:db:6a:03:43:8f:b6:14:84:be:09:59:c9:bf:a9:1b:a6:10:
0a:e6:a1:b3:f3:7d:03:72:43:8a:0f:50:e7:f6:95:42:0e:7c:
a6:f0:4d:ae:a3:59:88:61:b2:6d:28:98:49:cc:c2:ae:88:68:
c7:74:c5:bb:0e:64:eb:47:75:22:72:6c:22:30:fe:7f:5d:ee:
54:29:c5:d9:c7:86:8a:99:6c:09:65:d6:c4:07:2d:38:dc:eb:
96:46:14:55
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUR/ie0Q0djFp1uHAx2Ysxr1paoAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTEwMTZaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3ZTc1MzBlMDZiNGQ0YWNkMjg3YjQxMWFjZjViZWE3NDAzZThlMTM2ZDFk
Y2MyY2MyNGY0NzBjZTIxYjVhYjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQTOb8DLWTeSkLn70Z8TWh6G6AW/nKjbKAe0qzD/vzQivb4zxf21MmR0G1m
39LQTawe3ZnNfnSaYOHKvurNtke6r/PsPYyxrvMnHiKK+7n+bPHCpK8Lg6sgxYUb
6Of3ERCFqsxAiQNFqlkXVNa3k2jvlkJqRAi1HF4+2E0sB7ObX4Nzmmu4/59C2p3C
0IIojkYXWEyF2ru1XQUGArJye09DuBbnBOpRAXAc8Ih6ia8y6jEWXh6toXm1o69S
JXHyeHhJ0GAkHagWFHaWcAJdSiLFyiBFQrSjGDjnk/Z11Zzlv1uTXjedaVU7ZsxE
GDRe9x3d2jYN/ML6Cye8Hzwt9RcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT71KFc
nZ1e6qT24cB/wbN+eykk1TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk5ZTA2OTUtNGI2Ny00YTM3LTk5NGEtOGM3MWQ2MTI2MGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
wDANBgkqhkiG9w0BAQsFAAOCAQEAJD/TeHlLWfV61ZkRIhR99AWa4/P7K2JdXBLU
79cEyb1wmHAvNVLJEyJZMbxbS5dqSR0MAbqwJq1Ft+75VqY/jkTOxIWt2iD68WvK
4M1Fpqg0D3t6Xsz5UaDyzpqE8Pkmx8v7wF7yJCNZOYPAQvbcBSEsw23QPXT6g7+j
TejQSoSH2kQ+KelLvWugcYeQYOFq7cq9MW7gsWWKVah69+W0tna2pttqA0OPthSE
vglZyb+pG6YQCuahs/N9A3JDig9Q5/aVQg58pvBNrqNZiGGybSiYSczCrohox3TF
uw5k60d1InJsIjD+f13uVCnF2ceGiplsCWXWxActONzrlkYUVQ==
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:03:58 2025 by rpki-client