Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
File: b9f26696-5522-477d-b8bf-72de7350b09a.roa (raw, json)
Hash identifier: arg5u++vmDnTkUB7c4tsdmNlMmAZdfvmuT+c/hzPa7k=
Subject key identifier: 50:C2:B3:03:91:96:4F:A5:31:0D:8A:7B:87:E4:6C:11:C8:83:06:FD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 16F5AB6388F5895B3909E38B4C2A04945778CE1D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
Signing time: Tue 20 May 2025 18:50:40 +0000
ROA not before: Tue 20 May 2025 18:50:40 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:f5:ab:63:88:f5:89:5b:39:09:e3:8b:4c:2a:04:94:57:78:ce:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:50:40 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=dc5ae8a82fc25144ae9b9cbf9dbe9bd438944fa2512fd5cc1240aa763379449f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:08:8c:94:a9:1c:f1:14:c0:a3:5e:65:60:6f:
3e:04:48:aa:6a:b1:f0:ca:bd:5c:d2:ca:47:e5:cc:
fd:6d:7f:ac:ba:d9:a9:ac:ed:f2:60:cd:eb:ed:e9:
ff:56:22:16:0a:3a:4c:3a:0e:c3:10:14:ec:c7:fc:
27:cf:d4:fb:b7:c0:82:b4:f8:c5:81:71:f7:6b:5b:
56:83:87:31:6c:96:13:2c:6a:69:96:ed:6a:ba:3c:
41:8d:06:83:30:55:98:a2:1d:dd:72:81:cf:b0:d6:
43:76:c5:63:2f:44:63:95:9c:7c:e6:6b:5f:db:dc:
c2:ff:02:d7:82:e7:80:3d:10:7f:7f:a7:c7:dc:42:
76:e1:34:6a:59:49:87:d1:d6:90:bb:d8:8b:d2:da:
98:39:b9:f9:ec:44:19:6b:8c:02:c6:c0:52:11:61:
fa:8e:4c:d2:33:5f:16:e9:47:ff:58:3f:82:81:a2:
64:6e:8f:21:74:70:ee:63:fa:d4:f6:37:1f:2b:2d:
49:d3:36:43:50:9f:22:d1:6a:e9:29:23:cd:0e:91:
03:d7:86:bd:47:45:62:42:3d:ef:d4:cc:0e:b6:aa:
aa:69:27:80:36:f1:70:ef:77:f9:b8:db:7e:e0:1d:
4b:28:70:da:3b:03:4d:96:e3:69:6d:52:d3:29:40:
bc:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:C2:B3:03:91:96:4F:A5:31:0D:8A:7B:87:E4:6C:11:C8:83:06:FD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5000::/40
Signature Algorithm: sha256WithRSAEncryption
1e:8e:25:5c:13:62:b2:10:34:7d:67:25:d7:f0:46:2c:93:92:
a2:dd:4e:4b:04:08:34:37:cf:92:6a:42:a0:17:75:b5:3a:89:
88:78:8e:ec:3b:ff:d1:43:cb:51:48:77:e8:50:4c:8f:db:9b:
3c:dc:4d:58:28:02:d2:43:2e:11:c2:80:25:4a:12:9e:19:74:
aa:d9:b3:c6:2b:46:23:df:b3:59:99:96:6e:aa:a4:5b:3f:f1:
a3:28:96:28:c4:17:67:ae:dd:9c:1f:56:3f:56:3a:84:f5:77:
9a:f6:39:e6:de:b9:e6:b3:c6:a7:de:e8:4b:71:62:7a:2d:34:
b3:7f:ea:1e:30:8d:f0:c6:41:91:8a:e4:04:3d:4a:eb:3f:9e:
7c:ec:01:f4:02:a8:3d:ee:8b:cc:a2:80:e5:97:0d:0b:61:6f:
8d:6c:ad:d5:92:14:d7:a9:8a:53:0b:8e:c9:74:8d:00:17:1d:
c0:ff:f2:23:62:b1:5b:69:8d:3f:6e:79:b3:75:59:16:9e:08:
4b:ca:30:4c:93:e2:bb:03:18:51:bb:9a:41:64:4e:53:3d:e1:
cb:c0:d4:ed:ed:cd:fd:f8:42:ed:0d:44:66:7e:fc:21:f5:73:
7f:c1:dd:a8:ef:78:a8:65:6e:b9:9d:14:f7:7b:58:01:54:55:
b7:bb:0c:96
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFvWrY4j1iVs5CeOLTCoElFd4zh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODUwNDBaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGRjNWFlOGE4MmZjMjUxNDRhZTliOWNiZjlkYmU5YmQ0Mzg5NDRmYTI1MTJm
ZDVjYzEyNDBhYTc2MzM3OTQ0OWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4IjJSpHPEUwKNeZWBvPgRIqmqx8Mq9XNLKR+XM/W1/rLrZqazt8mDN6+3p
/1YiFgo6TDoOwxAU7Mf8J8/U+7fAgrT4xYFx92tbVoOHMWyWEyxqaZbtaro8QY0G
gzBVmKId3XKBz7DWQ3bFYy9EY5WcfOZrX9vcwv8C14LngD0Qf3+nx9xCduE0allJ
h9HWkLvYi9LamDm5+exEGWuMAsbAUhFh+o5M0jNfFulH/1g/goGiZG6PIXRw7mP6
1PY3HystSdM2Q1CfItFq6SkjzQ6RA9eGvUdFYkI979TMDraqqmkngDbxcO93+bjb
fuAdSyhw2jsDTZbjaW1S0ylAvDsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRQwrMD
kZZPpTENinuH5GwRyIMG/TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjlmMjY2OTYtNTUyMi00NzdkLWI4YmYtNzJkZTczNTBiMDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAejiVcE2KyEDR9ZyXX8EYsk5Ki3U5LBAg0N8+S
akKgF3W1OomIeI7sO//RQ8tRSHfoUEyP25s83E1YKALSQy4RwoAlShKeGXSq2bPG
K0Yj37NZmZZuqqRbP/GjKJYoxBdnrt2cH1Y/VjqE9Xea9jnm3rnms8an3uhLcWJ6
LTSzf+oeMI3wxkGRiuQEPUrrP5587AH0Aqg97ovMooDllw0LYW+NbK3VkhTXqYpT
C47JdI0AFx3A//IjYrFbaY0/bnmzdVkWnghLyjBMk+K7AxhRu5pBZE5TPeHLwNTt
7c39+ELtDURmfvwh9XN/wd2o73ioZW65nRT3e1gBVFW3uwyW
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:44:28 2025 by rpki-client