Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c753331a-9b4d-4856-abb9-330765ad02d0.roa
File: c753331a-9b4d-4856-abb9-330765ad02d0.roa (raw, json)
Hash identifier: Ew7KQ09imUqjgiXLzeFs+aWd0hOaIavNVFbBego8VKg=
Subject key identifier: 1F:41:A3:1D:D7:5B:6E:D0:BB:D7:72:72:93:E5:73:13:AC:10:5A:04
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0DAFDDF02F9512C714456E3A9141FAD345BC07A2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c753331a-9b4d-4856-abb9-330765ad02d0.roa
Signing time: Mon 07 Jul 2025 18:20:20 +0000
ROA not before: Mon 07 Jul 2025 18:20:20 +0000
ROA not after: Mon 11 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:8c0::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:af:dd:f0:2f:95:12:c7:14:45:6e:3a:91:41:fa:d3:45:bc:07:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 7 18:20:20 2025 GMT
Not After : Aug 11 23:59:59 2025 GMT
Subject: serialNumber=a968a530dbb951f4b8d9afbfe3e3c9786ccda57a41396345a2294c542a93d4d4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d8:5d:cf:56:c3:0b:c4:e3:8d:30:4d:e2:a9:
03:38:11:09:d9:dd:2e:61:dd:7d:73:f6:94:5f:47:
65:88:1c:f0:8d:8d:39:70:f5:d1:9e:1f:a8:be:43:
6e:1a:37:a6:df:e9:b5:d4:9b:ea:f3:96:4b:fe:44:
cb:60:cf:7b:a9:23:8b:dc:e2:bd:c9:89:bc:cc:62:
94:68:33:f0:16:f5:b9:55:02:a6:61:a4:17:23:8f:
63:1a:63:83:d9:32:8b:ac:88:66:fb:13:e9:c0:6d:
94:2e:31:61:9d:4a:f6:27:77:a5:1e:4a:cc:b5:d4:
39:59:bb:38:37:90:65:30:4d:6a:f3:75:05:be:bf:
57:44:68:79:08:42:93:3e:5b:cb:d9:5f:83:1b:ef:
48:7f:0c:53:c2:65:41:10:28:93:ce:47:a6:d6:b9:
02:70:c9:68:2f:6f:9d:04:59:67:5b:c1:59:01:3b:
3c:c9:3d:e2:ee:9e:81:f6:18:b3:93:e3:5a:a8:47:
4a:23:c8:71:5c:e7:01:72:2f:df:d1:9c:54:56:9f:
1c:7f:2a:e7:2a:4a:d0:f4:42:48:33:b9:22:84:b2:
fa:48:39:94:6f:db:43:03:9d:5c:65:14:e5:d9:2c:
fd:5b:03:80:fb:da:60:2b:13:0d:b1:59:18:67:69:
ec:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:41:A3:1D:D7:5B:6E:D0:BB:D7:72:72:93:E5:73:13:AC:10:5A:04
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c753331a-9b4d-4856-abb9-330765ad02d0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:8c0::/46
Signature Algorithm: sha256WithRSAEncryption
b8:e7:3b:a2:4f:bf:4f:d3:82:31:a1:11:b3:d0:d2:4f:e2:72:
0a:e7:e0:1e:d8:c3:7d:ea:03:76:8b:5e:75:c7:42:51:86:d2:
8e:4e:e3:c0:17:68:e0:c0:10:91:e0:f8:aa:00:c3:5d:f1:81:
bc:4f:f2:63:bb:93:66:9f:6f:43:2f:f6:d8:26:c0:f9:d3:f5:
fb:dd:a8:3c:e8:36:3d:55:b4:c6:3d:73:d8:da:b7:ed:ea:26:
6f:6d:d8:79:40:00:dd:77:a0:24:3e:de:9a:4f:93:1d:10:0a:
ba:eb:16:0f:7d:13:a1:57:a4:59:b3:7f:eb:17:1a:c4:53:f8:
1e:6e:96:2f:34:0f:90:04:00:f2:99:e7:29:71:5d:41:ef:3c:
6c:5d:90:30:4e:8d:1e:a5:5e:12:3c:37:de:d5:5e:38:6c:9e:
14:5a:c5:31:94:60:35:62:07:da:45:c2:41:90:c6:6d:1b:96:
48:65:5c:6d:14:e1:1a:e4:7e:4b:7f:db:bc:5c:f9:e0:25:de:
b9:13:d6:96:22:8d:76:f7:83:49:22:c0:42:7b:c3:20:6a:a3:
fd:72:f0:6b:23:b1:5f:4b:07:2c:e9:7e:c5:c0:27:0b:d0:19:
cb:ec:88:0c:9f:7d:2c:21:b7:57:69:ea:78:88:39:bb:5a:71:
18:69:cf:cd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDa/d8C+VEscURW46kUH600W8B6IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDcxODIwMjBaFw0yNTA4MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5NjhhNTMwZGJiOTUxZjRiOGQ5YWZiZmUzZTNjOTc4NmNjZGE1N2E0MTM5
NjM0NWEyMjk0YzU0MmE5M2Q0ZDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLYXc9WwwvE440wTeKpAzgRCdndLmHdfXP2lF9HZYgc8I2NOXD10Z4fqL5D
bho3pt/ptdSb6vOWS/5Ey2DPe6kji9zivcmJvMxilGgz8Bb1uVUCpmGkFyOPYxpj
g9kyi6yIZvsT6cBtlC4xYZ1K9id3pR5KzLXUOVm7ODeQZTBNavN1Bb6/V0RoeQhC
kz5by9lfgxvvSH8MU8JlQRAok85Hpta5AnDJaC9vnQRZZ1vBWQE7PMk94u6egfYY
s5PjWqhHSiPIcVznAXIv39GcVFafHH8q5ypK0PRCSDO5IoSy+kg5lG/bQwOdXGUU
5dks/VsDgPvaYCsTDbFZGGdp7IkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQfQaMd
11tu0LvXcnKT5XMTrBBaBDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc1MzMzMWEtOWI0ZC00ODU2LWFiYjktMzMwNzY1YWQwMmQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DUI
wDANBgkqhkiG9w0BAQsFAAOCAQEAuOc7ok+/T9OCMaERs9DST+JyCufgHtjDfeoD
dotedcdCUYbSjk7jwBdo4MAQkeD4qgDDXfGBvE/yY7uTZp9vQy/22CbA+dP1+92o
POg2PVW0xj1z2Nq37eomb23YeUAA3XegJD7emk+THRAKuusWD30ToVekWbN/6xca
xFP4Hm6WLzQPkAQA8pnnKXFdQe88bF2QME6NHqVeEjw33tVeOGyeFFrFMZRgNWIH
2kXCQZDGbRuWSGVcbRThGuR+S3/bvFz54CXeuRPWliKNdveDSSLAQnvDIGqj/XLw
ayOxX0sHLOl+xcAnC9AZy+yIDJ99LCG3V2nqeIg5u1pxGGnPzQ==
-----END CERTIFICATE-----
Generated at Tue Jul 22 22:22:25 2025 by rpki-client