Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
File: 5f28c807-572d-4641-be39-53109963f4c3.roa (raw, json)
Hash identifier: Ls08jv/5a8MWmpD2iZte0J51x/bB5addSEuV2FXr7qQ=
Subject key identifier: D8:14:A8:4B:3F:4D:DA:A8:05:0A:75:73:9F:42:D5:FA:F6:6B:93:D4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 54F5D2BE85FE739AC86932D57274AE2268BE84CD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
Signing time: Tue 05 Aug 2025 19:31:40 +0000
ROA not before: Tue 05 Aug 2025 19:31:40 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:f5:d2:be:85:fe:73:9a:c8:69:32:d5:72:74:ae:22:68:be:84:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:31:40 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=9e2295408ab09b5c39cb90c2859fcddab9296e6ce5d52671869335a42b244ed8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:48:54:d4:45:b9:e3:4a:25:26:c9:d2:a4:14:
08:a0:99:5e:44:6c:d7:82:2d:fe:80:f9:19:da:90:
0a:e5:d4:ad:2c:3a:3a:ba:4e:6e:b0:ad:c0:92:05:
3d:24:22:98:86:b8:5f:5b:9b:78:00:a3:3a:d8:f7:
5f:56:dc:0e:e6:aa:10:78:ae:bd:c2:f0:bd:61:8b:
ef:67:42:57:00:d0:88:37:3c:21:8c:d6:7f:c0:e8:
76:8a:d8:ec:3d:8d:5f:a4:65:4d:44:6a:a8:6e:dc:
82:4f:64:68:b5:d7:64:0d:53:ad:0c:ac:9c:55:0a:
fb:21:58:af:3b:6d:28:f1:ea:41:a7:06:3b:26:08:
b2:2e:7e:d5:44:89:f1:25:9a:22:ea:f8:a7:63:aa:
90:18:ef:9e:5a:6d:90:c6:07:b1:f8:86:d7:4c:0c:
b2:39:56:d1:90:13:6a:63:13:5f:25:f5:90:d4:04:
00:2c:e2:e3:55:cc:10:90:2b:fc:d6:9f:0e:9b:21:
ea:c9:5e:b8:d4:2d:25:fb:10:b7:0e:d2:c7:a0:0a:
ad:69:37:8c:26:38:fa:19:ff:01:ee:bf:eb:ee:9d:
8d:c7:40:5d:3c:6e:29:87:4f:90:b8:b4:55:b0:13:
a5:40:07:f9:a7:6e:28:37:56:01:58:9e:86:da:0b:
cb:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:14:A8:4B:3F:4D:DA:A8:05:0A:75:73:9F:42:D5:FA:F6:6B:93:D4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:a000::/40
Signature Algorithm: sha256WithRSAEncryption
14:a9:2a:38:60:14:04:07:0b:86:a9:f8:5a:53:2f:43:7a:a4:
c0:32:6e:1e:a5:74:25:dc:d2:5d:05:52:59:dd:bd:cb:30:c0:
dd:96:df:cf:cd:ab:55:7d:40:f0:22:38:db:a2:0a:01:1c:47:
f3:56:5d:55:92:20:66:3d:41:07:a3:0b:9e:5b:1c:f9:5a:24:
69:48:27:a1:61:f1:0f:1e:ab:03:73:12:f9:b2:76:7b:39:64:
36:65:bf:92:f9:4e:42:e3:aa:9c:73:e7:ea:d0:7f:9a:69:0f:
ee:ff:d3:2c:cf:ab:73:b9:1c:fc:d3:1f:df:bd:6c:a4:2c:c6:
59:2c:71:98:36:78:ef:23:fb:0a:9c:f3:d2:54:cb:97:3d:60:
b5:6b:e9:d3:62:75:de:f6:bf:64:a5:59:eb:5e:f9:d9:9f:fd:
b2:d3:9d:13:6e:f5:5b:44:a1:19:56:26:50:84:57:1a:85:28:
ad:db:1b:a4:33:b2:0c:6c:45:e5:61:e1:3a:1a:48:80:e9:59:
16:6e:8c:fb:6e:b5:18:53:f5:c8:15:8a:9f:d9:b2:7f:bd:18:
d9:b6:d7:3c:eb:15:28:9d:fb:6a:b7:22:b5:5c:a2:91:cf:f7:
72:34:0a:26:52:c2:35:31:60:bc:f6:fa:3e:d0:7e:5a:22:c4:
cc:98:a7:6b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVPXSvoX+c5rIaTLVcnSuImi+hM0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTMxNDBaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDllMjI5NTQwOGFiMDliNWMzOWNiOTBjMjg1OWZjZGRhYjkyOTZlNmNlNWQ1
MjY3MTg2OTMzNWE0MmIyNDRlZDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJxIVNRFueNKJSbJ0qQUCKCZXkRs14It/oD5GdqQCuXUrSw6OrpObrCtwJIF
PSQimIa4X1ubeACjOtj3X1bcDuaqEHiuvcLwvWGL72dCVwDQiDc8IYzWf8DodorY
7D2NX6RlTURqqG7cgk9kaLXXZA1TrQysnFUK+yFYrzttKPHqQacGOyYIsi5+1USJ
8SWaIur4p2OqkBjvnlptkMYHsfiG10wMsjlW0ZATamMTXyX1kNQEACzi41XMEJAr
/NafDpsh6sleuNQtJfsQtw7Sx6AKrWk3jCY4+hn/Ae6/6+6djcdAXTxuKYdPkLi0
VbATpUAH+aduKDdWAViehtoLy5sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTYFKhL
P03aqAUKdXOfQtX69muT1DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWYyOGM4MDctNTcyZC00NjQxLWJlMzktNTMxMDk5NjNmNGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dag
MA0GCSqGSIb3DQEBCwUAA4IBAQAUqSo4YBQEBwuGqfhaUy9DeqTAMm4epXQl3NJd
BVJZ3b3LMMDdlt/PzatVfUDwIjjbogoBHEfzVl1VkiBmPUEHowueWxz5WiRpSCeh
YfEPHqsDcxL5snZ7OWQ2Zb+S+U5C46qcc+fq0H+aaQ/u/9Msz6tzuRz80x/fvWyk
LMZZLHGYNnjvI/sKnPPSVMuXPWC1a+nTYnXe9r9kpVnrXvnZn/2y050TbvVbRKEZ
ViZQhFcahSit2xukM7IMbEXlYeE6GkiA6VkWboz7brUYU/XIFYqf2bJ/vRjZttc8
6xUonftqtyK1XKKRz/dyNAomUsI1MWC89vo+0H5aIsTMmKdr
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:59:53 2025 by rpki-client