Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d6931f13-0c44-4edc-b1b7-89dc8e035321.roa
File: d6931f13-0c44-4edc-b1b7-89dc8e035321.roa (raw, json)
Hash identifier: eWxnrDmaI2rGCN1UTBVxMKAsELweUAJs8V5Z3ypt+Hk=
Subject key identifier: 41:DB:0E:08:AB:F4:5F:8B:88:52:68:08:79:AB:0D:09:FD:6E:C8:7C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 164B99D2040F5068D8066F9E14A849509F82E707
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d6931f13-0c44-4edc-b1b7-89dc8e035321.roa
Signing time: Fri 11 Jul 2025 20:31:37 +0000
ROA not before: Fri 11 Jul 2025 20:31:37 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 20:51:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:4b:99:d2:04:0f:50:68:d8:06:6f:9e:14:a8:49:50:9f:82:e7:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:31:37 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=d91d6ac6da5c80fc3e921dc98b35d13ec94646dd53b257260b659cf5f3423c1c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:26:c3:25:c0:b2:96:d4:5c:9d:2a:3e:bd:50:
2c:c7:0c:5e:44:a8:33:f7:93:5a:85:65:dd:ea:8c:
e7:7f:df:5e:6c:1f:15:ac:09:e1:0a:d4:6a:0b:b8:
d7:d5:f2:06:27:bd:4a:03:c0:c5:f3:bc:6c:c5:0c:
b5:5b:a9:bc:05:3c:ad:0e:3f:a4:61:50:71:67:2d:
7e:80:00:c5:15:a1:17:6c:ea:f1:04:64:d0:6c:45:
bb:12:f9:0d:84:30:94:c3:32:4b:f4:a4:18:66:3d:
0a:93:73:85:ac:8b:2e:20:09:4c:f8:41:7b:ca:d1:
f6:61:ff:44:54:2d:f5:91:91:c2:71:93:78:f9:57:
9c:7d:6a:6e:71:f0:51:d2:1d:b0:18:2d:b8:8f:1c:
57:b9:f6:fe:42:d0:49:3f:31:1f:40:3c:99:c1:d1:
40:04:de:67:66:3b:da:db:45:03:68:ef:c0:58:d6:
d8:50:03:9b:44:af:b1:4f:93:4b:ee:fb:d4:37:27:
2e:7b:cf:ac:2a:84:da:0a:99:43:77:1e:27:b5:c9:
26:c1:ed:07:f0:89:ac:fd:9a:93:5a:74:43:28:2e:
e2:c4:41:6e:03:98:52:86:62:e3:f6:f6:cd:ff:e2:
12:5a:7b:85:20:f0:04:50:26:cd:f9:ec:62:bd:c5:
65:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:DB:0E:08:AB:F4:5F:8B:88:52:68:08:79:AB:0D:09:FD:6E:C8:7C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d6931f13-0c44-4edc-b1b7-89dc8e035321.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058::/32
Signature Algorithm: sha256WithRSAEncryption
6e:12:3e:a3:34:30:72:a2:10:7c:d6:4d:f0:d6:0d:06:64:ec:
4e:38:9e:c8:62:36:95:cc:8f:99:10:bd:11:c5:b8:99:07:9e:
d0:1a:02:4b:4d:96:c2:e1:8a:ab:f6:2e:c6:07:ca:80:94:e4:
78:b0:93:17:8f:47:a7:45:b7:29:e1:20:5f:24:96:f1:65:08:
2c:e0:e2:36:46:a9:68:e0:30:9e:07:01:76:2d:cf:2a:58:49:
07:ee:03:0a:1b:c8:51:72:29:59:37:92:80:5e:c6:62:9f:95:
27:fb:c2:8f:b3:81:fa:61:70:a0:d7:fb:43:59:54:04:52:92:
0b:76:34:f2:74:3d:83:19:38:55:a9:c6:87:a4:cd:4b:7c:8a:
32:d4:e5:a1:b7:dc:0d:86:e4:54:6d:0d:9d:6d:5a:19:05:99:
8f:d0:a0:bd:82:8f:19:81:d2:92:e7:d9:5f:e9:dd:7a:6c:e8:
f6:10:9a:5c:d6:54:4d:7a:dd:5f:4c:0c:e2:79:11:67:f3:af:
65:69:83:bb:9b:39:29:f8:86:34:1c:95:51:38:44:4c:ba:a6:
e1:89:39:3f:3c:64:c5:e4:48:90:82:66:15:86:1f:44:eb:af:
1c:c2:74:03:98:3a:17:fa:00:dc:95:80:2e:0a:d3:f7:15:e1:
86:f5:d9:cd
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUFkuZ0gQPUGjYBm+eFKhJUJ+C5wcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDMxMzdaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ5MWQ2YWM2ZGE1YzgwZmMzZTkyMWRjOThiMzVkMTNlYzk0NjQ2ZGQ1M2Iy
NTcyNjBiNjU5Y2Y1ZjM0MjNjMWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKAmwyXAspbUXJ0qPr1QLMcMXkSoM/eTWoVl3eqM53/fXmwfFawJ4QrUagu4
19XyBie9SgPAxfO8bMUMtVupvAU8rQ4/pGFQcWctfoAAxRWhF2zq8QRk0GxFuxL5
DYQwlMMyS/SkGGY9CpNzhayLLiAJTPhBe8rR9mH/RFQt9ZGRwnGTePlXnH1qbnHw
UdIdsBgtuI8cV7n2/kLQST8xH0A8mcHRQATeZ2Y72ttFA2jvwFjW2FADm0SvsU+T
S+771DcnLnvPrCqE2gqZQ3ceJ7XJJsHtB/CJrP2ak1p0Qygu4sRBbgOYUoZi4/b2
zf/iElp7hSDwBFAmzfnsYr3FZasCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRB2w4I
q/Rfi4hSaAh5qw0J/W7IfDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDY5MzFmMTMtMGM0NC00ZWRjLWIxYjctODlkYzhlMDM1MzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0Fgw
DQYJKoZIhvcNAQELBQADggEBAG4SPqM0MHKiEHzWTfDWDQZk7E44nshiNpXMj5kQ
vRHFuJkHntAaAktNlsLhiqv2LsYHyoCU5HiwkxePR6dFtynhIF8klvFlCCzg4jZG
qWjgMJ4HAXYtzypYSQfuAwobyFFyKVk3koBexmKflSf7wo+zgfphcKDX+0NZVARS
kgt2NPJ0PYMZOFWpxoekzUt8ijLU5aG33A2G5FRtDZ1tWhkFmY/QoL2CjxmB0pLn
2V/p3Xps6PYQmlzWVE163V9MDOJ5EWfzr2Vpg7ubOSn4hjQclVE4REy6puGJOT88
ZMXkSJCCZhWGH0TrrxzCdAOYOhf6ANyVgC4K0/cV4Yb12c0=
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:59:50 2025 by rpki-client