Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
File: 975dfb4d-ef39-4371-9678-ff7909080d1e.roa (raw, json)
Hash identifier: mNmLQysSgmqNXq9RBGs86evIMN/h/9mI/t843Ej5/NA=
Subject key identifier: BF:61:BA:DA:F7:3E:AD:76:B3:88:19:B5:32:B8:31:A5:92:75:2A:DE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 67CF7EA8CC5E9F753109E4219AEE90EAC9EA7173
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
Signing time: Tue 20 May 2025 18:40:56 +0000
ROA not before: Tue 20 May 2025 18:40:56 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:cf:7e:a8:cc:5e:9f:75:31:09:e4:21:9a:ee:90:ea:c9:ea:71:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:40:56 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=dd90ca3326406cc6364a309dfb38eef638e1c6b2e53946a07cdc1e8c3167c64e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:31:4b:77:bf:e7:48:2a:e3:ee:32:e3:04:ae:
d8:a6:b0:e7:dd:1b:02:e5:1e:66:13:de:a8:b5:bb:
3d:84:cb:a6:84:08:9e:e4:c5:e9:8b:8c:c5:6c:f9:
5d:73:8d:f7:19:ef:f9:33:60:95:da:6c:fc:3f:a9:
e7:01:0f:b6:6d:fa:c3:e2:51:ff:83:46:1a:07:fa:
be:35:30:6d:a4:72:e6:4a:f3:3f:94:cd:f7:8c:ef:
58:51:57:b6:38:93:20:0d:08:72:5c:63:5a:dd:3d:
fe:7f:7d:43:9d:b4:3b:e2:c5:64:1e:d5:e1:35:af:
d1:82:9c:c1:e5:26:cd:f3:aa:42:99:3a:90:0b:67:
40:13:3b:89:b4:7a:c1:7a:d7:fb:f0:93:93:46:d5:
bd:f7:0d:e1:c9:55:5e:25:46:a5:68:21:d7:cd:94:
9c:de:12:0e:db:00:30:b2:62:cb:c0:c6:a6:66:24:
a3:ae:1b:63:63:6e:be:1e:06:30:30:db:2d:5e:fa:
b2:3c:34:98:d0:05:b5:3f:a4:e3:d4:2a:98:9d:b6:
2d:b3:03:ef:89:ab:65:91:61:7e:f8:24:61:1f:7f:
84:54:85:1a:94:fb:d2:06:a6:54:1a:62:5f:f0:cc:
1b:ed:27:fe:d5:4b:0f:67:ec:40:51:53:64:d6:16:
a6:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:61:BA:DA:F7:3E:AD:76:B3:88:19:B5:32:B8:31:A5:92:75:2A:DE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:b080::/48
Signature Algorithm: sha256WithRSAEncryption
90:b0:27:8e:59:c7:84:b9:4c:0d:21:1c:2f:ba:c3:f3:ec:0d:
c8:35:ef:b8:07:b5:cd:e2:74:46:b0:0d:57:c5:3b:e7:4a:68:
e7:d4:3a:a2:27:06:32:f6:c1:7b:ce:fb:37:bb:2d:93:fd:60:
e8:6b:be:eb:2e:e2:9c:ab:2c:b5:cc:c1:3b:11:2c:1a:1d:60:
e0:c9:08:05:78:26:16:3e:1b:20:71:0a:48:e5:be:23:88:1d:
26:44:32:cd:2c:a8:4b:2f:71:a9:3e:2a:62:f0:56:39:f5:2b:
f9:ca:a0:26:70:e8:06:20:c1:c9:f2:ce:7a:a4:8f:01:82:28:
cd:e9:54:fb:18:16:29:2c:42:d3:8f:6b:1e:a8:52:11:35:a3:
da:66:09:8a:3d:2e:40:25:ce:b1:97:8d:1b:79:1d:c9:9f:85:
f2:34:cb:19:e6:24:ba:20:26:98:37:63:1b:ac:95:ac:84:1c:
87:ea:46:bb:45:a7:b0:3d:89:40:3c:1c:97:7f:16:fd:7c:a8:
04:09:65:78:33:d2:94:50:43:78:0b:5a:19:14:4a:14:f2:33:
d5:82:3a:0a:5f:6c:9f:33:2d:34:74:18:1f:b1:91:5a:3a:a1:
d7:b4:b8:2c:df:62:7f:a7:03:06:e1:d9:e0:a4:94:06:8e:a3:
78:cc:4b:ff
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZ89+qMxen3UxCeQhmu6Q6snqcXMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODQwNTZaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkOTBjYTMzMjY0MDZjYzYzNjRhMzA5ZGZiMzhlZWY2MzhlMWM2YjJlNTM5
NDZhMDdjZGMxZThjMzE2N2M2NGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOwxS3e/50gq4+4y4wSu2Kaw590bAuUeZhPeqLW7PYTLpoQInuTF6YuMxWz5
XXON9xnv+TNgldps/D+p5wEPtm36w+JR/4NGGgf6vjUwbaRy5krzP5TN94zvWFFX
tjiTIA0IclxjWt09/n99Q520O+LFZB7V4TWv0YKcweUmzfOqQpk6kAtnQBM7ibR6
wXrX+/CTk0bVvfcN4clVXiVGpWgh182UnN4SDtsAMLJiy8DGpmYko64bY2Nuvh4G
MDDbLV76sjw0mNAFtT+k49QqmJ22LbMD74mrZZFhfvgkYR9/hFSFGpT70gamVBpi
X/DMG+0n/tVLD2fsQFFTZNYWpkUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS/Ybra
9z6tdrOIGbUyuDGlknUq3jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc1ZGZiNGQtZWYzOS00MzcxLTk2NzgtZmY3OTA5MDgwZDFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKw
gDANBgkqhkiG9w0BAQsFAAOCAQEAkLAnjlnHhLlMDSEcL7rD8+wNyDXvuAe1zeJ0
RrANV8U750po59Q6oicGMvbBe877N7stk/1g6Gu+6y7inKsstczBOxEsGh1g4MkI
BXgmFj4bIHEKSOW+I4gdJkQyzSyoSy9xqT4qYvBWOfUr+cqgJnDoBiDByfLOeqSP
AYIozelU+xgWKSxC049rHqhSETWj2mYJij0uQCXOsZeNG3kdyZ+F8jTLGeYkuiAm
mDdjG6yVrIQch+pGu0WnsD2JQDwcl38W/XyoBAlleDPSlFBDeAtaGRRKFPIz1YI6
Cl9snzMtNHQYH7GRWjqh17S4LN9if6cDBuHZ4KSUBo6jeMxL/w==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:52:47 2025 by rpki-client