Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa
File: f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa (raw, json)
Hash identifier: uywolmrtMMs28EA3ZIj2PKN6dTy9uvWc7l349s/jS0Y=
Subject key identifier: A4:08:46:92:6F:57:43:82:A2:2E:4A:4F:46:32:6D:07:7E:A6:03:F4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7652EDC36EB6D94B938C100C5141CFA04CC4D688
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa
Signing time: Fri 11 Jul 2025 20:00:13 +0000
ROA not before: Fri 11 Jul 2025 20:00:13 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 14:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:52:ed:c3:6e:b6:d9:4b:93:8c:10:0c:51:41:cf:a0:4c:c4:d6:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 20:00:13 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=0eb0f8cf8ee8b44c957eb687e671cdac336102d5049387c6a3cdc447baef74ad, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:8e:e1:51:55:8c:15:79:86:a0:ea:5a:85:8d:
fa:c2:50:74:21:a3:3a:a1:2c:e4:30:c8:dc:fe:3e:
e1:a8:cf:be:1b:0d:3d:70:fa:55:61:8d:0c:8b:41:
f3:21:d3:ec:0f:bc:0f:18:95:1c:f5:2f:26:63:fb:
52:9f:74:bc:2f:a7:3f:2c:71:db:69:43:53:e5:3d:
48:7d:27:d4:a7:7b:d1:24:03:73:4a:f4:14:13:b0:
a1:28:c9:83:26:8c:55:b7:74:0f:2e:fc:f6:67:75:
17:c0:76:01:e5:d1:3d:42:fe:76:bb:93:66:4e:20:
7e:b1:6e:10:91:94:ac:35:87:5a:3f:4c:f7:62:4a:
12:cc:ef:fd:00:17:a8:84:e8:d0:b7:32:db:51:38:
ec:2a:8f:ff:9a:7a:34:af:c5:21:b7:8a:c2:1d:66:
7d:a8:53:f0:c8:22:56:43:a7:d7:d1:8f:16:69:9e:
66:2d:e5:56:c7:16:20:6d:d2:14:45:62:fb:71:36:
a4:bd:4f:1e:72:44:31:98:60:bc:21:de:d1:46:af:
53:1c:73:b1:dd:61:72:e5:8c:20:55:d8:4e:81:da:
fd:29:fc:9b:e5:99:6b:ab:92:81:b0:d9:e5:b4:89:
c5:4a:7b:6a:d5:5a:21:25:97:41:0a:84:af:43:c4:
d7:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:08:46:92:6F:57:43:82:A2:2E:4A:4F:46:32:6D:07:7E:A6:03:F4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:1000::/40
Signature Algorithm: sha256WithRSAEncryption
09:ec:d8:fe:85:82:cf:fd:ca:eb:3c:5d:60:28:db:93:4b:ad:
5a:f5:21:9e:d3:88:d2:c3:48:7f:25:f7:bb:a9:09:ee:93:02:
6e:6e:ce:d3:48:8c:95:d8:ad:35:6b:8b:26:61:74:02:dc:61:
3b:34:b5:ec:9d:7d:8e:98:b4:24:83:95:f4:51:c8:d8:92:06:
eb:57:c4:f3:0e:1a:64:c2:52:04:a9:23:8e:65:9c:1c:be:81:
b9:df:95:ab:70:17:b2:09:c1:6e:0d:85:6b:8b:64:67:39:50:
61:6c:d3:87:c8:56:2f:09:b4:dd:1d:bd:12:cf:40:ba:35:28:
19:e8:78:86:90:c9:18:23:ca:e9:57:57:63:4f:6b:7d:c0:c9:
09:4f:da:dd:73:63:77:13:47:0c:29:e5:58:8a:de:db:5e:3e:
45:aa:50:df:85:2e:ba:d3:1a:49:a5:1a:31:f3:e0:f6:f2:ee:
53:32:df:95:0f:16:16:25:72:19:9f:46:38:17:c0:d7:2b:2d:
95:d2:74:ec:b8:fd:16:6b:45:80:b5:aa:3e:36:e6:1e:68:3f:
0b:86:9c:bb:de:8f:01:af:f7:6a:9a:63:0b:13:b1:26:6c:69:
2e:3a:1b:4d:ab:d9:8e:23:59:6f:12:30:c2:1b:82:29:60:80:
d3:78:cc:c4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdlLtw2622UuTjBAMUUHPoEzE1ogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDAwMTNaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlYjBmOGNmOGVlOGI0NGM5NTdlYjY4N2U2NzFjZGFjMzM2MTAyZDUwNDkz
ODdjNmEzY2RjNDQ3YmFlZjc0YWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIuO4VFVjBV5hqDqWoWN+sJQdCGjOqEs5DDI3P4+4ajPvhsNPXD6VWGNDItB
8yHT7A+8DxiVHPUvJmP7Up90vC+nPyxx22lDU+U9SH0n1Kd70SQDc0r0FBOwoSjJ
gyaMVbd0Dy789md1F8B2AeXRPUL+druTZk4gfrFuEJGUrDWHWj9M92JKEszv/QAX
qITo0Lcy21E47CqP/5p6NK/FIbeKwh1mfahT8MgiVkOn19GPFmmeZi3lVscWIG3S
FEVi+3E2pL1PHnJEMZhgvCHe0UavUxxzsd1hcuWMIFXYToHa/Sn8m+WZa6uSgbDZ
5bSJxUp7atVaISWXQQqEr0PE11ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSkCEaS
b1dDgqIuSk9GMm0HfqYD9DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjBkZTkyZDktOWIxNC00MzIzLWIyZTAtYTQ2NGY2MGY3NmI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DUQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAJ7Nj+hYLP/crrPF1gKNuTS61a9SGe04jSw0h/
Jfe7qQnukwJubs7TSIyV2K01a4smYXQC3GE7NLXsnX2OmLQkg5X0UcjYkgbrV8Tz
DhpkwlIEqSOOZZwcvoG535WrcBeyCcFuDYVri2RnOVBhbNOHyFYvCbTdHb0Sz0C6
NSgZ6HiGkMkYI8rpV1djT2t9wMkJT9rdc2N3E0cMKeVYit7bXj5FqlDfhS660xpJ
pRox8+D28u5TMt+VDxYWJXIZn0Y4F8DXKy2V0nTsuP0Wa0WAtao+NuYeaD8Lhpy7
3o8Br/dqmmMLE7EmbGkuOhtNq9mOI1lvEjDCG4IpYIDTeMzE
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:59:16 2025 by rpki-client