Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
File: a1796bea-01c9-41b7-b13d-6932c4f36a42.roa (raw, json)
Hash identifier: y52vg5sUD/dizKEyGZFRAr/qw2y/2OUswigFGhYAW8Y=
Subject key identifier: D2:44:C0:DC:2C:30:11:C7:BC:67:35:48:98:EE:AF:F7:BB:76:27:76
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7D65761F27DF13A6A17D6E9D12E067A21C894805
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
Signing time: Fri 11 Jul 2025 19:11:02 +0000
ROA not before: Fri 11 Jul 2025 19:11:02 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:65:76:1f:27:df:13:a6:a1:7d:6e:9d:12:e0:67:a2:1c:89:48:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:11:02 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=b63c2de423816c93f2e77b527abaed0184ba82712986bbfb0497555dd89f949a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:0e:42:03:de:eb:9c:74:f1:b1:d9:ca:ce:23:
52:f9:16:cb:8c:12:bd:7a:60:ba:95:26:c7:02:08:
d3:90:cb:f7:76:dc:eb:ac:27:1f:f1:eb:cd:a9:00:
38:06:19:6f:9b:e0:c9:75:9d:e1:5d:42:44:80:a8:
e6:ad:88:9d:ec:7e:a9:48:71:bd:0b:cb:e8:76:f6:
f3:97:fc:dc:17:61:37:f0:08:42:fa:a5:be:48:90:
56:fc:ab:0c:ac:2f:5b:21:4e:a0:cb:60:af:91:24:
1c:d5:a7:77:8f:f5:57:de:bb:30:93:bf:66:91:0a:
af:2b:02:d6:98:63:fe:81:d4:27:d8:bc:92:39:36:
88:39:2c:cc:f5:31:e2:45:47:16:d9:22:21:d3:96:
8d:83:67:36:4b:b5:75:a6:83:4d:76:46:3d:15:db:
5a:5d:57:73:05:e9:3b:79:b0:81:10:f9:31:87:00:
e3:5e:66:1f:64:00:5f:0a:65:a8:21:c2:04:cc:0a:
44:8e:28:4f:a0:31:c4:a3:1d:da:6e:f4:e3:30:61:
db:28:8f:8d:9d:07:c2:a2:1c:d1:34:0a:6f:5c:9e:
b1:a3:a1:a8:46:27:9c:a4:07:23:50:0e:87:00:f1:
e2:ae:4a:53:bc:00:68:26:2f:38:5c:e5:30:b9:6c:
ef:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:44:C0:DC:2C:30:11:C7:BC:67:35:48:98:EE:AF:F7:BB:76:27:76
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:a000::/40
Signature Algorithm: sha256WithRSAEncryption
53:de:0e:59:63:ac:a7:20:ee:52:08:b8:63:84:3c:56:f3:79:
d5:9f:51:49:ec:f5:ff:eb:5c:1e:53:43:90:97:05:3c:d1:07:
3b:cb:d2:1a:73:ca:79:5e:5e:f4:9e:dc:b7:10:48:16:db:d5:
8b:13:99:db:b9:ed:b4:69:7f:79:63:2d:cb:29:5a:8d:55:f7:
bd:8f:16:77:e4:c9:8a:2c:8a:9f:ec:c3:11:af:07:4b:02:d1:
d7:3e:75:9e:be:8b:a0:80:79:a9:f3:5b:d0:c0:bd:19:f3:bc:
d4:11:da:a6:86:bb:d7:c0:c2:68:6f:7d:2d:e9:16:31:e4:94:
52:d4:0c:82:f7:22:54:e6:ee:6f:34:a1:21:43:74:87:01:f2:
a5:23:05:83:63:46:a2:8b:cf:eb:8a:62:3c:cb:f8:32:47:8e:
63:e1:11:3b:d7:b2:4b:fd:10:2d:b3:0a:73:6e:e8:e3:6b:52:
5f:35:ba:c7:bc:76:a8:ef:e7:d9:b4:09:65:32:4a:8d:f9:9f:
1d:fc:b8:bc:64:4f:52:8c:46:9d:dd:35:64:4d:f4:09:f7:d1:
9a:c4:a3:62:be:b6:01:33:0e:63:53:b5:95:b2:d0:31:bc:3b:
96:83:df:6c:cf:89:d2:2c:2b:54:0d:d5:bc:65:fd:ad:11:1b:
b4:4a:3e:f6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfWV2HyffE6ahfW6dEuBnohyJSAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTExMDJaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2M2MyZGU0MjM4MTZjOTNmMmU3N2I1MjdhYmFlZDAxODRiYTgyNzEyOTg2
YmJmYjA0OTc1NTVkZDg5Zjk0OWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI0OQgPe65x08bHZys4jUvkWy4wSvXpgupUmxwII05DL93bc66wnH/HrzakA
OAYZb5vgyXWd4V1CRICo5q2Inex+qUhxvQvL6Hb285f83BdhN/AIQvqlvkiQVvyr
DKwvWyFOoMtgr5EkHNWnd4/1V967MJO/ZpEKrysC1phj/oHUJ9i8kjk2iDkszPUx
4kVHFtkiIdOWjYNnNku1daaDTXZGPRXbWl1XcwXpO3mwgRD5MYcA415mH2QAXwpl
qCHCBMwKRI4oT6AxxKMd2m704zBh2yiPjZ0HwqIc0TQKb1yesaOhqEYnnKQHI1AO
hwDx4q5KU7wAaCYvOFzlMLls78cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTSRMDc
LDARx7xnNUiY7q/3u3YndjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTE3OTZiZWEtMDFjOS00MWI3LWIxM2QtNjkzMmM0ZjM2YTQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGg
MA0GCSqGSIb3DQEBCwUAA4IBAQBT3g5ZY6ynIO5SCLhjhDxW83nVn1FJ7PX/61we
U0OQlwU80Qc7y9Iac8p5Xl70nty3EEgW29WLE5nbue20aX95Yy3LKVqNVfe9jxZ3
5MmKLIqf7MMRrwdLAtHXPnWevouggHmp81vQwL0Z87zUEdqmhrvXwMJob30t6RYx
5JRS1AyC9yJU5u5vNKEhQ3SHAfKlIwWDY0aii8/rimI8y/gyR45j4RE717JL/RAt
swpzbujja1JfNbrHvHao7+fZtAllMkqN+Z8d/Li8ZE9SjEad3TVkTfQJ99GaxKNi
vrYBMw5jU7WVstAxvDuWg99sz4nSLCtUDdW8Zf2tERu0Sj72
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:34:42 2025 by rpki-client