Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
File: 60c499a8-e470-4a76-9095-20d8554a426a.roa (raw, json)
Hash identifier: aEXX7hX/NCqwQjyMM43CCJybw6n/Jb8nAptEQt5nxDk=
Subject key identifier: 6A:24:3A:19:A0:CF:49:73:3D:D5:EA:1D:68:C9:4B:31:88:12:6B:DA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 317E7EFA045EE49D8B23133A9B31191311E6C464
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
Signing time: Fri 11 Jul 2025 20:40:18 +0000
ROA not before: Fri 11 Jul 2025 20:40:18 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d018:c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:7e:7e:fa:04:5e:e4:9d:8b:23:13:3a:9b:31:19:13:11:e6:c4:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:40:18 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=ae031a4fca2278bd1ab5dc8bddb54776e7ac50af5605493638e956e64daed2cb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:5d:1a:2a:8a:ac:9a:8e:73:f1:68:37:8a:76:
65:0b:de:af:2e:94:16:62:72:ca:61:03:1c:ea:5f:
1d:8b:b4:4c:48:92:40:8d:e8:a2:01:b6:d9:c2:eb:
67:ee:29:ba:05:fa:02:fc:3a:62:c6:7a:61:e1:4d:
75:88:67:f9:1e:a2:10:4b:f5:ee:61:62:12:48:d2:
5b:02:c1:52:3a:dc:55:97:ad:18:e9:a5:56:f8:f0:
81:11:44:47:4f:a7:7e:8b:70:7a:fc:5c:db:fa:b6:
d7:4f:9a:49:42:31:40:a6:4c:2d:fe:53:f5:79:de:
a6:ca:aa:89:3b:97:08:9d:1a:b6:c4:3d:46:65:e9:
d1:de:16:18:45:7d:9a:78:ee:9d:ce:f3:8e:0e:05:
fe:1e:1a:6e:2a:71:9a:7c:ca:6a:94:2c:ce:91:69:
5b:fb:f6:11:43:cb:ac:0f:1b:54:93:88:7f:7c:64:
68:eb:02:15:e5:b5:3d:a8:55:58:6e:7e:16:81:f7:
5f:d0:b3:83:8b:98:84:57:37:72:64:ac:98:a1:7f:
f0:21:5b:73:ac:ec:d8:49:98:59:72:c8:b1:32:3a:
4f:e7:c1:cc:15:09:0f:bb:cb:13:37:47:1d:b7:f9:
0d:d5:2f:a6:68:d2:83:67:2a:04:e9:f9:e9:ca:11:
79:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:24:3A:19:A0:CF:49:73:3D:D5:EA:1D:68:C9:4B:31:88:12:6B:DA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d018:c00::/38
Signature Algorithm: sha256WithRSAEncryption
8e:e2:ab:90:df:d0:d1:65:10:98:4c:3a:7d:78:6c:3f:46:30:
b9:6e:c9:07:d9:7f:af:5e:02:66:68:6b:b1:7c:62:2e:d0:a8:
8a:53:bd:96:bc:3b:e2:ad:48:2f:a4:9c:23:f5:bc:98:57:4e:
8b:55:fc:a9:b3:8a:aa:0d:c3:93:57:ad:ef:1d:ba:d9:74:64:
7d:7e:c0:24:3f:7c:dc:f5:0f:99:ea:9e:c6:88:6c:3c:4d:00:
2e:cf:6e:94:dd:d1:5b:00:95:59:a2:05:7a:9f:44:c5:d2:d8:
1e:e2:fd:4f:63:26:81:c8:c7:a8:52:e3:3d:ed:89:1a:96:de:
d7:b2:fd:d6:98:e1:df:7f:ce:1b:bd:64:17:32:99:30:e8:05:
f6:29:80:de:31:b2:6d:95:12:80:20:fe:0b:4a:81:d8:5f:d6:
84:7a:57:42:46:8e:90:42:ec:9c:5c:e1:93:ea:7b:ff:b8:ec:
ac:00:da:fb:4c:5b:f7:b9:d4:29:65:c3:ec:7b:6f:a7:a1:a1:
64:bf:77:ff:9b:6c:1f:2e:29:b3:38:85:33:a6:85:bf:27:49:
96:e4:51:63:40:f1:3b:5b:70:9d:54:62:8c:5e:d7:0e:c3:27:
5f:db:0e:68:ca:4f:67:4d:7f:10:3a:5f:00:3d:d3:97:67:6d:
c5:9e:9c:39
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMX5++gRe5J2LIxM6mzEZExHmxGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDQwMThaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlMDMxYTRmY2EyMjc4YmQxYWI1ZGM4YmRkYjU0Nzc2ZTdhYzUwYWY1NjA1
NDkzNjM4ZTk1NmU2NGRhZWQyY2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFdGiqKrJqOc/FoN4p2ZQvery6UFmJyymEDHOpfHYu0TEiSQI3oogG22cLr
Z+4pugX6Avw6YsZ6YeFNdYhn+R6iEEv17mFiEkjSWwLBUjrcVZetGOmlVvjwgRFE
R0+nfotwevxc2/q210+aSUIxQKZMLf5T9XnepsqqiTuXCJ0atsQ9RmXp0d4WGEV9
mnjunc7zjg4F/h4abipxmnzKapQszpFpW/v2EUPLrA8bVJOIf3xkaOsCFeW1PahV
WG5+FoH3X9Czg4uYhFc3cmSsmKF/8CFbc6zs2EmYWXLIsTI6T+fBzBUJD7vLEzdH
Hbf5DdUvpmjSg2cqBOn56coRedMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRqJDoZ
oM9Jcz3V6h1oyUsxiBJr2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjBjNDk5YTgtZTQ3MC00YTc2LTkwOTUtMjBkODU1NGE0MjZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BgM
MA0GCSqGSIb3DQEBCwUAA4IBAQCO4quQ39DRZRCYTDp9eGw/RjC5bskH2X+vXgJm
aGuxfGIu0KiKU72WvDvirUgvpJwj9byYV06LVfyps4qqDcOTV63vHbrZdGR9fsAk
P3zc9Q+Z6p7GiGw8TQAuz26U3dFbAJVZogV6n0TF0tge4v1PYyaByMeoUuM97Yka
lt7Xsv3WmOHff84bvWQXMpkw6AX2KYDeMbJtlRKAIP4LSoHYX9aEeldCRo6QQuyc
XOGT6nv/uOysANr7TFv3udQpZcPse2+noaFkv3f/m2wfLimzOIUzpoW/J0mW5FFj
QPE7W3CdVGKMXtcOwydf2w5oyk9nTX8QOl8APdOXZ23Fnpw5
-----END CERTIFICATE-----
Generated at Tue Jul 22 22:23:39 2025 by rpki-client