Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
File: 8b578938-3dca-4d72-8385-f8a93e508377.roa (raw, json)
Hash identifier: Y86uiqa+vV8jvD2ZE5F7CiYwYF9z7ZGq7bPVv53njeo=
Subject key identifier: FE:48:FB:B9:B2:AD:65:AC:BD:90:54:C9:3C:F5:14:6C:1C:33:86:85
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5A55E41831484EC0829622F81660F0DB52D5D46B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
Signing time: Tue 05 Aug 2025 20:10:23 +0000
ROA not before: Tue 05 Aug 2025 20:10:23 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:55:e4:18:31:48:4e:c0:82:96:22:f8:16:60:f0:db:52:d5:d4:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 20:10:23 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=7783056e5d05ae2a4bc767654a32b5e72a8f16d7daa0d44ba7742d16ea65a0f0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:2a:57:81:e1:db:21:a5:94:b5:b5:18:33:5d:
c8:54:85:ea:ea:0b:5f:68:20:2f:ea:59:99:0e:13:
79:65:65:e4:dc:cb:8b:6e:4e:2d:43:d5:d6:ca:8b:
36:18:be:f3:48:b9:cb:e1:b6:39:3d:4c:d2:2e:06:
0d:b7:a5:93:11:58:d5:c3:46:be:35:e7:e8:63:d2:
15:26:8c:aa:ea:a0:bf:ed:6d:ad:79:4d:5d:45:d8:
b4:38:3a:1c:5d:08:a4:dc:4f:11:5c:e7:8e:99:9e:
dd:c7:04:0f:27:f7:cd:bc:f9:55:d0:c3:19:c5:6d:
d3:16:1d:e4:ee:52:2b:24:0c:4b:02:4d:7e:26:f8:
5b:5a:13:a5:a2:b8:87:a1:2a:7e:ff:64:d1:a8:e9:
ed:19:4e:a5:ca:ce:9e:ac:10:5c:be:5c:eb:7a:b2:
c0:d7:97:d6:a3:3b:e5:32:7c:d6:25:e8:86:6e:5b:
7b:7e:19:ed:59:79:98:52:dc:3c:29:fd:8c:fd:01:
40:24:19:46:20:fb:0a:30:9a:96:28:55:0e:35:14:
89:ad:12:1c:ba:0f:e8:e6:82:ff:ce:38:7d:d2:15:
16:d1:5b:d3:49:73:03:ed:7d:e1:69:d6:7c:ec:20:
2e:9b:d0:e7:42:c8:cf:e4:6b:0f:2e:85:b9:a5:7d:
72:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:48:FB:B9:B2:AD:65:AC:BD:90:54:C9:3C:F5:14:6C:1C:33:86:85
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:400::/38
Signature Algorithm: sha256WithRSAEncryption
b8:30:7f:83:a3:85:5e:9a:7f:71:7e:b4:cc:0c:ea:b2:f5:f0:
86:5a:3c:86:dd:5f:b5:c0:23:0f:87:0a:9b:38:0a:47:4c:fe:
53:d5:87:f8:02:b6:dc:98:60:41:48:51:23:9c:44:79:7a:46:
3c:33:45:4d:00:bb:bb:54:99:e9:68:26:ba:bb:a8:68:35:2c:
7f:d1:33:0d:60:76:19:c9:78:b0:74:e0:79:d8:72:ce:2d:ba:
06:64:b2:49:b5:e2:bb:98:da:f3:10:c5:c5:c6:62:8a:95:ee:
a2:33:9e:1d:a1:63:10:dc:78:16:aa:11:a9:d1:e4:ec:5e:3d:
3b:bc:fe:86:89:bf:36:2f:30:56:74:db:78:5c:64:5c:a5:50:
f8:74:c1:8f:26:69:0e:bf:33:85:d5:59:ad:b5:cd:17:c0:e2:
c6:db:de:a3:21:ea:f4:53:e1:37:91:6b:6f:64:0c:79:cd:66:
ac:b2:1f:8e:cd:71:95:20:e7:ef:ef:ae:ba:78:89:30:6d:b1:
86:a1:4d:75:41:cb:a0:ba:5f:7d:b6:51:25:90:ec:fe:1c:57:
ef:e5:78:f1:d3:15:88:45:58:52:89:d3:b8:a9:55:82:dc:55:
a9:69:de:cc:92:f9:7e:69:4c:06:28:79:d2:d8:71:47:de:c9:
bd:88:a6:aa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWlXkGDFITsCCliL4FmDw21LV1GswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUyMDEwMjNaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDc3ODMwNTZlNWQwNWFlMmE0YmM3Njc2NTRhMzJiNWU3MmE4ZjE2ZDdkYWEw
ZDQ0YmE3NzQyZDE2ZWE2NWEwZjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsqV4Hh2yGllLW1GDNdyFSF6uoLX2ggL+pZmQ4TeWVl5NzLi25OLUPV1sqL
Nhi+80i5y+G2OT1M0i4GDbelkxFY1cNGvjXn6GPSFSaMquqgv+1trXlNXUXYtDg6
HF0IpNxPEVznjpme3ccEDyf3zbz5VdDDGcVt0xYd5O5SKyQMSwJNfib4W1oTpaK4
h6Eqfv9k0ajp7RlOpcrOnqwQXL5c63qywNeX1qM75TJ81iXohm5be34Z7Vl5mFLc
PCn9jP0BQCQZRiD7CjCalihVDjUUia0SHLoP6OaC/844fdIVFtFb00lzA+194WnW
fOwgLpvQ50LIz+RrDy6FuaV9csECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+SPu5
sq1lrL2QVMk89RRsHDOGhTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI1Nzg5MzgtM2RjYS00ZDcyLTgzODUtZjhhOTNlNTA4Mzc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkE
MA0GCSqGSIb3DQEBCwUAA4IBAQC4MH+Do4Vemn9xfrTMDOqy9fCGWjyG3V+1wCMP
hwqbOApHTP5T1Yf4ArbcmGBBSFEjnER5ekY8M0VNALu7VJnpaCa6u6hoNSx/0TMN
YHYZyXiwdOB52HLOLboGZLJJteK7mNrzEMXFxmKKle6iM54doWMQ3HgWqhGp0eTs
Xj07vP6Gib82LzBWdNt4XGRcpVD4dMGPJmkOvzOF1Vmttc0XwOLG296jIer0U+E3
kWtvZAx5zWassh+OzXGVIOfv7666eIkwbbGGoU11Qcugul99tlElkOz+HFfv5Xjx
0xWIRVhSidO4qVWC3FWpad7Mkvl+aUwGKHnS2HFH3sm9iKaq
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:26:10 2025 by rpki-client