Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
File: 4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa (raw, json)
Hash identifier: QBm1UBPGLZDSluO0xsFewXoX/mXEgT+35r1Z5Q42+xE=
Subject key identifier: 09:B9:80:7A:DB:8E:E7:A3:28:B3:EF:F8:54:52:DC:F8:5B:2B:2C:D5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 04371DB6E8E928842D301E0BEDB8E1EB72CE0AFE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
Signing time: Fri 11 Jul 2025 20:21:40 +0000
ROA not before: Fri 11 Jul 2025 20:21:40 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d075:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 20:51:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:37:1d:b6:e8:e9:28:84:2d:30:1e:0b:ed:b8:e1:eb:72:ce:0a:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:21:40 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=7c538a4bf785ca5111ffa37ec5c03b2df60280cee7cdc6467811d12516561b1f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:45:dc:b2:a7:b5:18:2c:74:cb:aa:27:02:19:
43:40:d1:30:fd:ab:28:92:68:88:90:43:52:7f:b1:
5e:13:45:d9:ac:fe:80:63:f4:11:c8:e8:9b:97:f9:
56:89:5b:2c:f3:1e:9d:a6:d6:5e:19:ed:c8:8b:58:
88:b7:db:99:52:ef:bc:10:5c:64:ab:47:4f:58:87:
88:5e:6f:85:2f:d5:ea:6d:56:a5:a1:c7:f4:89:e6:
64:58:58:9a:be:fc:14:a2:b5:04:78:bb:08:b4:6e:
b9:f9:de:93:ae:cb:80:90:0b:6c:60:32:f7:ad:c1:
f8:66:11:dd:91:91:8a:97:e6:65:37:6f:ea:11:d3:
2b:47:d8:7b:2e:19:a5:bc:0a:8a:69:ef:96:e4:ea:
1b:25:fb:49:a2:5c:59:6e:8b:8d:09:b3:07:57:ce:
4b:3b:38:4b:0f:96:78:d0:b8:98:bf:68:ef:1e:22:
a1:72:87:d2:6a:0d:44:12:8c:de:69:c4:09:43:38:
7c:14:4b:19:76:5a:a3:0b:67:85:ab:97:43:5c:b6:
ae:92:72:95:66:0e:4e:db:39:1d:de:34:32:85:a9:
4c:ca:a2:49:d4:d7:4b:f9:f9:e1:67:58:5f:a8:be:
a8:84:e6:91:af:0b:00:76:c6:b1:fc:49:30:44:77:
68:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:B9:80:7A:DB:8E:E7:A3:28:B3:EF:F8:54:52:DC:F8:5B:2B:2C:D5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d075:4000::/40
Signature Algorithm: sha256WithRSAEncryption
ae:e5:4f:43:35:9d:66:fd:ac:50:9e:21:79:af:fb:a0:b5:f1:
75:52:f1:d4:3c:e0:09:81:35:cb:9a:1a:d3:a7:6a:8a:2a:28:
02:b2:40:10:11:41:8c:9b:ba:cd:4f:69:c1:50:64:26:42:74:
5f:17:f9:7d:bc:34:3a:d4:38:fd:c7:06:ac:85:e0:c7:5a:19:
ce:85:05:ed:84:4f:d6:fc:df:84:5b:00:f2:0d:eb:6c:d5:69:
cd:7b:16:f3:49:64:87:38:2c:b1:5f:fa:8c:ff:62:f6:65:7e:
44:42:74:a2:50:6b:0b:dd:67:ee:de:1f:d0:63:57:14:9c:f3:
4b:dc:e0:aa:e7:eb:7b:99:97:bd:8d:05:0d:25:f7:89:a1:20:
77:0f:2c:2f:a4:0b:f5:d0:e7:02:97:fb:f3:d5:4a:45:05:4a:
87:68:8a:f0:2e:93:af:1f:30:b2:b1:27:ce:52:d0:c0:cc:85:
25:53:f4:61:4e:ae:0d:55:1a:95:3f:30:82:d3:7d:17:8c:82:
b7:67:97:5c:df:42:fb:7f:ae:26:73:a7:35:85:a1:56:d0:60:
e4:b8:a4:2d:b8:dd:38:1c:6e:63:84:9b:95:cf:8d:7c:6f:b6:
bc:d4:2a:b1:94:8f:75:a9:d0:35:dc:f6:cb:b0:19:ad:f1:ad:
20:c7:0a:03
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBDcdtujpKIQtMB4L7bjh63LOCv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDIxNDBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjNTM4YTRiZjc4NWNhNTExMWZmYTM3ZWM1YzAzYjJkZjYwMjgwY2VlN2Nk
YzY0Njc4MTFkMTI1MTY1NjFiMWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1F3LKntRgsdMuqJwIZQ0DRMP2rKJJoiJBDUn+xXhNF2az+gGP0Ecjom5f5
VolbLPMenabWXhntyItYiLfbmVLvvBBcZKtHT1iHiF5vhS/V6m1WpaHH9InmZFhY
mr78FKK1BHi7CLRuufnek67LgJALbGAy963B+GYR3ZGRipfmZTdv6hHTK0fYey4Z
pbwKimnvluTqGyX7SaJcWW6LjQmzB1fOSzs4Sw+WeNC4mL9o7x4ioXKH0moNRBKM
3mnECUM4fBRLGXZaowtnhauXQ1y2rpJylWYOTts5Hd40MoWpTMqiSdTXS/n54WdY
X6i+qITmka8LAHbGsfxJMER3aJkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQJuYB6
247noyiz7/hUUtz4Wyss1TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGI2ZGRjYTctMTcyZi00ZjBlLTlhODMtOWEzNTlmNjJjNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HVA
MA0GCSqGSIb3DQEBCwUAA4IBAQCu5U9DNZ1m/axQniF5r/ugtfF1UvHUPOAJgTXL
mhrTp2qKKigCskAQEUGMm7rNT2nBUGQmQnRfF/l9vDQ61Dj9xwasheDHWhnOhQXt
hE/W/N+EWwDyDets1WnNexbzSWSHOCyxX/qM/2L2ZX5EQnSiUGsL3Wfu3h/QY1cU
nPNL3OCq5+t7mZe9jQUNJfeJoSB3DywvpAv10OcCl/vz1UpFBUqHaIrwLpOvHzCy
sSfOUtDAzIUlU/RhTq4NVRqVPzCC030XjIK3Z5dc30L7f64mc6c1haFW0GDkuKQt
uN04HG5jhJuVz418b7a81CqxlI91qdA13PbLsBmt8a0gxwoD
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:59:14 2025 by rpki-client