Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
File: 975dfb4d-ef39-4371-9678-ff7909080d1e.roa (raw, json)
Hash identifier: DcUiVpFeJ7Qg8jocjH4Bjr4uMGYOYqEaZyfcGamIrHw=
Subject key identifier: 07:77:65:A0:FB:0A:2A:0E:4A:D5:04:C1:C5:21:C7:AF:40:72:9E:FE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 30D8948701BD53D7EF09B76C8BBD80E05B80336E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
Signing time: Fri 11 Jul 2025 19:00:04 +0000
ROA not before: Fri 11 Jul 2025 19:00:04 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:d8:94:87:01:bd:53:d7:ef:09:b7:6c:8b:bd:80:e0:5b:80:33:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:00:04 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=28593454b05c9595fb3b04771438476adf40690ed91f9395e6d7c62f143fe559, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:5e:21:29:bc:f3:2b:2a:a2:9d:89:76:89:cb:
d3:f4:24:d4:a2:16:0b:08:6e:9b:d0:61:1b:5e:03:
3f:f2:b3:69:33:ad:3e:2c:da:b2:12:d5:9a:40:82:
d3:e5:e3:12:25:75:b7:91:f3:1d:3f:9e:dc:14:de:
0e:68:eb:51:be:17:c2:d9:e5:fb:d7:42:77:ff:87:
16:dc:90:14:aa:86:4b:25:ce:fc:c2:9d:38:8c:af:
d4:3a:1c:5b:f9:f7:b2:0f:20:38:42:4b:f7:c2:42:
b6:36:4c:bd:5b:02:34:9e:c2:2f:50:00:a6:3e:bf:
29:65:89:a1:d8:b0:c0:f8:fd:b8:9a:5b:b7:6e:9d:
c4:23:46:fd:6a:a5:24:af:18:5f:59:52:bc:70:4a:
78:06:31:52:cf:6f:5a:23:e8:d9:28:30:b7:16:a3:
b9:d0:64:69:c6:b4:89:51:7c:37:9c:d3:e9:03:5b:
34:46:f8:e4:67:c5:74:59:b8:53:f3:fa:0a:17:e0:
97:db:a2:1d:cf:5a:c2:25:7b:80:a4:68:35:f6:2d:
5c:28:5f:cd:a1:c9:fd:83:6e:d5:e4:25:3a:6e:0e:
f2:34:05:bd:33:39:d7:cf:da:11:10:2b:4d:4a:a0:
b7:e5:73:59:6b:5a:c5:41:8f:f9:42:30:e8:58:a3:
5d:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:77:65:A0:FB:0A:2A:0E:4A:D5:04:C1:C5:21:C7:AF:40:72:9E:FE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:b080::/48
Signature Algorithm: sha256WithRSAEncryption
01:7c:eb:5d:7c:d5:c4:4a:df:12:ab:7a:33:2a:9c:cf:2d:7d:
d0:de:e2:3b:bd:4d:26:d8:eb:a4:c3:c6:74:1a:66:3f:ca:2d:
cb:38:d5:68:82:73:82:42:b5:65:c3:a3:17:b5:c7:2b:1c:81:
bc:74:4b:be:c3:36:d0:87:22:02:68:55:8b:3d:1f:72:a3:a7:
7d:b8:88:45:7a:1c:d3:2c:1f:f9:b9:42:87:97:fa:49:56:4e:
33:9e:d8:5e:0d:f9:e5:51:28:e5:59:d9:df:a0:0b:29:4a:d7:
45:5b:8e:ff:12:d1:f1:33:fc:15:bb:39:33:19:1d:93:da:42:
3d:02:88:b1:54:75:56:45:a6:22:e0:37:d7:e6:86:85:c8:b5:
e2:b3:4d:6c:31:fa:3c:5d:25:c9:58:b1:ef:a2:41:c2:b4:05:
97:d5:dc:31:d1:75:58:a1:aa:1e:cf:9d:ab:70:c4:a1:32:23:
73:83:27:5e:56:64:a9:22:59:4e:c7:45:56:ba:82:12:da:73:
26:b9:9a:77:db:c4:ab:d1:73:68:0c:e0:bb:67:fa:4f:19:ee:
ff:21:bb:e0:88:a0:df:9c:5e:02:90:4a:74:5b:be:a3:3e:39:
af:b7:cb:10:cc:a3:bc:a7:27:12:4e:30:9a:77:0a:05:ca:44:
b4:7b:11:15
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUMNiUhwG9U9fvCbdsi72A4FuAM24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTAwMDRaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI4NTkzNDU0YjA1Yzk1OTVmYjNiMDQ3NzE0Mzg0NzZhZGY0MDY5MGVkOTFm
OTM5NWU2ZDdjNjJmMTQzZmU1NTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVeISm88ysqop2JdonL0/Qk1KIWCwhum9BhG14DP/KzaTOtPizashLVmkCC
0+XjEiV1t5HzHT+e3BTeDmjrUb4Xwtnl+9dCd/+HFtyQFKqGSyXO/MKdOIyv1Doc
W/n3sg8gOEJL98JCtjZMvVsCNJ7CL1AApj6/KWWJodiwwPj9uJpbt26dxCNG/Wql
JK8YX1lSvHBKeAYxUs9vWiPo2SgwtxajudBkaca0iVF8N5zT6QNbNEb45GfFdFm4
U/P6Chfgl9uiHc9awiV7gKRoNfYtXChfzaHJ/YNu1eQlOm4O8jQFvTM518/aERAr
TUqgt+VzWWtaxUGP+UIw6FijXZkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQHd2Wg
+woqDkrVBMHFIcevQHKe/jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc1ZGZiNGQtZWYzOS00MzcxLTk2NzgtZmY3OTA5MDgwZDFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKw
gDANBgkqhkiG9w0BAQsFAAOCAQEAAXzrXXzVxErfEqt6Myqczy190N7iO71NJtjr
pMPGdBpmP8otyzjVaIJzgkK1ZcOjF7XHKxyBvHRLvsM20IciAmhViz0fcqOnfbiI
RXoc0ywf+blCh5f6SVZOM57YXg355VEo5VnZ36ALKUrXRVuO/xLR8TP8Fbs5Mxkd
k9pCPQKIsVR1VkWmIuA31+aGhci14rNNbDH6PF0lyVix76JBwrQFl9XcMdF1WKGq
Hs+dq3DEoTIjc4MnXlZkqSJZTsdFVrqCEtpzJrmad9vEq9FzaAzgu2f6Txnu/yG7
4Iig35xeApBKdFu+oz45r7fLEMyjvKcnEk4wmncKBcpEtHsRFQ==
-----END CERTIFICATE-----
Generated at Tue Jul 22 22:23:32 2025 by rpki-client