Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
File: 507c534d-189b-43b3-945a-dd040ee200d5.roa (raw, json)
Hash identifier: lXNgMX2Cp3GMheE4i7nbgyglHl7pWZwgDn5rbC5A4Yk=
Subject key identifier: 24:08:97:27:17:B9:A3:28:42:F9:19:AF:C3:71:A9:F5:AF:0B:46:BE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 378F093B1632A983F954D4E3959B71DAC105231C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
Signing time: Fri 11 Jul 2025 20:21:44 +0000
ROA not before: Fri 11 Jul 2025 20:21:44 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:8f:09:3b:16:32:a9:83:f9:54:d4:e3:95:9b:71:da:c1:05:23:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:21:44 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=e0c2e0733eef0d050b85b8ece6f617248d3965e23e56de2d8f91d8aed63f6879, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:87:58:d5:13:31:d6:07:e9:e1:17:39:9c:23:
dd:94:7d:f2:d6:d1:d7:c6:a2:f9:b1:58:c0:5f:c3:
cd:a3:17:71:e3:5d:c4:da:76:2f:32:c0:b5:bb:07:
f0:97:8e:df:6c:f7:d5:9e:ea:a7:a4:22:aa:7e:31:
0c:94:4c:d2:95:b0:8a:7a:cc:a8:ef:36:f9:8b:9b:
79:1e:32:ef:e0:31:b8:ee:96:10:2b:6d:22:2d:0b:
59:de:9d:72:d5:37:01:f8:4c:26:0c:14:75:c3:ef:
8f:3a:1a:73:ec:7d:65:88:2f:af:e2:98:4c:de:ca:
f7:2b:71:15:87:e3:19:e0:ab:de:9f:b4:9e:90:e7:
2b:2f:3f:97:b4:aa:10:ef:ce:47:dc:d8:04:b8:a0:
bd:70:13:b7:42:58:e5:88:83:87:1b:7f:b4:d5:94:
80:be:32:b1:6b:65:8e:0d:13:ce:c0:13:17:0e:b1:
8e:f9:47:85:40:30:7b:3b:5f:3c:a7:55:f7:40:27:
0c:bf:2c:42:07:c8:20:88:21:89:ff:1b:36:5c:b3:
fb:e7:22:2e:e2:f8:9a:d2:64:91:a1:52:88:24:ac:
3c:8a:92:e5:5f:35:21:69:0d:0b:a2:fb:50:a9:b7:
43:93:b1:bf:b5:3f:3c:47:1c:62:3b:0a:5f:4c:c2:
ab:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:08:97:27:17:B9:A3:28:42:F9:19:AF:C3:71:A9:F5:AF:0B:46:BE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:9000::/40
Signature Algorithm: sha256WithRSAEncryption
4c:a3:f9:5a:24:ed:2a:10:2d:0c:e8:d6:ad:2a:7d:42:6f:e5:
bb:5a:32:a2:0a:92:83:e7:5d:3e:09:7a:e1:6a:3c:5f:0f:3b:
79:74:26:0e:81:e9:43:e3:f8:14:c8:74:97:24:73:b5:36:9a:
fb:7d:10:48:43:43:40:33:93:ce:75:d3:8c:99:c1:77:71:c7:
fe:5b:1d:0f:de:96:ea:cf:a3:7d:3d:df:a4:a6:71:c0:c3:34:
2e:73:63:a5:d7:da:dd:41:0c:21:41:89:90:5a:f8:09:d0:17:
77:eb:bc:d8:17:e9:99:95:55:3a:ec:eb:bc:cd:aa:b3:76:42:
e2:b1:10:fa:ac:74:06:ac:ce:1e:0a:dc:da:fe:83:1f:b1:72:
a4:01:0d:36:ea:5c:14:b3:14:86:fc:6c:f3:8c:d1:d3:4f:17:
c1:60:e8:a0:6e:c6:d2:8a:ec:e4:a5:54:a4:14:86:5f:c7:47:
44:96:86:6b:01:72:ac:de:c2:94:f3:dc:40:dd:05:71:72:99:
f5:21:78:6d:3d:c0:6b:db:70:3f:6a:de:bb:9a:8f:7f:69:d1:
7b:59:b3:79:42:a0:cd:fe:aa:a8:4e:68:5e:13:8a:55:63:d0:
8a:96:3f:7b:4a:50:12:9d:c9:c5:aa:87:f2:6f:95:49:4e:bb:
84:ef:40:4f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUN48JOxYyqYP5VNTjlZtx2sEFIxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDIxNDRaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwYzJlMDczM2VlZjBkMDUwYjg1YjhlY2U2ZjYxNzI0OGQzOTY1ZTIzZTU2
ZGUyZDhmOTFkOGFlZDYzZjY4NzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCHWNUTMdYH6eEXOZwj3ZR98tbR18ai+bFYwF/DzaMXceNdxNp2LzLAtbsH
8JeO32z31Z7qp6Qiqn4xDJRM0pWwinrMqO82+YubeR4y7+AxuO6WECttIi0LWd6d
ctU3AfhMJgwUdcPvjzoac+x9ZYgvr+KYTN7K9ytxFYfjGeCr3p+0npDnKy8/l7Sq
EO/OR9zYBLigvXATt0JY5YiDhxt/tNWUgL4ysWtljg0TzsATFw6xjvlHhUAweztf
PKdV90AnDL8sQgfIIIghif8bNlyz++ciLuL4mtJkkaFSiCSsPIqS5V81IWkNC6L7
UKm3Q5Oxv7U/PEccYjsKX0zCq5sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQkCJcn
F7mjKEL5Ga/Dcan1rwtGvjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTA3YzUzNGQtMTg5Yi00M2IzLTk0NWEtZGQwNDBlZTIwMGQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBMo/laJO0qEC0M6NatKn1Cb+W7WjKiCpKD510+
CXrhajxfDzt5dCYOgelD4/gUyHSXJHO1Npr7fRBIQ0NAM5POddOMmcF3ccf+Wx0P
3pbqz6N9Pd+kpnHAwzQuc2Ol19rdQQwhQYmQWvgJ0Bd367zYF+mZlVU67Ou8zaqz
dkLisRD6rHQGrM4eCtza/oMfsXKkAQ026lwUsxSG/GzzjNHTTxfBYOigbsbSiuzk
pVSkFIZfx0dEloZrAXKs3sKU89xA3QVxcpn1IXhtPcBr23A/at67mo9/adF7WbN5
QqDN/qqoTmheE4pVY9CKlj97SlASncnFqofyb5VJTruE70BP
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:41:34 2025 by rpki-client