Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
File: 0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa (raw, json)
Hash identifier: XpZwntj5/hNpckgAsEhpjXT+zFxMz8qQt0EKcQCreSE=
Subject key identifier: 6A:E5:E5:DD:8C:8B:23:4B:CE:E4:4B:65:75:4D:15:B9:62:87:01:35
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7A8024183C47E9B9922BA423AB83EDD4CAB6C88A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
Signing time: Fri 11 Jul 2025 20:50:57 +0000
ROA not before: Fri 11 Jul 2025 20:50:57 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d018:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:80:24:18:3c:47:e9:b9:92:2b:a4:23:ab:83:ed:d4:ca:b6:c8:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:50:57 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=ca101c7c9d99bbe110adf1f869dfb1425e3032cdd874097554ce00e34d237571, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9e:3e:99:4c:11:2b:8e:61:10:db:e0:e4:ee:
18:c6:b7:e9:9f:cd:c3:60:d3:b3:4e:28:0e:81:39:
76:c0:4d:d1:41:af:e5:b0:0e:6b:0e:6d:b4:b5:de:
9b:fe:8a:f7:a0:f9:16:b6:84:1c:ee:b1:c7:ba:be:
9b:be:23:22:54:06:43:88:2a:e5:9f:c4:af:f0:53:
31:99:47:cf:e6:f3:f1:1b:7b:26:fc:89:8e:a2:5f:
c2:c7:00:bc:43:e7:d1:4e:8b:ad:a1:e1:e0:2f:7a:
c9:0c:69:6d:dc:f8:25:2b:86:ec:ad:99:50:c5:42:
e1:0d:f8:93:54:01:51:50:87:3d:e2:8c:54:17:87:
5d:70:f0:72:46:a0:f7:cd:64:db:b9:30:bc:d2:ff:
3d:6c:da:6d:c7:5a:36:bf:1d:b8:b5:fb:39:4e:cf:
26:5b:6c:cc:51:5c:08:a8:48:b6:76:94:fc:1b:b7:
49:0c:a6:8a:f0:0e:d1:4a:6c:a3:26:dd:13:a7:71:
d5:05:3b:99:9b:09:f8:80:6b:e0:66:22:ed:6a:24:
f7:07:98:87:6c:25:d1:07:4e:b2:04:fe:34:94:6e:
63:7d:c8:f9:8d:8d:18:ae:83:26:ee:32:41:11:b5:
eb:63:28:a0:29:3f:16:00:b4:1f:7c:e9:69:7c:77:
95:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:E5:E5:DD:8C:8B:23:4B:CE:E4:4B:65:75:4D:15:B9:62:87:01:35
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d018:1000::/36
Signature Algorithm: sha256WithRSAEncryption
1c:b4:7f:43:08:7b:be:8e:0c:03:1a:7c:33:8d:06:35:66:e4:
3c:26:3e:df:43:51:54:9c:ab:26:f5:4c:8d:95:bf:71:a5:d0:
28:0a:c4:85:bc:e7:b4:c0:f2:b1:28:fb:6f:d9:80:b3:6e:2f:
4b:15:be:25:cf:ad:47:02:f6:ae:60:f3:43:17:9e:bb:54:25:
8d:54:ee:95:04:b2:d9:7d:96:4b:27:36:2e:ad:ba:18:90:1a:
bd:80:40:43:ad:8a:2a:3f:be:65:03:d3:ef:60:4a:fb:f9:e7:
6c:c1:9b:80:0d:0f:a5:b2:5e:79:3e:11:13:2e:ae:58:35:73:
55:b1:ce:bd:8c:48:2c:6f:8e:b8:6a:e4:52:e8:e7:13:5b:a9:
76:00:63:eb:0b:8c:2d:8f:ab:c4:84:31:a3:f4:eb:d0:41:7d:
41:f0:c5:a8:20:3b:50:de:b9:1d:7a:68:8e:42:f1:f2:9f:13:
b9:b9:8d:a0:b8:71:b1:ad:14:16:37:b5:2b:38:fb:ad:61:2e:
96:c8:d5:2a:9d:b2:a5:c7:eb:1f:3e:27:9b:0a:ef:a1:aa:c6:
0a:7c:68:49:25:40:90:af:21:bf:47:24:67:12:58:49:8f:de:
7b:01:d1:90:41:2a:ab:f8:06:ae:74:f2:b8:a3:d0:d5:3c:06:
cf:c1:51:3a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeoAkGDxH6bmSK6Qjq4Pt1Mq2yIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDUwNTdaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhMTAxYzdjOWQ5OWJiZTExMGFkZjFmODY5ZGZiMTQyNWUzMDMyY2RkODc0
MDk3NTU0Y2UwMGUzNGQyMzc1NzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL6ePplMESuOYRDb4OTuGMa36Z/Nw2DTs04oDoE5dsBN0UGv5bAOaw5ttLXe
m/6K96D5FraEHO6xx7q+m74jIlQGQ4gq5Z/Er/BTMZlHz+bz8Rt7JvyJjqJfwscA
vEPn0U6LraHh4C96yQxpbdz4JSuG7K2ZUMVC4Q34k1QBUVCHPeKMVBeHXXDwckag
981k27kwvNL/PWzabcdaNr8duLX7OU7PJltszFFcCKhItnaU/Bu3SQymivAO0Ups
oybdE6dx1QU7mZsJ+IBr4GYi7Wok9weYh2wl0QdOsgT+NJRuY33I+Y2NGK6DJu4y
QRG162MooCk/FgC0H3zpaXx3lRsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRq5eXd
jIsjS87kS2V1TRW5YocBNTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGJmNmNlZjgtOGM2MC00YTBlLTg5MzItY2ZkYTY0OGQyNzcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQActH9DCHu+jgwDGnwzjQY1ZuQ8Jj7fQ1FUnKsm
9UyNlb9xpdAoCsSFvOe0wPKxKPtv2YCzbi9LFb4lz61HAvauYPNDF567VCWNVO6V
BLLZfZZLJzYurboYkBq9gEBDrYoqP75lA9PvYEr7+edswZuADQ+lsl55PhETLq5Y
NXNVsc69jEgsb464auRS6OcTW6l2AGPrC4wtj6vEhDGj9OvQQX1B8MWoIDtQ3rkd
emiOQvHynxO5uY2guHGxrRQWN7UrOPutYS6WyNUqnbKlx+sfPiebCu+hqsYKfGhJ
JUCQryG/RyRnElhJj957AdGQQSqr+AaudPK4o9DVPAbPwVE6
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:36:22 2025 by rpki-client