Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
File: 25d38479-752d-418e-a4fb-397c5aa432f8.roa (raw, json)
Hash identifier: gmmGsTIsgB9UipMAYwdRhjDCQ+fNpSat3JVcE6y9DxQ=
Subject key identifier: DD:9F:22:BA:53:4A:47:39:B7:94:58:9D:91:8D:43:45:52:BE:85:73
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 18992CF22223ABCB1477A64DDD9EE729A0DB35E6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
Signing time: Mon 07 Jul 2025 18:21:01 +0000
ROA not before: Mon 07 Jul 2025 18:21:01 +0000
ROA not after: Mon 11 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 20:51:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:99:2c:f2:22:23:ab:cb:14:77:a6:4d:dd:9e:e7:29:a0:db:35:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 7 18:21:01 2025 GMT
Not After : Aug 11 23:59:59 2025 GMT
Subject: serialNumber=e0df1e271c7cf45e9cdc85427fe5eba66816858f3162de8082150502e0e3f94d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:1a:11:06:44:d4:69:d1:69:de:e1:7a:ce:8d:
c5:e0:70:aa:e7:5b:f5:f4:7f:4c:a4:8f:dd:33:54:
40:1e:30:e9:62:16:f5:54:c5:71:19:53:2b:93:fd:
49:3a:11:62:ec:fd:e7:b4:a3:2b:62:dd:d7:74:1f:
d3:2a:e7:7d:9a:d6:e9:0e:35:5c:4d:f6:58:d0:f9:
13:a2:7a:15:02:85:8d:db:6c:21:18:d0:a0:d9:d7:
ee:61:9c:57:ae:aa:cb:91:56:f9:9a:bb:f8:e6:a9:
01:33:01:30:cb:c8:68:44:6f:69:c4:4a:83:8b:5e:
99:1b:cb:88:8c:79:85:12:2f:c0:32:2b:19:0a:02:
63:b1:81:a1:a7:b7:b6:d6:51:0f:ef:44:56:48:cf:
e9:02:7a:33:bc:9c:13:10:1c:be:6e:e0:18:53:cc:
43:f5:b3:15:bd:f3:63:30:d6:10:b4:ae:ff:d9:7a:
83:18:a7:1c:5d:a4:de:2e:22:8e:7c:37:0a:18:bd:
67:a9:01:d4:79:48:f8:55:c0:a4:94:87:4b:8c:76:
96:31:40:48:8b:23:90:cb:89:ae:62:0d:dd:7d:8f:
52:bd:93:8c:a2:f1:e1:e9:6a:5a:a5:93:c3:13:63:
00:a1:bf:81:be:9c:02:60:20:c2:17:92:d7:f4:97:
aa:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:9F:22:BA:53:4A:47:39:B7:94:58:9D:91:8D:43:45:52:BE:85:73
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:800::/40
Signature Algorithm: sha256WithRSAEncryption
80:b0:45:2c:9c:f1:f0:b5:21:37:24:80:cf:e8:7a:eb:6b:99:
ca:e7:cc:24:44:97:5d:38:d2:b3:85:dc:39:cd:31:2f:8b:a0:
c4:90:83:67:5f:9c:aa:28:73:64:4e:94:9e:eb:15:9e:8f:a3:
5b:54:ce:65:1c:8c:e9:f2:2e:60:17:e2:4e:fa:12:5d:d8:19:
8c:b5:db:e6:8f:a3:36:c4:6f:f9:e0:89:00:c8:8a:09:9c:ee:
a8:be:67:e5:b1:b2:56:50:56:4b:24:7d:09:35:60:f8:01:1e:
9e:b3:f4:dc:ff:9e:fd:b8:60:94:21:b0:3e:1f:90:ff:85:35:
8d:71:0f:df:8c:a5:58:20:13:6a:a0:ca:2c:d6:bc:2a:b3:80:
d6:d4:dc:75:3b:bb:47:ca:05:aa:95:27:f0:ab:28:c2:5c:ee:
de:3c:be:5f:fd:dc:ab:ed:87:2c:a4:fe:f9:47:42:6b:91:87:
44:e6:aa:05:f8:69:c5:51:cb:05:93:77:25:e5:9b:c4:4b:ab:
39:14:30:a1:d7:90:c9:60:be:07:95:55:e2:30:4d:44:44:a2:
37:50:df:08:4a:80:04:9d:20:7e:a5:f9:ab:f5:9c:d9:7a:c6:
64:44:f1:6a:87:0e:97:14:e1:fc:06:13:65:3c:68:f9:97:f0:
26:8e:f4:15
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGJks8iIjq8sUd6ZN3Z7nKaDbNeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDcxODIxMDFaFw0yNTA4MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwZGYxZTI3MWM3Y2Y0NWU5Y2RjODU0MjdmZTVlYmE2NjgxNjg1OGYzMTYy
ZGU4MDgyMTUwNTAyZTBlM2Y5NGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkaEQZE1GnRad7hes6NxeBwqudb9fR/TKSP3TNUQB4w6WIW9VTFcRlTK5P9
SToRYuz957SjK2Ld13Qf0yrnfZrW6Q41XE32WND5E6J6FQKFjdtsIRjQoNnX7mGc
V66qy5FW+Zq7+OapATMBMMvIaERvacRKg4temRvLiIx5hRIvwDIrGQoCY7GBoae3
ttZRD+9EVkjP6QJ6M7ycExAcvm7gGFPMQ/WzFb3zYzDWELSu/9l6gxinHF2k3i4i
jnw3Chi9Z6kB1HlI+FXApJSHS4x2ljFASIsjkMuJrmIN3X2PUr2TjKLx4elqWqWT
wxNjAKG/gb6cAmAgwheS1/SXqs8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTdnyK6
U0pHObeUWJ2RjUNFUr6FczAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVkMzg0NzktNzUyZC00MThlLWE0ZmItMzk3YzVhYTQzMmY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DII
MA0GCSqGSIb3DQEBCwUAA4IBAQCAsEUsnPHwtSE3JIDP6Hrra5nK58wkRJddONKz
hdw5zTEvi6DEkINnX5yqKHNkTpSe6xWej6NbVM5lHIzp8i5gF+JO+hJd2BmMtdvm
j6M2xG/54IkAyIoJnO6ovmflsbJWUFZLJH0JNWD4AR6es/Tc/579uGCUIbA+H5D/
hTWNcQ/fjKVYIBNqoMos1rwqs4DW1Nx1O7tHygWqlSfwqyjCXO7ePL5f/dyr7Ycs
pP75R0JrkYdE5qoF+GnFUcsFk3cl5ZvES6s5FDCh15DJYL4HlVXiME1ERKI3UN8I
SoAEnSB+pfmr9ZzZesZkRPFqhw6XFOH8BhNlPGj5l/AmjvQV
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:59:15 2025 by rpki-client