Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
File: 8553b3da-6a47-43ee-87d3-5259a23c371b.roa (raw, json)
Hash identifier: umgBwEyXu4d8NpRQOOEA4oh9d1YNdrmcaur3PqcMldo=
Subject key identifier: 54:F9:4C:7B:BB:9D:C2:E2:37:C7:C1:B2:CA:0B:02:01:A3:D9:C9:E9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0D2BE0F42B5FA51BC915A1E823599DD8C70E9EB7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
Signing time: Fri 11 Jul 2025 20:21:09 +0000
ROA not before: Fri 11 Jul 2025 20:21:09 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:2b:e0:f4:2b:5f:a5:1b:c9:15:a1:e8:23:59:9d:d8:c7:0e:9e:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:21:09 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=85ef6a1133c2311a5fd4d7c0343d4d558eac82b3684cad8f114e685e45038a11, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:73:de:c1:17:60:dc:41:76:95:6e:73:17:06:
e0:69:de:46:04:8f:31:8d:27:12:ce:3d:60:43:d2:
33:07:34:0a:c0:ae:a6:e9:cc:24:d0:59:ba:6c:4a:
86:ca:0d:3a:d9:09:61:86:c6:54:bf:22:4f:d7:9d:
ce:93:84:93:25:84:ef:46:fb:5f:64:a4:f1:47:82:
06:34:05:43:49:40:be:a7:d7:5a:a8:e5:ea:05:7c:
17:46:89:50:f5:2f:4c:32:50:77:d0:d3:0b:66:1a:
d8:02:8d:af:e4:74:0a:7f:17:6c:7b:30:83:d6:d5:
24:d0:d5:30:5c:40:32:e1:3c:0d:4f:72:e9:ea:bc:
bf:0c:77:c5:c9:ec:3e:9e:e8:df:19:8f:78:51:77:
b9:44:eb:44:4a:bd:56:68:e5:9f:aa:10:b6:5e:8e:
f5:4a:58:b5:b1:91:bb:04:2b:c0:b2:3f:fc:ac:f6:
dd:fd:fc:d5:64:b1:74:40:b3:6e:b2:aa:7c:3d:46:
2e:e6:41:c3:e6:53:73:5e:34:ba:9a:27:1d:84:0f:
45:c1:47:78:9c:65:19:a3:da:cb:df:e5:1a:22:d3:
85:74:fc:a4:36:df:17:4c:e5:eb:1d:ae:bb:2d:18:
aa:3f:d1:20:fe:00:cc:b2:21:59:cb:29:72:3b:e0:
2f:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:F9:4C:7B:BB:9D:C2:E2:37:C7:C1:B2:CA:0B:02:01:A3:D9:C9:E9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:2000::/40
Signature Algorithm: sha256WithRSAEncryption
55:9f:e1:06:b4:c6:40:1d:db:05:ad:eb:60:b6:17:94:aa:10:
0c:47:a7:ca:12:5b:ed:77:68:f4:93:01:fc:e5:ef:80:00:89:
4c:b3:36:4d:1f:b7:80:53:59:05:bc:78:6c:b8:fd:e3:13:e3:
b7:91:8d:51:2d:df:63:2e:aa:22:51:98:cf:96:d5:2f:a4:c7:
a3:26:f6:27:8e:f8:a7:ad:b7:e2:4e:67:9b:27:a2:cb:f3:a7:
b6:99:de:64:e3:a0:ac:c7:c9:6f:83:0c:28:fb:58:c6:e6:74:
00:3a:fa:73:10:47:c5:de:94:21:73:fb:d0:81:26:28:d5:0c:
08:4d:da:fd:c2:3f:bf:c0:58:5b:55:30:0b:b3:26:c3:7c:80:
bd:8f:f7:ee:58:4d:20:52:96:2d:4c:1f:69:3c:ae:5d:53:0b:
ee:41:2d:2f:59:25:f1:45:9d:3d:d0:56:5d:fa:28:9e:9f:74:
2f:eb:12:bd:7f:39:5c:5e:e8:1f:5a:1a:1a:bd:26:94:1e:21:
df:25:61:7b:95:6c:e0:15:6e:7c:39:cc:3b:b1:d4:aa:a9:b1:
a6:f2:35:e2:ce:c9:64:db:a3:c3:14:44:47:2f:e3:83:31:f7:
7d:19:17:8c:7e:64:11:09:06:ce:cb:db:7f:15:82:bc:79:d3:
2e:69:58:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDSvg9CtfpRvJFaHoI1md2McOnrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDIxMDlaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1ZWY2YTExMzNjMjMxMWE1ZmQ0ZDdjMDM0M2Q0ZDU1OGVhYzgyYjM2ODRj
YWQ4ZjExNGU2ODVlNDUwMzhhMTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM5z3sEXYNxBdpVucxcG4GneRgSPMY0nEs49YEPSMwc0CsCupunMJNBZumxK
hsoNOtkJYYbGVL8iT9edzpOEkyWE70b7X2Sk8UeCBjQFQ0lAvqfXWqjl6gV8F0aJ
UPUvTDJQd9DTC2Ya2AKNr+R0Cn8XbHswg9bVJNDVMFxAMuE8DU9y6eq8vwx3xcns
Pp7o3xmPeFF3uUTrREq9Vmjln6oQtl6O9UpYtbGRuwQrwLI//Kz23f381WSxdECz
brKqfD1GLuZBw+ZTc140uponHYQPRcFHeJxlGaPay9/lGiLThXT8pDbfF0zl6x2u
uy0Yqj/RIP4AzLIhWcspcjvgL/8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRU+Ux7
u53C4jfHwbLKCwIBo9nJ6TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODU1M2IzZGEtNmE0Ny00M2VlLTg3ZDMtNTI1OWEyM2MzNzFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEg
MA0GCSqGSIb3DQEBCwUAA4IBAQBVn+EGtMZAHdsFretgtheUqhAMR6fKElvtd2j0
kwH85e+AAIlMszZNH7eAU1kFvHhsuP3jE+O3kY1RLd9jLqoiUZjPltUvpMejJvYn
jvinrbfiTmebJ6LL86e2md5k46Csx8lvgwwo+1jG5nQAOvpzEEfF3pQhc/vQgSYo
1QwITdr9wj+/wFhbVTALsybDfIC9j/fuWE0gUpYtTB9pPK5dUwvuQS0vWSXxRZ09
0FZd+iien3Qv6xK9fzlcXugfWhoavSaUHiHfJWF7lWzgFW58Ocw7sdSqqbGm8jXi
zslk26PDFERHL+ODMfd9GReMfmQRCQbOy9t/FYK8edMuaVgN
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:59:03 2025 by rpki-client