Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa
File: 4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa (raw, json)
Hash identifier: YjZvXhicK8WovjqWUbqIe/BS0lwigYej+ByI6f9Y45M=
Subject key identifier: D5:CA:F8:8C:FE:CA:7C:AC:1D:DB:9D:7D:B2:A1:40:58:97:B5:20:23
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4BDE67495A811B46C4F63342C6B341CDAD756BDF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa
Signing time: Fri 11 Jul 2025 19:40:06 +0000
ROA not before: Fri 11 Jul 2025 19:40:06 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:4080::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:de:67:49:5a:81:1b:46:c4:f6:33:42:c6:b3:41:cd:ad:75:6b:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:40:06 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=259cc32f7adbf19781f39fb3da552c0d79c088e6af5e9c2f93b3bc1788f1f5da, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:a1:2c:59:98:9b:20:17:2a:4e:97:79:d1:5f:
c2:9f:24:e7:d1:23:58:92:39:06:db:4f:6a:c8:90:
5a:21:f0:e9:8e:82:60:0f:b1:f8:d5:f8:71:c6:60:
13:88:f0:33:62:9c:01:a8:66:3e:24:72:04:44:bb:
04:e1:88:45:8c:a2:e3:82:a3:fd:46:e0:f6:fc:56:
81:03:bc:74:9d:d5:e4:83:2b:c6:15:39:79:46:41:
d5:aa:0c:20:3f:3f:45:ca:57:66:0a:06:f7:2c:4c:
37:a5:64:da:5a:cf:8e:8b:62:77:9f:a9:cd:75:d7:
48:9e:1e:9b:06:46:03:59:d7:b8:45:77:2b:70:c0:
5b:cd:2d:cf:cf:b8:8c:04:49:f1:db:ef:05:72:b0:
59:5e:45:e3:43:60:7e:f3:48:19:6b:c8:b0:a8:bb:
3d:54:7f:a9:34:32:63:eb:31:80:70:0d:f1:0d:48:
79:56:41:df:29:0d:a4:f8:ec:5c:12:22:ad:b6:b8:
51:bd:3a:4a:18:b6:41:2e:cc:a8:bf:44:6b:18:cb:
b6:7f:8a:d6:93:fc:82:a6:b3:52:e3:08:67:82:ac:
12:2e:03:44:4f:83:16:ac:50:2c:28:de:0f:11:b2:
16:ce:68:48:9f:2c:49:5f:76:5c:e5:d5:e8:5b:10:
b7:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:CA:F8:8C:FE:CA:7C:AC:1D:DB:9D:7D:B2:A1:40:58:97:B5:20:23
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:4080::/46
Signature Algorithm: sha256WithRSAEncryption
99:e0:07:34:5b:01:b4:ba:89:bb:90:8d:7c:65:0a:a1:bb:35:
56:dd:dc:e0:56:d6:26:97:5c:4c:01:d2:d3:e2:d9:63:05:a9:
7d:7e:b9:7d:eb:06:68:9c:85:08:54:7b:f2:2e:37:47:ae:90:
76:0b:ef:73:60:78:e5:df:b8:91:fa:f2:04:d4:41:d3:fe:c0:
f7:b5:9a:0e:8c:22:b3:7a:56:47:2d:4d:7e:47:e4:ff:51:32:
4a:20:2e:3b:5a:19:14:e5:bf:19:85:8c:4f:86:71:9d:ca:0d:
b5:54:a2:c0:9b:1e:d8:94:48:45:bc:d5:37:5a:a3:03:0a:71:
8b:a4:a6:12:a0:64:18:fe:49:f2:04:cc:dd:26:e1:03:e1:a7:
8a:c0:93:2a:a6:15:86:73:ac:79:f2:d2:ca:57:bf:c0:7f:8c:
79:72:cc:dd:34:ca:3a:ef:73:b1:48:3c:8d:fa:09:bc:e2:d2:
26:ae:ca:09:37:16:06:a9:10:7d:88:01:a7:81:b3:3a:ec:59:
74:c0:a8:39:8d:30:60:32:d9:34:e1:90:3d:00:63:c4:39:8d:
7b:f7:b4:b7:a8:50:87:58:70:af:94:8f:d7:ac:c8:eb:25:49:
ce:32:32:36:9f:2e:63:bb:0b:6a:0f:fd:7c:58:a1:91:4e:ef:
32:9a:71:b9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUS95nSVqBG0bE9jNCxrNBza11a98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTQwMDZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI1OWNjMzJmN2FkYmYxOTc4MWYzOWZiM2RhNTUyYzBkNzljMDg4ZTZhZjVl
OWMyZjkzYjNiYzE3ODhmMWY1ZGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGhLFmYmyAXKk6XedFfwp8k59EjWJI5BttPasiQWiHw6Y6CYA+x+NX4ccZg
E4jwM2KcAahmPiRyBES7BOGIRYyi44Kj/Ubg9vxWgQO8dJ3V5IMrxhU5eUZB1aoM
ID8/RcpXZgoG9yxMN6Vk2lrPjotid5+pzXXXSJ4emwZGA1nXuEV3K3DAW80tz8+4
jARJ8dvvBXKwWV5F40NgfvNIGWvIsKi7PVR/qTQyY+sxgHAN8Q1IeVZB3ykNpPjs
XBIirba4Ub06Shi2QS7MqL9EaxjLtn+K1pP8gqazUuMIZ4KsEi4DRE+DFqxQLCje
DxGyFs5oSJ8sSV92XOXV6FsQtwECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTVyviM
/sp8rB3bnX2yoUBYl7UgIzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA5N2I2YjQtNDc1Zi00Zjk2LTlkNWUtODhjMDhmMmM1ODA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DVA
gDANBgkqhkiG9w0BAQsFAAOCAQEAmeAHNFsBtLqJu5CNfGUKobs1Vt3c4FbWJpdc
TAHS0+LZYwWpfX65fesGaJyFCFR78i43R66Qdgvvc2B45d+4kfryBNRB0/7A97Wa
Dowis3pWRy1Nfkfk/1EySiAuO1oZFOW/GYWMT4ZxncoNtVSiwJse2JRIRbzVN1qj
Awpxi6SmEqBkGP5J8gTM3SbhA+GnisCTKqYVhnOsefLSyle/wH+MeXLM3TTKOu9z
sUg8jfoJvOLSJq7KCTcWBqkQfYgBp4GzOuxZdMCoOY0wYDLZNOGQPQBjxDmNe/e0
t6hQh1hwr5SP16zI6yVJzjIyNp8uY7sLag/9fFihkU7vMppxuQ==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:43:28 2025 by rpki-client