Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
File: ad363c67-ff83-46aa-9474-de02e382946b.roa (raw, json)
Hash identifier: FVOIO/dcVPrOMoqMtMjA6ZMqhAxeIGEkRl4y95t8s/E=
Subject key identifier: 95:E3:D1:01:A0:42:F7:E3:C0:B8:DE:5B:5B:18:23:90:D1:34:23:A6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7E3EEC64D7434B251D07A1CF301A291C585EC49C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
Signing time: Tue 20 May 2025 20:01:00 +0000
ROA not before: Tue 20 May 2025 20:01:00 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:3e:ec:64:d7:43:4b:25:1d:07:a1:cf:30:1a:29:1c:58:5e:c4:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:01:00 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=a4918d0c31924207fbc11139b4bbe30eaafafdf31bd7d64041a7fca1a61a9a09, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:87:ca:56:b4:0f:7b:b0:fb:2e:d9:5f:47:07:
a1:7b:91:0e:f4:e1:28:93:45:2c:36:b3:c1:88:cd:
3e:70:28:42:aa:92:f1:a3:30:81:5d:4f:e1:b9:72:
ab:77:bb:b6:5c:b4:a0:00:ac:13:45:9a:0f:4f:e5:
cc:74:a2:8a:5e:1c:ec:bf:35:cf:ad:63:e9:f4:e9:
76:5f:9b:2d:77:28:27:d5:04:23:d0:80:66:39:2b:
8d:5e:a6:1b:af:ca:6b:7f:57:fd:0d:69:db:ad:d1:
0f:96:ed:cb:76:c4:68:27:2f:bc:d9:90:77:c8:5d:
a3:49:ac:af:d6:ad:1e:e7:29:26:44:d1:b2:95:42:
14:78:05:c9:f3:e6:aa:cb:b3:71:59:f0:d9:8b:c3:
47:d0:6b:e7:ce:ff:32:51:b6:c1:d9:e2:eb:94:e6:
4c:e8:f4:ae:31:3b:8c:5a:69:16:76:2e:11:79:26:
ab:95:21:e5:60:e0:0e:26:2f:b4:a5:e3:7e:db:d9:
f2:40:66:fd:d5:df:b5:eb:6d:82:8b:38:c0:40:63:
0e:9f:54:5f:32:65:96:1e:5a:c8:ea:c4:f8:4c:f7:
9a:a3:58:f4:88:e5:a0:21:a8:32:a3:4e:98:d2:1e:
91:e3:6b:ae:d0:39:ae:5a:59:ea:9e:17:ac:ea:ac:
45:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:E3:D1:01:A0:42:F7:E3:C0:B8:DE:5B:5B:18:23:90:D1:34:23:A6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:b000::/40
Signature Algorithm: sha256WithRSAEncryption
81:c5:6e:04:95:d1:b6:78:62:4b:24:4c:42:69:35:84:3b:d0:
9e:1c:32:7d:2c:60:e7:6e:b2:05:c6:7d:f4:2a:f5:39:0b:6e:
e0:8f:dc:0c:e9:aa:db:b3:b8:c3:54:d8:85:ee:36:97:07:95:
8e:e6:f3:9d:3a:56:de:1a:3f:a8:ce:a3:de:5f:dd:14:81:a7:
cb:72:4b:44:30:bc:44:5c:7c:ca:e2:7d:fd:b8:b8:83:23:ac:
5a:8d:30:ee:41:49:bd:51:3b:be:9f:44:a6:11:51:1a:b4:20:
f6:69:a3:24:3b:3a:3a:a3:fa:6c:64:4a:03:04:5e:ca:2e:30:
e3:56:51:af:0e:e1:0a:80:80:6e:e3:ee:b9:3d:4f:ef:37:09:
7b:9f:86:86:c5:5d:de:5d:c8:14:0b:4e:7b:ac:08:56:f1:10:
04:bc:e7:47:44:8d:3e:77:dd:15:bd:24:40:b8:e9:71:6e:9a:
31:13:e0:20:75:86:00:eb:b1:32:58:ac:93:ef:81:65:76:ec:
91:7d:d9:40:8b:f1:04:34:1f:f0:61:bc:3c:b8:2e:a8:b3:7d:
01:24:d5:e8:d5:57:b8:70:e9:31:94:2b:ee:6f:72:54:80:78:
3f:f4:45:09:86:31:50:3f:da:13:70:c7:49:c9:67:72:88:ed:
20:68:ef:74
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfj7sZNdDSyUdB6HPMBopHFhexJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDAxMDBaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0OTE4ZDBjMzE5MjQyMDdmYmMxMTEzOWI0YmJlMzBlYWFmYWZkZjMxYmQ3
ZDY0MDQxYTdmY2ExYTYxYTlhMDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANmHyla0D3uw+y7ZX0cHoXuRDvThKJNFLDazwYjNPnAoQqqS8aMwgV1P4bly
q3e7tly0oACsE0WaD0/lzHSiil4c7L81z61j6fTpdl+bLXcoJ9UEI9CAZjkrjV6m
G6/Ka39X/Q1p263RD5bty3bEaCcvvNmQd8hdo0msr9atHucpJkTRspVCFHgFyfPm
qsuzcVnw2YvDR9Br587/MlG2wdni65TmTOj0rjE7jFppFnYuEXkmq5Uh5WDgDiYv
tKXjftvZ8kBm/dXftettgos4wEBjDp9UXzJllh5ayOrE+Ez3mqNY9IjloCGoMqNO
mNIekeNrrtA5rlpZ6p4XrOqsRXsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSV49EB
oEL348C43ltbGCOQ0TQjpjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQzNjNjNjctZmY4My00NmFhLTk0NzQtZGUwMmUzODI5NDZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGw
MA0GCSqGSIb3DQEBCwUAA4IBAQCBxW4EldG2eGJLJExCaTWEO9CeHDJ9LGDnbrIF
xn30KvU5C27gj9wM6arbs7jDVNiF7jaXB5WO5vOdOlbeGj+ozqPeX90UgafLcktE
MLxEXHzK4n39uLiDI6xajTDuQUm9UTu+n0SmEVEatCD2aaMkOzo6o/psZEoDBF7K
LjDjVlGvDuEKgIBu4+65PU/vNwl7n4aGxV3eXcgUC057rAhW8RAEvOdHRI0+d90V
vSRAuOlxbpoxE+AgdYYA67EyWKyT74FlduyRfdlAi/EENB/wYbw8uC6os30BJNXo
1Ve4cOkxlCvub3JUgHg/9EUJhjFQP9oTcMdJyWdyiO0gaO90
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:40:13 2025 by rpki-client