Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a0c32c3b-d8db-4386-9538-641f27723456.roa
File: a0c32c3b-d8db-4386-9538-641f27723456.roa (raw, json)
Hash identifier: 5pFz6HWk7GJZar3Jt5SGapy4pqRgvODtlv0ZbBqpWDo=
Subject key identifier: 28:5E:70:7E:38:A2:21:01:07:C0:A3:D0:50:5C:07:FF:52:0E:6D:69
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 40DDAB33D621BFBE7E4A1324B01C10A67CFB4A4B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a0c32c3b-d8db-4386-9538-641f27723456.roa
Signing time: Fri 25 Jul 2025 16:50:10 +0000
ROA not before: Fri 25 Jul 2025 16:50:10 +0000
ROA not after: Fri 29 Aug 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:dd:ab:33:d6:21:bf:be:7e:4a:13:24:b0:1c:10:a6:7c:fb:4a:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 25 16:50:10 2025 GMT
Not After : Aug 29 23:59:59 2025 GMT
Subject: serialNumber=460fba10448f3de6ce56e3be11684be1bd4c4d2d346fd78ae3b177424884460c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:72:29:63:bb:1f:3b:aa:82:3a:13:71:41:90:
56:8a:b9:ce:1e:fe:44:dc:85:e9:35:10:3c:e2:0d:
40:cc:47:53:98:af:cb:af:4a:93:80:4d:a5:da:bb:
37:ca:bf:38:fb:de:98:0f:71:5a:8d:b0:a2:d5:36:
55:5f:30:79:1f:88:5d:54:a4:c0:fa:fd:b1:24:cd:
54:12:44:23:b1:fd:61:7f:42:88:32:f2:89:0e:dd:
a4:70:89:8c:9a:8c:a8:9a:76:22:3a:89:2e:0f:21:
60:b4:69:8e:d7:e9:20:89:08:90:30:8e:da:0b:85:
9f:d0:9b:1d:77:90:b6:41:fd:a5:e9:af:bd:bf:08:
e9:11:61:b9:2b:cc:49:1c:36:31:b6:d0:40:e6:be:
4c:58:cf:b4:a9:d8:eb:cb:f8:9d:e2:8d:f1:75:d7:
6e:7d:eb:66:50:e4:ce:85:b9:57:51:bd:86:65:94:
36:e0:3f:eb:4e:da:1c:38:bf:4c:ee:d6:b6:41:dd:
ec:a3:77:eb:1a:70:8a:96:2c:67:f8:53:17:96:ab:
d6:3c:fc:98:ff:ad:f9:4c:ea:12:05:c2:0a:44:1a:
17:d3:4a:28:26:45:fa:2d:ab:db:e0:01:82:36:f3:
42:b9:b3:86:ab:dc:dc:ca:60:40:17:db:2a:4c:d0:
66:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5E:70:7E:38:A2:21:01:07:C0:A3:D0:50:5C:07:FF:52:0E:6D:69
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a0c32c3b-d8db-4386-9538-641f27723456.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:5000::/40
Signature Algorithm: sha256WithRSAEncryption
4f:70:09:9f:21:d0:c9:f8:1e:65:00:3c:ea:7c:bc:92:75:ad:
21:5f:25:82:6b:86:05:80:3e:d4:fe:c3:61:3a:c6:bc:8d:13:
7e:67:4b:4c:01:78:ae:55:2d:9a:f0:18:b2:8d:d7:50:56:38:
fd:6e:8d:fd:c5:c7:66:d2:49:cd:81:0c:5f:3f:c2:27:51:bb:
a8:9d:0d:4a:95:c6:c4:2d:45:8c:00:a1:f7:8e:ed:c2:26:03:
00:da:7f:12:9d:28:ab:f9:9f:53:55:c2:e9:a2:80:80:9a:cc:
bb:1e:0a:83:32:22:13:7c:ad:f5:d0:94:5c:41:5a:d9:66:4f:
c6:a1:6a:0f:f0:8c:0d:0d:3a:1c:2e:30:6b:97:ba:1a:19:ed:
ff:fd:00:8b:d5:b9:c8:a5:25:08:0f:c5:1e:e7:6e:c9:00:2c:
aa:0e:a5:71:9d:57:68:98:60:87:bc:f5:98:30:ea:04:99:46:
5e:f0:39:91:35:2d:f6:3a:04:27:05:ef:61:84:03:d6:c6:c1:
3c:16:75:25:d6:cd:61:f7:bb:0a:8d:65:61:c3:52:cc:79:dd:
cf:f0:b7:b1:39:a7:86:c2:4e:03:3b:0b:b9:be:26:c3:1a:24:
da:cd:12:f2:06:08:c5:1d:1a:3b:ff:81:51:6e:5d:d4:6d:ab:
99:25:23:da
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQN2rM9Yhv75+ShMksBwQpnz7SkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MjUxNjUwMTBaFw0yNTA4MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2MGZiYTEwNDQ4ZjNkZTZjZTU2ZTNiZTExNjg0YmUxYmQ0YzRkMmQzNDZm
ZDc4YWUzYjE3NzQyNDg4NDQ2MGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpyKWO7HzuqgjoTcUGQVoq5zh7+RNyF6TUQPOINQMxHU5ivy69Kk4BNpdq7
N8q/OPvemA9xWo2wotU2VV8weR+IXVSkwPr9sSTNVBJEI7H9YX9CiDLyiQ7dpHCJ
jJqMqJp2IjqJLg8hYLRpjtfpIIkIkDCO2guFn9CbHXeQtkH9pemvvb8I6RFhuSvM
SRw2MbbQQOa+TFjPtKnY68v4neKN8XXXbn3rZlDkzoW5V1G9hmWUNuA/607aHDi/
TO7WtkHd7KN36xpwipYsZ/hTF5ar1jz8mP+t+UzqEgXCCkQaF9NKKCZF+i2r2+AB
gjbzQrmzhqvc3MpgQBfbKkzQZhcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQoXnB+
OKIhAQfAo9BQXAf/Ug5taTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTBjMzJjM2ItZDhkYi00Mzg2LTk1MzgtNjQxZjI3NzIzNDU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBPcAmfIdDJ+B5lADzqfLySda0hXyWCa4YFgD7U
/sNhOsa8jRN+Z0tMAXiuVS2a8BiyjddQVjj9bo39xcdm0knNgQxfP8InUbuonQ1K
lcbELUWMAKH3ju3CJgMA2n8SnSir+Z9TVcLpooCAmsy7HgqDMiITfK310JRcQVrZ
Zk/GoWoP8IwNDTocLjBrl7oaGe3//QCL1bnIpSUID8Ue527JACyqDqVxnVdomGCH
vPWYMOoEmUZe8DmRNS32OgQnBe9hhAPWxsE8FnUl1s1h97sKjWVhw1LMed3P8Lex
OaeGwk4DOwu5vibDGiTazRLyBgjFHRo7/4FRbl3UbauZJSPa
-----END CERTIFICATE-----
Generated at Mon Aug 4 13:55:28 2025 by rpki-client