Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa
File: 6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa (raw, json)
Hash identifier: vONVSzXp8luSaPR4Ugm2fL4uh+eos9WSe10dE/wI/2g=
Subject key identifier: 94:04:F1:16:B4:EF:8C:56:21:AD:C8:AB:A6:42:3B:FB:CC:9D:4B:84
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0F2B64B6958E671D8763150A8DB5C15FC52CAE90
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa
Signing time: Fri 11 Jul 2025 19:30:20 +0000
ROA not before: Fri 11 Jul 2025 19:30:20 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:2b:64:b6:95:8e:67:1d:87:63:15:0a:8d:b5:c1:5f:c5:2c:ae:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:30:20 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=d1371a740992518744e851786375eb6b8bfd63c456e0ba28a745fabc70a93292, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:b6:63:08:2c:fb:2a:b9:16:08:06:02:8e:fd:
ca:3a:ca:4e:fe:76:c3:ed:68:e3:9a:dd:b6:c4:9d:
1b:03:d7:4f:17:dc:c4:e5:cf:de:28:bf:59:c2:74:
9f:84:67:60:c9:23:bc:60:4b:98:9a:87:59:de:18:
ed:05:0f:8d:07:78:c3:df:1f:2b:ca:79:f6:2d:55:
2b:e9:d9:c7:e3:4a:e3:7d:be:2a:e4:dd:cd:24:a5:
08:01:2e:b0:06:0d:e8:18:5e:26:a7:3e:5b:c9:b0:
eb:bc:90:06:25:b8:9a:fe:d1:67:e1:8d:db:6b:05:
95:ab:45:08:b1:92:01:78:b9:f9:12:33:19:b9:b7:
e7:c6:d4:66:3a:15:6c:0d:3a:ce:2c:56:b7:be:01:
9a:9b:d2:1a:48:60:03:15:a3:39:53:7e:66:6a:36:
1f:22:5f:94:58:58:0c:56:cc:2b:92:d3:42:9c:91:
25:c1:a7:e8:27:90:2c:fc:84:4b:24:59:9a:56:60:
c0:62:f8:c5:25:9c:05:7a:23:28:b8:fd:10:05:ca:
28:6c:da:00:e8:23:db:b0:5e:8d:07:72:b9:4a:ac:
81:79:7c:cc:e7:c4:c1:0a:4d:51:da:56:d3:d1:e2:
6b:84:dd:61:2a:e4:37:ca:76:85:48:2e:a3:66:0d:
27:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:04:F1:16:B4:EF:8C:56:21:AD:C8:AB:A6:42:3B:FB:CC:9D:4B:84
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:b000::/40
Signature Algorithm: sha256WithRSAEncryption
58:f4:51:5c:28:1c:40:6a:a1:41:c4:56:1a:b0:61:e0:15:19:
b0:a5:c6:21:92:0e:b3:36:98:3e:50:d5:a9:a7:ca:e5:68:ec:
b8:fa:1c:d9:99:2a:a8:84:32:56:e3:3f:4d:e7:8d:e1:e5:89:
ee:f1:55:24:62:be:92:e9:95:0f:87:b1:8c:b1:47:77:b6:2e:
5e:e6:6a:ef:f5:16:bd:ea:8e:6e:e8:13:d1:fe:67:7f:7e:1e:
d3:fc:f1:90:a9:75:80:69:5c:1b:9c:c9:90:00:5c:b0:60:26:
26:cd:37:1e:b4:41:40:e8:67:75:14:34:fd:dd:aa:41:ed:63:
95:8c:f6:18:4e:37:57:fe:ad:4f:e7:f3:41:9d:e0:f8:8e:48:
5c:1b:60:e5:71:39:f2:5b:b7:b5:cc:01:14:2a:a7:ab:63:06:
84:6b:a0:21:0a:7d:c1:7b:a1:72:9e:ce:53:e2:ba:7c:4c:6a:
88:63:89:8a:00:c3:40:05:03:bd:00:e7:c6:87:01:31:ee:d0:
08:25:ec:b8:03:7a:72:f9:a2:0a:a9:a1:a0:5f:67:8d:00:4e:
13:89:b6:d3:81:32:20:89:c9:b8:8c:57:80:3f:99:67:6c:6e:
cd:68:b0:21:11:f6:72:9b:58:77:d7:a9:29:da:b8:38:9d:e8:
78:26:18:a1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDytktpWOZx2HYxUKjbXBX8UsrpAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTMwMjBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxMzcxYTc0MDk5MjUxODc0NGU4NTE3ODYzNzVlYjZiOGJmZDYzYzQ1NmUw
YmEyOGE3NDVmYWJjNzBhOTMyOTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMq2Ywgs+yq5FggGAo79yjrKTv52w+1o45rdtsSdGwPXTxfcxOXP3ii/WcJ0
n4RnYMkjvGBLmJqHWd4Y7QUPjQd4w98fK8p59i1VK+nZx+NK432+KuTdzSSlCAEu
sAYN6BheJqc+W8mw67yQBiW4mv7RZ+GN22sFlatFCLGSAXi5+RIzGbm358bUZjoV
bA06zixWt74BmpvSGkhgAxWjOVN+Zmo2HyJflFhYDFbMK5LTQpyRJcGn6CeQLPyE
SyRZmlZgwGL4xSWcBXojKLj9EAXKKGzaAOgj27BejQdyuUqsgXl8zOfEwQpNUdpW
09Hia4TdYSrkN8p2hUguo2YNJx0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSUBPEW
tO+MViGtyKumQjv7zJ1LhDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjkzNmZmODctMGViNC00ODY4LTg3MDktY2M0ZTJmNzQ1OGQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBY9FFcKBxAaqFBxFYasGHgFRmwpcYhkg6zNpg+
UNWpp8rlaOy4+hzZmSqohDJW4z9N543h5Ynu8VUkYr6S6ZUPh7GMsUd3ti5e5mrv
9Ra96o5u6BPR/md/fh7T/PGQqXWAaVwbnMmQAFywYCYmzTcetEFA6Gd1FDT93apB
7WOVjPYYTjdX/q1P5/NBneD4jkhcG2DlcTnyW7e1zAEUKqerYwaEa6AhCn3Be6Fy
ns5T4rp8TGqIY4mKAMNABQO9AOfGhwEx7tAIJey4A3py+aIKqaGgX2eNAE4TibbT
gTIgicm4jFeAP5lnbG7NaLAhEfZym1h316kp2rg4neh4Jhih
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:46:47 2025 by rpki-client