Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
File: 8b940c44-168e-4976-b17d-778e9341611b.roa (raw, json)
Hash identifier: GM0EsKAv/e7/nxs9QPvuFblyOLg+awBZt+T5laCGYfc=
Subject key identifier: D0:F1:2F:25:97:E3:BB:BF:56:12:09:3D:4A:96:50:DD:40:24:FC:BA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B514C960D620B4EA7582C33C6746ECFA3A71CA8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
Signing time: Fri 11 Jul 2025 19:31:07 +0000
ROA not before: Fri 11 Jul 2025 19:31:07 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:51:4c:96:0d:62:0b:4e:a7:58:2c:33:c6:74:6e:cf:a3:a7:1c:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:31:07 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=f2306628c261b6bca105d614e58bcd383ce3cc467dcc5b111236acb1b7f0f240, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:a9:d9:e0:e4:76:85:5a:ed:f0:62:0d:87:46:
e0:d1:b3:cf:0e:6d:84:ce:47:33:da:d8:16:47:f4:
fc:01:7e:7a:5a:f6:9f:40:88:a5:5f:05:b9:4a:8c:
56:4c:e6:1d:a7:bd:04:3c:bb:e7:0f:f1:9c:d5:27:
c3:32:9e:60:88:01:25:56:c6:a2:81:04:4c:a1:ef:
0f:63:e4:29:9e:da:c2:0f:be:80:4c:38:0a:cf:05:
7a:f6:a3:51:7c:13:00:6e:f3:27:c0:3c:93:de:11:
79:14:2a:f7:d3:ed:0a:1a:53:8e:b5:2f:6a:78:77:
43:8c:1d:f6:d0:31:d0:17:22:f6:00:ba:67:c0:13:
bd:39:2c:de:4a:11:c9:86:0b:97:fa:df:f6:d2:58:
3d:7c:3c:ab:b7:d8:93:d6:12:6e:19:58:96:3d:5f:
83:bf:24:49:d2:f1:df:1f:34:c4:cb:80:9c:b2:aa:
5e:27:73:38:be:80:10:9b:cf:b8:7c:8b:10:01:7f:
2f:a5:f7:ce:d3:25:ec:04:f7:a7:9c:24:3f:70:8d:
d0:bf:8c:9d:cd:a7:02:66:38:08:19:e0:5e:bd:7a:
bb:56:46:f3:ac:f4:83:85:c1:f8:14:32:f9:92:8e:
ae:a3:a4:eb:1f:8e:fe:c2:a5:66:fd:fe:16:d1:d2:
43:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:F1:2F:25:97:E3:BB:BF:56:12:09:3D:4A:96:50:DD:40:24:FC:BA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:1080::/48
Signature Algorithm: sha256WithRSAEncryption
40:e2:6e:9d:d9:d6:1a:5d:22:37:73:9a:3f:94:13:35:73:b5:
b3:26:a2:2d:31:db:38:0b:f2:c1:bb:07:2e:01:6b:3a:92:43:
a3:5d:5f:90:c5:a7:4f:ed:eb:fc:56:d5:9a:4b:d3:9f:42:60:
7a:b6:fb:bf:13:48:98:0c:fc:1d:d7:38:6c:a6:5a:cf:68:19:
fc:eb:e8:60:0f:2c:ef:31:45:9c:20:0a:4a:f0:c5:47:03:e9:
4b:b0:ef:e7:36:47:62:24:e1:20:ce:ec:ab:a7:ed:a6:15:68:
e2:b8:4c:ae:51:4f:62:92:b9:7f:b5:d0:ee:83:e5:49:0e:a6:
5b:3e:57:b8:fd:43:3b:c0:61:b5:96:cc:16:a8:43:3d:2d:c7:
b5:54:f2:23:b5:88:e4:fd:d7:60:ca:28:32:5d:b6:40:78:a1:
07:da:12:1f:ea:1c:5a:31:3b:bc:26:40:1a:38:77:4c:93:6d:
4f:19:d3:b0:ac:f9:31:15:b6:ad:13:b1:3b:83:0a:9b:59:66:
58:b4:72:fb:00:21:44:19:e2:ae:f6:cb:f6:b5:c7:a6:19:16:
d0:2d:f2:f3:99:4b:f7:2a:8d:3c:9b:78:44:07:c7:4d:10:89:
79:9c:f1:42:c0:8b:76:39:55:f4:24:93:67:d6:83:d0:0b:ba:
5d:e1:c5:4c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUW1FMlg1iC06nWCwzxnRuz6OnHKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTMxMDdaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyMzA2NjI4YzI2MWI2YmNhMTA1ZDYxNGU1OGJjZDM4M2NlM2NjNDY3ZGNj
NWIxMTEyMzZhY2IxYjdmMGYyNDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmp2eDkdoVa7fBiDYdG4NGzzw5thM5HM9rYFkf0/AF+elr2n0CIpV8FuUqM
VkzmHae9BDy75w/xnNUnwzKeYIgBJVbGooEETKHvD2PkKZ7awg++gEw4Cs8Fevaj
UXwTAG7zJ8A8k94ReRQq99PtChpTjrUvanh3Q4wd9tAx0Bci9gC6Z8ATvTks3koR
yYYLl/rf9tJYPXw8q7fYk9YSbhlYlj1fg78kSdLx3x80xMuAnLKqXidzOL6AEJvP
uHyLEAF/L6X3ztMl7AT3p5wkP3CN0L+Mnc2nAmY4CBngXr16u1ZG86z0g4XB+BQy
+ZKOrqOk6x+O/sKlZv3+FtHSQxsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTQ8S8l
l+O7v1YSCT1KllDdQCT8ujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI5NDBjNDQtMTY4ZS00OTc2LWIxN2QtNzc4ZTkzNDE2MTFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAQOJundnWGl0iN3OaP5QTNXO1syaiLTHbOAvy
wbsHLgFrOpJDo11fkMWnT+3r/FbVmkvTn0Jgerb7vxNImAz8Hdc4bKZaz2gZ/Ovo
YA8s7zFFnCAKSvDFRwPpS7Dv5zZHYiThIM7sq6ftphVo4rhMrlFPYpK5f7XQ7oPl
SQ6mWz5XuP1DO8BhtZbMFqhDPS3HtVTyI7WI5P3XYMooMl22QHihB9oSH+ocWjE7
vCZAGjh3TJNtTxnTsKz5MRW2rROxO4MKm1lmWLRy+wAhRBnirvbL9rXHphkW0C3y
85lL9yqNPJt4RAfHTRCJeZzxQsCLdjlV9CSTZ9aD0Au6XeHFTA==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:41:29 2025 by rpki-client