Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
File: 98ae6903-6674-49ca-b677-ce1e731619a3.roa (raw, json)
Hash identifier: 9U71Uw0opxMmKcqI0rU4TgDI2tm/SgK+ny2+CZyXONY=
Subject key identifier: AC:8F:5F:39:6F:FC:6D:7A:AA:04:B3:2F:6A:88:13:38:49:8C:8F:1F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 32853676033248435FBA49D3E3F23EBBDABA1135
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
Signing time: Sat 24 May 2025 00:30:07 +0000
ROA not before: Sat 24 May 2025 00:30:07 +0000
ROA not after: Sat 28 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:85:36:76:03:32:48:43:5f:ba:49:d3:e3:f2:3e:bb:da:ba:11:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 24 00:30:07 2025 GMT
Not After : Jun 28 23:59:59 2025 GMT
Subject: serialNumber=cb3bb7e6c63c620f5801c966a584e4785a336817ccc1f7d6ad0464950717736f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:34:05:5e:23:ff:2c:a6:04:a8:b5:1a:d5:a1:
24:ef:63:a5:43:b7:f4:cb:cd:b8:d6:7d:ad:34:95:
4c:bf:85:5b:3d:dc:5a:f8:5b:32:da:fd:f1:7b:ba:
e9:61:6f:0b:ec:95:bc:48:f0:09:f7:7a:3e:7b:43:
36:5a:e0:51:a7:b2:d3:a1:ea:e1:21:f6:b9:29:0f:
91:24:93:65:78:1d:1b:3a:7a:16:cb:99:91:8d:15:
49:c2:fa:f4:84:62:78:d3:ce:fb:d6:88:a7:55:03:
6f:79:c6:0b:37:59:79:00:38:99:52:fc:1b:9b:4d:
d3:3b:fc:55:b4:ab:53:97:fe:4e:2e:8b:d1:db:18:
89:52:5c:b1:3d:83:e6:3d:c9:4a:a6:eb:2b:90:cf:
e2:5d:0c:04:9a:b5:81:0f:26:dc:d8:34:ff:78:be:
bd:39:7b:fa:a3:df:c5:aa:5d:c9:78:80:e4:9f:25:
6d:b0:07:fd:c5:54:78:a7:94:ac:2b:2b:ec:98:e6:
40:e7:ed:f5:07:ae:17:27:fb:89:86:6c:fa:62:77:
c6:49:25:a4:86:ff:2e:ed:a1:54:cf:8a:cd:5f:2a:
41:9b:52:a4:25:09:82:09:58:63:f8:26:f2:58:f6:
98:e6:38:d2:cd:a8:18:c8:ea:c9:00:29:5e:23:59:
17:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:8F:5F:39:6F:FC:6D:7A:AA:04:B3:2F:6A:88:13:38:49:8C:8F:1F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1c00::/38
Signature Algorithm: sha256WithRSAEncryption
64:d0:11:c0:27:b8:50:36:6c:10:d3:2f:46:35:c8:63:88:a0:
30:7d:4b:6e:c4:6d:68:86:3a:23:ba:05:60:eb:25:60:48:e0:
d9:21:13:f8:76:e3:75:2e:2d:7e:31:99:76:93:1e:a9:57:78:
c9:31:02:45:28:71:d0:d0:9f:eb:27:08:cc:7d:11:99:92:a7:
a1:14:4d:76:ff:92:d5:c2:f0:7c:47:74:a5:63:a4:ab:27:95:
76:00:bc:a7:3c:50:5f:cf:53:63:43:a6:94:f2:d6:75:14:d0:
54:52:bf:38:14:b6:6c:d3:e9:3f:34:25:94:08:62:66:e2:8f:
c0:24:d4:54:6b:e6:b1:6a:fa:71:0b:fc:4e:34:47:68:df:46:
5d:ed:bb:ae:53:56:21:20:ae:70:4e:81:5e:88:3e:ac:76:08:
96:3b:b0:c4:2e:45:66:97:26:4a:9e:53:ff:4a:8b:05:e9:05:
7c:d9:91:02:29:52:f4:fe:07:b4:3c:e2:1b:4b:41:78:84:50:
ee:19:35:07:b6:30:df:89:e8:98:4a:f8:b3:dc:20:04:4a:a8:
c8:6c:ce:9a:84:0f:83:88:c1:12:54:5e:07:69:cb:bd:77:d0:
bf:07:db:7a:26:c3:be:ed:40:48:0d:b7:f7:65:cd:96:ec:48:
ae:f9:a8:f5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMoU2dgMySENfuknT4/I+u9q6ETUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjQwMDMwMDdaFw0yNTA2MjgyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiM2JiN2U2YzYzYzYyMGY1ODAxYzk2NmE1ODRlNDc4NWEzMzY4MTdjY2Mx
ZjdkNmFkMDQ2NDk1MDcxNzczNmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMo0BV4j/yymBKi1GtWhJO9jpUO39MvNuNZ9rTSVTL+FWz3cWvhbMtr98Xu6
6WFvC+yVvEjwCfd6PntDNlrgUaey06Hq4SH2uSkPkSSTZXgdGzp6FsuZkY0VScL6
9IRieNPO+9aIp1UDb3nGCzdZeQA4mVL8G5tN0zv8VbSrU5f+Ti6L0dsYiVJcsT2D
5j3JSqbrK5DP4l0MBJq1gQ8m3Ng0/3i+vTl7+qPfxapdyXiA5J8lbbAH/cVUeKeU
rCsr7JjmQOft9QeuFyf7iYZs+mJ3xkklpIb/Lu2hVM+KzV8qQZtSpCUJgglYY/gm
8lj2mOY40s2oGMjqyQApXiNZFycCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSsj185
b/xteqoEsy9qiBM4SYyPHzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OThhZTY5MDMtNjY3NC00OWNhLWI2NzctY2UxZTczMTYxOWEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQc
MA0GCSqGSIb3DQEBCwUAA4IBAQBk0BHAJ7hQNmwQ0y9GNchjiKAwfUtuxG1ohjoj
ugVg6yVgSODZIRP4duN1Li1+MZl2kx6pV3jJMQJFKHHQ0J/rJwjMfRGZkqehFE12
/5LVwvB8R3SlY6SrJ5V2ALynPFBfz1NjQ6aU8tZ1FNBUUr84FLZs0+k/NCWUCGJm
4o/AJNRUa+axavpxC/xONEdo30Zd7buuU1YhIK5wToFeiD6sdgiWO7DELkVmlyZK
nlP/SosF6QV82ZECKVL0/ge0POIbS0F4hFDuGTUHtjDfieiYSviz3CAESqjIbM6a
hA+DiMESVF4Hacu9d9C/B9t6JsO+7UBIDbf3Zc2W7Eiu+aj1
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:54:54 2025 by rpki-client