Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8eb63ceb-3350-490c-9a1a-85b2563a8947.roa
File: 8eb63ceb-3350-490c-9a1a-85b2563a8947.roa (raw, json)
Hash identifier: 3E/XfRYmrqYLmZ/LnDhj1dY12FCKYi+dAdp7wEXPARI=
Subject key identifier: 19:4C:06:9A:E4:75:DC:21:7A:51:E9:CB:70:1C:46:30:83:78:4E:DC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 23F403CE8FA6E8FE932296B3E6F568530CFC840F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8eb63ceb-3350-490c-9a1a-85b2563a8947.roa
Signing time: Tue 05 Aug 2025 20:01:30 +0000
ROA not before: Tue 05 Aug 2025 20:01:30 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:f4:03:ce:8f:a6:e8:fe:93:22:96:b3:e6:f5:68:53:0c:fc:84:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 20:01:30 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=46714a9dce72f9cd521af8c795de2be9fc8ec135a9a09a76e6439fde4a625a9c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:47:64:6b:2a:07:22:d7:95:e3:be:f7:53:aa:
ee:bb:49:1c:62:8f:9d:14:26:8a:d3:be:2f:16:d5:
c5:6b:66:0b:7f:48:5c:8c:9c:80:ef:0e:27:4b:cc:
14:0a:ed:23:c8:fd:16:37:a9:96:8b:78:f5:b1:16:
f2:88:ce:85:2d:84:38:7e:ba:7d:86:72:b1:42:5a:
7a:35:9f:1d:5f:1b:25:41:3f:1a:9d:43:65:ae:2b:
14:a3:77:f6:11:fe:3f:0b:dc:32:ab:70:cd:82:99:
bd:08:7f:15:1b:87:65:cb:bc:5d:29:89:f8:aa:9e:
8c:12:c7:d1:2b:e8:b6:8e:c2:0c:45:86:20:9c:08:
7f:e2:d6:6b:7f:23:d7:91:9c:2e:2f:9a:bf:75:10:
db:e3:75:15:f0:23:cd:92:56:d2:23:06:4e:f0:36:
bc:1c:ee:b0:68:8e:7c:9d:f6:ee:c3:5a:72:14:9e:
f8:13:4d:b6:76:f0:6c:ac:17:0d:44:86:f0:0e:ed:
9c:72:3f:59:4d:d0:94:cb:af:02:9f:47:07:1c:6a:
a3:f1:fa:31:53:17:be:c4:c7:ae:4e:d4:2b:9d:4b:
a0:bd:4b:90:a2:58:7b:68:98:02:d3:71:d9:53:2a:
f4:3f:0e:a5:c2:d0:6d:c6:24:0e:25:66:93:be:0b:
63:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:4C:06:9A:E4:75:DC:21:7A:51:E9:CB:70:1C:46:30:83:78:4E:DC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8eb63ceb-3350-490c-9a1a-85b2563a8947.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:4000::/40
Signature Algorithm: sha256WithRSAEncryption
3e:93:1a:4c:c3:ed:04:61:29:bf:c2:aa:bd:f1:60:fe:d1:1e:
9b:5f:33:f2:d2:ba:d4:4f:64:c1:dc:16:0a:47:6f:98:eb:f7:
10:63:51:45:df:82:40:c4:39:24:da:50:82:26:34:3b:80:f8:
7d:44:bb:6e:0d:d8:a7:1f:28:d5:4b:21:db:14:62:03:6f:a5:
eb:5a:dc:92:97:e5:4f:50:aa:37:a1:92:12:d3:a2:c0:5a:dc:
5b:ab:ce:34:b3:b3:b2:91:4d:b1:24:bc:0c:a8:57:1d:c6:ba:
a5:71:21:36:89:ad:76:f7:c0:98:b1:59:74:ec:0a:8a:62:f5:
43:b6:6b:c9:2f:e2:ad:6c:c9:80:f8:de:f2:1d:8d:63:c9:23:
e1:23:10:65:c9:66:49:6f:a1:90:4e:d6:12:9e:51:9f:94:9a:
4f:26:b9:91:f6:89:ab:79:55:92:85:0a:7d:7c:ea:bd:d6:a4:
7b:08:32:80:00:87:0b:3c:44:a1:d7:46:17:ba:b0:97:fd:8e:
40:f4:81:04:62:66:91:bc:6f:b0:40:79:44:53:27:56:34:62:
97:b7:53:d6:fe:39:a6:f5:65:30:34:11:ee:ab:e3:f0:a3:53:
5a:03:3e:db:ac:49:6c:91:b1:66:c0:11:61:ff:aa:02:d0:95:
b9:eb:20:ef
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI/QDzo+m6P6TIpaz5vVoUwz8hA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUyMDAxMzBaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2NzE0YTlkY2U3MmY5Y2Q1MjFhZjhjNzk1ZGUyYmU5ZmM4ZWMxMzVhOWEw
OWE3NmU2NDM5ZmRlNGE2MjVhOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZHZGsqByLXleO+91Oq7rtJHGKPnRQmitO+LxbVxWtmC39IXIycgO8OJ0vM
FArtI8j9Fjeplot49bEW8ojOhS2EOH66fYZysUJaejWfHV8bJUE/Gp1DZa4rFKN3
9hH+PwvcMqtwzYKZvQh/FRuHZcu8XSmJ+KqejBLH0Svoto7CDEWGIJwIf+LWa38j
15GcLi+av3UQ2+N1FfAjzZJW0iMGTvA2vBzusGiOfJ327sNachSe+BNNtnbwbKwX
DUSG8A7tnHI/WU3QlMuvAp9HBxxqo/H6MVMXvsTHrk7UK51LoL1LkKJYe2iYAtNx
2VMq9D8OpcLQbcYkDiVmk74LY6UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZTAaa
5HXcIXpR6ctwHEYwg3hO3DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGViNjNjZWItMzM1MC00OTBjLTlhMWEtODViMjU2M2E4OTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HFA
MA0GCSqGSIb3DQEBCwUAA4IBAQA+kxpMw+0EYSm/wqq98WD+0R6bXzPy0rrUT2TB
3BYKR2+Y6/cQY1FF34JAxDkk2lCCJjQ7gPh9RLtuDdinHyjVSyHbFGIDb6XrWtyS
l+VPUKo3oZIS06LAWtxbq840s7OykU2xJLwMqFcdxrqlcSE2ia1298CYsVl07AqK
YvVDtmvJL+KtbMmA+N7yHY1jySPhIxBlyWZJb6GQTtYSnlGflJpPJrmR9omreVWS
hQp9fOq91qR7CDKAAIcLPESh10YXurCX/Y5A9IEEYmaRvG+wQHlEUydWNGKXt1PW
/jmm9WUwNBHuq+Pwo1NaAz7brElskbFmwBFh/6oC0JW56yDv
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:50:52 2025 by rpki-client