Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: 576GCSuLnMVSgFEMattZe4MaoqNnRvbZqISfPX2XMWs=
Subject key identifier: 55:16:8C:6B:54:F4:71:1A:DD:73:DB:B9:76:CB:1D:BA:3D:30:89:FB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5463FB26A8852E2E4210CC95E6F67882D280BCA8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Sat 12 Jul 2025 00:51:32 +0000
ROA not before: Sat 12 Jul 2025 00:51:32 +0000
ROA not after: Sat 16 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 20:51:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:63:fb:26:a8:85:2e:2e:42:10:cc:95:e6:f6:78:82:d2:80:bc:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 12 00:51:32 2025 GMT
Not After : Aug 16 23:59:59 2025 GMT
Subject: serialNumber=29c9891e83fa1a14821131694315b7a1baf0239125c6bb00bf207b3e9f2a727f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:f8:22:f8:01:da:58:0f:b1:59:cb:fa:4f:fa:
a1:03:e1:f9:2f:75:ed:e0:fb:31:fd:49:0b:da:4b:
1b:9c:24:44:d4:70:fd:4c:2c:07:4e:78:8e:9a:0f:
a5:dc:cd:2b:57:0d:a6:40:dd:9d:02:7a:7e:1b:bf:
89:de:cf:d1:11:4b:5b:f6:49:f9:95:52:31:cd:86:
fd:7c:95:8e:8e:ff:d7:28:62:fe:cd:02:b6:18:3d:
99:f2:dc:50:32:9c:73:56:74:c5:3f:e6:1f:16:1b:
d6:36:53:17:9e:4b:bf:de:06:22:9e:20:fd:58:c8:
47:f0:57:12:98:ba:ab:bd:30:50:31:ef:b3:db:f9:
92:a9:e4:0f:0d:50:9e:ec:f0:35:ca:a9:21:10:a8:
16:57:98:0a:e1:bd:d5:ea:40:93:1b:5d:64:85:d7:
7c:ec:96:46:f0:10:d3:18:c4:ad:a8:59:06:97:7b:
14:91:90:02:bb:4c:25:26:24:b1:7e:70:8f:f9:4e:
fb:09:61:19:a1:28:b6:33:52:86:2c:08:9b:e0:62:
e4:db:e7:a5:f6:82:99:f5:14:ed:96:ca:d9:55:9b:
f3:ba:8b:ee:18:23:c2:54:c3:1e:61:76:94:55:79:
87:8e:3e:90:83:00:d2:cd:b1:66:53:53:50:c3:aa:
25:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:16:8C:6B:54:F4:71:1A:DD:73:DB:B9:76:CB:1D:BA:3D:30:89:FB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
23:0d:a5:ad:95:51:c0:dd:8a:bf:c0:53:4d:6a:0c:07:3c:ac:
ee:95:ea:b6:a3:bf:29:15:ce:91:19:90:ef:96:ee:04:7f:88:
f9:08:f0:7b:ba:18:05:2b:f0:02:30:47:90:2d:2f:db:d1:01:
aa:e7:10:da:4d:a5:81:51:55:bd:0f:f6:cb:4b:72:aa:b8:d4:
63:ca:6f:2a:88:a4:26:a7:da:4a:8a:d6:b2:f5:2d:7a:f5:2f:
10:1d:ee:a6:6f:89:01:59:3b:00:95:71:60:97:bd:d9:81:20:
42:cd:82:14:25:e0:42:1a:34:ce:50:e4:2d:9b:0f:22:a5:0a:
22:25:57:5a:72:42:01:68:8d:e5:a4:60:7e:f2:aa:64:d5:1a:
aa:f9:05:c7:31:44:c7:43:63:7c:f7:55:08:b0:ac:5a:ae:f7:
13:46:68:7a:3a:f0:22:76:3c:e6:a3:30:0a:0d:1b:95:11:a8:
56:8a:43:64:9b:9d:f2:a9:4d:34:b8:60:7c:a8:3b:e2:77:e4:
c7:9f:f1:7b:1d:a1:73:3b:ab:27:a2:d5:3f:1a:72:e4:87:d7:
d9:2e:c6:00:13:0b:13:56:8d:5d:59:19:f6:60:f7:d4:b8:b0:
b1:71:a1:81:58:8b:8d:dd:46:42:f7:7d:df:05:2b:49:76:ab:
fa:55:35:16
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVGP7JqiFLi5CEMyV5vZ4gtKAvKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTIwMDUxMzJaFw0yNTA4MTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5Yzk4OTFlODNmYTFhMTQ4MjExMzE2OTQzMTViN2ExYmFmMDIzOTEyNWM2
YmIwMGJmMjA3YjNlOWYyYTcyN2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKP4IvgB2lgPsVnL+k/6oQPh+S917eD7Mf1JC9pLG5wkRNRw/UwsB054jpoP
pdzNK1cNpkDdnQJ6fhu/id7P0RFLW/ZJ+ZVSMc2G/XyVjo7/1yhi/s0Cthg9mfLc
UDKcc1Z0xT/mHxYb1jZTF55Lv94GIp4g/VjIR/BXEpi6q70wUDHvs9v5kqnkDw1Q
nuzwNcqpIRCoFleYCuG91epAkxtdZIXXfOyWRvAQ0xjErahZBpd7FJGQArtMJSYk
sX5wj/lO+wlhGaEotjNShiwIm+Bi5NvnpfaCmfUU7ZbK2VWb87qL7hgjwlTDHmF2
lFV5h44+kIMA0s2xZlNTUMOqJZcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRVFoxr
VPRxGt1z27l2yx26PTCJ+zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAjDaWtlVHA3Yq/wFNNagwHPKzuleq2o78pFc6R
GZDvlu4Ef4j5CPB7uhgFK/ACMEeQLS/b0QGq5xDaTaWBUVW9D/bLS3KquNRjym8q
iKQmp9pKitay9S169S8QHe6mb4kBWTsAlXFgl73ZgSBCzYIUJeBCGjTOUOQtmw8i
pQoiJVdackIBaI3lpGB+8qpk1Rqq+QXHMUTHQ2N891UIsKxarvcTRmh6OvAidjzm
ozAKDRuVEahWikNkm53yqU00uGB8qDvid+THn/F7HaFzO6snotU/GnLkh9fZLsYA
EwsTVo1dWRn2YPfUuLCxcaGBWIuN3UZC933fBStJdqv6VTUW
-----END CERTIFICATE-----
Generated at Thu Jul 24 00:00:17 2025 by rpki-client