Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
File: 09a66d07-54a4-4c26-8a49-e43710070e4d.roa (raw, json)
Hash identifier: ugD8hqzxPW8h5pVZtf+moIDrqElzpMZ05rCwslToLXU=
Subject key identifier: E4:CC:D2:2C:5A:C9:4C:64:9F:54:C2:A6:4D:DA:21:68:98:80:66:E7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6F6DB933D8F62CFE105B67FAC0F8A174F02895BA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
Signing time: Fri 11 Jul 2025 19:11:26 +0000
ROA not before: Fri 11 Jul 2025 19:11:26 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 14:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:6d:b9:33:d8:f6:2c:fe:10:5b:67:fa:c0:f8:a1:74:f0:28:95:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:11:26 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=5583b4e3c7b3bf019bd1679e4313a646508c44a55dab11ff9fe6210e79cf7e0f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:d9:cf:46:94:2b:45:8d:b4:65:bc:54:ca:ea:
39:1d:e9:ab:19:34:5c:d2:a1:a8:ec:9d:5e:97:2e:
d4:36:25:3e:70:ff:50:56:7b:e9:1f:09:e2:42:9f:
71:de:1a:9a:be:4c:24:29:68:7c:de:fe:91:0d:9d:
77:9d:d5:e7:0a:e6:21:e5:c7:0b:b2:61:70:a2:95:
65:57:11:0b:03:14:aa:f6:8e:8d:3c:ba:a3:af:d1:
24:4a:e7:bd:53:25:1c:11:58:14:67:52:12:7a:06:
e3:c0:00:07:66:6f:38:ac:19:94:41:61:27:be:a4:
fa:16:ac:67:da:69:db:68:9c:ff:d8:22:41:64:c7:
af:94:67:81:24:da:cb:79:f1:a4:41:7e:2e:9f:99:
08:18:19:8d:a8:70:c4:a1:f9:e0:8a:bc:02:a9:d2:
f3:b8:84:f1:8c:02:ea:55:0a:d2:b0:bc:e1:7e:4a:
99:83:7d:0c:b5:be:31:3e:89:8b:a3:a8:29:d0:3f:
ac:90:31:1b:a2:c4:26:e3:52:6b:b5:d8:d1:bf:10:
ed:74:45:fc:da:5f:10:fc:6f:74:8c:30:26:f6:9c:
e2:67:75:fb:0e:42:aa:a4:44:4b:16:e7:2a:09:97:
62:71:47:37:11:9e:8a:cc:f6:fb:53:ed:a7:cb:88:
41:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:CC:D2:2C:5A:C9:4C:64:9F:54:C2:A6:4D:DA:21:68:98:80:66:E7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:1080::/48
Signature Algorithm: sha256WithRSAEncryption
6e:07:ff:16:71:3f:c3:e1:91:d7:c6:53:bd:59:af:f4:41:0f:
4c:22:a0:dd:a1:f4:43:0f:e7:d5:bc:21:72:0d:69:07:60:15:
17:a6:3b:bc:24:87:a8:5c:86:5a:d6:ab:f6:29:92:7e:f5:f1:
bc:d9:d8:51:d0:f1:71:3a:64:38:20:ff:0c:e9:1b:02:6e:00:
b6:1f:c1:86:a9:9c:c0:b4:13:d2:3a:80:06:75:9a:dd:6d:14:
13:78:65:5f:b8:aa:a5:e4:8d:c4:64:e5:d8:1f:49:04:8b:63:
d2:b3:3e:29:32:5b:e8:d9:c6:a2:25:50:e6:08:5f:a2:e5:37:
ba:a8:f3:5b:b1:b6:f1:7c:ee:53:21:cc:a4:1c:f0:21:0e:2a:
ec:06:4a:28:10:80:b1:18:5b:ad:ce:91:02:ea:a4:16:4c:5c:
33:07:f5:c3:ea:07:36:01:c3:02:6a:2d:e1:c7:fb:c4:ce:bb:
7c:a7:17:74:e2:f3:43:2c:94:cc:a1:ca:e9:6e:b2:bb:70:77:
e5:3f:ed:2e:4a:f9:c1:64:c4:06:de:35:3e:ba:e1:2c:f6:71:
10:da:57:d8:62:96:ab:e3:f0:05:17:11:d4:8d:a9:27:da:eb:
1e:8f:a8:8c:d1:12:ba:ca:88:04:c3:cc:60:a6:f3:71:b4:5c:
e3:2f:39:e6
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUb225M9j2LP4QW2f6wPihdPAolbowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTExMjZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1ODNiNGUzYzdiM2JmMDE5YmQxNjc5ZTQzMTNhNjQ2NTA4YzQ0YTU1ZGFi
MTFmZjlmZTYyMTBlNzljZjdlMGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANbZz0aUK0WNtGW8VMrqOR3pqxk0XNKhqOydXpcu1DYlPnD/UFZ76R8J4kKf
cd4amr5MJClofN7+kQ2dd53V5wrmIeXHC7JhcKKVZVcRCwMUqvaOjTy6o6/RJErn
vVMlHBFYFGdSEnoG48AAB2ZvOKwZlEFhJ76k+hasZ9pp22ic/9giQWTHr5RngSTa
y3nxpEF+Lp+ZCBgZjahwxKH54Iq8AqnS87iE8YwC6lUK0rC84X5KmYN9DLW+MT6J
i6OoKdA/rJAxG6LEJuNSa7XY0b8Q7XRF/NpfEPxvdIwwJvac4md1+w5CqqRESxbn
KgmXYnFHNxGeisz2+1Ptp8uIQUcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTkzNIs
WslMZJ9UwqZN2iFomIBm5zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDlhNjZkMDctNTRhNC00YzI2LThhNDktZTQzNzEwMDcwZTRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8Q
gDANBgkqhkiG9w0BAQsFAAOCAQEAbgf/FnE/w+GR18ZTvVmv9EEPTCKg3aH0Qw/n
1bwhcg1pB2AVF6Y7vCSHqFyGWtar9imSfvXxvNnYUdDxcTpkOCD/DOkbAm4Ath/B
hqmcwLQT0jqABnWa3W0UE3hlX7iqpeSNxGTl2B9JBItj0rM+KTJb6NnGoiVQ5ghf
ouU3uqjzW7G28XzuUyHMpBzwIQ4q7AZKKBCAsRhbrc6RAuqkFkxcMwf1w+oHNgHD
Amot4cf7xM67fKcXdOLzQyyUzKHK6W6yu3B35T/tLkr5wWTEBt41PrrhLPZxENpX
2GKWq+PwBRcR1I2pJ9rrHo+ojNESusqIBMPMYKbzcbRc4y855g==
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:59:50 2025 by rpki-client