Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
File: 4cf83881-74f7-4033-977b-362e08e8d6d2.roa (raw, json)
Hash identifier: CBJ4yY1E+8ExnZ4+Oxk6OjcY7Z8JkJjOluicr/xUaPw=
Subject key identifier: 39:9F:7C:B7:15:5C:B8:3D:3D:3F:53:42:9A:E6:ED:A8:2C:39:41:98
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 68374824171098DB722FED40912008E3204140CF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
Signing time: Tue 10 Jun 2025 17:20:31 +0000
ROA not before: Tue 10 Jun 2025 17:20:31 +0000
ROA not after: Tue 15 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:37:48:24:17:10:98:db:72:2f:ed:40:91:20:08:e3:20:41:40:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 10 17:20:31 2025 GMT
Not After : Jul 15 23:59:59 2025 GMT
Subject: serialNumber=bd0eb38949a82055f3571a0453718e53e4cb2dd57bca94981ec8d1028cd7fbb5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:e4:d2:af:c4:90:e7:31:74:bc:77:89:4c:a1:
87:f8:c0:c0:7f:0a:e7:26:52:6c:e3:33:43:1c:3a:
ae:59:f1:c0:0c:27:2e:68:c6:87:23:03:59:c0:00:
f5:07:4c:e8:7b:7f:dd:22:2b:ad:72:47:4e:77:59:
4d:27:dd:21:cd:24:53:61:89:1e:ff:4f:b1:bc:fc:
b9:82:5e:99:f6:41:28:fa:8c:78:2b:18:0a:14:89:
7c:34:60:e5:2b:e9:ae:f4:e2:2f:7d:ab:1e:ea:1c:
d5:e4:17:2a:bf:79:f8:c9:75:87:3f:66:b0:81:77:
fa:8a:16:69:e0:a9:3a:f0:ad:7c:72:63:f7:b6:27:
13:18:4c:23:25:76:d2:91:d7:e6:64:67:c6:bd:9f:
4c:fe:15:f7:90:1b:58:4d:6c:8f:65:96:99:08:90:
73:a5:01:31:37:b7:98:72:54:5d:43:6a:8f:23:53:
dd:cf:13:53:6a:45:87:d3:c2:00:81:a6:2b:e7:d5:
62:c4:a7:26:49:93:ba:81:0c:e2:c4:a3:91:14:26:
12:4e:9a:85:3b:f2:38:5e:cf:38:1d:40:be:09:ed:
bf:65:26:4b:96:d0:63:16:a2:4e:e8:11:e0:bd:65:
ca:42:17:7f:7c:9d:a6:ab:10:80:2d:38:76:3e:54:
5b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:9F:7C:B7:15:5C:B8:3D:3D:3F:53:42:9A:E6:ED:A8:2C:39:41:98
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:840::/48
Signature Algorithm: sha256WithRSAEncryption
7f:b2:c8:48:fe:e6:54:b5:c9:aa:f6:87:da:e1:c6:b9:a7:6c:
a6:f5:cc:30:c9:a9:f3:9b:c9:8b:82:c7:a4:9f:a8:8e:e9:2d:
5e:7a:69:4a:52:d3:f3:4f:4a:00:54:4d:42:9b:00:ed:d8:10:
01:b5:9e:c8:a2:c2:97:00:c0:29:55:a5:59:fc:d4:46:22:a3:
5b:83:95:a0:9a:98:97:4a:39:20:b6:96:9b:b6:86:23:d8:c4:
3c:78:0b:64:a9:4c:9e:21:50:ce:49:8d:4e:d9:2e:de:e5:e8:
7f:33:db:74:ad:9c:eb:49:81:99:0b:15:9d:ed:a8:f5:34:8a:
9d:8f:4f:dc:09:dc:d8:2f:55:1b:71:29:00:f4:bd:2f:8c:b7:
3c:ec:1d:bd:26:93:2a:31:f3:d1:89:ac:d8:07:08:36:a4:e8:
c4:a4:8b:fb:45:4b:f1:cb:65:97:b7:54:cb:79:62:1a:49:af:
8f:2b:71:db:7c:04:d6:5b:0e:e0:da:96:54:60:df:f5:be:5d:
e2:0a:9c:e1:39:57:8a:73:4e:d5:a1:6c:fe:65:71:f9:4b:c8:
2e:d0:d4:9c:8c:60:71:95:25:36:ce:e3:ea:1b:68:b2:d5:6f:
07:25:8c:f3:a2:ce:66:82:a6:ec:81:00:26:11:57:59:11:b5:
94:4c:b4:3c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUaDdIJBcQmNtyL+1AkSAI4yBBQM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTAxNzIwMzFaFw0yNTA3MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJkMGViMzg5NDlhODIwNTVmMzU3MWEwNDUzNzE4ZTUzZTRjYjJkZDU3YmNh
OTQ5ODFlYzhkMTAyOGNkN2ZiYjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJTk0q/EkOcxdLx3iUyhh/jAwH8K5yZSbOMzQxw6rlnxwAwnLmjGhyMDWcAA
9QdM6Ht/3SIrrXJHTndZTSfdIc0kU2GJHv9Psbz8uYJemfZBKPqMeCsYChSJfDRg
5SvprvTiL32rHuoc1eQXKr95+Ml1hz9msIF3+ooWaeCpOvCtfHJj97YnExhMIyV2
0pHX5mRnxr2fTP4V95AbWE1sj2WWmQiQc6UBMTe3mHJUXUNqjyNT3c8TU2pFh9PC
AIGmK+fVYsSnJkmTuoEM4sSjkRQmEk6ahTvyOF7POB1Avgntv2UmS5bQYxaiTugR
4L1lykIXf3ydpqsQgC04dj5UW1cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ5n3y3
FVy4PT0/U0Ka5u2oLDlBmDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGNmODM4ODEtNzRmNy00MDMzLTk3N2ItMzYyZTA4ZThkNmQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HII
QDANBgkqhkiG9w0BAQsFAAOCAQEAf7LISP7mVLXJqvaH2uHGuadspvXMMMmp85vJ
i4LHpJ+ojuktXnppSlLT809KAFRNQpsA7dgQAbWeyKLClwDAKVWlWfzURiKjW4OV
oJqYl0o5ILaWm7aGI9jEPHgLZKlMniFQzkmNTtku3uXofzPbdK2c60mBmQsVne2o
9TSKnY9P3Anc2C9VG3EpAPS9L4y3POwdvSaTKjHz0Yms2AcINqToxKSL+0VL8ctl
l7dUy3liGkmvjytx23wE1lsO4NqWVGDf9b5d4gqc4TlXinNO1aFs/mVx+UvILtDU
nIxgcZUlNs7j6htostVvByWM86LOZoKm7IEAJhFXWRG1lEy0PA==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:39:23 2025 by rpki-client