Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
File: 296e983c-f59b-4a15-a74d-56b2bff88779.roa (raw, json)
Hash identifier: z9l9QezwT0eTnxcu6UKZlStSPldpfrCxqz3Bd7pPN1k=
Subject key identifier: FF:C3:83:27:47:FD:BA:4C:90:F1:86:F9:EC:F8:EE:A8:1B:37:01:C0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 55842D8CEFEAF07F6A5D99B9AA70B7DCA4A9684C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
Signing time: Tue 01 Jul 2025 15:00:44 +0000
ROA not before: Tue 01 Jul 2025 15:00:44 +0000
ROA not after: Tue 05 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 176.34.48.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:84:2d:8c:ef:ea:f0:7f:6a:5d:99:b9:aa:70:b7:dc:a4:a9:68:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 1 15:00:44 2025 GMT
Not After : Aug 5 23:59:59 2025 GMT
Subject: serialNumber=84b0da949878909d2d64deb9361e7ef41b23dc1e04233b52680cc24543dcb5a2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:88:62:c0:f3:d2:9e:bc:e3:5d:75:83:55:30:
0c:5a:7a:1e:6b:a4:0f:e7:00:53:77:0c:11:66:e1:
4c:59:b0:9f:52:88:14:21:db:e4:56:3e:9f:ad:f1:
4a:b2:23:e1:5b:13:7a:a8:d4:c5:e5:4b:99:8f:e9:
10:87:4a:e0:47:38:b7:58:27:73:24:11:7b:57:5d:
b6:4f:83:a3:1a:44:e4:36:29:39:49:64:83:2e:aa:
4a:a0:1e:77:b4:52:50:31:39:bb:a8:58:22:35:01:
33:f0:b4:67:bf:f9:a7:f2:7a:85:29:50:04:f3:ce:
35:ff:86:f2:47:d2:b3:69:7b:d2:a0:05:b5:00:87:
32:d9:2c:a5:22:8e:31:cf:bb:f0:93:e6:af:2e:06:
73:88:b1:f7:e1:e5:97:6b:c9:e6:88:86:ae:07:6f:
20:f0:8c:a3:68:4b:58:e9:c6:06:71:7a:43:4a:85:
3d:73:81:47:4a:44:b2:bf:36:37:93:bc:36:10:6f:
a8:70:33:3e:ac:71:bd:f8:2c:4e:ff:ce:dc:82:63:
2b:d1:69:72:26:01:3d:bc:49:20:28:50:36:15:9c:
49:80:89:2e:7b:83:04:20:cb:c6:60:dc:c1:8c:0f:
ca:19:ec:00:37:e6:c0:aa:72:9f:c8:cd:88:27:52:
ca:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:C3:83:27:47:FD:BA:4C:90:F1:86:F9:EC:F8:EE:A8:1B:37:01:C0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.34.48.0/20
Signature Algorithm: sha256WithRSAEncryption
af:a7:c7:fd:f8:6e:42:b9:b9:01:33:86:e4:c0:62:ef:e5:f1:
17:26:00:d2:6b:0c:de:a7:94:5e:a9:01:44:cc:66:ba:73:bd:
ea:fc:93:fb:7d:f5:09:e6:46:2b:17:cc:7f:9c:49:c2:45:7c:
2f:33:e5:3f:87:1c:6f:d5:0f:16:5c:93:00:48:60:b0:30:c6:
71:5e:8c:69:cf:61:d3:49:87:9f:ca:51:66:1a:cb:6b:65:74:
f4:30:61:af:eb:12:50:a9:58:b4:2c:6a:be:cf:32:04:fa:e5:
89:22:ad:21:6a:10:67:c5:7a:d9:8f:b1:22:a9:65:df:c8:32:
7b:d0:62:eb:ef:3e:b8:5d:76:17:42:5c:1e:1c:8b:98:f6:c9:
86:a8:61:72:f1:6f:44:6d:eb:4b:e5:31:25:a6:f3:74:08:e4:
bd:93:e5:f3:cc:45:95:87:78:d5:7c:78:f9:ea:c7:af:a2:77:
c3:c4:f7:71:72:79:3d:90:18:46:51:06:f5:e9:31:4d:44:29:
e7:b9:cf:76:04:65:0c:be:a1:2d:99:41:5f:81:0c:24:ef:42:
a9:4c:4b:b5:88:35:61:16:6d:33:fc:80:32:51:1f:4b:d3:bd:
0d:42:6b:8f:99:d1:42:2c:c2:ca:ce:db:47:ac:cd:2b:bb:8a:
95:4b:59:b4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUVYQtjO/q8H9qXZm5qnC33KSpaEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDExNTAwNDRaFw0yNTA4MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0YjBkYTk0OTg3ODkwOWQyZDY0ZGViOTM2MWU3ZWY0MWIyM2RjMWUwNDIz
M2I1MjY4MGNjMjQ1NDNkY2I1YTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANiIYsDz0p684111g1UwDFp6HmukD+cAU3cMEWbhTFmwn1KIFCHb5FY+n63x
SrIj4VsTeqjUxeVLmY/pEIdK4Ec4t1gncyQRe1ddtk+DoxpE5DYpOUlkgy6qSqAe
d7RSUDE5u6hYIjUBM/C0Z7/5p/J6hSlQBPPONf+G8kfSs2l70qAFtQCHMtkspSKO
Mc+78JPmry4Gc4ix9+Hll2vJ5oiGrgdvIPCMo2hLWOnGBnF6Q0qFPXOBR0pEsr82
N5O8NhBvqHAzPqxxvfgsTv/O3IJjK9FpciYBPbxJIChQNhWcSYCJLnuDBCDLxmDc
wYwPyhnsADfmwKpyn8jNiCdSyjECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT/w4Mn
R/26TJDxhvns+O6oGzcBwDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjk2ZTk4M2MtZjU5Yi00YTE1LWE3NGQtNTZiMmJmZjg4Nzc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAiMDAN
BgkqhkiG9w0BAQsFAAOCAQEAr6fH/fhuQrm5ATOG5MBi7+XxFyYA0msM3qeUXqkB
RMxmunO96vyT+331CeZGKxfMf5xJwkV8LzPlP4ccb9UPFlyTAEhgsDDGcV6Mac9h
00mHn8pRZhrLa2V09DBhr+sSUKlYtCxqvs8yBPrliSKtIWoQZ8V62Y+xIqll38gy
e9Bi6+8+uF12F0JcHhyLmPbJhqhhcvFvRG3rS+UxJabzdAjkvZPl88xFlYd41Xx4
+erHr6J3w8T3cXJ5PZAYRlEG9ekxTUQp57nPdgRlDL6hLZlBX4EMJO9CqUxLtYg1
YRZtM/yAMlEfS9O9DUJrj5nRQizCys7bR6zNK7uKlUtZtA==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:36:53 2025 by rpki-client