Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7743543-1a04-47c2-8128-1b90de9136a9.roa
File: c7743543-1a04-47c2-8128-1b90de9136a9.roa (raw, json)
Hash identifier: E5uWz6GXPuwahwqz6jq6ZXVYeCgOENDhwrk1cSGn3L8=
Subject key identifier: 01:BA:78:45:3C:80:6C:1C:A5:4F:D2:EF:D9:55:A3:29:D0:0A:E0:65
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2CAFC3FB94D410A06C9FDB23DCD3E9D90FC45C46
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7743543-1a04-47c2-8128-1b90de9136a9.roa
Signing time: Fri 11 Jul 2025 19:01:40 +0000
ROA not before: Fri 11 Jul 2025 19:01:40 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8090::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:af:c3:fb:94:d4:10:a0:6c:9f:db:23:dc:d3:e9:d9:0f:c4:5c:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:01:40 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=8d71c748af548dc9f0f0a1059815bc4de6a4781b521aa56eb416d98551a7b125, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:90:58:92:3d:67:8f:70:0e:8f:39:9b:91:e6:
27:dc:5f:e1:16:02:ca:3a:0c:1d:c1:ac:7a:e7:65:
55:b4:1b:b4:41:e8:cb:1b:6f:c2:92:92:05:68:be:
3d:00:3e:45:62:9f:ca:57:bf:15:1d:6d:8e:a7:9d:
af:5c:46:8b:35:41:6c:93:30:c7:7a:1b:bd:09:23:
c0:10:fa:5c:76:d9:85:30:7f:fb:60:cd:47:8d:f4:
56:5f:d6:4f:8b:dc:56:0c:5f:cc:32:db:5c:f8:9f:
56:fe:31:01:04:17:85:54:c2:b3:6c:88:07:7b:78:
30:47:d9:e0:bc:0a:70:f5:c2:82:8f:1c:27:6a:fa:
bc:1b:d5:46:27:d3:b0:2d:89:37:4c:10:bb:c2:c6:
7f:92:c0:61:fc:e0:f4:cf:97:f0:93:19:93:6c:6e:
91:8a:26:6c:2c:e3:96:3b:e7:d0:8b:4f:dd:c7:9c:
6f:bf:f6:02:cd:07:5d:7f:fc:76:ab:ef:5a:63:4e:
08:47:1f:b0:c0:29:a5:b7:15:50:41:e2:fb:77:75:
a0:1b:9b:da:26:6b:be:77:37:37:44:f0:46:2c:a2:
68:7a:be:6c:95:53:1f:63:38:7d:2d:cb:d5:0d:ff:
23:5d:68:90:8b:10:eb:5a:35:e7:78:47:3e:66:b5:
a5:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:BA:78:45:3C:80:6C:1C:A5:4F:D2:EF:D9:55:A3:29:D0:0A:E0:65
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7743543-1a04-47c2-8128-1b90de9136a9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8090::/48
Signature Algorithm: sha256WithRSAEncryption
bb:ea:5d:5b:57:c0:9b:9a:c0:95:19:98:46:2c:2c:57:d1:ae:
dc:cf:ee:27:aa:ac:89:f9:d6:55:f6:2c:2c:ae:d1:6a:ee:25:
98:e6:02:54:11:31:09:14:75:13:9f:d6:81:7e:eb:6c:08:f4:
b7:3a:4a:56:5c:b8:89:7a:b8:a5:99:45:d5:17:85:9c:21:d1:
54:b1:47:3a:73:ff:68:fd:1d:a3:6b:1c:13:ea:2c:52:1d:71:
e8:d9:d7:28:6b:42:9e:b6:43:ab:f9:cd:48:c4:f0:c6:fc:68:
a9:ff:52:2b:1d:94:07:b9:e4:15:e3:0e:98:1e:59:60:e4:e2:
69:b7:45:74:86:30:48:c8:12:6b:af:68:75:04:44:68:b7:3d:
05:4f:24:e7:00:3f:68:39:44:40:96:d2:99:14:54:16:46:ce:
ff:5c:04:87:be:ee:c1:70:ec:57:99:3c:5e:59:9c:7f:52:12:
ef:6b:92:42:9e:23:5e:7c:03:36:da:1a:00:97:b8:e7:ae:3a:
73:fb:07:c9:7c:da:e4:ee:10:ed:71:08:db:04:58:78:9f:99:
1b:03:04:c7:83:77:d9:0e:b1:30:65:2b:f3:f3:6c:ff:06:04:
dc:a3:3f:76:97:39:61:75:4c:96:51:13:3b:69:89:9e:91:0a:
3b:40:bf:2c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULK/D+5TUEKBsn9sj3NPp2Q/EXEYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTAxNDBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkNzFjNzQ4YWY1NDhkYzlmMGYwYTEwNTk4MTViYzRkZTZhNDc4MWI1MjFh
YTU2ZWI0MTZkOTg1NTFhN2IxMjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALaQWJI9Z49wDo85m5HmJ9xf4RYCyjoMHcGseudlVbQbtEHoyxtvwpKSBWi+
PQA+RWKfyle/FR1tjqedr1xGizVBbJMwx3obvQkjwBD6XHbZhTB/+2DNR430Vl/W
T4vcVgxfzDLbXPifVv4xAQQXhVTCs2yIB3t4MEfZ4LwKcPXCgo8cJ2r6vBvVRifT
sC2JN0wQu8LGf5LAYfzg9M+X8JMZk2xukYombCzjljvn0ItP3cecb7/2As0HXX/8
dqvvWmNOCEcfsMAppbcVUEHi+3d1oBub2iZrvnc3N0TwRiyiaHq+bJVTH2M4fS3L
1Q3/I11okIsQ61o153hHPma1pS8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQBunhF
PIBsHKVP0u/ZVaMp0ArgZTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc3NDM1NDMtMWEwNC00N2MyLTgxMjgtMWI5MGRlOTEzNmE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
kDANBgkqhkiG9w0BAQsFAAOCAQEAu+pdW1fAm5rAlRmYRiwsV9Gu3M/uJ6qsifnW
VfYsLK7Rau4lmOYCVBExCRR1E5/WgX7rbAj0tzpKVly4iXq4pZlF1ReFnCHRVLFH
OnP/aP0do2scE+osUh1x6NnXKGtCnrZDq/nNSMTwxvxoqf9SKx2UB7nkFeMOmB5Z
YOTiabdFdIYwSMgSa69odQREaLc9BU8k5wA/aDlEQJbSmRRUFkbO/1wEh77uwXDs
V5k8Xlmcf1IS72uSQp4jXnwDNtoaAJe45646c/sHyXza5O4Q7XEI2wRYeJ+ZGwME
x4N32Q6xMGUr8/Ns/wYE3KM/dpc5YXVMllETO2mJnpEKO0C/LA==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:51:46 2025 by rpki-client