Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: j1YsoarihXpAZZeuwXLlD8hIa2LEA5zwWYFMdGsCZgg=
Subject key identifier: F6:AF:42:9F:27:5F:E4:72:8A:2A:2B:7C:39:87:C7:A5:2B:36:9F:03
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2E251087B3C3B0A043D573B4E6ACEBCBB7CBE52E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Tue 20 May 2025 20:00:57 +0000
ROA not before: Tue 20 May 2025 20:00:57 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:25:10:87:b3:c3:b0:a0:43:d5:73:b4:e6:ac:eb:cb:b7:cb:e5:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:00:57 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=a1a9eb03688c18a71403052077e4a751a5d9085398d4e7edb2876b73b40ea28b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:8c:c0:cc:36:f2:60:a3:66:f9:3f:f5:cd:82:
65:23:80:a9:ec:c6:2e:d1:71:42:3c:41:59:e8:9b:
0f:d1:1d:61:e2:ea:78:33:d9:18:7e:e4:04:e3:ae:
af:e3:0c:f4:3c:27:61:06:d2:ee:74:0b:06:43:23:
4e:b8:11:f9:bf:2b:12:d8:c8:19:19:39:a5:2f:a4:
1f:e5:9a:13:56:e4:9a:ee:bc:26:32:fa:0b:68:de:
2e:5a:59:24:bd:66:e4:23:0a:80:c3:ab:47:25:0f:
c0:02:c2:42:53:e6:69:a1:b5:9c:cf:51:40:b8:a1:
dc:99:16:6a:bf:1c:c9:ea:dd:85:16:37:7e:47:23:
dc:97:6a:fb:15:42:76:21:6c:47:18:bc:e7:3f:e2:
16:89:53:d5:bd:7e:fa:48:10:fd:e1:52:0a:b5:a1:
77:02:25:07:95:42:51:13:b3:c1:8d:3d:83:2e:bf:
1c:01:d1:17:ff:b4:25:4e:2a:e9:eb:b9:7b:0e:e4:
29:0e:96:99:ad:df:19:bb:33:ae:e0:91:35:5d:95:
46:b8:45:fc:9a:3f:1d:67:54:31:e4:e5:d5:fb:9f:
3f:6e:fe:97:20:8d:37:b4:47:6d:11:64:ff:32:00:
36:bc:c2:4f:3f:9b:d9:e7:8c:bd:0b:cb:a7:84:58:
69:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:AF:42:9F:27:5F:E4:72:8A:2A:2B:7C:39:87:C7:A5:2B:36:9F:03
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
41:c7:d9:b9:60:8a:c4:70:9a:22:c5:fc:d1:97:2e:55:1c:26:
fc:92:57:24:66:bd:07:2b:9c:27:5f:54:f6:bd:97:dd:13:6d:
ce:93:64:05:1a:e7:39:09:b8:8b:11:09:36:be:b7:bc:f9:64:
16:f0:f3:2a:25:55:9f:f7:df:5e:fa:91:ee:1a:0e:77:1b:3b:
6e:d5:23:58:dd:e0:8a:dd:a4:0c:ad:6b:3c:dc:39:06:8b:b1:
4a:26:18:d6:59:a2:cd:31:f0:db:b3:a5:22:91:4e:d6:8f:f1:
70:80:02:56:1f:04:0b:33:04:6e:ca:f2:7d:27:f9:79:31:16:
10:9c:95:8e:ae:70:4c:36:1d:e2:0a:ae:b8:9a:0d:d5:5c:d5:
93:a3:90:b2:2a:76:58:1d:6a:94:1c:86:77:8a:bd:32:37:b4:
dc:b6:1a:25:f8:16:4e:57:d3:b4:d7:49:f4:d1:9e:64:85:28:
f3:60:d3:f1:b8:b7:ce:cb:2d:84:04:bc:c4:b7:9b:99:a2:3d:
02:f6:18:e3:3c:09:68:c8:95:da:ee:f8:04:97:6c:d6:37:a2:
36:ed:8f:61:12:03:da:94:de:bd:6d:93:d4:5e:ac:a5:23:31:
82:b4:5c:3b:dc:26:03:99:84:42:f8:c8:73:04:8f:ac:ca:fb:
dc:9a:bb:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULiUQh7PDsKBD1XO05qzry7fL5S4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDAwNTdaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGExYTllYjAzNjg4YzE4YTcxNDAzMDUyMDc3ZTRhNzUxYTVkOTA4NTM5OGQ0
ZTdlZGIyODc2YjczYjQwZWEyOGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOCMwMw28mCjZvk/9c2CZSOAqezGLtFxQjxBWeibD9EdYeLqeDPZGH7kBOOu
r+MM9DwnYQbS7nQLBkMjTrgR+b8rEtjIGRk5pS+kH+WaE1bkmu68JjL6C2jeLlpZ
JL1m5CMKgMOrRyUPwALCQlPmaaG1nM9RQLih3JkWar8cyerdhRY3fkcj3Jdq+xVC
diFsRxi85z/iFolT1b1++kgQ/eFSCrWhdwIlB5VCUROzwY09gy6/HAHRF/+0JU4q
6eu5ew7kKQ6Wma3fGbszruCRNV2VRrhF/Jo/HWdUMeTl1fufP27+lyCNN7RHbRFk
/zIANrzCTz+b2eeMvQvLp4RYaaUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT2r0Kf
J1/kcooqK3w5h8elKzafAzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQBBx9m5YIrEcJoixfzRly5VHCb8klckZr0HK5wn
X1T2vZfdE23Ok2QFGuc5CbiLEQk2vre8+WQW8PMqJVWf999e+pHuGg53Gztu1SNY
3eCK3aQMrWs83DkGi7FKJhjWWaLNMfDbs6UikU7Wj/FwgAJWHwQLMwRuyvJ9J/l5
MRYQnJWOrnBMNh3iCq64mg3VXNWTo5CyKnZYHWqUHIZ3ir0yN7Tcthol+BZOV9O0
10n00Z5khSjzYNPxuLfOyy2EBLzEt5uZoj0C9hjjPAloyJXa7vgEl2zWN6I27Y9h
EgPalN69bZPUXqylIzGCtFw73CYDmYRC+MhzBI+syvvcmrui
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:37:54 2025 by rpki-client