Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2f449809-abd8-4202-adc3-ce8dd1767b62.roa
File: 2f449809-abd8-4202-adc3-ce8dd1767b62.roa (raw, json)
Hash identifier: yriZCtRonlEgSDlS/DeN/7viZaHEcNsPxkg7zNr2aUY=
Subject key identifier: E0:72:08:E9:BE:7C:C6:D9:2F:0F:A7:65:9E:33:06:EB:96:F2:E7:33
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3C78AF658ECADB471418B327E73B355E16008FA7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2f449809-abd8-4202-adc3-ce8dd1767b62.roa
Signing time: Sat 12 Jul 2025 00:50:12 +0000
ROA not before: Sat 12 Jul 2025 00:50:12 +0000
ROA not after: Sat 16 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:78:af:65:8e:ca:db:47:14:18:b3:27:e7:3b:35:5e:16:00:8f:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 12 00:50:12 2025 GMT
Not After : Aug 16 23:59:59 2025 GMT
Subject: serialNumber=30d1959ba2a162f20edbcda69e39612e70875fbdc717b2aad6b1f800377b6e35, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:53:c1:61:35:73:c5:cd:54:ef:78:0b:59:77:
14:12:af:b2:9a:bb:61:60:87:6f:57:d9:82:7b:bd:
60:dd:b8:5c:ab:d7:b0:e3:c8:a4:e7:f5:60:b2:3b:
42:de:75:c7:06:00:aa:64:59:6f:64:09:2d:a1:3f:
84:0d:8c:e2:e3:ec:f4:9c:bb:b4:bc:cf:a0:03:68:
14:ca:e6:8c:ad:f1:a1:71:08:89:17:ec:3e:60:ec:
03:7e:e0:b1:d2:af:6d:17:3b:bd:1f:be:a7:83:5e:
eb:39:0f:3e:00:57:fa:17:9c:36:44:3f:48:a0:6f:
65:ee:b9:79:3e:2e:6e:bd:02:0f:98:61:76:30:e7:
73:13:55:7d:eb:ed:ae:c3:22:59:12:4b:93:28:51:
26:64:38:7c:d3:1d:16:0e:0e:9f:ff:5d:a0:d6:69:
26:ed:49:a0:e1:9b:8f:48:ac:8f:e4:5b:38:2f:e9:
5c:6a:53:39:e3:25:42:3c:da:26:9c:1b:0a:a3:90:
8c:26:6d:fb:64:3a:ba:a1:5c:b6:8e:ca:d9:26:c5:
09:84:7b:54:fb:9c:be:8a:f8:16:8d:af:f9:de:55:
f1:e6:3a:88:e9:ef:e6:36:9a:2a:c1:c1:66:ff:a7:
bd:91:fb:4a:25:5a:87:63:60:9a:f3:5f:b1:f7:61:
c2:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:72:08:E9:BE:7C:C6:D9:2F:0F:A7:65:9E:33:06:EB:96:F2:E7:33
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2f449809-abd8-4202-adc3-ce8dd1767b62.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:5000::/40
Signature Algorithm: sha256WithRSAEncryption
9c:8e:15:cf:b3:66:2e:62:db:d8:e6:6b:27:21:20:19:37:77:
8c:5c:d0:fc:f3:94:35:43:57:d0:fe:8a:98:c1:1f:7b:80:47:
12:7d:76:f4:0e:11:62:17:f8:0f:3a:6a:54:1e:5f:4c:e0:bf:
52:b8:fe:f0:9d:c9:de:63:78:58:42:31:f4:57:3f:c2:69:12:
9a:a6:35:71:f7:1c:23:32:ba:fc:1a:3d:41:d9:fe:eb:a2:33:
10:e7:51:f2:7a:40:ff:fd:b4:07:88:4f:b9:0d:29:1c:c6:a3:
b9:5b:15:71:d1:e3:1e:fa:14:07:45:3a:03:84:bd:a9:fb:5b:
fd:b4:28:4c:bd:e0:e4:13:d2:2a:0e:f4:72:f6:f0:72:b3:e5:
65:d7:cb:6b:01:af:c6:46:c8:3b:92:06:21:a7:21:04:19:0f:
dd:e7:02:d6:d7:a4:1f:a8:5a:f4:a5:95:50:05:0b:cc:32:3a:
29:eb:18:47:e9:e0:64:e6:a6:e8:24:4d:2f:a1:bc:5d:0e:19:
70:79:4a:58:3b:70:3e:29:91:e3:d8:ad:6a:b9:5d:97:0e:ce:
7f:5d:e1:48:6a:71:da:7c:14:9f:4f:bf:d3:82:c4:c9:11:5a:
04:5d:d6:e6:0d:fe:48:e0:cd:e4:7d:65:2a:9d:ac:f8:bd:fd:
f3:93:7f:fa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPHivZY7K20cUGLMn5zs1XhYAj6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTIwMDUwMTJaFw0yNTA4MTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwZDE5NTliYTJhMTYyZjIwZWRiY2RhNjllMzk2MTJlNzA4NzVmYmRjNzE3
YjJhYWQ2YjFmODAwMzc3YjZlMzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJxTwWE1c8XNVO94C1l3FBKvspq7YWCHb1fZgnu9YN24XKvXsOPIpOf1YLI7
Qt51xwYAqmRZb2QJLaE/hA2M4uPs9Jy7tLzPoANoFMrmjK3xoXEIiRfsPmDsA37g
sdKvbRc7vR++p4Ne6zkPPgBX+hecNkQ/SKBvZe65eT4ubr0CD5hhdjDncxNVfevt
rsMiWRJLkyhRJmQ4fNMdFg4On/9doNZpJu1JoOGbj0isj+RbOC/pXGpTOeMlQjza
JpwbCqOQjCZt+2Q6uqFcto7K2SbFCYR7VPucvor4Fo2v+d5V8eY6iOnv5jaaKsHB
Zv+nvZH7SiVah2NgmvNfsfdhwp0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTgcgjp
vnzG2S8Pp2WeMwbrlvLnMzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmY0NDk4MDktYWJkOC00MjAyLWFkYzMtY2U4ZGQxNzY3YjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCcjhXPs2YuYtvY5msnISAZN3eMXND885Q1Q1fQ
/oqYwR97gEcSfXb0DhFiF/gPOmpUHl9M4L9SuP7wncneY3hYQjH0Vz/CaRKapjVx
9xwjMrr8Gj1B2f7rojMQ51HyekD//bQHiE+5DSkcxqO5WxVx0eMe+hQHRToDhL2p
+1v9tChMveDkE9IqDvRy9vBys+Vl18trAa/GRsg7kgYhpyEEGQ/d5wLW16QfqFr0
pZVQBQvMMjop6xhH6eBk5qboJE0vobxdDhlweUpYO3A+KZHj2K1quV2XDs5/XeFI
anHafBSfT7/TgsTJEVoEXdbmDf5I4M3kfWUqnaz4vf3zk3/6
-----END CERTIFICATE-----
Generated at Tue Jul 22 22:22:24 2025 by rpki-client