Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
File: ad363c67-ff83-46aa-9474-de02e382946b.roa (raw, json)
Hash identifier: jQWm6IBbF4tGIdlk+KKiYvYrnxGyLurgmt83v7MAevM=
Subject key identifier: 19:9E:FC:83:90:2E:50:7A:C8:23:76:9D:2A:1D:3E:93:EF:7F:65:4C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 11D6E581372CB831EA80FE74394878344C565459
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
Signing time: Fri 11 Jul 2025 20:10:08 +0000
ROA not before: Fri 11 Jul 2025 20:10:08 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:d6:e5:81:37:2c:b8:31:ea:80:fe:74:39:48:78:34:4c:56:54:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:10:08 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=1b68bab988f443f0b8de8ec9a6e972984ba1e1b148817ae73bbe1108dd513f34, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:f7:74:d2:60:8c:1f:43:5d:1d:f2:66:87:f2:
69:02:0d:80:27:0e:42:ff:23:43:ef:fb:43:6a:2a:
8c:26:05:21:bb:4f:18:5b:a4:41:43:b7:27:29:ea:
0f:31:05:ae:29:56:33:eb:91:33:06:37:4e:79:28:
74:0f:13:31:db:9c:e2:fe:2d:a7:9f:0b:bd:8b:17:
b6:12:58:b5:a1:44:67:39:cf:a4:14:4f:40:d1:d8:
30:71:74:fb:b2:0e:20:1d:ad:c4:f6:40:98:dd:0e:
a9:ad:5a:e0:04:b0:82:f2:6e:d0:7a:d4:c5:49:1f:
1c:ec:bf:fc:d3:84:f0:68:d2:e5:88:cf:48:08:40:
1a:cd:3d:15:fe:88:91:28:f2:a2:85:f8:cd:98:d4:
f7:46:37:c8:14:e5:15:e5:44:b3:d7:9a:84:e3:91:
ac:b2:e6:dc:64:85:ba:d5:9d:b6:46:e9:44:33:2b:
03:86:2c:16:c2:48:0d:d9:df:b1:94:54:c3:48:01:
14:25:46:d2:c2:b1:51:f7:b7:25:ae:5d:7c:e3:65:
a5:70:02:89:c7:94:e4:f9:54:51:3c:df:e2:9f:fa:
7c:5d:ef:21:5d:7b:7f:ea:cd:95:af:7f:1a:f6:0e:
a5:8e:73:da:46:3c:16:e1:a9:a5:fa:05:69:8e:42:
ef:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:9E:FC:83:90:2E:50:7A:C8:23:76:9D:2A:1D:3E:93:EF:7F:65:4C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:b000::/40
Signature Algorithm: sha256WithRSAEncryption
05:43:a8:e8:92:a3:c5:4d:71:83:48:da:8f:88:45:cc:b3:fd:
9c:9c:fe:05:45:cc:2a:9a:90:bc:39:98:ef:7d:5a:91:80:bf:
c5:e0:b0:ae:60:23:72:d2:d2:b5:0d:4d:b2:90:80:8a:55:02:
1d:cd:23:5e:54:2b:c0:06:2a:78:de:f9:bd:11:20:b9:4f:97:
ed:8d:d0:d8:da:75:a0:a2:70:87:4d:7a:f2:b4:5a:50:d0:d4:
84:2a:d6:bd:03:d1:31:3d:d3:43:a8:e2:a2:89:13:f8:e0:d4:
f0:34:0e:03:5e:e1:29:e6:cd:9b:26:68:10:08:05:82:b2:31:
36:85:96:1a:a1:f7:34:90:8c:fb:26:d2:e8:8a:23:b1:18:15:
a4:46:16:db:43:95:cd:77:a7:3f:ae:d4:8d:8b:1b:4f:af:83:
09:92:68:3e:e2:a7:48:d7:bb:34:a7:83:79:19:22:e0:d9:fd:
2d:1d:3c:7c:64:19:e8:a1:a8:39:70:42:53:5d:02:9c:a9:7f:
83:25:e3:b2:43:90:89:92:ab:e0:1e:ac:cf:a7:65:d0:4a:0c:
27:20:b6:7e:63:f0:0d:a7:86:8b:98:a1:ae:8f:14:a6:8e:11:
75:f9:8d:eb:b1:e2:f1:af:47:0e:fe:25:7e:9d:9a:79:97:76:
92:e2:7f:09
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEdblgTcsuDHqgP50OUh4NExWVFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDEwMDhaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiNjhiYWI5ODhmNDQzZjBiOGRlOGVjOWE2ZTk3Mjk4NGJhMWUxYjE0ODgx
N2FlNzNiYmUxMTA4ZGQ1MTNmMzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANT3dNJgjB9DXR3yZofyaQINgCcOQv8jQ+/7Q2oqjCYFIbtPGFukQUO3Jynq
DzEFrilWM+uRMwY3TnkodA8TMduc4v4tp58LvYsXthJYtaFEZznPpBRPQNHYMHF0
+7IOIB2txPZAmN0Oqa1a4ASwgvJu0HrUxUkfHOy//NOE8GjS5YjPSAhAGs09Ff6I
kSjyooX4zZjU90Y3yBTlFeVEs9eahOORrLLm3GSFutWdtkbpRDMrA4YsFsJIDdnf
sZRUw0gBFCVG0sKxUfe3Ja5dfONlpXACiceU5PlUUTzf4p/6fF3vIV17f+rNla9/
GvYOpY5z2kY8FuGppfoFaY5C70ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZnvyD
kC5Qesgjdp0qHT6T739lTDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQzNjNjNjctZmY4My00NmFhLTk0NzQtZGUwMmUzODI5NDZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGw
MA0GCSqGSIb3DQEBCwUAA4IBAQAFQ6jokqPFTXGDSNqPiEXMs/2cnP4FRcwqmpC8
OZjvfVqRgL/F4LCuYCNy0tK1DU2ykICKVQIdzSNeVCvABip43vm9ESC5T5ftjdDY
2nWgonCHTXrytFpQ0NSEKta9A9ExPdNDqOKiiRP44NTwNA4DXuEp5s2bJmgQCAWC
sjE2hZYaofc0kIz7JtLoiiOxGBWkRhbbQ5XNd6c/rtSNixtPr4MJkmg+4qdI17s0
p4N5GSLg2f0tHTx8ZBnooag5cEJTXQKcqX+DJeOyQ5CJkqvgHqzPp2XQSgwnILZ+
Y/ANp4aLmKGujxSmjhF1+Y3rseLxr0cO/iV+nZp5l3aS4n8J
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:42:33 2025 by rpki-client