Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
File: 1d9a8425-e89b-4598-a680-84c5b341edfd.roa (raw, json)
Hash identifier: O6A4OoMRpKDzfoSA6WG6eNJ3dkkfgamDb7uz8jK/H70=
Subject key identifier: C6:86:68:7A:AB:3C:09:39:38:3E:77:ED:C1:B3:EA:9E:D2:8F:4D:9D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 322E046E9CC34872C15F410E71C05F1BA3D6E884
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
Signing time: Fri 11 Jul 2025 20:11:35 +0000
ROA not before: Fri 11 Jul 2025 20:11:35 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:2e:04:6e:9c:c3:48:72:c1:5f:41:0e:71:c0:5f:1b:a3:d6:e8:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:11:35 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=99758ddfc56cd9371c661a0b7c8945a05481ee0a379efed4b967851f37ba0c97, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e6:70:54:12:a5:ef:a6:2f:7e:3c:e8:0e:65:
90:3c:c5:0f:77:80:82:62:9b:12:22:3b:cb:1c:04:
3b:c0:7a:5a:27:03:c6:aa:00:c2:74:6e:fe:82:58:
58:53:71:47:54:b7:9b:e0:f2:73:8a:2f:83:4d:05:
22:11:a3:47:92:c9:12:08:7f:be:bd:2a:5d:36:91:
30:ef:ee:08:45:ec:71:b4:8f:f0:26:b1:e1:21:b5:
62:41:3e:3a:1f:ee:8b:5e:d0:cf:d9:bc:0a:9d:1b:
cf:3a:26:2f:70:91:bc:69:58:b3:19:43:ac:6f:09:
d0:fe:7d:51:46:06:14:6e:b2:85:fb:ef:6b:a2:99:
ab:db:56:c8:c9:61:fe:b8:50:38:10:ac:26:d0:1e:
d4:04:34:25:7f:ee:26:b0:fb:7b:ac:ab:a6:9f:a5:
05:98:b7:13:e7:f9:2a:a6:31:28:8b:2e:52:e4:eb:
ac:76:a9:30:dd:d4:23:f7:27:e1:49:d7:26:bb:fa:
40:5e:af:bf:8a:5d:a8:17:0d:dd:79:f6:ae:7d:08:
8e:03:4e:90:94:59:68:f1:f9:a3:ba:05:e7:8c:a0:
53:13:22:36:8c:27:c9:cd:cd:10:d9:ed:f3:b4:ca:
a1:1f:21:02:9a:b4:04:15:c2:38:74:d5:25:45:4c:
e5:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:86:68:7A:AB:3C:09:39:38:3E:77:ED:C1:B3:EA:9E:D2:8F:4D:9D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:2000::/40
Signature Algorithm: sha256WithRSAEncryption
17:68:64:93:1b:e6:b0:34:e1:7f:fa:cd:30:e6:2c:a8:ff:e0:
e8:75:da:c3:46:ca:04:e2:b7:d6:d3:86:01:c3:55:bd:67:b6:
ec:c3:e6:55:4c:1a:23:bd:db:d1:0c:a6:a9:cd:33:f5:68:fc:
00:26:2a:77:17:9f:74:73:bb:91:3b:aa:57:aa:e1:1b:37:d1:
d7:4d:a0:ce:fc:02:b7:ab:18:0a:27:eb:71:6a:0c:54:31:08:
83:4b:13:37:b7:99:9f:83:9f:60:e2:db:27:ca:80:31:27:95:
e2:fa:eb:32:74:2f:5a:c1:12:34:b3:21:77:72:e2:30:af:53:
23:75:8e:48:fe:b5:f4:eb:80:bb:56:39:ae:5e:f2:e7:15:f3:
b1:ec:0f:51:67:c9:24:fe:d2:8d:6e:5a:23:36:b8:17:d8:65:
6f:4a:0c:b1:b7:fe:85:b8:9b:8b:d1:2e:82:71:c7:d9:1c:3c:
00:f3:d6:b6:f3:ed:35:de:da:4e:a8:04:8b:f6:91:cf:fc:ac:
af:9b:30:a0:00:95:bc:34:86:37:90:83:a3:fc:cd:01:fd:cb:
fc:05:25:8d:05:3a:a4:4c:7e:06:b0:36:c3:4b:14:be:c7:a7:
a4:65:f8:7b:7a:8a:af:12:86:48:4b:5c:83:50:e8:43:af:39:
6e:3d:6b:53
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMi4EbpzDSHLBX0EOccBfG6PW6IQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDExMzVaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5NzU4ZGRmYzU2Y2Q5MzcxYzY2MWEwYjdjODk0NWEwNTQ4MWVlMGEzNzll
ZmVkNGI5Njc4NTFmMzdiYTBjOTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALzmcFQSpe+mL3486A5lkDzFD3eAgmKbEiI7yxwEO8B6WicDxqoAwnRu/oJY
WFNxR1S3m+Dyc4ovg00FIhGjR5LJEgh/vr0qXTaRMO/uCEXscbSP8Cax4SG1YkE+
Oh/ui17Qz9m8Cp0bzzomL3CRvGlYsxlDrG8J0P59UUYGFG6yhfvva6KZq9tWyMlh
/rhQOBCsJtAe1AQ0JX/uJrD7e6yrpp+lBZi3E+f5KqYxKIsuUuTrrHapMN3UI/cn
4UnXJrv6QF6vv4pdqBcN3Xn2rn0IjgNOkJRZaPH5o7oF54ygUxMiNownyc3NENnt
87TKoR8hApq0BBXCOHTVJUVM5acCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTGhmh6
qzwJOTg+d+3Bs+qe0o9NnTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ5YTg0MjUtZTg5Yi00NTk4LWE2ODAtODRjNWIzNDFlZGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAXaGSTG+awNOF/+s0w5iyo/+DoddrDRsoE4rfW
04YBw1W9Z7bsw+ZVTBojvdvRDKapzTP1aPwAJip3F590c7uRO6pXquEbN9HXTaDO
/AK3qxgKJ+txagxUMQiDSxM3t5mfg59g4tsnyoAxJ5Xi+usydC9awRI0syF3cuIw
r1MjdY5I/rX064C7VjmuXvLnFfOx7A9RZ8kk/tKNblojNrgX2GVvSgyxt/6FuJuL
0S6CccfZHDwA89a28+013tpOqASL9pHP/KyvmzCgAJW8NIY3kIOj/M0B/cv8BSWN
BTqkTH4GsDbDSxS+x6ekZfh7eoqvEoZIS1yDUOhDrzluPWtT
-----END CERTIFICATE-----
Generated at Mon Aug 4 14:22:40 2025 by rpki-client