Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8eb63ceb-3350-490c-9a1a-85b2563a8947.roa
File: 8eb63ceb-3350-490c-9a1a-85b2563a8947.roa (raw, json)
Hash identifier: E3MPXJ9E4sQzId7P1xhqJ0muJTHH4EkdG1rxOQ5d+Dc=
Subject key identifier: 17:DB:2A:56:8B:21:3A:19:52:5A:D4:A4:E6:DB:89:0E:42:F4:7C:15
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1AA23F07BE86B723AF1FCA22977404E2F309893D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8eb63ceb-3350-490c-9a1a-85b2563a8947.roa
Signing time: Tue 20 May 2025 20:21:31 +0000
ROA not before: Tue 20 May 2025 20:21:31 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:a2:3f:07:be:86:b7:23:af:1f:ca:22:97:74:04:e2:f3:09:89:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:21:31 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=8dd921b2cda03fd84a99ec93d8a4f9490416a27a08794f250c3751a2cf4e20df, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:d6:40:7e:3f:29:61:ab:33:a8:92:33:f0:33:
b4:b5:53:23:84:04:c1:ec:70:40:63:0e:1f:e1:8b:
63:87:7b:08:b0:80:e7:b1:e4:21:45:41:d0:d1:e1:
74:d3:ca:24:3f:0c:ea:e6:be:aa:14:74:c6:75:d0:
24:84:da:7c:55:d4:ca:60:42:93:ed:4a:23:57:70:
41:54:b9:21:da:bc:9b:3e:e6:a2:6c:0e:5c:af:94:
a7:60:14:3d:6e:aa:d1:f5:76:23:47:ce:aa:00:af:
90:21:2c:e8:98:cb:e5:3a:59:ae:d5:7e:d4:57:f7:
70:8e:cb:a7:8e:ab:f9:f2:07:e7:e1:bb:27:63:f0:
ee:36:00:c8:f1:bf:85:99:16:6d:99:09:03:f4:c0:
ef:d6:e2:4c:e8:58:46:e6:29:9e:ee:6e:ed:f4:a8:
43:35:73:23:7b:32:21:97:8c:1c:d4:93:06:13:ce:
da:8d:5e:ca:6e:c1:aa:cd:4a:30:19:4a:a1:f9:c3:
09:cc:4d:c2:79:48:37:41:35:50:a5:d5:b3:63:38:
27:50:e0:3b:50:af:50:eb:fb:95:74:70:10:de:fe:
45:05:a0:d5:f3:08:cb:1c:d5:83:40:a8:53:52:15:
c3:d3:58:05:46:b2:ab:85:68:da:9c:b1:c1:32:fb:
af:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:DB:2A:56:8B:21:3A:19:52:5A:D4:A4:E6:DB:89:0E:42:F4:7C:15
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8eb63ceb-3350-490c-9a1a-85b2563a8947.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:4000::/40
Signature Algorithm: sha256WithRSAEncryption
55:5c:90:f7:46:c9:36:ff:07:e6:0b:ca:3a:ff:d2:f8:28:2a:
8a:43:8a:a1:da:17:01:a8:5e:e3:7b:24:7e:59:9f:b2:c3:f1:
8a:36:05:76:6e:13:2f:e5:0c:cb:0b:f1:54:94:5e:af:b7:0f:
a7:d7:cc:2d:00:88:ea:39:2b:91:66:43:40:a8:1a:2e:02:d9:
91:1a:62:c2:12:70:29:8e:3a:e0:a8:a0:45:e3:cb:2a:1f:64:
92:d0:d3:09:1f:df:fb:24:34:5d:58:84:b2:4f:9f:8a:5b:94:
70:43:06:72:eb:9a:e6:17:11:81:24:74:7b:c6:9f:fd:46:74:
13:cd:81:d8:d5:27:88:08:43:0e:64:fa:6e:bf:04:83:15:63:
46:e2:e4:3a:4c:28:f6:60:36:67:ed:77:e6:36:81:19:cc:95:
ee:0c:0a:a2:52:0e:1e:6d:3c:d5:f5:d5:ac:f8:06:03:5d:c6:
96:40:da:98:4e:4c:82:ec:98:61:9a:95:f5:41:f2:98:dd:0f:
47:64:23:e0:e7:f3:43:09:4a:fa:41:35:a9:1e:57:b8:c1:73:
41:e0:44:b6:48:43:c1:6b:fa:30:d5:0c:25:47:a8:72:b0:85:
77:f2:18:29:08:60:01:e8:7e:70:9e:4b:3c:1a:eb:e3:ac:57:
85:4d:8e:8c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGqI/B76GtyOvH8oil3QE4vMJiT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDIxMzFaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkZDkyMWIyY2RhMDNmZDg0YTk5ZWM5M2Q4YTRmOTQ5MDQxNmEyN2EwODc5
NGYyNTBjMzc1MWEyY2Y0ZTIwZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALbWQH4/KWGrM6iSM/AztLVTI4QEwexwQGMOH+GLY4d7CLCA57HkIUVB0NHh
dNPKJD8M6ua+qhR0xnXQJITafFXUymBCk+1KI1dwQVS5Idq8mz7momwOXK+Up2AU
PW6q0fV2I0fOqgCvkCEs6JjL5TpZrtV+1Ff3cI7Lp46r+fIH5+G7J2Pw7jYAyPG/
hZkWbZkJA/TA79biTOhYRuYpnu5u7fSoQzVzI3syIZeMHNSTBhPO2o1eym7Bqs1K
MBlKofnDCcxNwnlIN0E1UKXVs2M4J1DgO1CvUOv7lXRwEN7+RQWg1fMIyxzVg0Co
U1IVw9NYBUayq4Vo2pyxwTL7r7cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQX2ypW
iyE6GVJa1KTm24kOQvR8FTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGViNjNjZWItMzM1MC00OTBjLTlhMWEtODViMjU2M2E4OTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HFA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVXJD3Rsk2/wfmC8o6/9L4KCqKQ4qh2hcBqF7j
eyR+WZ+yw/GKNgV2bhMv5QzLC/FUlF6vtw+n18wtAIjqOSuRZkNAqBouAtmRGmLC
EnApjjrgqKBF48sqH2SS0NMJH9/7JDRdWISyT5+KW5RwQwZy65rmFxGBJHR7xp/9
RnQTzYHY1SeICEMOZPpuvwSDFWNG4uQ6TCj2YDZn7XfmNoEZzJXuDAqiUg4ebTzV
9dWs+AYDXcaWQNqYTkyC7JhhmpX1QfKY3Q9HZCPg5/NDCUr6QTWpHle4wXNB4ES2
SEPBa/ow1QwlR6hysIV38hgpCGAB6H5wnks8GuvjrFeFTY6M
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:36:47 2025 by rpki-client