Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bbba23f6-dc95-4602-8972-c409631731f1.roa
File: bbba23f6-dc95-4602-8972-c409631731f1.roa (raw, json)
Hash identifier: XI/7GrsrjFXM63QAvG2B640LI25QnROl1WNUhhSe0Rs=
Subject key identifier: 26:C0:7E:C9:99:FA:EA:45:2C:C6:16:50:74:31:DE:9A:93:7A:B8:9B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 423F60C645FC5B26EC18CB882A2B46E789F117E7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bbba23f6-dc95-4602-8972-c409631731f1.roa
Signing time: Tue 19 Aug 2025 16:50:35 +0000
ROA not before: Tue 19 Aug 2025 16:50:35 +0000
ROA not after: Tue 23 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:3f:60:c6:45:fc:5b:26:ec:18:cb:88:2a:2b:46:e7:89:f1:17:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 19 16:50:35 2025 GMT
Not After : Sep 23 23:59:59 2025 GMT
Subject: serialNumber=ca6d4f6e736b662c97a8ea8759f30e2f1f2e20914efad12d9762cbfffc186a2f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:0c:d4:bc:cf:b5:f7:df:40:f0:ea:40:ff:6b:
45:32:db:0a:9a:8e:82:5e:1b:71:7d:65:e8:2c:3a:
bd:6a:0e:0b:bf:ec:cf:10:72:6a:20:43:2e:88:d9:
c7:b1:42:f8:f4:d4:df:f3:08:6d:9b:ea:a0:22:5b:
ee:0c:25:70:77:8c:da:f6:ba:3f:69:0c:5c:a6:56:
5a:0f:20:19:f1:6f:57:75:c8:46:7b:d1:f9:f7:54:
24:89:73:e0:46:d0:ed:da:94:3b:2f:3b:99:ff:17:
c6:30:0e:ac:35:be:6a:9b:56:03:91:63:01:be:82:
c6:29:a7:7d:f6:91:c8:7a:77:eb:c5:67:0e:b3:ca:
99:d5:47:f3:7d:dc:f1:5a:0d:cd:22:f6:4c:54:65:
01:38:f5:0f:d5:88:c9:d2:e7:69:f2:6e:92:9b:99:
5c:33:ae:eb:f8:9a:fd:3e:e3:0f:4e:d6:4e:94:4d:
a4:f4:81:94:6b:50:50:34:ac:42:6b:29:6a:b0:8b:
95:fb:d6:24:b4:e1:54:ba:32:69:24:d7:3d:be:e9:
8e:5b:46:6a:52:9a:51:ba:d6:08:b5:1f:87:c2:d0:
43:b6:d6:30:16:e5:46:15:3d:d9:7e:a1:ca:f8:86:
de:03:ce:8b:8e:7e:77:70:08:53:28:09:19:46:f3:
5d:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:C0:7E:C9:99:FA:EA:45:2C:C6:16:50:74:31:DE:9A:93:7A:B8:9B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bbba23f6-dc95-4602-8972-c409631731f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:800::/40
Signature Algorithm: sha256WithRSAEncryption
74:3a:56:f2:13:19:25:67:f2:4d:96:a3:fd:2a:ea:6e:70:e4:
31:74:01:0f:bc:d3:a9:03:6b:c2:1a:64:ab:45:05:76:fc:02:
9d:e3:54:d7:2c:f4:77:a3:bd:7a:2f:cb:79:5c:77:cf:d8:cf:
62:c5:aa:07:a6:69:d0:b2:8c:27:13:37:81:d2:ff:9e:29:12:
63:aa:db:86:fe:0d:5b:65:73:ea:50:d7:2f:19:bb:90:5f:48:
27:1e:48:88:f7:5a:f5:01:eb:c7:1c:32:e3:f2:91:5c:e7:97:
ed:31:5b:ba:f2:b0:43:f6:78:94:55:ac:c0:78:47:a2:b3:b2:
f8:2d:d3:7b:ae:49:7b:7f:f3:76:36:b5:c3:d0:17:37:63:dd:
e7:a9:a1:3b:46:73:63:ca:7c:ba:94:66:82:c2:a8:bc:4a:0f:
da:7b:f6:bc:17:92:37:a6:4c:03:e4:c3:1f:55:45:93:b9:24:
8e:e2:95:5f:14:30:05:51:f3:6c:55:2f:d4:26:2d:8e:28:df:
d0:a6:34:3b:5b:b0:11:ed:d4:fc:75:a5:d9:ef:f9:19:ea:34:
8b:13:99:8d:c9:31:65:28:1f:5b:40:60:2f:29:af:b9:a3:7c:
cf:be:af:8f:4a:5a:94:f7:f7:51:21:22:82:d2:79:c1:e0:e1:
5b:21:41:23
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQj9gxkX8WybsGMuIKitG54nxF+cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MTkxNjUwMzVaFw0yNTA5MjMyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhNmQ0ZjZlNzM2YjY2MmM5N2E4ZWE4NzU5ZjMwZTJmMWYyZTIwOTE0ZWZh
ZDEyZDk3NjJjYmZmZmMxODZhMmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgM1LzPtfffQPDqQP9rRTLbCpqOgl4bcX1l6Cw6vWoOC7/szxByaiBDLojZ
x7FC+PTU3/MIbZvqoCJb7gwlcHeM2va6P2kMXKZWWg8gGfFvV3XIRnvR+fdUJIlz
4EbQ7dqUOy87mf8XxjAOrDW+aptWA5FjAb6CximnffaRyHp368VnDrPKmdVH833c
8VoNzSL2TFRlATj1D9WIydLnafJukpuZXDOu6/ia/T7jD07WTpRNpPSBlGtQUDSs
QmsparCLlfvWJLThVLoyaSTXPb7pjltGalKaUbrWCLUfh8LQQ7bWMBblRhU92X6h
yviG3gPOi45+d3AIUygJGUbzXXkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQmwH7J
mfrqRSzGFlB0Md6ak3q4mzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmJiYTIzZjYtZGM5NS00NjAyLTg5NzItYzQwOTYzMTczMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HQI
MA0GCSqGSIb3DQEBCwUAA4IBAQB0OlbyExklZ/JNlqP9KupucOQxdAEPvNOpA2vC
GmSrRQV2/AKd41TXLPR3o716L8t5XHfP2M9ixaoHpmnQsownEzeB0v+eKRJjqtuG
/g1bZXPqUNcvGbuQX0gnHkiI91r1AevHHDLj8pFc55ftMVu68rBD9niUVazAeEei
s7L4LdN7rkl7f/N2NrXD0Bc3Y93nqaE7RnNjyny6lGaCwqi8Sg/ae/a8F5I3pkwD
5MMfVUWTuSSO4pVfFDAFUfNsVS/UJi2OKN/QpjQ7W7AR7dT8daXZ7/kZ6jSLE5mN
yTFlKB9bQGAvKa+5o3zPvq+PSlqU9/dRISKC0nnB4OFbIUEj
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:54:08 2025 by rpki-client