Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
File: df59e31f-1e32-4e7a-a595-74adb3f93176.roa (raw, json)
Hash identifier: e5+wPK+7M0q+SaAY/kyzbFkNopxws3m9tRvmcYxjaQ0=
Subject key identifier: 0E:A5:E3:9C:7B:6B:D1:A4:3D:EF:13:DD:DB:F3:43:68:05:A4:AF:E1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 18976570675404BA7A53F494D0E6476A7AD869A1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
Signing time: Tue 20 May 2025 19:10:35 +0000
ROA not before: Tue 20 May 2025 19:10:35 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:97:65:70:67:54:04:ba:7a:53:f4:94:d0:e6:47:6a:7a:d8:69:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 19:10:35 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=55e731c4408ad41072dde3f1344ea12c4008e0f0630ca75f38fd305f3227c009, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c8:9f:be:02:0a:dc:c7:b5:23:00:01:88:37:
7a:84:eb:f7:92:42:29:2d:36:74:78:6c:f2:2f:68:
eb:99:02:0a:f7:eb:3a:3b:ab:b8:b0:06:7f:35:e7:
c3:13:7d:bc:4b:92:4c:ed:fa:96:c6:e6:0f:fd:65:
68:7d:27:1a:32:79:55:13:f6:ff:fd:98:3a:52:16:
76:d7:e2:56:00:08:58:f9:10:1c:bc:80:f7:b2:32:
98:95:b6:ac:cf:09:81:75:8a:29:ab:62:21:86:1c:
23:0f:67:03:d4:14:05:b1:fa:82:08:8c:c5:0a:67:
88:05:32:ee:2b:39:44:8b:86:73:6c:f5:5e:26:5e:
ce:cb:23:f4:04:78:9c:d6:84:86:f6:09:46:a8:74:
38:59:f7:bf:c4:b0:0b:76:f4:e4:2c:d8:7a:91:4e:
95:1f:bb:e8:03:c8:25:05:cc:73:91:6c:0f:4d:52:
4e:68:1c:68:69:cd:08:ed:de:9b:2f:07:ee:00:ed:
9e:8e:f9:ee:ca:08:07:99:82:60:97:27:7a:cb:6b:
0d:64:18:81:93:c5:93:02:10:f2:3e:23:0d:2e:2d:
1a:ff:c1:02:b9:49:d8:2e:42:c1:b8:a4:9b:07:56:
a1:12:a3:fb:42:27:23:78:db:ed:66:69:da:38:09:
96:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:A5:E3:9C:7B:6B:D1:A4:3D:EF:13:DD:DB:F3:43:68:05:A4:AF:E1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:e000::/40
Signature Algorithm: sha256WithRSAEncryption
98:80:03:bd:1c:e0:78:c3:0e:e3:89:a8:a9:f8:c3:48:3a:cb:
08:5f:c1:7d:86:20:ef:ff:20:b6:e8:39:eb:80:1a:3b:91:1f:
f6:af:da:4f:62:b2:98:75:32:51:3d:17:83:e2:fd:88:dc:a9:
a0:9d:e4:83:6a:94:9b:02:fa:63:2a:38:a1:be:66:02:0a:2d:
40:49:94:ef:8e:53:b5:b1:ed:f6:4c:12:61:da:3d:06:2c:c0:
05:e9:be:04:61:ef:c4:26:10:7e:81:d4:61:46:49:66:49:43:
bf:fd:cd:df:10:16:5f:32:fa:69:9e:26:35:e3:01:8c:ca:f8:
3a:88:90:65:fc:20:bd:93:57:f0:bc:e7:d8:dd:57:25:bd:37:
08:7a:02:23:06:0e:71:18:32:15:fc:cb:ad:00:88:6b:38:01:
ee:a0:2a:fb:c1:6a:10:12:c8:b2:df:df:38:8e:fe:0f:fd:dc:
ea:6c:6e:38:b5:6c:c6:e3:2a:b9:38:1b:d9:ea:80:04:69:d9:
2d:aa:64:c3:60:fc:b5:ee:c5:1f:5e:18:f3:e7:d8:61:14:76:
d0:8c:d6:65:5f:43:5c:fa:5d:93:cb:f0:56:ed:2e:1e:b1:27:
ed:f5:3e:64:61:bd:e3:6b:93:92:1e:cc:b9:65:c7:47:5f:a5:
a2:29:51:ab
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGJdlcGdUBLp6U/SU0OZHanrYaaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxOTEwMzVaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1ZTczMWM0NDA4YWQ0MTA3MmRkZTNmMTM0NGVhMTJjNDAwOGUwZjA2MzBj
YTc1ZjM4ZmQzMDVmMzIyN2MwMDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjIn74CCtzHtSMAAYg3eoTr95JCKS02dHhs8i9o65kCCvfrOjuruLAGfzXn
wxN9vEuSTO36lsbmD/1laH0nGjJ5VRP2//2YOlIWdtfiVgAIWPkQHLyA97IymJW2
rM8JgXWKKatiIYYcIw9nA9QUBbH6ggiMxQpniAUy7is5RIuGc2z1XiZezssj9AR4
nNaEhvYJRqh0OFn3v8SwC3b05CzYepFOlR+76APIJQXMc5FsD01STmgcaGnNCO3e
my8H7gDtno757soIB5mCYJcnestrDWQYgZPFkwIQ8j4jDS4tGv/BArlJ2C5Cwbik
mwdWoRKj+0InI3jb7WZp2jgJliMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQOpeOc
e2vRpD3vE93b80NoBaSv4TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGY1OWUzMWYtMWUzMi00ZTdhLWE1OTUtNzRhZGIzZjkzMTc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHg
MA0GCSqGSIb3DQEBCwUAA4IBAQCYgAO9HOB4ww7jiaip+MNIOssIX8F9hiDv/yC2
6DnrgBo7kR/2r9pPYrKYdTJRPReD4v2I3KmgneSDapSbAvpjKjihvmYCCi1ASZTv
jlO1se32TBJh2j0GLMAF6b4EYe/EJhB+gdRhRklmSUO//c3fEBZfMvppniY14wGM
yvg6iJBl/CC9k1fwvOfY3VclvTcIegIjBg5xGDIV/MutAIhrOAHuoCr7wWoQEsiy
3984jv4P/dzqbG44tWzG4yq5OBvZ6oAEadktqmTDYPy17sUfXhjz59hhFHbQjNZl
X0Nc+l2Ty/BW7S4esSft9T5kYb3ja5OSHsy5ZcdHX6WiKVGr
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:35:28 2025 by rpki-client