Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
File: d7bd85bf-2af2-46a0-91d6-f945e7063231.roa (raw, json)
Hash identifier: I4az0miu/SbzGYwUEz0x/Zs682EIbhRl/ahv6X7v0tI=
Subject key identifier: AA:8F:E5:E1:7C:50:05:17:01:2B:01:13:0A:C1:E9:E8:D7:53:22:50
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5415489A807B6E9ADAB35F6366D198DD92FBD0D2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
Signing time: Fri 11 Jul 2025 19:20:06 +0000
ROA not before: Fri 11 Jul 2025 19:20:06 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:c080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:15:48:9a:80:7b:6e:9a:da:b3:5f:63:66:d1:98:dd:92:fb:d0:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:20:06 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=780c963a8005c3c79155c74699f25dbeabc417f89b0e95b32b11f5cb528f982b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ae:af:ec:5e:a6:d6:75:dd:28:f6:e9:20:3f:
f3:c8:dd:81:af:99:db:85:3b:76:38:d0:67:51:f1:
7d:17:a5:a7:63:8a:b5:b7:c5:b7:71:8d:64:e4:14:
fe:89:94:53:f0:47:c2:52:e9:81:93:09:95:fd:f0:
89:44:27:75:21:5b:b3:09:a8:98:9b:a3:ee:1e:18:
bb:0d:14:eb:2a:de:e0:2c:91:e4:13:9a:4a:cb:5e:
3f:1f:89:a6:45:7d:30:36:83:b5:d3:1b:73:ac:3c:
c8:60:f8:ce:ac:71:57:f5:ce:b8:78:9c:16:3f:77:
ea:a7:dc:78:86:76:cf:f2:0c:18:b0:31:f9:48:cc:
7a:34:40:a3:b4:50:dc:27:7a:3a:18:4e:38:20:ee:
72:a0:bc:2b:21:91:14:19:49:43:94:c7:7e:94:0a:
ec:57:2c:3f:db:89:37:46:37:43:98:df:51:a8:09:
af:f4:4c:0b:b6:87:49:98:0b:83:1a:d0:bb:76:47:
7f:2b:7c:8a:3d:8c:01:a1:81:16:a7:bc:82:d6:65:
05:f3:53:e0:c1:9c:37:78:7d:cb:8f:46:71:ca:fe:
f3:b5:1b:18:47:8c:d8:df:c4:b6:b6:28:a7:f7:a8:
73:2a:34:4b:be:d8:35:92:ee:49:8c:d8:d5:99:8a:
59:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:8F:E5:E1:7C:50:05:17:01:2B:01:13:0A:C1:E9:E8:D7:53:22:50
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:c080::/48
Signature Algorithm: sha256WithRSAEncryption
77:6f:48:16:5b:db:0a:5a:15:39:34:38:a0:bf:5c:e4:3b:0f:
1f:ff:f4:56:44:34:a9:f8:30:fe:fc:df:ce:55:24:6e:2b:5f:
fd:d1:fa:b4:a2:18:54:c3:13:51:00:60:5c:bd:ed:90:0b:dd:
a5:1e:9d:21:ef:8e:87:a8:2f:de:e6:ff:3f:dd:28:50:ee:91:
f0:e9:65:8b:7f:1f:e6:1a:da:88:de:e2:f1:0b:53:0c:0d:81:
93:2a:d5:ed:13:20:7e:72:ab:73:8e:89:a7:bc:50:b5:9e:44:
92:5b:f1:06:51:2d:27:90:56:de:57:66:71:4f:47:d9:9c:a9:
e7:ca:d8:5d:88:52:9e:2c:89:61:b9:9f:96:df:3c:0b:2c:80:
7c:c2:c1:4c:71:fe:e4:ba:27:61:9d:3e:74:84:a5:97:5b:17:
7a:47:91:1d:a3:08:43:32:de:be:04:73:d2:06:19:d9:54:54:
96:00:d8:e3:f9:73:af:1e:6a:bb:63:87:b1:e5:71:64:f6:1b:
c2:a6:ab:26:85:06:b4:b5:df:b7:07:97:01:b4:d1:aa:ed:54:
37:7f:82:46:0b:9c:1e:f4:a5:e3:48:be:3b:5a:8d:44:7c:c7:
ce:8f:e8:9f:8c:c1:2f:ce:4d:b2:36:5c:70:27:80:35:d6:46:
fc:c2:de:3f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVBVImoB7bpras19jZtGY3ZL70NIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTIwMDZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4MGM5NjNhODAwNWMzYzc5MTU1Yzc0Njk5ZjI1ZGJlYWJjNDE3Zjg5YjBl
OTViMzJiMTFmNWNiNTI4Zjk4MmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJiur+xeptZ13Sj26SA/88jdga+Z24U7djjQZ1HxfRelp2OKtbfFt3GNZOQU
/omUU/BHwlLpgZMJlf3wiUQndSFbswmomJuj7h4Yuw0U6yre4CyR5BOaSstePx+J
pkV9MDaDtdMbc6w8yGD4zqxxV/XOuHicFj936qfceIZ2z/IMGLAx+UjMejRAo7RQ
3Cd6OhhOOCDucqC8KyGRFBlJQ5THfpQK7FcsP9uJN0Y3Q5jfUagJr/RMC7aHSZgL
gxrQu3ZHfyt8ij2MAaGBFqe8gtZlBfNT4MGcN3h9y49Gccr+87UbGEeM2N/EtrYo
p/eocyo0S77YNZLuSYzY1ZmKWQsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSqj+Xh
fFAFFwErARMKweno11MiUDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDdiZDg1YmYtMmFmMi00NmEwLTkxZDYtZjk0NWU3MDYzMjMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/A
gDANBgkqhkiG9w0BAQsFAAOCAQEAd29IFlvbCloVOTQ4oL9c5DsPH//0VkQ0qfgw
/vzfzlUkbitf/dH6tKIYVMMTUQBgXL3tkAvdpR6dIe+Oh6gv3ub/P90oUO6R8Oll
i38f5hraiN7i8QtTDA2BkyrV7RMgfnKrc46Jp7xQtZ5EklvxBlEtJ5BW3ldmcU9H
2Zyp58rYXYhSniyJYbmflt88CyyAfMLBTHH+5LonYZ0+dISll1sXekeRHaMIQzLe
vgRz0gYZ2VRUlgDY4/lzrx5qu2OHseVxZPYbwqarJoUGtLXftweXAbTRqu1UN3+C
RgucHvSl40i+O1qNRHzHzo/on4zBL85NsjZccCeANdZG/MLePw==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:43:22 2025 by rpki-client