Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
File: bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa (raw, json)
Hash identifier: G11DvkBkdh+ogmEKahw1cBZOsyBiyCforhVXxZyZKI0=
Subject key identifier: C4:5A:8F:57:4C:76:E2:5F:98:96:99:D7:6E:9D:88:D3:2F:1F:43:A8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3EDF41B07416CF32B250B5880E8FB62B69D0EF94
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
Signing time: Tue 05 Aug 2025 19:40:17 +0000
ROA not before: Tue 05 Aug 2025 19:40:17 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d075:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:df:41:b0:74:16:cf:32:b2:50:b5:88:0e:8f:b6:2b:69:d0:ef:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:40:17 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=eb3b43e5928a46316ae8f1eb04c61cfb03bf621f61ae754c24da0150ae5f2aef, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:50:4e:a5:9c:57:82:e2:92:f6:66:a1:dd:a1:
40:ac:3d:16:cd:02:1e:62:6f:f5:85:94:60:e8:d8:
5d:a3:85:b2:47:51:82:82:66:12:35:e9:74:5d:46:
0f:e4:c3:07:ba:3e:dc:70:3a:fa:53:16:ea:39:78:
57:19:f8:74:f1:7a:f4:0f:14:69:ed:88:76:34:ec:
7d:56:92:4e:a8:77:00:ef:e9:fe:00:f5:ed:7e:f5:
10:19:ae:76:49:52:da:e2:93:1b:9f:ae:b8:d1:27:
e2:5d:75:01:f8:58:b7:9c:e4:da:c2:95:79:c6:ed:
5d:5f:bf:46:66:e2:86:ed:72:c7:9a:2f:de:4b:43:
93:94:e6:e0:3b:43:a7:7c:74:70:f8:1f:81:2f:26:
3f:c4:58:41:b4:ee:5f:d5:16:91:02:3a:6b:52:b3:
ff:d6:3f:2a:72:a3:70:0d:5c:5c:d9:73:81:f0:84:
54:07:74:0c:af:86:68:43:db:2a:2d:76:7c:54:f0:
29:51:b6:13:fd:2b:74:d0:f1:38:ab:22:e4:6f:7a:
26:81:63:ff:86:f6:75:d6:f1:b3:fb:7e:82:8f:24:
2c:f4:0d:0e:87:58:41:b0:23:79:fd:29:ea:09:6f:
c2:7c:d4:d1:d5:76:0c:35:a8:64:08:e7:b6:be:31:
97:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:5A:8F:57:4C:76:E2:5F:98:96:99:D7:6E:9D:88:D3:2F:1F:43:A8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d075:b000::/40
Signature Algorithm: sha256WithRSAEncryption
17:e9:71:fe:e6:6f:9f:20:20:e7:58:42:00:85:85:fb:01:ae:
bc:3d:64:78:ab:35:ad:bb:59:3c:2f:70:dc:ed:2c:6c:2f:d7:
40:d0:f1:b2:68:b1:ea:3d:44:bc:ff:e0:4b:94:21:07:76:dd:
c1:41:c5:3d:0a:2b:13:5d:4d:f9:81:4b:2f:f6:d8:30:cd:87:
98:2e:3b:f2:d5:79:f1:3c:6e:64:77:75:1a:26:2f:bf:3b:c5:
57:09:32:9b:4d:0e:ed:37:4c:34:d2:0c:93:53:5f:8d:a4:57:
79:6b:b6:dd:fd:a2:d6:53:75:4c:6f:f5:f8:68:64:b8:80:c6:
3b:68:62:f4:f6:f8:f2:ca:3a:bb:ba:69:78:28:29:d1:f4:d4:
16:5d:c6:3f:f3:ad:fb:8e:7b:08:e8:10:d1:af:2f:91:ae:17:
c8:ea:f3:75:40:69:b8:93:3d:17:d4:c9:92:cd:9e:1a:75:7d:
58:63:86:0c:ce:11:30:af:03:36:c3:fa:85:34:6c:1e:01:2e:
c2:57:3a:88:60:49:85:dd:a9:f1:06:ba:a1:ad:08:21:4e:93:
52:0f:45:62:df:50:28:b8:71:d2:cc:d2:95:0b:b9:1e:a8:a1:
55:72:d4:4f:96:e4:e5:57:1d:24:49:97:f6:ef:1c:07:7e:5a:
38:db:b8:f9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPt9BsHQWzzKyULWIDo+2K2nQ75QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQwMTdaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGViM2I0M2U1OTI4YTQ2MzE2YWU4ZjFlYjA0YzYxY2ZiMDNiZjYyMWY2MWFl
NzU0YzI0ZGEwMTUwYWU1ZjJhZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFQTqWcV4LikvZmod2hQKw9Fs0CHmJv9YWUYOjYXaOFskdRgoJmEjXpdF1G
D+TDB7o+3HA6+lMW6jl4Vxn4dPF69A8Uae2IdjTsfVaSTqh3AO/p/gD17X71EBmu
dklS2uKTG5+uuNEn4l11AfhYt5zk2sKVecbtXV+/Rmbihu1yx5ov3ktDk5Tm4DtD
p3x0cPgfgS8mP8RYQbTuX9UWkQI6a1Kz/9Y/KnKjcA1cXNlzgfCEVAd0DK+GaEPb
Ki12fFTwKVG2E/0rdNDxOKsi5G96JoFj/4b2ddbxs/t+go8kLPQNDodYQbAjef0p
6glvwnzU0dV2DDWoZAjntr4xl3sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTEWo9X
THbiX5iWmddunYjTLx9DqDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmYxZGIwZjMtNmNhZC00ZmNjLTk2YzUtZGRkZTcwMGU2MjY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HWw
MA0GCSqGSIb3DQEBCwUAA4IBAQAX6XH+5m+fICDnWEIAhYX7Aa68PWR4qzWtu1k8
L3Dc7SxsL9dA0PGyaLHqPUS8/+BLlCEHdt3BQcU9CisTXU35gUsv9tgwzYeYLjvy
1XnxPG5kd3UaJi+/O8VXCTKbTQ7tN0w00gyTU1+NpFd5a7bd/aLWU3VMb/X4aGS4
gMY7aGL09vjyyjq7uml4KCnR9NQWXcY/8637jnsI6BDRry+RrhfI6vN1QGm4kz0X
1MmSzZ4adX1YY4YMzhEwrwM2w/qFNGweAS7CVzqIYEmF3anxBrqhrQghTpNSD0Vi
31AouHHSzNKVC7keqKFVctRPluTlVx0kSZf27xwHflo427j5
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:57:10 2025 by rpki-client