Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
File: 301d1d15-dd00-41e7-9f44-49159e46a51a.roa (raw, json)
Hash identifier: g2gV1d5CPsM5avplI0WkbyFYuNLkvHuflCv+LdXqftQ=
Subject key identifier: 45:BD:A0:C6:AF:1A:D0:6A:59:EB:AA:B6:9C:A4:43:15:69:05:4F:BE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 40AEA33C130C4F00E862512A171863569B214291
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
Signing time: Fri 11 Jul 2025 19:00:14 +0000
ROA not before: Fri 11 Jul 2025 19:00:14 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:8040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:ae:a3:3c:13:0c:4f:00:e8:62:51:2a:17:18:63:56:9b:21:42:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:00:14 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=d6829f6a851954b9a5e7270a2136371a73885b1e5d9e2eb612f0a46d60b0da68, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:1d:69:96:a1:c3:65:78:b4:21:fe:3c:b1:f6:
b6:2b:a6:77:17:4e:de:8c:99:5d:8b:7b:3f:84:8d:
c9:20:0c:0b:7f:49:e9:33:4b:c5:9e:04:c0:32:55:
95:50:2c:61:94:d6:ec:91:6e:72:e9:e3:3e:77:e7:
73:fd:5d:69:70:de:4d:47:d2:a2:5b:cf:93:15:b1:
da:f5:39:28:b5:70:0f:5a:b8:4b:fa:d3:0a:d0:8a:
f8:55:85:7d:01:51:74:c7:64:93:57:a2:a5:3e:1d:
c6:84:ad:f3:91:5e:ad:70:47:d7:a4:61:89:3d:1e:
0c:35:29:55:7a:40:72:08:7d:99:f9:2c:56:8d:1e:
67:6f:ab:f1:63:4e:e9:99:5d:a9:d2:55:91:72:8e:
44:53:fa:4e:3d:33:a3:2d:59:ca:29:0a:3d:0a:00:
6c:fd:bd:c9:4a:35:27:99:78:64:28:0c:ce:b3:ea:
62:ad:c5:16:f2:66:9d:5f:0f:58:0f:5a:40:35:73:
02:77:cd:96:cd:4f:50:1d:8b:48:08:94:f7:9b:c5:
22:87:e1:14:62:47:6a:05:a0:88:1c:cf:43:61:ff:
66:a0:34:2b:fe:48:a0:dd:60:2c:43:ae:c5:1b:87:
cb:8c:74:16:c7:03:57:65:71:50:45:ae:68:d1:23:
fb:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:BD:A0:C6:AF:1A:D0:6A:59:EB:AA:B6:9C:A4:43:15:69:05:4F:BE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:8040::/48
Signature Algorithm: sha256WithRSAEncryption
9f:e5:3c:42:34:b2:8e:75:09:5b:32:1e:74:d5:ab:a2:00:c5:
f1:c7:f5:60:44:43:26:06:b3:9d:8c:ff:b9:71:1b:e2:e8:c1:
87:ff:96:e2:db:5e:15:9e:8f:13:48:53:6b:c5:49:76:e9:9e:
75:8c:e3:db:f0:85:5b:a6:90:5c:e5:e8:cf:08:77:69:fc:4c:
f9:6d:77:0a:29:c0:c2:4c:8b:a8:67:8b:c5:52:a7:d7:77:9d:
14:81:8b:75:80:de:9f:a1:98:29:ff:39:d6:e8:50:fb:ad:34:
ed:15:9c:48:b9:cc:5d:60:28:a8:bd:32:1e:86:84:cc:a0:16:
20:2a:17:05:d6:78:7a:c8:5b:a1:d9:e5:da:69:52:80:e0:9a:
13:89:c8:b6:db:b4:71:88:3c:7a:c9:a8:50:3a:94:f5:cc:63:
61:12:7a:63:7f:42:27:b4:fb:37:14:8f:64:c0:6e:9a:40:c9:
c1:4c:c5:2c:8d:71:27:5e:0b:45:9e:bf:a7:5e:f6:95:82:51:
07:bb:c2:02:d9:24:49:93:e0:ef:19:a1:45:e6:98:35:01:1e:
f7:67:4d:03:36:f2:b1:10:2a:00:7a:89:a4:a4:5a:d2:4a:71:
ae:02:4a:6e:69:b4:76:4b:af:df:d7:a5:70:da:9f:5c:80:66:
94:95:65:fb
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQK6jPBMMTwDoYlEqFxhjVpshQpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTAwMTRaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ2ODI5ZjZhODUxOTU0YjlhNWU3MjcwYTIxMzYzNzFhNzM4ODViMWU1ZDll
MmViNjEyZjBhNDZkNjBiMGRhNjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0daZahw2V4tCH+PLH2tiumdxdO3oyZXYt7P4SNySAMC39J6TNLxZ4EwDJV
lVAsYZTW7JFucunjPnfnc/1daXDeTUfSolvPkxWx2vU5KLVwD1q4S/rTCtCK+FWF
fQFRdMdkk1eipT4dxoSt85FerXBH16RhiT0eDDUpVXpAcgh9mfksVo0eZ2+r8WNO
6ZldqdJVkXKORFP6Tj0zoy1ZyikKPQoAbP29yUo1J5l4ZCgMzrPqYq3FFvJmnV8P
WA9aQDVzAnfNls1PUB2LSAiU95vFIofhFGJHagWgiBzPQ2H/ZqA0K/5IoN1gLEOu
xRuHy4x0FscDV2VxUEWuaNEj+yECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRFvaDG
rxrQalnrqracpEMVaQVPvjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzAxZDFkMTUtZGQwMC00MWU3LTlmNDQtNDkxNTllNDZhNTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
QDANBgkqhkiG9w0BAQsFAAOCAQEAn+U8QjSyjnUJWzIedNWrogDF8cf1YERDJgaz
nYz/uXEb4ujBh/+W4tteFZ6PE0hTa8VJdumedYzj2/CFW6aQXOXozwh3afxM+W13
CinAwkyLqGeLxVKn13edFIGLdYDen6GYKf851uhQ+6007RWcSLnMXWAoqL0yHoaE
zKAWICoXBdZ4eshbodnl2mlSgOCaE4nIttu0cYg8esmoUDqU9cxjYRJ6Y39CJ7T7
NxSPZMBumkDJwUzFLI1xJ14LRZ6/p172lYJRB7vCAtkkSZPg7xmhReaYNQEe92dN
AzbysRAqAHqJpKRa0kpxrgJKbmm0dkuv39elcNqfXIBmlJVl+w==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:32:12 2025 by rpki-client