Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3c943d5-fc37-4c49-9dba-128c8e280c32.roa
File: c3c943d5-fc37-4c49-9dba-128c8e280c32.roa (raw, json)
Hash identifier: zK4HqEQgd4+hjlGydkfD4bY7jv9w7c6VfRHxS48n6NU=
Subject key identifier: 4F:36:5D:06:E5:64:3E:EF:6E:49:D8:91:58:F5:FD:48:69:8F:E2:CE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2348B631882E78E19331702FACE5D796D4F9ED0D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3c943d5-fc37-4c49-9dba-128c8e280c32.roa
Signing time: Fri 11 Jul 2025 20:00:41 +0000
ROA not before: Fri 11 Jul 2025 20:00:41 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07b:5040::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 25 Jul 2025 08:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:48:b6:31:88:2e:78:e1:93:31:70:2f:ac:e5:d7:96:d4:f9:ed:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:00:41 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=6a547f6460beb006917722340c4ac100f4d5a5a8d78056d026055c67f772bfdd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:bd:11:9b:ac:5b:7d:65:e6:01:64:5d:8d:12:
5c:6b:2a:25:6e:01:8f:0f:14:a1:25:13:03:2e:87:
c8:66:9a:ae:ed:cb:65:8d:01:ec:f0:a9:48:e9:1e:
3f:02:6b:c2:34:47:8e:04:54:e4:76:d3:1d:6e:e0:
57:c9:12:0d:ca:de:a1:37:b8:12:0a:74:51:16:4d:
d5:a3:ef:57:ac:ee:93:55:28:f2:6a:0b:89:f7:a4:
a5:12:23:50:7e:e4:21:7e:2f:d5:8d:e4:73:06:2d:
8b:39:f5:fd:c2:da:5e:41:5a:ad:3e:95:9e:77:8c:
0a:56:77:7d:b8:fc:ce:4e:99:d2:b0:4d:20:99:80:
dc:eb:55:00:55:45:85:67:66:2b:11:14:23:ed:ac:
b8:c2:7d:c2:d8:19:e1:70:13:51:c4:84:28:14:c6:
8b:46:43:d8:30:49:82:54:1b:d7:cd:09:92:d4:5c:
6a:90:97:e6:28:19:c8:b5:5c:9e:30:d0:38:1f:30:
ae:0a:4d:b4:53:85:9c:01:b3:e1:22:6f:4e:fb:07:
9b:a2:98:cb:90:29:08:7c:91:73:db:86:7a:4e:f1:
ca:6f:4e:e9:05:04:b2:57:ce:6d:5f:ec:ee:bb:2b:
65:b6:65:da:5f:64:77:73:35:70:3c:7b:df:7b:14:
21:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:36:5D:06:E5:64:3E:EF:6E:49:D8:91:58:F5:FD:48:69:8F:E2:CE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3c943d5-fc37-4c49-9dba-128c8e280c32.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07b:5040::/46
Signature Algorithm: sha256WithRSAEncryption
70:23:59:6c:1a:67:cd:21:67:99:51:3a:15:c5:3a:c7:45:a4:
1f:1c:0c:cd:da:35:23:77:b8:71:8c:f9:06:14:3e:ee:d3:3f:
c9:34:6d:69:c8:08:5b:46:dd:39:02:fc:25:5c:a7:59:d2:b4:
cd:07:e3:46:c3:3f:5b:f6:bf:be:a0:3f:9f:4a:f9:32:12:33:
ae:c2:a0:af:01:ed:35:18:c0:5c:03:28:93:61:a9:a6:ab:92:
4f:a9:d2:3a:8c:ba:da:d1:ae:2f:df:b3:69:4c:d9:bd:74:38:
b3:e0:a5:3b:e1:55:f4:65:04:79:76:05:67:a2:ba:74:f2:d9:
92:c0:a4:33:b5:0c:65:68:03:4d:86:66:4d:00:7d:d4:d4:a7:
96:28:de:27:48:d5:05:48:47:21:0d:ae:0d:f7:0d:1e:8a:7a:
ae:fc:b4:5f:43:35:64:e3:d3:85:ba:27:4c:63:c1:e3:6e:7c:
bf:90:53:b2:0b:40:b5:31:05:d4:5d:56:38:4a:0b:90:19:78:
2d:15:07:87:21:15:98:40:87:fb:2a:60:f2:ea:ef:a0:30:8c:
3e:34:24:3e:1d:0a:a1:de:50:d6:0f:f7:e4:c2:f9:94:ce:13:
f5:27:23:6c:6e:8b:7f:ea:4a:90:e6:cd:c7:2d:e3:9e:2e:f3:
4c:91:25:b0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUI0i2MYgueOGTMXAvrOXXltT57Q0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDAwNDFaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhNTQ3ZjY0NjBiZWIwMDY5MTc3MjIzNDBjNGFjMTAwZjRkNWE1YThkNzgw
NTZkMDI2MDU1YzY3Zjc3MmJmZGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMa9EZusW31l5gFkXY0SXGsqJW4Bjw8UoSUTAy6HyGaaru3LZY0B7PCpSOke
PwJrwjRHjgRU5HbTHW7gV8kSDcreoTe4Egp0URZN1aPvV6zuk1Uo8moLifekpRIj
UH7kIX4v1Y3kcwYtizn1/cLaXkFarT6VnneMClZ3fbj8zk6Z0rBNIJmA3OtVAFVF
hWdmKxEUI+2suMJ9wtgZ4XATUcSEKBTGi0ZD2DBJglQb180JktRcapCX5igZyLVc
njDQOB8wrgpNtFOFnAGz4SJvTvsHm6KYy5ApCHyRc9uGek7xym9O6QUEslfObV/s
7rsrZbZl2l9kd3M1cDx733sUIfECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRPNl0G
5WQ+725J2JFY9f1IaY/izjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzNjOTQzZDUtZmMzNy00YzQ5LTlkYmEtMTI4YzhlMjgwYzMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HtQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAcCNZbBpnzSFnmVE6FcU6x0WkHxwMzdo1I3e4
cYz5BhQ+7tM/yTRtacgIW0bdOQL8JVynWdK0zQfjRsM/W/a/vqA/n0r5MhIzrsKg
rwHtNRjAXAMok2GppquST6nSOoy62tGuL9+zaUzZvXQ4s+ClO+FV9GUEeXYFZ6K6
dPLZksCkM7UMZWgDTYZmTQB91NSnlijeJ0jVBUhHIQ2uDfcNHop6rvy0X0M1ZOPT
hbonTGPB4258v5BTsgtAtTEF1F1WOEoLkBl4LRUHhyEVmECH+ypg8urvoDCMPjQk
Ph0Kod5Q1g/35ML5lM4T9ScjbG6Lf+pKkObNxy3jni7zTJElsA==
-----END CERTIFICATE-----
Generated at Thu Jul 24 12:20:09 2025 by rpki-client