Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
File: 3bde61a2-7506-48c2-8365-3447411d858e.roa (raw, json)
Hash identifier: eAxveDFNM1WK5eQVutwnMVwUuLYa91di15V/6WLgkf0=
Subject key identifier: FA:4E:12:55:52:37:EE:AE:9F:AA:98:CB:C2:8A:0D:C6:B5:42:DA:A8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 54997CFD2A23C15174C9B0BAF1613815AF426E8D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
Signing time: Fri 11 Jul 2025 20:21:13 +0000
ROA not before: Fri 11 Jul 2025 20:21:13 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:99:7c:fd:2a:23:c1:51:74:c9:b0:ba:f1:61:38:15:af:42:6e:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:21:13 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=f4323cb58c786f2310d7879fc3868504b85b543b2d5890a7e582c80f4c8fa949, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4e:1a:3b:38:0a:ef:a8:82:7d:58:d1:1b:da:
89:99:91:4d:49:e3:21:26:90:de:2c:5e:0c:d1:a6:
b5:a7:42:0d:f6:81:68:8f:93:40:84:f7:09:74:9d:
27:40:d4:67:ad:21:be:52:7b:54:da:cd:a6:b1:cb:
b4:cf:f9:db:33:ef:d5:f2:c0:98:c9:2c:1c:f7:2f:
07:b5:28:f0:50:a6:d7:6f:19:9b:53:4b:83:c5:e2:
1f:f7:4a:8c:9e:6b:7d:51:6c:bf:38:a0:03:db:ed:
3b:69:c4:41:5a:4e:a0:57:69:d3:5d:19:b9:33:d8:
08:9a:e7:86:ba:55:6d:9b:e9:ce:cc:05:08:09:76:
2f:40:06:3d:b5:23:29:ab:4b:69:0b:2d:dd:f7:b6:
d9:0e:01:35:1a:c7:ee:a7:67:22:82:c4:18:be:00:
40:aa:66:49:39:f0:eb:3d:1a:5e:93:5a:42:6a:b2:
86:06:07:e8:76:89:33:51:23:ac:af:a7:d2:06:e4:
51:74:d3:d7:b3:8d:99:83:d0:7e:a9:96:e5:c1:aa:
dd:6c:f2:94:95:e0:0a:55:f9:3e:e7:08:9d:74:cd:
a5:ca:97:ab:e1:11:57:af:a0:b0:1a:78:f7:e8:9e:
b2:5c:48:80:77:a3:28:3c:21:0c:b7:17:cf:54:31:
b5:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:4E:12:55:52:37:EE:AE:9F:AA:98:CB:C2:8A:0D:C6:B5:42:DA:A8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:5000::/40
Signature Algorithm: sha256WithRSAEncryption
af:80:8d:59:87:e9:a6:90:fe:12:e0:17:e2:79:7a:54:40:3e:
c3:3e:18:ba:9f:44:3e:d9:f6:fc:cf:6b:1b:8e:37:30:25:81:
1b:44:6e:b1:67:5d:23:e1:8d:7e:3a:77:04:69:ad:ac:0a:ca:
b3:76:89:e1:6f:16:6d:32:a9:6e:e4:08:f5:c7:0a:96:27:0a:
05:47:91:57:88:cc:43:62:34:79:e1:fc:b7:23:88:4a:bb:5f:
41:ae:04:43:43:ee:03:cd:3d:03:9a:32:3d:6d:7d:e5:d2:3b:
b7:d8:5c:87:14:58:24:e5:7a:e7:ce:ce:6d:34:03:1b:47:d6:
5d:1a:f5:bd:c6:57:ea:41:78:3b:9a:90:e7:e8:d9:e9:b9:08:
78:68:22:d6:bc:e2:15:f9:45:f0:d2:9a:3f:08:3f:65:78:a9:
f3:0f:c8:4c:29:91:82:72:4f:54:3b:47:a7:be:9b:ab:e7:70:
36:ba:b0:24:7f:51:d9:44:3c:28:c4:a2:40:32:da:f2:53:1d:
38:20:b5:d8:48:6f:74:46:a4:6b:4b:d4:75:09:01:4a:5c:12:
4b:e9:ab:8c:ad:7b:b4:95:36:3f:8f:57:96:c2:8f:d8:f5:31:
e4:69:6b:c7:f2:b9:b6:c1:17:89:04:71:02:ac:b4:b7:79:bd:
c1:91:72:4f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVJl8/SojwVF0ybC68WE4Fa9Cbo0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDIxMTNaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0MzIzY2I1OGM3ODZmMjMxMGQ3ODc5ZmMzODY4NTA0Yjg1YjU0M2IyZDU4
OTBhN2U1ODJjODBmNGM4ZmE5NDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdOGjs4Cu+ogn1Y0RvaiZmRTUnjISaQ3ixeDNGmtadCDfaBaI+TQIT3CXSd
J0DUZ60hvlJ7VNrNprHLtM/52zPv1fLAmMksHPcvB7Uo8FCm128Zm1NLg8XiH/dK
jJ5rfVFsvzigA9vtO2nEQVpOoFdp010ZuTPYCJrnhrpVbZvpzswFCAl2L0AGPbUj
KatLaQst3fe22Q4BNRrH7qdnIoLEGL4AQKpmSTnw6z0aXpNaQmqyhgYH6HaJM1Ej
rK+n0gbkUXTT17ONmYPQfqmW5cGq3WzylJXgClX5PucInXTNpcqXq+ERV6+gsBp4
9+ieslxIgHejKDwhDLcXz1QxtW0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT6ThJV
Ujfurp+qmMvCig3GtULaqDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2JkZTYxYTItNzUwNi00OGMyLTgzNjUtMzQ0NzQxMWQ4NThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCvgI1Zh+mmkP4S4BfieXpUQD7DPhi6n0Q+2fb8
z2sbjjcwJYEbRG6xZ10j4Y1+OncEaa2sCsqzdonhbxZtMqlu5Aj1xwqWJwoFR5FX
iMxDYjR54fy3I4hKu19BrgRDQ+4DzT0DmjI9bX3l0ju32FyHFFgk5Xrnzs5tNAMb
R9ZdGvW9xlfqQXg7mpDn6NnpuQh4aCLWvOIV+UXw0po/CD9leKnzD8hMKZGCck9U
O0envpur53A2urAkf1HZRDwoxKJAMtryUx04ILXYSG90RqRrS9R1CQFKXBJL6auM
rXu0lTY/j1eWwo/Y9THkaWvH8rm2wReJBHECrLS3eb3BkXJP
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:41:26 2025 by rpki-client