Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa
File: 38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa (raw, json)
Hash identifier: 0ojVmnsIg5XLQYVWtVqMAFxcrgQdhBE5NdyMm90UWY0=
Subject key identifier: 5B:4C:A7:2D:2E:DC:D7:4B:7E:CF:E2:30:8B:4B:9C:91:55:E7:F9:8E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 47403E43144E312EE38AA5A7FAA45C06ACC02AEC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa
Signing time: Fri 11 Jul 2025 20:11:08 +0000
ROA not before: Fri 11 Jul 2025 20:11:08 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d075:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:40:3e:43:14:4e:31:2e:e3:8a:a5:a7:fa:a4:5c:06:ac:c0:2a:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:11:08 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=e54553095c36cf03416252c164906e0354412c8216f95d40702cb79a297f24e7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:64:c5:99:15:15:fb:9e:0a:63:8d:eb:d8:ed:
18:03:58:45:12:32:12:02:62:f7:70:bd:44:66:b8:
50:bb:e3:a2:dc:51:2f:a7:6f:41:45:b9:62:82:fe:
ca:2c:97:95:78:14:77:fa:9f:be:b8:be:bb:e0:5c:
ad:ea:a7:10:47:70:9f:93:ba:f3:f8:9b:42:f8:3f:
5e:47:8d:3c:c0:bb:82:61:c8:1f:db:d4:47:73:59:
af:d2:22:cc:d8:ad:af:2d:1e:71:88:7d:7d:97:ef:
9b:d3:17:0c:cc:ea:c4:ba:e3:d8:3a:4f:64:30:14:
c3:c0:b9:aa:0d:ca:68:ce:83:61:f0:bf:fb:73:cf:
32:b0:ef:03:89:41:de:05:a9:a2:8e:d0:2a:4e:7c:
b5:36:25:04:80:f2:e4:94:e1:bc:4d:f5:61:1b:77:
09:88:b0:7b:d0:0c:35:78:9e:1e:44:e3:19:8e:d8:
77:89:38:52:02:04:da:91:a3:79:a4:ec:11:b8:0c:
95:04:cf:81:c5:2b:fc:b0:ca:da:ee:f8:01:d4:67:
de:d8:aa:28:a1:e3:bc:d7:bd:6c:e9:ae:db:6f:d4:
f1:e4:25:c5:5a:b0:26:3c:1f:00:65:22:d1:3c:91:
fa:64:54:aa:c9:4b:6b:1f:16:ec:fa:4b:03:f3:a1:
ef:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:4C:A7:2D:2E:DC:D7:4B:7E:CF:E2:30:8B:4B:9C:91:55:E7:F9:8E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d075:6000::/40
Signature Algorithm: sha256WithRSAEncryption
bf:cc:ea:b1:e1:2f:a8:52:00:11:c3:0b:e0:4e:98:e6:0a:4f:
05:a2:3c:26:a6:ca:80:1e:22:21:a5:e2:ba:c3:a5:ed:4a:d2:
80:18:e4:0c:4c:63:2b:d1:86:37:f5:3b:c5:88:b5:4f:89:35:
aa:39:ab:d1:c4:57:2a:be:0c:97:c3:7e:b0:3a:fc:ac:a7:32:
09:ec:c6:4e:ba:69:b1:91:09:24:e6:a1:dd:79:cb:fa:d7:aa:
6c:79:48:0b:51:42:ed:99:33:0e:d8:b2:e3:61:ac:0e:e9:f5:
1a:77:52:72:c4:40:e8:62:52:2b:e8:70:3d:44:c7:58:07:8c:
e3:1a:71:35:34:9f:40:92:84:b7:61:08:b6:1a:a0:43:d8:2f:
1f:15:b1:d7:bd:2d:99:36:41:33:32:0f:13:b3:90:3d:83:51:
59:b0:fb:0e:5b:6b:b7:cc:c8:91:9a:c5:4d:36:3f:14:c8:59:
63:ba:4c:a3:20:29:c4:03:bf:70:60:17:54:ef:42:5f:11:fc:
da:71:a6:3b:4a:7c:cf:77:1e:1d:91:f3:b0:92:af:fc:f1:76:
44:36:07:3e:11:ca:31:c6:c6:c4:48:2a:2a:63:2e:89:03:68:
85:79:3e:b0:5d:74:3d:d8:bd:4c:ab:08:b0:dd:13:9b:cc:43:
f8:ee:0d:53
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR0A+QxROMS7jiqWn+qRcBqzAKuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDExMDhaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1NDU1MzA5NWMzNmNmMDM0MTYyNTJjMTY0OTA2ZTAzNTQ0MTJjODIxNmY5
NWQ0MDcwMmNiNzlhMjk3ZjI0ZTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNkxZkVFfueCmON69jtGANYRRIyEgJi93C9RGa4ULvjotxRL6dvQUW5YoL+
yiyXlXgUd/qfvri+u+BcreqnEEdwn5O68/ibQvg/XkeNPMC7gmHIH9vUR3NZr9Ii
zNitry0ecYh9fZfvm9MXDMzqxLrj2DpPZDAUw8C5qg3KaM6DYfC/+3PPMrDvA4lB
3gWpoo7QKk58tTYlBIDy5JThvE31YRt3CYiwe9AMNXieHkTjGY7Yd4k4UgIE2pGj
eaTsEbgMlQTPgcUr/LDK2u74AdRn3tiqKKHjvNe9bOmu22/U8eQlxVqwJjwfAGUi
0TyR+mRUqslLax8W7PpLA/Oh7xUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRbTKct
LtzXS37P4jCLS5yRVef5jjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzhmOWMwZjAtYTEwOS00ODVjLWJkMmQtMmUxYTQ0MGI4NjRlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HVg
MA0GCSqGSIb3DQEBCwUAA4IBAQC/zOqx4S+oUgARwwvgTpjmCk8FojwmpsqAHiIh
peK6w6XtStKAGOQMTGMr0YY39TvFiLVPiTWqOavRxFcqvgyXw36wOvyspzIJ7MZO
ummxkQkk5qHdecv616pseUgLUULtmTMO2LLjYawO6fUad1JyxEDoYlIr6HA9RMdY
B4zjGnE1NJ9AkoS3YQi2GqBD2C8fFbHXvS2ZNkEzMg8Ts5A9g1FZsPsOW2u3zMiR
msVNNj8UyFljukyjICnEA79wYBdU70JfEfzacaY7SnzPdx4dkfOwkq/88XZENgc+
EcoxxsbESCoqYy6JA2iFeT6wXXQ92L1Mqwiw3RObzEP47g1T
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:35:27 2025 by rpki-client