Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
File: fa3b401f-ea91-45a9-8182-d567cfac077a.roa (raw, json)
Hash identifier: GD9AlZ0l2h/NVKhoudb9cfVTiZoqbPqm+CTkNrlyC5I=
Subject key identifier: F0:AF:F9:98:53:8C:8E:AE:04:CA:03:0E:DC:D4:C1:64:0E:3B:C9:DD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3CF7A4DB35A49DC6C0A11E45AFA0BCAF254DE62A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
Signing time: Tue 20 May 2025 18:31:24 +0000
ROA not before: Tue 20 May 2025 18:31:24 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:f7:a4:db:35:a4:9d:c6:c0:a1:1e:45:af:a0:bc:af:25:4d:e6:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:31:24 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=dd344f85754217fdd8a939c152eb75ba6cb31943f6095c4509db3d01deb83a3d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:40:94:50:67:6a:ca:83:1e:2f:c6:50:35:a6:
dd:55:db:a2:6d:13:b4:e2:52:b9:96:85:96:28:6f:
83:63:c6:3d:0f:26:4e:ba:1f:89:52:58:69:5a:d9:
9d:fb:b6:96:74:4e:a5:f8:db:bd:ed:20:37:a8:7d:
50:32:4d:6a:7d:57:a6:e2:1c:01:27:fe:d8:1d:6e:
95:51:c8:f0:3f:3c:ec:59:95:c4:39:49:b4:28:f4:
a2:62:63:31:e7:4e:25:78:bd:ed:e9:24:32:52:9e:
22:fb:77:ac:6b:cc:d6:cd:a0:f7:7b:89:d5:67:56:
05:6f:94:11:ab:9e:d5:99:d4:f4:8b:4c:2c:6d:fe:
6e:83:5d:fb:c3:7f:89:a4:46:a8:77:f2:a4:5f:3d:
30:22:e7:63:51:7c:8f:65:46:f2:68:dd:6c:e0:80:
8b:06:d4:cc:29:55:bb:c3:2a:35:8f:c0:71:49:76:
bf:61:64:1d:86:db:3f:d9:ed:af:44:ff:01:ac:69:
68:48:aa:d4:dc:4b:00:97:4b:0f:7b:d6:21:e7:c7:
4e:bd:ed:16:4b:fb:fe:df:e1:a8:dc:66:cd:e9:50:
0d:05:cb:31:59:44:3f:7d:2f:b5:1c:de:28:74:96:
48:91:fd:c9:e6:5a:e5:2f:3e:bb:03:91:44:3a:4b:
36:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:AF:F9:98:53:8C:8E:AE:04:CA:03:0E:DC:D4:C1:64:0E:3B:C9:DD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:b080::/48
Signature Algorithm: sha256WithRSAEncryption
3d:b6:af:8b:0c:54:8d:8a:3f:3d:2d:8a:fb:c6:1b:e2:db:34:
3e:a9:f0:93:e8:00:99:b0:d2:c4:86:d8:bb:e2:81:33:6a:3c:
57:de:41:8a:58:56:7a:76:40:52:fa:92:7b:80:7f:5e:26:a9:
f8:cc:67:86:2d:4e:ff:a3:d1:5e:57:62:f6:d8:a5:d3:4f:c8:
85:69:55:de:0b:ab:93:30:e1:6d:a3:53:0f:a7:13:00:b4:7b:
d0:fb:dc:26:64:73:01:3f:68:9e:32:fc:c5:c6:eb:1b:21:72:
00:5a:65:55:63:92:84:ef:ac:84:88:ab:d9:30:5f:6c:5e:b5:
2e:7c:4e:4d:57:5d:39:09:ae:d6:6c:5b:31:ab:4f:20:88:a6:
23:3b:a5:ae:61:eb:7c:4b:a3:60:80:6b:b6:80:38:5a:a6:b5:
d8:e9:bd:05:c2:77:7a:34:38:e7:e2:9d:da:64:c8:de:dd:e2:
1b:0c:2a:11:ba:5d:29:e6:36:8b:6b:08:98:87:d3:e6:ab:c6:
96:c8:31:70:e1:32:32:8b:c8:5d:88:a6:ed:98:81:39:f4:2c:
04:2c:d8:31:c0:4e:03:05:26:db:b9:f1:30:44:f8:45:1c:00:
2f:cd:29:9d:0d:2e:f4:8f:71:a7:ce:fc:50:3f:65:dc:a6:98:
69:94:15:11
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPPek2zWkncbAoR5Fr6C8ryVN5iowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODMxMjRaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkMzQ0Zjg1NzU0MjE3ZmRkOGE5MzljMTUyZWI3NWJhNmNiMzE5NDNmNjA5
NWM0NTA5ZGIzZDAxZGViODNhM2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALNAlFBnasqDHi/GUDWm3VXbom0TtOJSuZaFlihvg2PGPQ8mTrofiVJYaVrZ
nfu2lnROpfjbve0gN6h9UDJNan1XpuIcASf+2B1ulVHI8D887FmVxDlJtCj0omJj
MedOJXi97ekkMlKeIvt3rGvM1s2g93uJ1WdWBW+UEaue1ZnU9ItMLG3+boNd+8N/
iaRGqHfypF89MCLnY1F8j2VG8mjdbOCAiwbUzClVu8MqNY/AcUl2v2FkHYbbP9nt
r0T/AaxpaEiq1NxLAJdLD3vWIefHTr3tFkv7/t/hqNxmzelQDQXLMVlEP30vtRze
KHSWSJH9yeZa5S8+uwORRDpLNlMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTwr/mY
U4yOrgTKAw7c1MFkDjvJ3TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmEzYjQwMWYtZWE5MS00NWE5LTgxODItZDU2N2NmYWMwNzdhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGw
gDANBgkqhkiG9w0BAQsFAAOCAQEAPbaviwxUjYo/PS2K+8Yb4ts0Pqnwk+gAmbDS
xIbYu+KBM2o8V95BilhWenZAUvqSe4B/Xiap+Mxnhi1O/6PRXldi9til00/IhWlV
3gurkzDhbaNTD6cTALR70PvcJmRzAT9onjL8xcbrGyFyAFplVWOShO+shIir2TBf
bF61LnxOTVddOQmu1mxbMatPIIimIzulrmHrfEujYIBrtoA4Wqa12Om9BcJ3ejQ4
5+Kd2mTI3t3iGwwqEbpdKeY2i2sImIfT5qvGlsgxcOEyMovIXYim7ZiBOfQsBCzY
McBOAwUm27nxMET4RRwAL80pnQ0u9I9xp878UD9l3KaYaZQVEQ==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:42:30 2025 by rpki-client