Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
File: 56c31249-f32b-4fc4-a69f-07420913a101.roa (raw, json)
Hash identifier: r8sZumGeYMmXrBsKzzpIFsl1B3QQyE97yCpyIegmlmg=
Subject key identifier: 3A:E8:B9:3B:F0:9D:40:55:4E:A6:73:50:64:AC:5A:BB:9F:CA:80:5D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3319272523B34E14CB5CA39D9D1C0F2F7FE20B1E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
Signing time: Mon 21 Jul 2025 16:40:10 +0000
ROA not before: Mon 21 Jul 2025 16:40:10 +0000
ROA not after: Mon 25 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 25 Jul 2025 08:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:19:27:25:23:b3:4e:14:cb:5c:a3:9d:9d:1c:0f:2f:7f:e2:0b:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 21 16:40:10 2025 GMT
Not After : Aug 25 23:59:59 2025 GMT
Subject: serialNumber=34b0a60fe904cc9332b005621d192c8eeaaff3b2eb31a7ae600d98857bbcc018, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:6d:60:d9:3e:83:99:d1:c6:ed:75:e0:41:61:
21:77:45:c9:65:1f:9e:8c:15:f1:1a:b3:20:75:49:
42:ca:20:ff:03:a4:07:17:0a:da:19:62:5d:34:b2:
ef:15:87:7a:c4:c5:8a:94:1e:22:c2:78:be:17:4b:
f0:a0:0f:18:28:d4:a6:03:24:1c:9e:d5:e5:da:78:
8c:10:c6:57:04:24:8a:1c:ff:f4:15:49:09:55:73:
da:77:97:ce:d3:99:c8:e1:b9:89:57:3f:3c:52:64:
16:73:ae:b5:a9:50:29:d9:33:8b:63:e6:5d:2c:5d:
1b:b5:2a:43:d2:c6:84:1f:f1:ac:98:bb:cf:40:93:
76:03:7c:6e:c0:a6:17:e1:d9:d5:a7:65:62:47:69:
e4:61:9e:96:a1:25:b4:e4:e7:20:b9:b7:57:d4:aa:
34:7d:31:a3:41:f1:89:53:7e:e9:f7:16:c8:2c:18:
7a:75:2c:c3:e3:f1:2c:b4:01:74:6e:66:87:98:cc:
f7:ae:13:15:4e:a0:a7:8e:a1:ab:35:39:d0:d1:f7:
48:23:3f:2c:4d:80:4f:4d:79:08:79:43:47:24:3c:
61:63:c6:db:60:b6:37:f1:67:5a:40:f6:5f:10:80:
cb:23:a2:4a:1e:d4:72:d3:95:84:be:a8:6a:d3:cc:
69:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:E8:B9:3B:F0:9D:40:55:4E:A6:73:50:64:AC:5A:BB:9F:CA:80:5D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:4000::/40
Signature Algorithm: sha256WithRSAEncryption
79:43:c5:31:ce:37:2f:69:39:0f:24:c2:38:80:7f:42:21:c7:
04:23:e2:fb:75:bc:4e:62:13:f4:83:de:5a:33:f2:82:7f:60:
68:32:81:14:f9:ce:e5:50:88:97:0f:ae:eb:04:36:9b:eb:e9:
91:97:65:ba:b2:e5:a2:8b:fb:01:2a:37:00:ad:1a:c7:f2:72:
a4:25:78:b0:a6:fa:07:a6:2b:e0:7f:72:ee:8e:f3:8a:d4:c1:
34:fc:f9:39:f2:8b:31:3f:99:5f:4c:23:69:2f:ec:a6:23:3f:
e4:74:4b:65:fc:b1:b6:3d:2e:e1:31:93:8d:9b:69:51:05:bb:
43:43:29:39:11:25:4a:be:ff:6f:5c:ad:4f:6f:85:2a:e9:42:
53:59:a7:a3:b7:f9:0a:5c:a7:29:e6:2c:a0:88:9d:af:48:d8:
65:51:04:10:54:09:cb:40:27:67:a9:a3:1d:ce:94:99:e8:1b:
cc:bf:08:ab:03:92:57:bc:9d:b5:ad:11:43:0d:c3:03:3a:40:
46:d0:c7:18:ab:64:39:7e:a2:eb:d2:01:a3:8a:76:26:42:be:
5f:9c:3e:2a:02:78:10:cb:cb:95:9c:95:a7:75:4d:eb:11:36:
37:28:04:28:5f:90:1f:14:8a:ab:51:2c:02:d7:df:aa:de:3c:
8a:1c:58:b1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMxknJSOzThTLXKOdnRwPL3/iCx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MjExNjQwMTBaFw0yNTA4MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0YjBhNjBmZTkwNGNjOTMzMmIwMDU2MjFkMTkyYzhlZWFhZmYzYjJlYjMx
YTdhZTYwMGQ5ODg1N2JiY2MwMTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVtYNk+g5nRxu114EFhIXdFyWUfnowV8RqzIHVJQsog/wOkBxcK2hliXTSy
7xWHesTFipQeIsJ4vhdL8KAPGCjUpgMkHJ7V5dp4jBDGVwQkihz/9BVJCVVz2neX
ztOZyOG5iVc/PFJkFnOutalQKdkzi2PmXSxdG7UqQ9LGhB/xrJi7z0CTdgN8bsCm
F+HZ1adlYkdp5GGelqEltOTnILm3V9SqNH0xo0HxiVN+6fcWyCwYenUsw+PxLLQB
dG5mh5jM964TFU6gp46hqzU50NH3SCM/LE2AT015CHlDRyQ8YWPG22C2N/FnWkD2
XxCAyyOiSh7UctOVhL6oatPMaVECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ66Lk7
8J1AVU6mc1BkrFq7n8qAXTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTZjMzEyNDktZjMyYi00ZmM0LWE2OWYtMDc0MjA5MTNhMTAxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJA
MA0GCSqGSIb3DQEBCwUAA4IBAQB5Q8UxzjcvaTkPJMI4gH9CIccEI+L7dbxOYhP0
g95aM/KCf2BoMoEU+c7lUIiXD67rBDab6+mRl2W6suWii/sBKjcArRrH8nKkJXiw
pvoHpivgf3LujvOK1ME0/Pk58osxP5lfTCNpL+ymIz/kdEtl/LG2PS7hMZONm2lR
BbtDQyk5ESVKvv9vXK1Pb4Uq6UJTWaejt/kKXKcp5iygiJ2vSNhlUQQQVAnLQCdn
qaMdzpSZ6BvMvwirA5JXvJ21rRFDDcMDOkBG0McYq2Q5fqLr0gGjinYmQr5fnD4q
AngQy8uVnJWndU3rETY3KAQoX5AfFIqrUSwC19+q3jyKHFix
-----END CERTIFICATE-----
Generated at Thu Jul 24 12:20:08 2025 by rpki-client