Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
File: 9843a73f-18f2-433e-b871-f493b0645337.roa (raw, json)
Hash identifier: nIJAAaYcPxIOIZvyKd7V2pmfH/l42CJxxd3sqRR1kkc=
Subject key identifier: 38:93:CD:63:61:8C:6C:3F:CF:E5:AF:82:00:30:E4:3E:FE:6B:71:9E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2DDF9852F89591910CBA95284E50781E8D97FA17
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
Signing time: Mon 07 Jul 2025 18:30:05 +0000
ROA not before: Mon 07 Jul 2025 18:30:05 +0000
ROA not after: Mon 11 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 22:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:df:98:52:f8:95:91:91:0c:ba:95:28:4e:50:78:1e:8d:97:fa:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 7 18:30:05 2025 GMT
Not After : Aug 11 23:59:59 2025 GMT
Subject: serialNumber=0e525248496db92b0662ef85c4473eb2118c476a05a0c0685d5414fb003622f9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:2c:2d:9f:b3:b6:54:80:b7:4e:b1:fb:2e:70:
e9:df:74:85:f1:c1:06:da:1f:bd:4a:4e:3d:56:c2:
3e:ec:00:30:8b:9b:6d:c3:82:9a:23:83:88:c3:2d:
16:f0:9c:96:d3:3d:41:c6:22:9d:ad:bf:d2:0f:db:
ad:06:ff:6e:b4:b1:b0:cf:17:7b:58:cf:2e:0e:c5:
13:be:03:83:8a:65:29:fe:d3:95:d2:38:82:dc:c0:
12:7e:01:fd:d5:2c:a2:26:cf:6a:e4:48:2b:2d:17:
69:a4:af:cd:20:fe:a8:e4:4d:fb:6a:7c:be:47:d2:
fa:80:b5:c2:f6:b9:3a:bc:2d:40:49:7b:fd:e5:11:
d9:22:5e:23:d0:c9:84:16:f8:75:69:75:b9:f8:68:
9f:23:4c:ec:53:a6:cc:81:b4:cf:95:14:e1:ea:e5:
10:4c:43:1f:25:c4:69:de:00:53:78:54:eb:16:1a:
ba:23:16:ce:97:18:a2:f7:fb:c1:31:3e:c7:cd:56:
fc:40:e6:25:98:c7:94:ff:f4:59:63:16:36:1d:50:
27:35:b1:6d:a8:df:60:dd:22:85:62:0b:dd:ea:79:
e2:b1:2a:d4:b1:c0:9a:ce:7f:e8:24:19:bb:5c:44:
a6:92:62:ca:e5:37:f4:a4:12:b3:d6:e1:18:28:5c:
51:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:93:CD:63:61:8C:6C:3F:CF:E5:AF:82:00:30:E4:3E:FE:6B:71:9E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:800::/40
Signature Algorithm: sha256WithRSAEncryption
1f:81:59:3c:62:a0:ab:b0:78:ac:1f:1e:0e:62:bb:94:15:d9:
07:25:bb:8f:f0:4a:d0:06:df:84:71:cd:f6:b6:04:be:6f:b0:
91:3a:40:52:97:fc:a5:14:d6:10:fc:b3:0d:42:cb:ee:2b:c2:
de:bf:68:88:a4:87:bf:e9:f5:84:b9:12:d4:d4:15:b2:f8:e7:
50:5f:40:34:22:20:0e:b5:77:87:1a:a9:0e:c5:01:7e:ae:48:
d9:ef:7d:61:7f:a7:4a:11:ec:9a:4e:32:fa:fa:3a:52:92:c3:
8e:4a:8f:a6:dd:8e:f6:a1:8a:c1:d5:4a:9c:05:da:9b:9c:d4:
3f:df:be:da:4a:9e:71:cb:21:ae:1c:ca:23:18:34:d5:60:8d:
d8:1a:3b:e3:1b:f3:64:81:e6:68:60:71:3f:f4:7c:b5:4e:9a:
c7:a8:d0:cc:22:70:7b:30:97:55:95:4e:cd:39:8c:a4:31:b2:
5a:35:91:a3:02:b8:0a:f4:b0:e8:92:f9:60:15:c2:4e:01:bf:
95:59:53:49:21:b8:7d:4f:2f:92:51:d5:a7:a9:a2:81:0d:ff:
38:56:b5:a0:9d:96:c2:6e:b4:de:00:b4:b3:dc:e8:0c:d6:87:
d4:74:6b:7b:3b:d6:85:18:c7:94:72:de:9e:9b:5f:c8:86:d2:
51:97:cb:2b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULd+YUviVkZEMupUoTlB4Ho2X+hcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDcxODMwMDVaFw0yNTA4MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlNTI1MjQ4NDk2ZGI5MmIwNjYyZWY4NWM0NDczZWIyMTE4YzQ3NmEwNWEw
YzA2ODVkNTQxNGZiMDAzNjIyZjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0sLZ+ztlSAt06x+y5w6d90hfHBBtofvUpOPVbCPuwAMIubbcOCmiODiMMt
FvCcltM9QcYina2/0g/brQb/brSxsM8Xe1jPLg7FE74Dg4plKf7TldI4gtzAEn4B
/dUsoibPauRIKy0XaaSvzSD+qORN+2p8vkfS+oC1wva5OrwtQEl7/eUR2SJeI9DJ
hBb4dWl1ufhonyNM7FOmzIG0z5UU4erlEExDHyXEad4AU3hU6xYauiMWzpcYovf7
wTE+x81W/EDmJZjHlP/0WWMWNh1QJzWxbajfYN0ihWIL3ep54rEq1LHAms5/6CQZ
u1xEppJiyuU39KQSs9bhGChcUVMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ4k81j
YYxsP8/lr4IAMOQ+/mtxnjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTg0M2E3M2YtMThmMi00MzNlLWI4NzEtZjQ5M2IwNjQ1MzM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DoI
MA0GCSqGSIb3DQEBCwUAA4IBAQAfgVk8YqCrsHisHx4OYruUFdkHJbuP8ErQBt+E
cc32tgS+b7CROkBSl/ylFNYQ/LMNQsvuK8Lev2iIpIe/6fWEuRLU1BWy+OdQX0A0
IiAOtXeHGqkOxQF+rkjZ731hf6dKEeyaTjL6+jpSksOOSo+m3Y72oYrB1UqcBdqb
nNQ/377aSp5xyyGuHMojGDTVYI3YGjvjG/NkgeZoYHE/9Hy1TprHqNDMInB7MJdV
lU7NOYykMbJaNZGjArgK9LDokvlgFcJOAb+VWVNJIbh9Ty+SUdWnqaKBDf84VrWg
nZbCbrTeALSz3OgM1ofUdGt7O9aFGMeUct6em1/IhtJRl8sr
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:23:11 2025 by rpki-client