Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
File: d2b7a4eb-e2de-4458-a759-5125161eb686.roa (raw, json)
Hash identifier: yHvB6eS+/2bSQ2FKE2B81DZ4nQTFA7uoRK05TqUeI1c=
Subject key identifier: 76:10:EF:0D:5D:7E:4C:DA:BA:8F:61:56:11:D7:D7:91:3E:6B:E1:C2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0BB8FD7EDED09167025028888CAC6CF2898530E9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
Signing time: Fri 25 Jul 2025 16:50:43 +0000
ROA not before: Fri 25 Jul 2025 16:50:43 +0000
ROA not after: Fri 29 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:b8:fd:7e:de:d0:91:67:02:50:28:88:8c:ac:6c:f2:89:85:30:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 25 16:50:43 2025 GMT
Not After : Aug 29 23:59:59 2025 GMT
Subject: serialNumber=33d064a2c00841e3378467482aecf5e510fc2616e1fb926fd4691fb71191ee90, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:d3:f9:64:70:02:c8:56:a6:eb:00:95:68:5b:
53:20:95:d4:0b:f0:7d:4b:4f:2f:43:74:f7:9c:4f:
e1:e5:66:f0:94:e6:f8:1a:f5:13:37:02:b1:32:29:
82:ad:dd:74:29:85:8e:75:1d:9a:d5:64:bf:10:4d:
9c:7a:b3:28:e5:07:bf:5e:e1:52:d9:2f:d2:89:03:
8c:77:16:ec:b4:b6:af:e2:d1:fb:3c:28:09:31:87:
50:e5:30:ba:06:61:3d:c5:15:2c:06:13:88:40:d6:
31:22:c6:5c:fb:6d:5c:2e:17:32:51:72:15:7b:4a:
6a:63:a2:b3:ff:88:08:c3:4c:2e:42:fd:6d:2c:da:
e9:a2:bb:16:80:63:f4:5a:f6:85:be:2e:84:29:7b:
09:1e:b2:ae:8f:a5:8c:e7:93:ff:4d:8a:a4:77:fd:
91:b1:6a:ec:71:bc:2a:87:2e:fa:d8:92:72:f2:72:
68:36:27:17:1a:45:19:76:6e:35:d7:c4:b8:c9:25:
b5:8d:cc:b3:e1:48:af:17:a1:00:e0:c5:7e:f4:70:
fa:de:c3:53:b0:31:26:97:4b:9d:61:60:cb:92:fe:
40:ce:0a:ae:40:b4:9b:eb:50:8c:99:6b:3d:c3:10:
7d:83:c2:37:9b:3e:64:aa:b9:52:d4:53:4d:a3:7b:
36:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:10:EF:0D:5D:7E:4C:DA:BA:8F:61:56:11:D7:D7:91:3E:6B:E1:C2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:a000::/40
Signature Algorithm: sha256WithRSAEncryption
01:c5:0b:ec:e5:17:b7:82:19:b5:99:6f:0d:93:1a:c2:ab:b7:
6c:02:71:24:1f:b1:60:08:89:20:d8:0d:fb:7a:7a:ad:74:ea:
91:6c:43:c1:9a:82:92:3b:ab:90:3f:d0:4a:c5:94:98:9c:b6:
ee:1e:a9:7d:51:60:14:7d:b6:58:43:62:78:f7:d1:af:af:0e:
bc:b9:8f:29:71:06:96:a3:cf:18:9d:27:e2:9b:f1:91:a4:a6:
b9:ee:d4:01:5f:d9:92:53:7d:a5:d0:ec:a5:8c:0b:60:eb:49:
69:6e:b1:eb:0d:bb:89:94:06:a8:af:1a:34:60:a6:f0:0f:2f:
2b:9a:22:0a:d7:a5:c3:d4:f7:4b:9e:38:0a:c2:f8:cb:e0:fe:
9e:9d:57:56:3e:32:53:e7:05:b8:9b:52:2a:a9:a4:e5:13:68:
f6:a4:8b:ed:a2:67:3e:72:6c:0f:dc:f6:0e:af:99:85:71:3c:
13:fd:94:49:bc:47:0c:1b:da:82:1c:25:f0:ef:61:b1:15:03:
7e:01:e7:60:b2:a7:d7:2d:fd:16:21:26:cd:7c:97:c1:99:70:
54:ad:ef:2e:12:73:e7:4d:41:d6:47:5a:ec:3b:39:bf:f6:f4:
d1:58:6c:a5:4a:99:8d:cc:57:96:9f:f9:61:f7:d7:3f:9b:be:
d0:b7:33:66
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUC7j9ft7QkWcCUCiIjKxs8omFMOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MjUxNjUwNDNaFw0yNTA4MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDMzZDA2NGEyYzAwODQxZTMzNzg0Njc0ODJhZWNmNWU1MTBmYzI2MTZlMWZi
OTI2ZmQ0NjkxZmI3MTE5MWVlOTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJvT+WRwAshWpusAlWhbUyCV1AvwfUtPL0N095xP4eVm8JTm+Br1EzcCsTIp
gq3ddCmFjnUdmtVkvxBNnHqzKOUHv17hUtkv0okDjHcW7LS2r+LR+zwoCTGHUOUw
ugZhPcUVLAYTiEDWMSLGXPttXC4XMlFyFXtKamOis/+ICMNMLkL9bSza6aK7FoBj
9Fr2hb4uhCl7CR6yro+ljOeT/02KpHf9kbFq7HG8Kocu+tiScvJyaDYnFxpFGXZu
NdfEuMkltY3Ms+FIrxehAODFfvRw+t7DU7AxJpdLnWFgy5L+QM4KrkC0m+tQjJlr
PcMQfYPCN5s+ZKq5UtRTTaN7Nv8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR2EO8N
XX5M2rqPYVYR19eRPmvhwjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJiN2E0ZWItZTJkZS00NDU4LWE3NTktNTEyNTE2MWViNjg2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fmg
MA0GCSqGSIb3DQEBCwUAA4IBAQABxQvs5Re3ghm1mW8NkxrCq7dsAnEkH7FgCIkg
2A37enqtdOqRbEPBmoKSO6uQP9BKxZSYnLbuHql9UWAUfbZYQ2J499Gvrw68uY8p
cQaWo88YnSfim/GRpKa57tQBX9mSU32l0OyljAtg60lpbrHrDbuJlAaorxo0YKbw
Dy8rmiIK16XD1PdLnjgKwvjL4P6enVdWPjJT5wW4m1IqqaTlE2j2pIvtomc+cmwP
3PYOr5mFcTwT/ZRJvEcMG9qCHCXw72GxFQN+AedgsqfXLf0WISbNfJfBmXBUre8u
EnPnTUHWR1rsOzm/9vTRWGylSpmNzFeWn/lh99c/m77QtzNm
-----END CERTIFICATE-----
Generated at Mon Aug 4 13:56:56 2025 by rpki-client