Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd294e80-dbb7-45f1-a3fd-9866794b3ce0.roa
File: dd294e80-dbb7-45f1-a3fd-9866794b3ce0.roa (raw, json)
Hash identifier: Ss+qOg9R9jX1bKL/na5D2R/MeyjmcEqfkmBY3H6OOzQ=
Subject key identifier: B4:C1:32:13:32:33:29:8C:74:48:97:EB:43:DE:EB:17:4C:ED:72:B9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 499001B8DA96E7C46225E63260686693AEA3D054
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd294e80-dbb7-45f1-a3fd-9866794b3ce0.roa
Signing time: Tue 20 May 2025 19:51:11 +0000
ROA not before: Tue 20 May 2025 19:51:11 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d077:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:90:01:b8:da:96:e7:c4:62:25:e6:32:60:68:66:93:ae:a3:d0:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 19:51:11 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=75871dd931eecd13f541f12dbecec43760d8a844ce9271aeb30d2927b7a25c64, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:d9:a7:02:fd:f9:c4:49:f8:15:51:81:90:40:
b7:f7:5b:f5:e0:2d:06:52:4a:c7:3b:9a:e1:f6:10:
ce:eb:18:b9:48:4d:48:b1:94:11:17:3a:70:1d:e4:
09:5b:64:f1:72:ba:61:26:30:77:a3:a3:19:db:de:
b7:0a:2d:00:ae:ba:62:53:80:64:f5:d1:ed:28:13:
00:2e:4f:43:62:9c:ec:83:92:36:b1:39:6f:77:b8:
4c:16:15:2a:ca:a0:ef:ed:60:54:58:fc:59:81:55:
1e:ea:17:9d:30:9f:d3:67:3e:e1:21:3e:0a:e3:0b:
eb:03:a5:ed:0e:5d:40:cc:ab:3c:3a:97:28:e8:18:
86:1f:65:db:63:7e:d0:07:75:95:db:fe:62:84:01:
c6:54:bd:6c:91:39:73:2a:1b:24:54:56:ba:95:92:
80:0e:37:dd:85:24:08:e1:c1:8e:f5:1a:72:83:65:
cf:b8:e3:6f:ec:54:bf:e9:6d:d4:11:97:a9:68:7a:
47:be:03:31:a6:e9:bb:d8:d7:75:b5:3d:65:1f:af:
2f:04:1d:78:ee:17:34:84:55:87:91:03:89:ea:58:
2b:82:c6:f9:3f:5d:27:10:59:81:64:8a:98:92:c9:
3e:9c:81:51:b7:94:b6:6a:97:10:1c:06:b8:a6:9e:
ae:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:C1:32:13:32:33:29:8C:74:48:97:EB:43:DE:EB:17:4C:ED:72:B9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd294e80-dbb7-45f1-a3fd-9866794b3ce0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d077:1000::/40
Signature Algorithm: sha256WithRSAEncryption
a9:9b:a3:62:88:16:f2:3f:bb:46:4b:6b:98:a4:2b:a6:2b:26:
02:18:33:43:be:f3:b7:75:4f:ba:49:16:2b:a6:62:bf:f2:a7:
6b:e6:c9:b9:e8:b4:48:d7:f4:96:3d:d0:4f:29:cd:bc:ee:e2:
f5:d3:9d:8e:5d:aa:6a:d5:19:13:60:d7:d5:af:49:c6:4d:89:
21:64:08:8a:7d:ad:44:67:4c:cd:4d:df:68:55:c4:e2:97:42:
37:b9:80:07:9a:05:5f:79:7a:d4:73:70:99:70:a4:b8:9c:92:
fa:cc:9c:4e:aa:b8:7f:0b:68:96:22:51:13:2e:3f:cb:a4:bc:
91:df:dd:ed:05:30:8a:7b:0f:fc:1d:20:5b:ea:8e:a3:d4:a0:
8a:cb:df:c2:3f:8c:01:3b:cb:38:7e:a1:d3:85:09:31:86:7a:
b6:64:93:61:6f:9e:cc:2e:c1:93:49:ce:4f:f9:bd:6f:ed:e0:
f3:03:71:71:d8:2e:93:1b:45:66:ea:f6:90:ef:ec:73:5c:8f:
0f:5d:b0:f6:e4:b2:a9:2e:41:8b:9e:40:40:8d:84:fe:39:4b:
ea:61:bd:07:07:27:5f:7f:8e:8e:73:06:d0:13:cc:00:95:41:
63:ea:8a:a5:05:b3:1e:a3:4f:a1:fd:0d:6f:61:4c:ab:94:96:
2c:a1:66:be
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSZABuNqW58RiJeYyYGhmk66j0FQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxOTUxMTFaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDc1ODcxZGQ5MzFlZWNkMTNmNTQxZjEyZGJlY2VjNDM3NjBkOGE4NDRjZTky
NzFhZWIzMGQyOTI3YjdhMjVjNjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANfZpwL9+cRJ+BVRgZBAt/db9eAtBlJKxzua4fYQzusYuUhNSLGUERc6cB3k
CVtk8XK6YSYwd6OjGdvetwotAK66YlOAZPXR7SgTAC5PQ2Kc7IOSNrE5b3e4TBYV
Ksqg7+1gVFj8WYFVHuoXnTCf02c+4SE+CuML6wOl7Q5dQMyrPDqXKOgYhh9l22N+
0Ad1ldv+YoQBxlS9bJE5cyobJFRWupWSgA433YUkCOHBjvUacoNlz7jjb+xUv+lt
1BGXqWh6R74DMabpu9jXdbU9ZR+vLwQdeO4XNIRVh5EDiepYK4LG+T9dJxBZgWSK
mJLJPpyBUbeUtmqXEBwGuKaerocCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS0wTIT
MjMpjHRIl+tD3usXTO1yuTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGQyOTRlODAtZGJiNy00NWYxLWEzZmQtOTg2Njc5NGIzY2UwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HcQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCpm6NiiBbyP7tGS2uYpCumKyYCGDNDvvO3dU+6
SRYrpmK/8qdr5sm56LRI1/SWPdBPKc287uL1052OXapq1RkTYNfVr0nGTYkhZAiK
fa1EZ0zNTd9oVcTil0I3uYAHmgVfeXrUc3CZcKS4nJL6zJxOqrh/C2iWIlETLj/L
pLyR393tBTCKew/8HSBb6o6j1KCKy9/CP4wBO8s4fqHThQkxhnq2ZJNhb57MLsGT
Sc5P+b1v7eDzA3Fx2C6TG0Vm6vaQ7+xzXI8PXbD25LKpLkGLnkBAjYT+OUvqYb0H
Bydff46OcwbQE8wAlUFj6oqlBbMeo0+h/Q1vYUyrlJYsoWa+
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:35:34 2025 by rpki-client