Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
File: 68f2af14-43e2-4447-a8a7-f8fe713e249e.roa (raw, json)
Hash identifier: OjOcTjOXKZAA0qoYwy7I3bjOQjyydJJJqv79btB1KlU=
Subject key identifier: 4C:38:BA:BA:A8:85:2E:17:76:90:47:D9:4F:6C:94:08:47:F3:A3:41
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 37988F576A698380D9645039796EB92DF5882FA7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
Signing time: Sat 09 Aug 2025 00:20:04 +0000
ROA not before: Sat 09 Aug 2025 00:20:04 +0000
ROA not after: Sat 13 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01f:800::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:98:8f:57:6a:69:83:80:d9:64:50:39:79:6e:b9:2d:f5:88:2f:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 9 00:20:04 2025 GMT
Not After : Sep 13 23:59:59 2025 GMT
Subject: serialNumber=07adfa5e849b428e12295ad6f22d73e51a0d0d028364caa3ca4dc19f6bde620f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:01:94:8c:5a:79:0c:66:81:c0:98:a8:c7:f0:
97:f0:0d:60:ee:b1:55:9a:3d:ca:44:2a:c4:a2:3f:
13:0f:2a:5a:e6:b1:32:75:b0:71:d6:57:1e:a7:6c:
ab:57:f1:4b:00:37:78:3b:dc:35:55:d8:3a:eb:b6:
2a:4f:62:ab:5d:66:35:4f:fb:e9:73:ef:94:2c:59:
2f:e0:d2:5a:ef:e8:86:12:42:0f:e5:ee:43:25:f3:
7e:53:aa:72:dc:cd:4a:e5:d9:25:22:20:bf:42:55:
91:59:20:1d:b9:ef:1b:ef:87:37:0d:22:61:cf:c0:
88:10:26:29:b4:66:4c:43:ec:d5:83:55:83:8b:83:
2b:c9:64:a2:d5:a2:91:16:bb:49:fd:0e:54:63:4d:
fe:4e:2d:00:39:29:eb:01:32:fc:a4:7e:18:f5:b9:
5c:e6:ff:30:d0:6b:58:67:92:27:73:c8:1a:6d:9f:
67:fc:03:b4:4d:79:02:99:fc:48:04:bb:ee:81:ea:
01:25:7e:cc:8e:04:6c:df:6c:38:e5:85:ef:b1:aa:
a8:b9:f9:4e:36:8c:eb:36:2e:7d:dd:4c:b8:90:38:
73:ad:4a:82:31:89:81:a6:d0:6b:79:c4:5a:d2:93:
4c:4f:99:42:55:fe:0d:72:88:ab:25:6f:15:03:1e:
44:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:38:BA:BA:A8:85:2E:17:76:90:47:D9:4F:6C:94:08:47:F3:A3:41
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01f:800::/37
Signature Algorithm: sha256WithRSAEncryption
72:2d:2a:c5:8e:62:aa:bb:95:79:25:c9:3e:3e:4e:b2:f2:a3:
55:20:63:19:56:8b:59:a0:f6:a9:48:16:ca:65:64:01:17:fb:
39:73:1d:eb:e7:68:1a:ee:06:5c:91:fe:9d:a3:80:92:05:6d:
44:0d:57:0b:ac:b2:e1:0e:22:59:6a:86:b9:5f:cb:ac:b1:ee:
a9:1d:e9:2a:65:30:fd:dd:cd:4a:48:d3:1a:13:67:eb:c8:81:
4d:c7:c1:aa:dc:8a:64:57:b1:39:f8:f6:0b:6b:d2:c4:3e:a2:
90:57:96:c5:26:69:38:a2:90:01:73:ed:5a:c3:04:7a:37:5a:
56:88:d9:10:56:c5:83:2f:94:53:d1:29:2f:15:98:67:8f:70:
39:52:2b:06:80:fa:7c:cd:ab:0e:4a:16:9e:a5:57:cb:6a:f0:
a3:5f:f4:e7:9c:86:cf:79:f1:89:de:2e:82:bc:0f:8c:df:5d:
89:bb:bc:fd:4a:88:26:ed:1b:5d:92:6d:b0:0c:23:a2:cb:86:
7c:11:4a:9b:da:2e:64:7c:36:f9:ec:ac:4a:be:0a:17:f4:1e:
0a:0c:44:a6:8d:5d:bd:e3:35:2b:a6:ac:7b:84:ac:3e:e4:fc:
0d:3a:d0:44:8d:77:18:24:14:61:af:cf:91:a1:05:11:5b:9e:
d7:38:a0:11
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUN5iPV2ppg4DZZFA5eW65LfWIL6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDkwMDIwMDRaFw0yNTA5MTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3YWRmYTVlODQ5YjQyOGUxMjI5NWFkNmYyMmQ3M2U1MWEwZDBkMDI4MzY0
Y2FhM2NhNGRjMTlmNmJkZTYyMGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwBlIxaeQxmgcCYqMfwl/ANYO6xVZo9ykQqxKI/Ew8qWuaxMnWwcdZXHqds
q1fxSwA3eDvcNVXYOuu2Kk9iq11mNU/76XPvlCxZL+DSWu/ohhJCD+XuQyXzflOq
ctzNSuXZJSIgv0JVkVkgHbnvG++HNw0iYc/AiBAmKbRmTEPs1YNVg4uDK8lkotWi
kRa7Sf0OVGNN/k4tADkp6wEy/KR+GPW5XOb/MNBrWGeSJ3PIGm2fZ/wDtE15Apn8
SAS77oHqASV+zI4EbN9sOOWF77GqqLn5TjaM6zYufd1MuJA4c61KgjGJgabQa3nE
WtKTTE+ZQlX+DXKIqyVvFQMeRJcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRMOLq6
qIUuF3aQR9lPbJQIR/OjQTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhmMmFmMTQtNDNlMi00NDQ3LWE4YTctZjhmZTcxM2UyNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8I
MA0GCSqGSIb3DQEBCwUAA4IBAQByLSrFjmKqu5V5Jck+Pk6y8qNVIGMZVotZoPap
SBbKZWQBF/s5cx3r52ga7gZckf6do4CSBW1EDVcLrLLhDiJZaoa5X8usse6pHekq
ZTD93c1KSNMaE2fryIFNx8Gq3IpkV7E5+PYLa9LEPqKQV5bFJmk4opABc+1awwR6
N1pWiNkQVsWDL5RT0SkvFZhnj3A5UisGgPp8zasOShaepVfLavCjX/TnnIbPefGJ
3i6CvA+M312Ju7z9Sogm7Rtdkm2wDCOiy4Z8EUqb2i5kfDb57KxKvgoX9B4KDESm
jV294zUrpqx7hKw+5PwNOtBEjXcYJBRhr8+RoQURW57XOKAR
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:53:03 2025 by rpki-client