Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03a11d7d-6d37-488c-8fe1-258c484d1682.roa
File: 03a11d7d-6d37-488c-8fe1-258c484d1682.roa (raw, json)
Hash identifier: 9dOt5cT3YfcPwOrxowD27Iu8wi7H0Po+ADsS9ks+xWw=
Subject key identifier: FE:C2:30:60:74:71:E2:25:1F:D4:D4:61:0A:B2:DB:90:EF:02:B9:8F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1589F1A1CDE2BD9B8F12F603856C258826C4C26B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03a11d7d-6d37-488c-8fe1-258c484d1682.roa
Signing time: Tue 20 May 2025 20:01:09 +0000
ROA not before: Tue 20 May 2025 20:01:09 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:89:f1:a1:cd:e2:bd:9b:8f:12:f6:03:85:6c:25:88:26:c4:c2:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:01:09 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=7e25070190c4bb5b684f05b34bacf9ba540c2936b2868c93ca7a84063b4016a6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:42:8b:c9:ce:57:c8:49:9d:2f:a2:8f:18:5d:
cb:ae:d2:c5:65:5f:c2:7c:b6:2d:f0:d8:9a:5b:4b:
4b:dd:55:40:96:ec:48:a5:a4:02:22:24:1f:14:cc:
33:cf:bf:0f:7b:ad:84:48:ca:59:44:c0:b7:3f:e7:
a9:14:50:57:6a:67:27:91:36:f0:3a:af:db:cc:77:
60:06:8f:22:07:f8:5b:8f:59:b2:ce:bf:4d:d5:15:
04:ac:fc:ba:fe:06:cf:33:db:e5:ea:00:4b:44:07:
5b:fd:88:af:2e:58:2e:4a:c1:aa:09:54:82:1c:26:
a6:5b:f9:b1:d0:18:ae:9c:b8:b7:a2:fb:a3:39:6f:
d9:3e:7d:3c:cf:6e:29:84:72:98:8d:0c:07:f4:e5:
09:3f:cd:49:8c:15:d5:47:b4:f5:21:cd:2f:9f:af:
c4:e2:c0:89:9a:5c:2a:f2:9c:95:55:c6:c6:96:98:
40:20:d8:1d:74:c4:26:e9:00:fa:71:db:d1:bb:39:
87:7a:d0:d0:d8:d3:93:fd:13:14:4e:b2:66:0b:f5:
e1:7d:ba:3e:f5:25:f4:1e:34:ee:84:6f:06:63:98:
7f:47:c4:23:27:49:a3:57:ab:75:b0:b0:5f:57:6b:
be:72:4d:90:06:a0:43:dd:27:83:3f:07:b9:cd:9e:
a2:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:C2:30:60:74:71:E2:25:1F:D4:D4:61:0A:B2:DB:90:EF:02:B9:8F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03a11d7d-6d37-488c-8fe1-258c484d1682.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:b000::/40
Signature Algorithm: sha256WithRSAEncryption
72:98:a3:ca:5b:1c:4c:27:fd:cf:75:08:1d:e9:54:bd:a7:da:
04:c3:69:6a:f1:fd:65:f3:92:de:6a:4a:ae:94:b0:45:2c:8b:
3f:09:f0:4d:7a:1e:e5:bd:0b:53:44:e4:6a:62:33:7c:6c:91:
0c:62:3a:bb:79:94:05:4d:ec:93:ff:50:62:74:87:65:d5:2a:
43:fc:13:a6:5d:fc:cc:14:7b:1d:32:c0:96:dc:46:cc:06:bb:
cc:b0:e7:83:e5:ec:09:03:9c:3f:ff:f1:0e:64:59:cd:d6:e7:
52:a4:ac:40:c1:1e:3c:93:84:95:4b:90:64:fc:c0:aa:3b:e8:
23:61:c5:57:d9:d8:72:5c:ac:d8:3f:0d:66:27:0a:40:b9:22:
57:31:3a:18:f6:d0:38:67:26:77:f4:12:5b:29:a5:24:1a:30:
d1:a4:39:02:b9:24:f2:68:4c:d0:0a:2b:bc:7a:88:11:45:62:
f7:fd:5b:48:c3:9b:2c:1e:63:3f:0f:08:ed:9b:b3:b7:a9:57:
83:54:b0:75:96:14:ee:3e:4c:1e:4a:c0:65:a7:61:08:d0:e9:
ee:79:9e:7d:8a:85:64:39:4b:95:ab:62:a7:ca:be:ec:df:e8:
8a:5f:37:95:7d:0e:48:f8:79:d0:5d:0a:9c:67:71:75:bd:ca:
3a:3d:47:8a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFYnxoc3ivZuPEvYDhWwliCbEwmswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDAxMDlaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMjUwNzAxOTBjNGJiNWI2ODRmMDViMzRiYWNmOWJhNTQwYzI5MzZiMjg2
OGM5M2NhN2E4NDA2M2I0MDE2YTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMlCi8nOV8hJnS+ijxhdy67SxWVfwny2LfDYmltLS91VQJbsSKWkAiIkHxTM
M8+/D3uthEjKWUTAtz/nqRRQV2pnJ5E28Dqv28x3YAaPIgf4W49Zss6/TdUVBKz8
uv4GzzPb5eoAS0QHW/2Iry5YLkrBqglUghwmplv5sdAYrpy4t6L7ozlv2T59PM9u
KYRymI0MB/TlCT/NSYwV1Ue09SHNL5+vxOLAiZpcKvKclVXGxpaYQCDYHXTEJukA
+nHb0bs5h3rQ0NjTk/0TFE6yZgv14X26PvUl9B407oRvBmOYf0fEIydJo1erdbCw
X1drvnJNkAagQ90ngz8Huc2eotcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+wjBg
dHHiJR/U1GEKstuQ7wK5jzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDNhMTFkN2QtNmQzNy00ODhjLThmZTEtMjU4YzQ4NGQxNjgyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCw
MA0GCSqGSIb3DQEBCwUAA4IBAQBymKPKWxxMJ/3PdQgd6VS9p9oEw2lq8f1l85Le
akqulLBFLIs/CfBNeh7lvQtTRORqYjN8bJEMYjq7eZQFTeyT/1BidIdl1SpD/BOm
XfzMFHsdMsCW3EbMBrvMsOeD5ewJA5w///EOZFnN1udSpKxAwR48k4SVS5Bk/MCq
O+gjYcVX2dhyXKzYPw1mJwpAuSJXMToY9tA4ZyZ39BJbKaUkGjDRpDkCuSTyaEzQ
Ciu8eogRRWL3/VtIw5ssHmM/Dwjtm7O3qVeDVLB1lhTuPkweSsBlp2EI0OnueZ59
ioVkOUuVq2Knyr7s3+iKXzeVfQ5I+HnQXQqcZ3F1vco6PUeK
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:37:54 2025 by rpki-client