Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
File: 431d8e22-a384-419e-9218-32a80c0ce0e3.roa (raw, json)
Hash identifier: AWK5QJgspZkNouQNi7uqwSBhpIIU9pCXZG+MPv9hXhs=
Subject key identifier: 62:2C:E2:4E:D6:8B:2C:60:06:7B:79:94:AD:A8:79:55:5C:C1:B1:5C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 408F48DFC5A8311272B842C5A7B3022D8DDB3A25
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
Signing time: Fri 04 Jul 2025 18:30:21 +0000
ROA not before: Fri 04 Jul 2025 18:30:21 +0000
ROA not after: Fri 08 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:8f:48:df:c5:a8:31:12:72:b8:42:c5:a7:b3:02:2d:8d:db:3a:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 4 18:30:21 2025 GMT
Not After : Aug 8 23:59:59 2025 GMT
Subject: serialNumber=4cb9772bfce37cc0a8227282730cfd00a2baa59f6555a0390c06bbff4e6e6adc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:b7:9d:4d:f7:1d:76:cf:3d:ec:aa:de:6a:2a:
c3:0b:a8:57:77:42:a3:b3:c2:20:b0:0b:d7:89:fc:
04:3b:33:1f:61:db:f8:eb:1c:4c:49:99:c9:ef:cd:
b5:87:37:1c:1b:d3:a3:c8:83:d3:70:5d:55:37:1e:
1e:91:2f:77:9f:91:19:05:92:42:29:b1:49:7a:28:
27:71:67:53:94:4b:e0:5e:91:d6:b3:55:6b:52:5c:
d4:6a:27:2f:7a:bb:75:3d:e2:76:b7:48:04:24:2b:
39:19:b5:72:aa:f1:ed:92:68:c0:da:b2:86:1e:8f:
d5:c5:fe:99:f5:a3:ff:d5:7e:b4:8e:fa:25:00:11:
6a:be:dc:a6:10:95:84:63:aa:6b:45:e9:70:18:b1:
38:8f:d0:61:30:97:53:5d:3f:c4:59:f3:18:63:f9:
50:ce:5a:44:5b:41:f4:f2:ab:2b:92:4e:ab:cb:76:
1b:55:99:a8:6a:63:ae:9c:da:31:38:5b:38:3b:63:
b1:a8:6f:91:48:ac:a5:2b:df:30:43:cf:98:00:37:
9d:05:5f:ee:2d:4a:b9:59:db:2b:14:fc:80:e9:15:
d6:1d:71:3a:9c:c2:50:8e:5b:31:f6:2a:42:24:80:
8d:c1:b6:e5:dd:31:72:ae:b5:eb:f6:60:4a:8e:3b:
be:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:2C:E2:4E:D6:8B:2C:60:06:7B:79:94:AD:A8:79:55:5C:C1:B1:5C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:e000::/40
Signature Algorithm: sha256WithRSAEncryption
6f:84:10:e3:83:eb:89:64:37:c9:ea:80:3c:6b:92:a3:5e:56:
da:25:8f:27:01:92:dd:01:59:92:51:54:92:73:88:1a:c7:44:
bd:7e:82:56:6b:e8:42:12:2e:70:56:dc:01:f5:4d:77:5c:ce:
a0:35:d1:cc:1d:44:9d:94:d6:34:fb:02:21:a8:82:35:bf:2a:
c3:0b:c7:76:07:1d:44:cb:7b:01:81:13:95:d6:e6:15:08:f0:
14:81:ca:97:a9:d5:66:e1:fe:ce:94:bf:de:9b:9b:3c:fa:54:
33:69:ba:1e:4a:90:8d:2b:24:b5:17:09:a7:d6:ee:0f:e9:c3:
96:b6:a0:58:42:90:2e:1d:d2:bb:4a:40:68:4d:12:96:03:a6:
53:de:fb:b1:c5:b1:0f:76:1b:ff:b8:5a:53:16:5d:27:1e:72:
0d:49:82:0b:e5:eb:15:2d:38:91:84:fe:75:9c:25:8c:03:2d:
a0:19:16:f4:9d:80:d9:dc:92:8d:b8:f5:52:bf:94:ca:f3:89:
89:3f:49:a6:a6:19:71:76:f5:83:44:70:26:86:97:36:bd:78:
ff:10:8a:54:82:35:31:5e:64:d5:0a:f1:dc:9a:03:ab:31:4d:
e0:de:dd:6a:02:d8:66:56:4d:63:be:3f:94:bb:e3:b6:c5:c3:
8b:a0:7d:6e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQI9I38WoMRJyuELFp7MCLY3bOiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDQxODMwMjFaFw0yNTA4MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjYjk3NzJiZmNlMzdjYzBhODIyNzI4MjczMGNmZDAwYTJiYWE1OWY2NTU1
YTAzOTBjMDZiYmZmNGU2ZTZhZGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMK3nU33HXbPPeyq3moqwwuoV3dCo7PCILAL14n8BDszH2Hb+OscTEmZye/N
tYc3HBvTo8iD03BdVTceHpEvd5+RGQWSQimxSXooJ3FnU5RL4F6R1rNVa1Jc1Gon
L3q7dT3idrdIBCQrORm1cqrx7ZJowNqyhh6P1cX+mfWj/9V+tI76JQARar7cphCV
hGOqa0XpcBixOI/QYTCXU10/xFnzGGP5UM5aRFtB9PKrK5JOq8t2G1WZqGpjrpza
MThbODtjsahvkUispSvfMEPPmAA3nQVf7i1KuVnbKxT8gOkV1h1xOpzCUI5bMfYq
QiSAjcG25d0xcq616/ZgSo47vjUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRiLOJO
1ossYAZ7eZStqHlVXMGxXDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMxZDhlMjItYTM4NC00MTllLTkyMTgtMzJhODBjMGNlMGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hbg
MA0GCSqGSIb3DQEBCwUAA4IBAQBvhBDjg+uJZDfJ6oA8a5KjXlbaJY8nAZLdAVmS
UVSSc4gax0S9foJWa+hCEi5wVtwB9U13XM6gNdHMHUSdlNY0+wIhqII1vyrDC8d2
Bx1Ey3sBgROV1uYVCPAUgcqXqdVm4f7OlL/em5s8+lQzaboeSpCNKyS1Fwmn1u4P
6cOWtqBYQpAuHdK7SkBoTRKWA6ZT3vuxxbEPdhv/uFpTFl0nHnINSYIL5esVLTiR
hP51nCWMAy2gGRb0nYDZ3JKNuPVSv5TK84mJP0mmphlxdvWDRHAmhpc2vXj/EIpU
gjUxXmTVCvHcmgOrMU3g3t1qAthmVk1jvj+Uu+O2xcOLoH1u
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:35:08 2025 by rpki-client