Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
File: 25d38479-752d-418e-a4fb-397c5aa432f8.roa (raw, json)
Hash identifier: su7+OhsqWHvLxcGJ3QeggZ29v/wGeI2wZmh0520FqW0=
Subject key identifier: D2:37:89:C9:67:8C:F7:BD:76:90:5F:D4:E1:41:3A:6F:66:62:8C:54
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1AFD8AE3C3DFE9AC6999C17A5ACBCF33A2D9FA03
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
Signing time: Fri 01 Aug 2025 17:11:00 +0000
ROA not before: Fri 01 Aug 2025 17:11:00 +0000
ROA not after: Fri 05 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:fd:8a:e3:c3:df:e9:ac:69:99:c1:7a:5a:cb:cf:33:a2:d9:fa:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 1 17:11:00 2025 GMT
Not After : Sep 5 23:59:59 2025 GMT
Subject: serialNumber=a4ebb38a1a554430b28a04203c311038cd59cd45eb05fcb952a9222d78599be9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:32:e0:ba:a3:f8:5c:2f:67:27:a3:6e:ce:f1:
8d:2c:9d:77:ba:40:bc:e3:07:67:37:51:3a:e4:48:
2e:be:78:ba:cf:67:85:fe:a5:83:54:3a:19:18:e6:
ae:7f:32:c2:42:da:f5:77:79:3b:ab:d7:c8:54:3e:
42:0c:44:65:71:48:72:f7:84:d3:06:89:e7:93:04:
e0:02:a1:f1:9b:a7:39:50:3c:64:ee:72:7c:07:79:
a0:01:28:01:36:c5:69:b1:71:dd:3d:6e:11:1c:67:
ba:25:17:0f:bb:d9:23:97:62:38:6e:a2:04:a7:a5:
28:66:de:a1:9c:15:6c:03:5d:3c:54:6a:d9:38:00:
0f:a0:e7:a2:61:12:a2:d0:29:4f:67:8d:f4:38:f7:
b8:3e:c0:c6:d8:c7:f1:f5:4d:da:21:2f:b4:60:42:
1d:fd:d5:60:5d:28:d2:15:5e:a1:29:a7:b8:b4:03:
95:39:7d:19:1f:84:68:03:9f:0b:fd:82:f5:59:cc:
96:ba:14:5f:8e:27:90:5c:0b:f3:d1:89:c0:8b:c8:
12:e9:61:86:8f:c3:2d:12:8d:a9:90:8a:6a:29:a5:
3b:6c:8c:69:2a:75:96:d7:69:94:c7:59:ea:1e:57:
05:d5:3c:e9:0a:e6:aa:d9:d5:98:0a:a8:f2:2b:73:
8d:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:37:89:C9:67:8C:F7:BD:76:90:5F:D4:E1:41:3A:6F:66:62:8C:54
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:800::/40
Signature Algorithm: sha256WithRSAEncryption
06:cf:5c:33:ad:5f:da:ee:e1:09:52:d5:53:59:2a:a6:87:ef:
a7:8a:6c:2b:68:72:9d:f5:4e:f7:57:43:0f:d3:e5:28:ed:c2:
5a:04:ba:34:a8:ec:1b:c7:f9:ee:5b:47:34:a2:3a:22:d8:9a:
83:eb:ef:3c:c8:ee:05:52:ea:18:0b:d2:96:19:e8:1a:f9:41:
bf:89:36:77:b6:97:75:73:64:64:a8:6d:71:3a:e1:6e:07:79:
04:f1:44:c2:6e:83:d5:66:0d:70:f9:86:8e:1f:26:80:d0:05:
87:73:b0:24:d1:07:4e:97:d3:cd:36:f7:c3:39:07:98:97:b1:
c8:49:61:b8:70:23:98:f0:15:a4:0f:51:7b:c1:59:20:95:dc:
f9:50:1e:f3:d3:b3:95:fb:d7:90:3a:b3:e3:4b:f7:6a:ed:5e:
38:35:30:e9:39:b6:2b:83:bd:98:41:b4:31:6c:6b:07:06:0e:
ae:87:af:68:2f:b3:38:fd:5c:59:8a:5d:54:41:a4:21:be:e2:
76:a2:b5:44:df:ea:6f:ab:8f:85:33:a1:a9:b3:71:f5:67:3d:
e9:e8:76:c0:2f:21:c0:38:aa:1a:27:7b:3e:82:82:56:cd:80:
98:d8:d3:4e:97:02:67:1f:b2:d6:6b:49:03:3e:d4:8c:9a:84:
17:16:68:67
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGv2K48Pf6axpmcF6WsvPM6LZ+gMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDExNzExMDBaFw0yNTA5MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0ZWJiMzhhMWE1NTQ0MzBiMjhhMDQyMDNjMzExMDM4Y2Q1OWNkNDVlYjA1
ZmNiOTUyYTkyMjJkNzg1OTliZTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJEy4Lqj+FwvZyejbs7xjSydd7pAvOMHZzdROuRILr54us9nhf6lg1Q6GRjm
rn8ywkLa9Xd5O6vXyFQ+QgxEZXFIcveE0waJ55ME4AKh8ZunOVA8ZO5yfAd5oAEo
ATbFabFx3T1uERxnuiUXD7vZI5diOG6iBKelKGbeoZwVbANdPFRq2TgAD6DnomES
otApT2eN9Dj3uD7AxtjH8fVN2iEvtGBCHf3VYF0o0hVeoSmnuLQDlTl9GR+EaAOf
C/2C9VnMlroUX44nkFwL89GJwIvIEulhho/DLRKNqZCKaimlO2yMaSp1ltdplMdZ
6h5XBdU86QrmqtnVmAqo8itzjd8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTSN4nJ
Z4z3vXaQX9ThQTpvZmKMVDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVkMzg0NzktNzUyZC00MThlLWE0ZmItMzk3YzVhYTQzMmY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DII
MA0GCSqGSIb3DQEBCwUAA4IBAQAGz1wzrV/a7uEJUtVTWSqmh++nimwraHKd9U73
V0MP0+Uo7cJaBLo0qOwbx/nuW0c0ojoi2JqD6+88yO4FUuoYC9KWGega+UG/iTZ3
tpd1c2RkqG1xOuFuB3kE8UTCboPVZg1w+YaOHyaA0AWHc7Ak0QdOl9PNNvfDOQeY
l7HISWG4cCOY8BWkD1F7wVkgldz5UB7z07OV+9eQOrPjS/dq7V44NTDpObYrg72Y
QbQxbGsHBg6uh69oL7M4/VxZil1UQaQhvuJ2orVE3+pvq4+FM6Gps3H1Zz3p6HbA
LyHAOKoaJ3s+goJWzYCY2NNOlwJnH7LWa0kDPtSMmoQXFmhn
-----END CERTIFICATE-----
Generated at Mon Aug 4 13:55:23 2025 by rpki-client