Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
File: 99ffa238-9133-4fa5-ad84-49e67d34854a.roa (raw, json)
Hash identifier: zKR3jOMI7iGPCQdkTz9d4RsMLHOjtx2D95l3ij5r4C8=
Subject key identifier: 37:EC:DD:5F:48:FB:8D:ED:54:68:01:63:3C:D7:8B:59:57:92:95:A5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 25B5712C036F08A71FAA0228A0B8D2DA59AE4938
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
Signing time: Fri 11 Jul 2025 20:50:15 +0000
ROA not before: Fri 11 Jul 2025 20:50:15 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d02a::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:b5:71:2c:03:6f:08:a7:1f:aa:02:28:a0:b8:d2:da:59:ae:49:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:50:15 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=baf160f868918f410f789a5f0cc9493f63807ddfb1b13125ade560762a6285ab, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d8:58:ab:64:b1:e8:74:28:25:b9:a2:0d:ba:
fa:a6:b2:94:02:5b:23:3e:0e:1f:cf:20:2e:14:a5:
9c:a9:38:01:95:48:2b:38:18:f8:d2:f4:27:1a:af:
ed:29:e7:e3:74:a6:1f:78:cc:7d:4f:05:74:f0:cf:
55:0e:97:80:31:88:56:f2:0d:06:41:15:2b:48:3c:
61:1e:e5:ff:de:ae:38:9a:6a:9c:52:50:66:0b:36:
52:97:fa:e4:8e:ae:40:d3:10:f0:e6:15:e6:3e:85:
86:6a:9c:21:b3:f2:f3:79:c2:6e:b7:ac:69:fd:fc:
79:3f:e2:88:ec:1f:69:c8:f3:18:76:5e:f9:b4:d8:
ca:93:41:49:92:1d:d5:56:44:0e:2b:35:f8:f2:45:
df:b8:aa:46:23:a1:18:94:a3:d1:89:7f:78:b6:b8:
57:28:d7:29:2b:3d:82:0e:29:c3:59:1c:58:b8:82:
3a:35:c8:38:44:ed:48:dd:25:f7:1b:fc:06:0e:ea:
89:f2:19:d0:61:c4:74:fa:6f:74:c3:2c:18:f9:f6:
43:04:b6:c7:cb:17:a7:90:04:e9:1b:9e:d8:44:29:
31:65:f2:bb:97:69:8c:cf:36:f1:37:33:1e:de:47:
5f:41:dc:81:ef:a0:f6:a2:bb:95:27:9f:bb:05:84:
20:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:EC:DD:5F:48:FB:8D:ED:54:68:01:63:3C:D7:8B:59:57:92:95:A5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d02a::/36
Signature Algorithm: sha256WithRSAEncryption
2e:be:a2:31:4a:9d:25:ef:8b:c7:a3:31:2a:28:5a:e4:5a:d7:
54:03:3f:91:06:49:3e:7a:3f:2d:51:98:36:85:9e:09:00:e0:
f9:8e:4f:17:80:9a:3a:07:bc:2e:64:43:33:63:3b:51:aa:8a:
1e:5e:3a:e7:64:ae:98:48:f7:17:e1:7f:0d:b2:13:fd:4c:37:
17:19:2a:a8:b7:1a:59:fd:77:a3:04:ed:8f:e5:0b:1a:de:e4:
22:52:e7:f0:11:26:b2:e7:c7:a5:14:43:ca:e9:b8:c8:48:8b:
19:2e:04:a3:06:7e:40:4a:81:10:8f:2f:84:a1:3d:d5:fe:1d:
10:da:62:0b:8a:70:ca:6c:b9:fb:6a:00:e4:00:03:1c:f4:04:
7d:0e:0e:d8:76:97:c2:59:6f:e7:d7:eb:49:2f:7c:b6:93:86:
83:a7:cf:22:ef:cd:e8:b1:5e:cd:e2:b7:2c:fc:85:df:3d:21:
50:80:d1:c3:3a:6d:b0:78:2a:c7:7e:13:6b:aa:a6:9b:bb:46:
87:4d:9e:80:36:37:4c:b7:01:5f:c1:96:f6:2a:29:53:a1:57:
64:b7:63:09:82:6c:40:93:13:ac:f8:6c:4e:79:d8:93:9c:a4:
40:5e:6d:35:17:4e:02:6e:01:0d:dc:94:9e:09:18:1f:84:35:
3d:a9:f7:43
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJbVxLANvCKcfqgIooLjS2lmuSTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDUwMTVaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhZjE2MGY4Njg5MThmNDEwZjc4OWE1ZjBjYzk0OTNmNjM4MDdkZGZiMWIx
MzEyNWFkZTU2MDc2MmE2Mjg1YWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMPYWKtkseh0KCW5og26+qaylAJbIz4OH88gLhSlnKk4AZVIKzgY+NL0Jxqv
7Snn43SmH3jMfU8FdPDPVQ6XgDGIVvINBkEVK0g8YR7l/96uOJpqnFJQZgs2Upf6
5I6uQNMQ8OYV5j6FhmqcIbPy83nCbresaf38eT/iiOwfacjzGHZe+bTYypNBSZId
1VZEDis1+PJF37iqRiOhGJSj0Yl/eLa4VyjXKSs9gg4pw1kcWLiCOjXIOETtSN0l
9xv8Bg7qifIZ0GHEdPpvdMMsGPn2QwS2x8sXp5AE6Rue2EQpMWXyu5dpjM828Tcz
Ht5HX0Hcge+g9qK7lSefuwWEIB8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ37N1f
SPuN7VRoAWM814tZV5KVpTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTlmZmEyMzgtOTEzMy00ZmE1LWFkODQtNDllNjdkMzQ4NTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CoA
MA0GCSqGSIb3DQEBCwUAA4IBAQAuvqIxSp0l74vHozEqKFrkWtdUAz+RBkk+ej8t
UZg2hZ4JAOD5jk8XgJo6B7wuZEMzYztRqooeXjrnZK6YSPcX4X8NshP9TDcXGSqo
txpZ/XejBO2P5Qsa3uQiUufwESay58elFEPK6bjISIsZLgSjBn5ASoEQjy+EoT3V
/h0Q2mILinDKbLn7agDkAAMc9AR9Dg7YdpfCWW/n1+tJL3y2k4aDp88i783osV7N
4rcs/IXfPSFQgNHDOm2weCrHfhNrqqabu0aHTZ6ANjdMtwFfwZb2KilToVdkt2MJ
gmxAkxOs+GxOediTnKRAXm01F04CbgEN3JSeCRgfhDU9qfdD
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:58:42 2025 by rpki-client