Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bed4158d-91b8-4ba5-81d9-75a65b550b92.roa
File: bed4158d-91b8-4ba5-81d9-75a65b550b92.roa (raw, json)
Hash identifier: cYZvqFmH0Ue18E097xzQb9x31kte5FBNEJGbihY1nSY=
Subject key identifier: 7E:21:F4:61:A1:58:EC:02:8D:3A:6C:F4:76:19:8F:44:87:D7:1E:BB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B2D86D71263694D9D9E879E7142DBC954A516C7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bed4158d-91b8-4ba5-81d9-75a65b550b92.roa
Signing time: Fri 11 Jul 2025 18:40:47 +0000
ROA not before: Fri 11 Jul 2025 18:40:47 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 22:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:2d:86:d7:12:63:69:4d:9d:9e:87:9e:71:42:db:c9:54:a5:16:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 18:40:47 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=8c312129e789272776fb9bf37e4e1c0ae9b913c5ff391b93aaab75937b65bb65, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:77:09:99:7a:1c:6f:09:19:4f:d9:b8:25:42:
98:b5:ca:dd:a4:cd:11:3d:12:1a:47:c1:67:d8:4d:
04:35:a8:b8:6d:23:4d:4f:a2:b2:d8:71:64:43:2c:
74:0e:d1:c9:d0:b6:c2:cf:4e:67:3e:dd:ea:e7:60:
cd:06:ec:1e:41:a7:e2:5c:65:b8:a9:69:55:47:92:
58:bd:cc:9f:92:29:fb:6f:99:da:a9:6c:0b:dc:b2:
fd:a4:58:29:9e:bb:90:b3:e4:d2:bb:c6:65:b2:20:
ab:88:2a:9a:32:0f:07:3d:ed:44:71:63:f8:2c:51:
3e:42:ca:0c:44:bf:76:57:f9:79:cf:d9:91:61:16:
a0:b8:d7:3d:e8:5e:c0:75:53:83:89:2f:8e:38:8e:
54:8e:7a:ad:14:0f:06:06:2d:e5:1c:0d:66:9b:63:
24:b8:be:44:4a:c4:df:d5:f2:4f:79:eb:0c:c5:2e:
00:fe:bb:f9:af:16:6f:4d:62:45:3f:9c:4f:55:95:
97:a9:f4:a9:2e:97:19:11:9a:aa:3b:2f:dc:5e:a8:
30:83:2f:25:77:74:93:74:d6:48:19:fd:f2:6d:4f:
10:a7:b6:ad:e3:78:93:5e:c4:b7:0d:7c:ad:87:99:
27:c8:e1:78:05:d2:06:43:98:3e:0a:11:cc:b2:8d:
f5:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:21:F4:61:A1:58:EC:02:8D:3A:6C:F4:76:19:8F:44:87:D7:1E:BB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bed4158d-91b8-4ba5-81d9-75a65b550b92.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
0c:c9:37:62:d2:af:6f:4c:44:67:20:42:0a:08:86:29:a7:5d:
71:4d:7f:78:58:d3:67:aa:4f:e9:58:65:7f:45:29:11:3a:22:
08:7c:25:05:e3:44:8d:fb:36:09:10:d8:b2:fa:a3:a0:32:9a:
c3:88:3b:86:78:56:f3:b0:e2:47:cb:3c:4f:99:78:96:51:cd:
a3:f1:a6:9c:82:d7:eb:72:fd:bc:e2:ac:16:c8:82:df:21:16:
89:75:1c:55:1f:56:94:2c:c5:be:49:4d:d8:18:22:b4:70:be:
8e:af:f0:af:8e:ce:19:a1:c3:e9:14:ea:ca:84:c2:72:8f:a7:
8a:59:d7:a0:67:04:3b:eb:a3:65:46:27:50:b0:0d:8e:ae:21:
af:7f:46:1b:65:80:33:c3:38:61:3f:4d:d9:aa:46:3d:0a:dc:
5d:0a:e5:c2:55:04:25:d8:21:a8:0f:82:04:2f:bd:a3:e1:91:
df:67:d1:9a:cd:51:7f:48:a9:a5:a8:ea:33:73:3b:eb:9e:1b:
16:da:4c:eb:16:e3:89:6c:bc:30:90:68:c3:d9:c1:e5:d5:f0:
1b:e5:48:ea:93:ff:1a:cb:ac:ec:6f:2f:77:88:08:30:cd:f8:
66:a6:8d:98:36:56:48:4e:28:e3:cb:69:e9:0f:26:65:91:30:
2c:3a:8d:ef
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWy2G1xJjaU2dnoeecULbyVSlFscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExODQwNDdaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjMzEyMTI5ZTc4OTI3Mjc3NmZiOWJmMzdlNGUxYzBhZTliOTEzYzVmZjM5
MWI5M2FhYWI3NTkzN2I2NWJiNjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMB3CZl6HG8JGU/ZuCVCmLXK3aTNET0SGkfBZ9hNBDWouG0jTU+isthxZEMs
dA7RydC2ws9OZz7d6udgzQbsHkGn4lxluKlpVUeSWL3Mn5Ip+2+Z2qlsC9yy/aRY
KZ67kLPk0rvGZbIgq4gqmjIPBz3tRHFj+CxRPkLKDES/dlf5ec/ZkWEWoLjXPehe
wHVTg4kvjjiOVI56rRQPBgYt5RwNZptjJLi+RErE39XyT3nrDMUuAP67+a8Wb01i
RT+cT1WVl6n0qS6XGRGaqjsv3F6oMIMvJXd0k3TWSBn98m1PEKe2reN4k17Etw18
rYeZJ8jheAXSBkOYPgoRzLKN9XcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR+IfRh
oVjsAo06bPR2GY9Eh9ceuzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmVkNDE1OGQtOTFiOC00YmE1LTgxZDktNzVhNjViNTUwYjkyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABg
wDANBgkqhkiG9w0BAQsFAAOCAQEADMk3YtKvb0xEZyBCCgiGKaddcU1/eFjTZ6pP
6Vhlf0UpEToiCHwlBeNEjfs2CRDYsvqjoDKaw4g7hnhW87DiR8s8T5l4llHNo/Gm
nILX63L9vOKsFsiC3yEWiXUcVR9WlCzFvklN2BgitHC+jq/wr47OGaHD6RTqyoTC
co+nilnXoGcEO+ujZUYnULANjq4hr39GG2WAM8M4YT9N2apGPQrcXQrlwlUEJdgh
qA+CBC+9o+GR32fRms1Rf0ippajqM3M7654bFtpM6xbjiWy8MJBow9nB5dXwG+VI
6pP/Gsus7G8vd4gIMM34ZqaNmDZWSE4o48tp6Q8mZZEwLDqN7w==
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:43:14 2025 by rpki-client