Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa
File: 8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa (raw, json)
Hash identifier: u/pMkhBXdILWUg/kTboVB8ax6+cyrJAS+KPtuCakBc0=
Subject key identifier: 1C:1D:37:B1:F6:07:7D:91:EE:AD:F2:33:EB:14:BD:D3:AF:87:C1:B6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 75A9FB05C714F8544B8567E040B2DB09AF7FAD06
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa
Signing time: Mon 21 Jul 2025 16:50:52 +0000
ROA not before: Mon 21 Jul 2025 16:50:52 +0000
ROA not after: Mon 25 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:a9:fb:05:c7:14:f8:54:4b:85:67:e0:40:b2:db:09:af:7f:ad:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 21 16:50:52 2025 GMT
Not After : Aug 25 23:59:59 2025 GMT
Subject: serialNumber=7e16f951904561ee2f6cd07a28baa2118ce2f62bbeaeb38ff5a66acbca8cdec3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:07:ae:33:4f:52:15:43:f7:f8:51:51:b9:b2:
43:df:0b:27:61:90:d1:09:03:ac:3a:ba:a6:74:9d:
2b:02:e2:14:72:c1:c7:81:5b:72:30:a6:92:f4:17:
49:0b:13:8f:11:a6:2a:ce:da:a5:61:83:fc:85:52:
f2:f9:77:6a:52:aa:8c:03:52:70:e5:62:bc:e1:df:
8a:e2:67:9d:fa:9a:56:82:f7:71:88:1f:7d:78:52:
98:93:71:93:39:70:df:54:15:15:e6:70:94:a8:33:
00:fa:c9:c9:44:74:e4:59:c7:04:13:10:ac:7a:97:
6b:2a:9d:70:45:fb:ca:5a:1b:19:dd:7f:cf:07:2d:
c8:40:f3:e5:31:49:7d:20:21:07:ef:03:ef:18:ac:
24:44:dd:ff:86:85:39:bf:f3:fc:bc:ae:b0:07:a9:
2e:ba:61:9d:fe:70:9a:8f:af:e3:ae:e0:1c:6d:ac:
fa:99:49:60:b3:f7:35:62:6f:4c:c8:8b:04:f8:f8:
4d:18:63:24:b0:7a:e1:c4:37:56:a8:db:b7:a4:fa:
bc:5e:3e:dd:63:f9:3d:d7:de:ce:ee:59:79:cb:70:
fc:91:50:91:82:b0:7e:ea:80:72:54:ea:f1:9b:c7:
f4:d9:e9:b1:0a:6a:63:d6:3d:65:a6:15:a6:dd:f7:
31:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:1D:37:B1:F6:07:7D:91:EE:AD:F2:33:EB:14:BD:D3:AF:87:C1:B6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:8000::/40
Signature Algorithm: sha256WithRSAEncryption
78:0d:fb:54:07:f7:6a:2b:a6:d4:ca:1a:f1:67:cb:44:40:9a:
42:f8:90:00:38:92:7f:ee:5f:4c:fb:56:71:89:3c:9c:06:60:
41:99:6b:8b:45:7b:71:9f:6a:39:f0:72:b0:1e:26:58:73:f7:
56:97:4b:4f:a5:47:ca:74:69:9e:a1:82:0d:b7:e6:b2:70:90:
8c:e3:6b:c9:bd:ca:8a:d2:3f:03:c6:56:ed:4b:38:d1:c3:93:
d3:ac:25:c3:13:ef:7c:d9:3b:53:23:36:00:34:d1:d7:ce:c1:
6a:1d:f7:ac:0a:7d:10:33:04:ab:ab:fd:0d:ce:95:6e:69:f9:
cf:fe:83:20:30:2d:dd:dd:48:b1:e3:3b:ce:dc:52:d0:b2:a3:
53:74:df:34:1b:22:9e:93:96:8b:ae:6e:ed:40:07:42:d7:93:
48:8f:4b:9e:4c:f2:08:1a:f8:3c:92:cb:b6:6a:79:04:1c:b9:
a5:5c:e4:13:60:70:43:9b:b9:74:24:3e:59:e3:11:e3:85:a5:
cf:00:37:33:65:a7:9f:4b:04:08:4a:96:8c:aa:98:ef:7f:34:
d0:2c:76:57:6e:39:67:89:2f:72:99:5b:60:b1:5e:d8:e6:be:
10:ad:40:6c:a0:be:98:ac:91:d7:39:c4:79:ca:af:80:91:eb:
17:ff:99:dc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdan7BccU+FRLhWfgQLLbCa9/rQYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MjExNjUwNTJaFw0yNTA4MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMTZmOTUxOTA0NTYxZWUyZjZjZDA3YTI4YmFhMjExOGNlMmY2MmJiZWFl
YjM4ZmY1YTY2YWNiY2E4Y2RlYzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMMHrjNPUhVD9/hRUbmyQ98LJ2GQ0QkDrDq6pnSdKwLiFHLBx4FbcjCmkvQX
SQsTjxGmKs7apWGD/IVS8vl3alKqjANScOVivOHfiuJnnfqaVoL3cYgffXhSmJNx
kzlw31QVFeZwlKgzAPrJyUR05FnHBBMQrHqXayqdcEX7ylobGd1/zwctyEDz5TFJ
fSAhB+8D7xisJETd/4aFOb/z/LyusAepLrphnf5wmo+v467gHG2s+plJYLP3NWJv
TMiLBPj4TRhjJLB64cQ3Vqjbt6T6vF4+3WP5Pdfezu5Zectw/JFQkYKwfuqAclTq
8ZvH9NnpsQpqY9Y9ZaYVpt33MYcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQcHTex
9gd9ke6t8jPrFL3Tr4fBtjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGY2Y2FiNmYtNDRiZS00ZjgwLTkwNDAtYzJmOWFiMGUwNTc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HOA
MA0GCSqGSIb3DQEBCwUAA4IBAQB4DftUB/dqK6bUyhrxZ8tEQJpC+JAAOJJ/7l9M
+1ZxiTycBmBBmWuLRXtxn2o58HKwHiZYc/dWl0tPpUfKdGmeoYINt+aycJCM42vJ
vcqK0j8DxlbtSzjRw5PTrCXDE+982TtTIzYANNHXzsFqHfesCn0QMwSrq/0NzpVu
afnP/oMgMC3d3Uix4zvO3FLQsqNTdN80GyKek5aLrm7tQAdC15NIj0ueTPIIGvg8
ksu2ankEHLmlXOQTYHBDm7l0JD5Z4xHjhaXPADczZaefSwQISpaMqpjvfzTQLHZX
bjlniS9ymVtgsV7Y5r4QrUBsoL6YrJHXOcR5yq+AkesX/5nc
-----END CERTIFICATE-----
Generated at Mon Aug 4 13:58:43 2025 by rpki-client