Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
File: fc40321f-72c2-43a4-8c42-0e935f8f1943.roa (raw, json)
Hash identifier: RBn2BfOmL/Ik/+HSit+4X4NF+28eM4CWU1qL+Hd6uiE=
Subject key identifier: 9A:79:66:A1:66:DC:FF:60:A7:A0:31:AE:4E:63:38:A2:84:B6:19:6F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 449B9A4E36F64F3B2E41277080CBC38A147B4305
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
Signing time: Tue 05 Aug 2025 19:01:29 +0000
ROA not before: Tue 05 Aug 2025 19:01:29 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:20c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:9b:9a:4e:36:f6:4f:3b:2e:41:27:70:80:cb:c3:8a:14:7b:43:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:01:29 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=9e5b4128afb4361e8821df846d9d0a03d3851b6d4ddf66bef5766cdfd3bd60db, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:b0:74:e6:9d:6d:76:76:81:d5:1e:72:2d:3d:
28:d5:f7:79:a4:5a:ec:2f:81:c8:cc:b7:09:ec:2f:
2e:50:ea:6f:01:db:93:bd:bd:17:56:ab:ef:c1:b4:
96:62:a6:8c:27:4b:35:22:85:c1:36:f9:c8:28:b8:
25:20:22:28:32:95:a4:da:30:48:95:32:7e:c7:ba:
c5:a4:b4:a9:94:78:72:09:57:32:28:25:46:a3:0d:
0e:a1:05:a5:4f:0d:9e:c9:f2:ee:8b:67:ca:04:55:
da:b6:39:a7:77:32:f1:2f:9e:0f:05:d1:6d:fd:0e:
74:fd:51:78:ef:87:c1:d9:7b:19:c6:7c:4f:7c:06:
d2:e1:4a:ff:ce:c3:ec:92:02:44:dc:d0:b2:85:17:
dd:3b:8b:30:9d:d3:ce:64:e2:9f:05:53:cb:0a:81:
b3:f0:23:43:80:4c:86:7d:5b:b7:35:62:ac:d0:be:
f6:61:72:7c:bb:f4:e3:07:10:c2:19:fa:53:9d:76:
46:df:d7:2b:29:ec:93:ec:6a:1e:c1:e8:a1:a9:3c:
d0:87:ea:5d:a8:f0:6f:58:aa:f3:ab:84:16:81:d2:
ea:8c:d2:d4:fb:53:a7:eb:6b:e8:c1:b7:54:18:6b:
07:14:ab:04:3f:c6:0b:8a:9a:34:3e:f1:0a:25:1d:
02:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:79:66:A1:66:DC:FF:60:A7:A0:31:AE:4E:63:38:A2:84:B6:19:6F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:20c0::/48
Signature Algorithm: sha256WithRSAEncryption
23:9b:fd:15:75:9f:6c:20:32:b0:b9:81:c9:07:b8:3f:49:8d:
a5:09:5c:b2:d0:82:eb:e0:cd:d8:14:f2:4d:29:76:df:6d:84:
ac:28:ea:4e:32:f6:40:80:7f:99:21:c8:57:07:51:8d:39:ec:
78:69:36:c9:80:4c:0c:19:9c:9e:b6:96:4d:39:49:1c:7c:f2:
f8:39:0e:a5:cf:e2:0d:15:d3:6e:1a:28:50:a4:00:ac:6a:dc:
65:ad:5b:5b:c2:7d:3e:90:74:ef:a7:83:56:e3:e0:d5:bf:70:
52:64:ca:6e:07:49:1c:cf:38:14:5f:65:17:62:fe:d5:4f:ba:
05:82:74:97:b2:c2:ab:df:1c:99:45:2b:cd:22:4a:f5:6f:b0:
fd:22:31:11:23:73:fc:7a:5d:2f:48:36:dc:14:e6:a2:68:ba:
17:d1:70:d1:16:6c:c4:c5:27:4f:9c:49:46:20:62:28:56:53:
70:c1:f5:4f:81:7b:25:7c:bf:19:c4:8a:17:35:c5:19:c6:fb:
57:2e:05:94:b0:11:9a:36:98:81:8e:33:4f:04:b6:c1:68:6c:
64:b4:c3:02:54:2a:e8:5f:9c:fd:6f:8c:e2:49:37:c9:d8:c3:
7a:f7:18:c9:8c:ba:af:13:df:d6:12:79:e3:d2:9d:92:86:56:
a0:02:3a:68
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURJuaTjb2TzsuQSdwgMvDihR7QwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTAxMjlaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDllNWI0MTI4YWZiNDM2MWU4ODIxZGY4NDZkOWQwYTAzZDM4NTFiNmQ0ZGRm
NjZiZWY1NzY2Y2RmZDNiZDYwZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI2wdOadbXZ2gdUeci09KNX3eaRa7C+ByMy3CewvLlDqbwHbk729F1ar78G0
lmKmjCdLNSKFwTb5yCi4JSAiKDKVpNowSJUyfse6xaS0qZR4cglXMiglRqMNDqEF
pU8Nnsny7otnygRV2rY5p3cy8S+eDwXRbf0OdP1ReO+Hwdl7GcZ8T3wG0uFK/87D
7JICRNzQsoUX3TuLMJ3TzmTinwVTywqBs/AjQ4BMhn1btzVirNC+9mFyfLv04wcQ
whn6U512Rt/XKynsk+xqHsHooak80IfqXajwb1iq86uEFoHS6ozS1PtTp+tr6MG3
VBhrBxSrBD/GC4qaND7xCiUdApMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSaeWah
Ztz/YKegMa5OYziihLYZbzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmM0MDMyMWYtNzJjMi00M2E0LThjNDItMGU5MzVmOGYxOTQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAg
wDANBgkqhkiG9w0BAQsFAAOCAQEAI5v9FXWfbCAysLmByQe4P0mNpQlcstCC6+DN
2BTyTSl2322ErCjqTjL2QIB/mSHIVwdRjTnseGk2yYBMDBmcnraWTTlJHHzy+DkO
pc/iDRXTbhooUKQArGrcZa1bW8J9PpB076eDVuPg1b9wUmTKbgdJHM84FF9lF2L+
1U+6BYJ0l7LCq98cmUUrzSJK9W+w/SIxESNz/HpdL0g23BTmomi6F9Fw0RZsxMUn
T5xJRiBiKFZTcMH1T4F7JXy/GcSKFzXFGcb7Vy4FlLARmjaYgY4zTwS2wWhsZLTD
AlQq6F+c/W+M4kk3ydjDevcYyYy6rxPf1hJ549KdkoZWoAI6aA==
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:53:05 2025 by rpki-client