Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4811639-eec3-4653-a07b-9777ebef5f33.roa
File: b4811639-eec3-4653-a07b-9777ebef5f33.roa (raw, json)
Hash identifier: WSqdEl3PQqhxOk3G6f9s+BtnVYxvY2zzC4iGFCm5lJ0=
Subject key identifier: 98:07:B3:97:08:D4:83:D6:3E:19:75:72:92:03:4F:A7:A5:4F:7A:4D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2A7D514150E4ECB774639114D62540D298CEC327
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4811639-eec3-4653-a07b-9777ebef5f33.roa
Signing time: Tue 19 Aug 2025 16:50:12 +0000
ROA not before: Tue 19 Aug 2025 16:50:12 +0000
ROA not after: Tue 23 Sep 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:7d:51:41:50:e4:ec:b7:74:63:91:14:d6:25:40:d2:98:ce:c3:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 19 16:50:12 2025 GMT
Not After : Sep 23 23:59:59 2025 GMT
Subject: serialNumber=f5b75682c52f84661172d32d37661b3a2748abb5112ae16aa271539d34a70aee, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:19:17:72:36:ba:c7:bb:80:f6:a3:78:4a:90:
cf:ea:cb:53:85:8c:63:d6:8d:5b:00:88:b0:7c:5f:
78:55:ef:81:0d:33:62:a2:e0:76:b2:cb:9d:8e:18:
13:24:40:b2:bb:b1:f0:ea:f4:89:47:f5:71:4e:c1:
3f:e1:ed:25:dc:55:14:ab:e6:7b:32:e6:40:09:c0:
ec:cd:60:a9:f6:7e:b3:d1:a2:a7:7d:85:ea:15:ec:
c0:84:b6:45:b0:2f:bb:64:97:ef:ba:3f:4f:e7:83:
db:b9:0f:a1:23:5f:36:75:28:b6:c7:4a:53:cf:7b:
0d:60:3c:a5:10:44:15:47:f2:b9:cd:18:2f:42:d8:
08:7f:09:95:16:1e:e1:71:c7:02:7c:9d:e9:af:8d:
b7:6f:4e:0d:24:35:51:75:86:08:ad:5a:f7:fe:2e:
55:97:f2:35:e4:39:a3:f9:ab:bd:a7:fc:dd:8a:48:
84:52:be:66:dd:59:aa:08:db:03:04:c8:5b:2d:e7:
d9:4e:45:b8:6e:94:52:c1:a8:7a:a5:4a:5d:39:71:
16:ef:70:27:63:89:3f:41:cf:59:b3:65:72:97:1e:
a1:5a:61:52:15:b2:af:44:2f:46:45:be:c6:56:25:
fb:3a:9b:38:9c:7d:1a:b1:cf:4c:f4:94:a2:f2:0f:
cb:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:07:B3:97:08:D4:83:D6:3E:19:75:72:92:03:4F:A7:A5:4F:7A:4D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4811639-eec3-4653-a07b-9777ebef5f33.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:1000::/40
Signature Algorithm: sha256WithRSAEncryption
73:ca:55:b0:dc:09:62:da:63:00:6b:59:3b:7e:a9:55:68:17:
61:f7:3f:23:e2:e1:12:22:c3:61:02:e0:b3:b5:ab:d6:8c:52:
ad:af:5e:50:94:5e:f2:ff:4b:88:30:26:91:ad:c0:64:01:25:
36:43:b1:f6:68:aa:26:54:e5:e2:07:6d:4f:9b:8e:82:dd:32:
5c:d0:ad:ad:e1:c2:a6:40:5a:51:cb:df:c0:5c:30:ef:a6:d8:
7e:58:4c:b8:20:2f:04:73:68:b1:dc:72:93:18:05:52:70:ce:
f7:a3:c0:24:9d:41:aa:1b:c0:d2:05:c7:77:43:a4:1f:a1:8d:
b9:6b:0a:4b:df:2a:cc:39:06:0f:44:0f:4e:60:27:c5:c2:19:
49:26:18:4c:e6:92:cf:09:03:36:55:b8:76:6d:96:4d:57:6f:
75:1f:38:01:56:4b:51:52:56:ca:07:d8:ed:ae:dc:7f:e0:a7:
64:52:e1:93:5b:03:1a:8c:95:6e:45:8b:9f:2d:c9:d5:7d:0e:
cc:ca:5b:c8:9e:71:d4:9c:25:dd:3f:1f:e0:29:39:aa:dc:b2:
7f:32:82:4a:7e:63:3d:9d:d1:0b:f2:2a:81:6f:40:c3:d9:f7:
24:8b:93:9a:1b:ec:8c:b3:ac:bf:d1:d9:40:a7:e2:d3:d1:2c:
a6:31:f1:5a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKn1RQVDk7Ld0Y5EU1iVA0pjOwycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MTkxNjUwMTJaFw0yNTA5MjMyMzU5NTlaMHoxSTBHBgNV
BAUTQGY1Yjc1NjgyYzUyZjg0NjYxMTcyZDMyZDM3NjYxYjNhMjc0OGFiYjUxMTJh
ZTE2YWEyNzE1MzlkMzRhNzBhZWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMIZF3I2use7gPajeEqQz+rLU4WMY9aNWwCIsHxfeFXvgQ0zYqLgdrLLnY4Y
EyRAsrux8Or0iUf1cU7BP+HtJdxVFKvmezLmQAnA7M1gqfZ+s9Gip32F6hXswIS2
RbAvu2SX77o/T+eD27kPoSNfNnUotsdKU897DWA8pRBEFUfyuc0YL0LYCH8JlRYe
4XHHAnyd6a+Nt29ODSQ1UXWGCK1a9/4uVZfyNeQ5o/mrvaf83YpIhFK+Zt1Zqgjb
AwTIWy3n2U5FuG6UUsGoeqVKXTlxFu9wJ2OJP0HPWbNlcpceoVphUhWyr0QvRkW+
xlYl+zqbOJx9GrHPTPSUovIPyzsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSYB7OX
CNSD1j4ZdXKSA0+npU96TTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjQ4MTE2MzktZWVjMy00NjUzLWEwN2ItOTc3N2ViZWY1ZjMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBzylWw3Ali2mMAa1k7fqlVaBdh9z8j4uESIsNh
AuCztavWjFKtr15QlF7y/0uIMCaRrcBkASU2Q7H2aKomVOXiB21Pm46C3TJc0K2t
4cKmQFpRy9/AXDDvpth+WEy4IC8Ec2ix3HKTGAVScM73o8AknUGqG8DSBcd3Q6Qf
oY25awpL3yrMOQYPRA9OYCfFwhlJJhhM5pLPCQM2Vbh2bZZNV291HzgBVktRUlbK
B9jtrtx/4KdkUuGTWwMajJVuRYufLcnVfQ7MylvInnHUnCXdPx/gKTmq3LJ/MoJK
fmM9ndEL8iqBb0DD2fcki5OaG+yMs6y/0dlAp+LT0SymMfFa
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:57:24 2025 by rpki-client