Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
File: d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa (raw, json)
Hash identifier: 7lJB2o2xKG2OlO1jcAIsfvjNZQfxpTqsuW6aSPLcZCw=
Subject key identifier: 46:5F:CB:9B:D1:A9:B6:7C:C0:DD:D8:C4:F2:C4:6D:E4:FE:5F:12:EE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3C45C17804587D963BE92D8964CCC611ABA14BD9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
Signing time: Mon 14 Jul 2025 15:30:13 +0000
ROA not before: Mon 14 Jul 2025 15:30:13 +0000
ROA not after: Mon 18 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 20:51:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:45:c1:78:04:58:7d:96:3b:e9:2d:89:64:cc:c6:11:ab:a1:4b:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 14 15:30:13 2025 GMT
Not After : Aug 18 23:59:59 2025 GMT
Subject: serialNumber=31dd59a35150946aaf6728291bc2d3cc4496cfa9609e19315458ac83800c6a76, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:32:45:76:2e:99:dd:5f:a4:b9:ba:36:77:bf:
75:20:e6:d1:5e:cb:fc:3e:83:d9:e7:61:e2:50:64:
d6:b6:94:d0:08:92:17:65:61:78:45:6e:96:0e:6f:
24:75:1a:82:7e:df:91:1e:4c:d1:cf:fd:19:65:23:
22:55:a1:a9:60:68:34:8c:43:f5:30:76:97:18:47:
7b:a2:80:56:b5:c0:44:e6:23:0f:3d:b9:91:69:91:
4d:08:ad:0b:85:ed:f4:de:a3:99:2d:44:1f:49:b5:
1d:34:46:1f:be:6a:61:60:03:2a:27:fc:a7:5d:ca:
4c:74:5d:fe:e2:0e:a4:53:23:a0:d0:c4:18:4e:05:
4f:9c:b9:7c:e9:52:87:53:4f:21:95:71:8d:f1:8c:
cd:f2:3d:47:72:a8:40:99:8e:0f:f5:31:f3:3f:e1:
c0:72:85:0d:a3:0d:56:e2:33:fe:67:ec:ee:8d:c2:
a8:8a:58:e3:d2:b5:f2:c1:2f:cd:d8:8b:7d:35:68:
e4:6d:8c:59:4a:69:7f:ff:b6:a5:9a:ab:84:26:5b:
69:d1:68:97:61:e1:d3:75:ea:28:d6:bb:45:05:4a:
0f:3a:c9:bf:48:7b:1a:48:b1:8a:88:d2:53:d1:82:
0b:02:c2:fb:f3:90:91:ea:9f:1f:d9:0f:49:95:eb:
92:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:5F:CB:9B:D1:A9:B6:7C:C0:DD:D8:C4:F2:C4:6D:E4:FE:5F:12:EE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1800::/38
Signature Algorithm: sha256WithRSAEncryption
2b:cb:e8:aa:a1:9a:a1:53:b9:7a:41:e5:25:0d:8d:d0:e1:6b:
02:aa:5e:1d:cf:ee:fa:c9:7e:c6:a0:8d:30:31:bb:2f:89:5a:
6c:e1:a2:bf:c8:bb:36:f8:a7:8d:a4:84:82:80:ff:62:34:36:
6b:46:30:99:ba:7f:c7:de:37:02:9d:e2:49:da:10:eb:89:9f:
fc:98:04:e6:33:28:22:a8:fc:77:ab:f3:bc:e7:9f:82:9a:b8:
f7:53:ea:44:83:c6:c8:de:bb:b4:38:11:ee:4b:c9:96:73:5b:
13:74:3b:4c:36:0c:6d:90:fa:d8:85:30:3a:0c:54:31:5a:7d:
d7:f0:e5:6f:f6:5a:b2:ba:e4:d8:f1:25:4f:67:21:7a:0d:ed:
a6:fb:fa:10:71:5d:0b:3b:aa:0b:0c:01:c2:da:76:20:8d:73:
07:46:93:52:33:ee:c8:c8:5b:3f:42:98:92:59:e9:dc:69:29:
0f:3f:fb:72:11:22:d0:14:bb:b7:1e:69:06:49:8e:d0:34:04:
d3:89:f7:29:3a:d7:31:5f:9b:86:6f:b6:b9:7f:5d:08:d1:6f:
b3:81:a9:b6:da:7b:00:0a:ac:5d:4d:b2:c8:ce:d1:24:49:3c:
8d:f2:5c:0a:0d:36:82:5f:90:5f:87:02:58:76:7c:04:08:30:
4a:94:8d:03
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPEXBeARYfZY76S2JZMzGEauhS9kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTQxNTMwMTNaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxZGQ1OWEzNTE1MDk0NmFhZjY3MjgyOTFiYzJkM2NjNDQ5NmNmYTk2MDll
MTkzMTU0NThhYzgzODAwYzZhNzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKAyRXYumd1fpLm6Nne/dSDm0V7L/D6D2edh4lBk1raU0AiSF2VheEVulg5v
JHUagn7fkR5M0c/9GWUjIlWhqWBoNIxD9TB2lxhHe6KAVrXAROYjDz25kWmRTQit
C4Xt9N6jmS1EH0m1HTRGH75qYWADKif8p13KTHRd/uIOpFMjoNDEGE4FT5y5fOlS
h1NPIZVxjfGMzfI9R3KoQJmOD/Ux8z/hwHKFDaMNVuIz/mfs7o3CqIpY49K18sEv
zdiLfTVo5G2MWUppf/+2pZqrhCZbadFol2Hh03XqKNa7RQVKDzrJv0h7GkixiojS
U9GCCwLC+/OQkeqfH9kPSZXrkjMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRGX8ub
0am2fMDd2MTyxG3k/l8S7jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDk5NWMzYTEtMjg1OC00MDkwLWEwOTYtMWJmNmFlY2NkNWYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQY
MA0GCSqGSIb3DQEBCwUAA4IBAQAry+iqoZqhU7l6QeUlDY3Q4WsCql4dz+76yX7G
oI0wMbsviVps4aK/yLs2+KeNpISCgP9iNDZrRjCZun/H3jcCneJJ2hDriZ/8mATm
MygiqPx3q/O855+Cmrj3U+pEg8bI3ru0OBHuS8mWc1sTdDtMNgxtkPrYhTA6DFQx
Wn3X8OVv9lqyuuTY8SVPZyF6De2m+/oQcV0LO6oLDAHC2nYgjXMHRpNSM+7IyFs/
QpiSWencaSkPP/tyESLQFLu3HmkGSY7QNATTifcpOtcxX5uGb7a5f10I0W+zgam2
2nsACqxdTbLIztEkSTyN8lwKDTaCX5BfhwJYdnwECDBKlI0D
-----END CERTIFICATE-----
Generated at Thu Jul 24 00:08:39 2025 by rpki-client