Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
File: 5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa (raw, json)
Hash identifier: LUw26RWaD85CorMFcsjwxeS6UEEe/quM9F+Z4CxSpE8=
Subject key identifier: F0:F7:F3:A7:8E:18:6D:AF:01:C2:0A:85:EB:EF:C2:59:35:60:58:58
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 625D20A2066FF5424A5E23F97BF04860219874EC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
Signing time: Tue 05 Aug 2025 19:51:09 +0000
ROA not before: Tue 05 Aug 2025 19:51:09 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:5d:20:a2:06:6f:f5:42:4a:5e:23:f9:7b:f0:48:60:21:98:74:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:51:09 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=89d198340ce92d5a34192f1509cc988aaaf5c09fa15bbe7331d117c60c2b50ea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:f3:af:75:35:2d:0b:a7:f6:e4:b3:c0:f8:b1:
c0:5e:32:b2:dc:b4:e9:a5:9d:60:91:b1:2d:18:b6:
e4:43:b6:c6:92:d9:7d:ce:a1:1b:cb:f4:f1:ba:2b:
eb:24:44:45:c6:29:49:79:a3:fb:c5:63:24:a7:be:
a9:5e:4f:2b:82:31:32:be:43:78:fa:98:4c:cd:af:
c6:19:80:ff:e2:cf:04:07:d6:3b:72:06:5d:ed:55:
1a:4d:b6:a2:44:23:f7:6e:ce:ff:81:1f:4b:ca:ec:
bf:ac:3d:b7:97:81:e7:bf:21:d2:fd:44:cb:e0:98:
cb:25:0a:8d:18:18:ae:e3:7b:ae:dc:12:b0:9e:90:
03:a6:87:2d:d2:97:35:d4:3c:a3:a4:d1:e2:5b:43:
1c:3e:48:fc:9c:f8:c2:98:58:1a:b5:a3:e8:88:44:
0c:33:d6:2b:f7:05:00:2e:27:88:8c:87:4d:c2:a1:
68:ed:c7:3e:f7:73:4c:e8:2c:e7:a8:dc:86:a0:d1:
01:94:17:ab:87:a7:05:08:a5:b9:59:05:1f:72:fb:
9e:61:bb:eb:70:de:ce:95:74:78:13:3c:71:17:54:
49:68:a5:56:98:eb:53:92:8e:95:dc:23:ba:a5:9e:
c9:1e:65:80:af:0f:79:d6:67:91:ec:e9:dd:6f:0e:
14:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:F7:F3:A7:8E:18:6D:AF:01:C2:0A:85:EB:EF:C2:59:35:60:58:58
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:2000::/40
Signature Algorithm: sha256WithRSAEncryption
9a:ad:b3:66:c3:09:f5:91:26:8b:2f:c3:72:6f:54:34:e7:08:
9c:7d:e7:19:2a:7f:a9:15:42:0f:5c:b9:34:4e:a2:e1:37:2d:
b1:d0:b8:8d:38:d9:cf:ca:d2:a2:3e:a9:a4:e2:00:f3:83:42:
b0:46:38:b5:90:4f:3b:de:59:71:9b:ff:e5:14:4b:ed:c5:f9:
5c:05:b5:53:a5:36:fd:13:55:f7:a7:b1:ed:e0:90:ca:f5:b2:
dd:2f:1a:6a:14:a6:93:36:46:bb:cc:62:a6:18:90:dd:f1:50:
ba:f8:55:04:7e:eb:73:97:1a:7f:fd:2e:56:cf:f7:4a:29:18:
99:ed:cd:2b:99:f1:59:bc:d5:ef:1e:56:c1:af:25:1c:2a:50:
d1:2a:f5:6b:51:03:7e:5c:e6:c8:92:5b:68:91:cf:a0:6a:7d:
4e:0f:20:96:62:5b:97:f5:3d:fb:5f:fe:c4:41:1b:74:fb:88:
81:bd:14:c3:ee:73:cf:79:af:fb:e9:f0:bc:24:30:cd:d5:77:
1e:89:2e:1e:b1:9d:2f:c6:b9:a2:8a:94:00:f8:d0:76:22:55:
1a:8d:b4:7c:22:7e:4d:68:b1:c2:55:c4:f5:71:ff:e9:48:b8:
8c:92:d4:41:6f:2e:54:3b:5f:75:da:e4:85:ef:80:dd:a1:b6:
29:0b:e8:ea
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYl0gogZv9UJKXiP5e/BIYCGYdOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTUxMDlaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5ZDE5ODM0MGNlOTJkNWEzNDE5MmYxNTA5Y2M5ODhhYWFmNWMwOWZhMTVi
YmU3MzMxZDExN2M2MGMyYjUwZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOfzr3U1LQun9uSzwPixwF4ysty06aWdYJGxLRi25EO2xpLZfc6hG8v08bor
6yRERcYpSXmj+8VjJKe+qV5PK4IxMr5DePqYTM2vxhmA/+LPBAfWO3IGXe1VGk22
okQj927O/4EfS8rsv6w9t5eB578h0v1Ey+CYyyUKjRgYruN7rtwSsJ6QA6aHLdKX
NdQ8o6TR4ltDHD5I/Jz4wphYGrWj6IhEDDPWK/cFAC4niIyHTcKhaO3HPvdzTOgs
56jchqDRAZQXq4enBQiluVkFH3L7nmG763DezpV0eBM8cRdUSWilVpjrU5KOldwj
uqWeyR5lgK8PedZnkezp3W8OFFsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTw9/On
jhhtrwHCCoXr78JZNWBYWDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWQ4ZTgzMWUtNGQ2MS00NDliLWE1MzItYTFkZDlkNzQzYWM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hog
MA0GCSqGSIb3DQEBCwUAA4IBAQCarbNmwwn1kSaLL8Nyb1Q05wicfecZKn+pFUIP
XLk0TqLhNy2x0LiNONnPytKiPqmk4gDzg0KwRji1kE873llxm//lFEvtxflcBbVT
pTb9E1X3p7Ht4JDK9bLdLxpqFKaTNka7zGKmGJDd8VC6+FUEfutzlxp//S5Wz/dK
KRiZ7c0rmfFZvNXvHlbBryUcKlDRKvVrUQN+XObIkltokc+gan1ODyCWYluX9T37
X/7EQRt0+4iBvRTD7nPPea/76fC8JDDN1XceiS4esZ0vxrmiipQA+NB2IlUajbR8
In5NaLHCVcT1cf/pSLiMktRBby5UO1912uSF74DdobYpC+jq
-----END CERTIFICATE-----
Generated at Sat Aug 23 10:04:15 2025 by rpki-client