Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f490cfa0-ccb9-443c-9e85-719668591c22.roa
File: f490cfa0-ccb9-443c-9e85-719668591c22.roa (raw, json)
Hash identifier: iYmwMXV2MS2kKpUI9H1WzJrij9eVx3uRksD4q4V/pOc=
Subject key identifier: FA:55:DE:26:6D:9C:21:77:8E:43:5B:A2:CA:D2:82:79:AD:0A:1D:5B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 48F086F3356F7AD4E3B87BFE5F14340A0573BCDC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f490cfa0-ccb9-443c-9e85-719668591c22.roa
Signing time: Fri 11 Jul 2025 19:41:46 +0000
ROA not before: Fri 11 Jul 2025 19:41:46 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:c040::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:f0:86:f3:35:6f:7a:d4:e3:b8:7b:fe:5f:14:34:0a:05:73:bc:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:41:46 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=fead7f1c041bb1fac0f4d2686dd09efedf75cfc9e683392d00a2348bfed882d9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:91:7b:41:bb:79:a2:fe:04:88:8c:0b:d3:20:
4e:0e:75:09:4c:fe:93:9f:d2:de:89:76:62:f4:cb:
81:17:55:75:92:46:c0:08:ad:9f:dd:8b:f0:2f:04:
ee:2b:d9:7f:67:c1:c6:24:62:d4:5b:7a:9c:eb:9e:
98:b2:9b:55:9f:44:e3:b3:03:7f:95:92:d3:06:f6:
b3:21:b4:2d:ad:22:ad:6c:e4:84:19:64:75:5b:24:
c1:e6:38:4a:f7:fb:65:d3:1d:33:5d:d1:9d:49:5d:
b7:26:1a:35:e8:24:41:d1:6a:4d:6e:fc:26:e2:38:
5d:64:b2:fb:a9:7f:3d:b3:7e:99:a0:03:a6:03:19:
b6:c4:12:9a:8d:d9:49:fb:5d:28:3f:1d:72:4c:81:
1c:d6:a7:1b:a6:e0:17:77:f8:ae:40:4f:6e:82:43:
93:6c:7d:f7:f5:77:7a:15:e1:df:89:70:e2:f7:00:
67:fc:f7:8b:9f:28:46:b0:c8:bb:c9:45:42:3a:b1:
4b:87:03:aa:e1:0f:9b:62:1c:fa:c2:05:32:1c:62:
e4:d8:ec:cf:07:b3:f7:70:c7:cf:da:ee:00:f1:9a:
d2:96:a7:f9:c1:6d:e2:8a:94:8b:0d:fd:fd:d2:4f:
81:47:50:58:94:9e:19:63:e3:1d:28:f8:bf:d3:50:
7c:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:55:DE:26:6D:9C:21:77:8E:43:5B:A2:CA:D2:82:79:AD:0A:1D:5B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f490cfa0-ccb9-443c-9e85-719668591c22.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:c040::/46
Signature Algorithm: sha256WithRSAEncryption
5a:07:7f:bb:d0:7d:9a:54:d2:a7:f0:d2:7c:5c:4f:66:e4:e1:
38:04:d0:ac:8a:cd:b6:96:21:0b:26:f0:80:c2:7f:3a:7f:1f:
32:68:01:92:01:dc:71:1c:9e:e3:96:aa:d2:98:50:c7:de:b2:
23:eb:37:99:59:d3:be:57:26:de:61:42:f0:86:c6:bf:7f:5b:
0f:68:5e:0a:ae:90:df:dc:11:73:dd:7b:cb:04:79:3f:cd:b1:
4d:1d:60:f9:80:ed:b7:01:c7:f2:17:e0:53:ff:5a:39:06:47:
44:9e:79:87:a7:eb:a1:c1:0a:bf:cf:f9:6c:49:47:0b:7f:67:
d9:36:88:68:05:48:78:b8:6b:f8:a4:42:76:34:45:b0:aa:53:
bb:c3:7c:a4:2c:82:43:ac:d6:3e:49:ba:90:61:31:e5:3e:0f:
c1:1a:64:d3:59:7c:4d:07:bb:31:6a:4f:7e:7a:9e:a7:1b:3e:
c6:68:d4:5d:39:73:ba:6f:0c:0d:e2:6d:54:46:8b:e9:ec:3c:
ac:9e:eb:27:5e:68:af:2c:19:62:e9:04:af:10:ef:7b:3c:07:
7e:d5:29:29:7d:87:58:a4:63:11:e0:01:f2:89:54:24:c5:80:
96:e7:d2:17:8f:9d:f8:cb:6f:32:10:f6:4d:a8:40:84:b6:0f:
a7:09:84:0e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUSPCG8zVvetTjuHv+XxQ0CgVzvNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTQxNDZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlYWQ3ZjFjMDQxYmIxZmFjMGY0ZDI2ODZkZDA5ZWZlZGY3NWNmYzllNjgz
MzkyZDAwYTIzNDhiZmVkODgyZDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmRe0G7eaL+BIiMC9MgTg51CUz+k5/S3ol2YvTLgRdVdZJGwAitn92L8C8E
7ivZf2fBxiRi1Ft6nOuemLKbVZ9E47MDf5WS0wb2syG0La0irWzkhBlkdVskweY4
Svf7ZdMdM13RnUldtyYaNegkQdFqTW78JuI4XWSy+6l/PbN+maADpgMZtsQSmo3Z
SftdKD8dckyBHNanG6bgF3f4rkBPboJDk2x99/V3ehXh34lw4vcAZ/z3i58oRrDI
u8lFQjqxS4cDquEPm2Ic+sIFMhxi5Njszwez93DHz9ruAPGa0pan+cFt4oqUiw39
/dJPgUdQWJSeGWPjHSj4v9NQfIECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT6Vd4m
bZwhd45DW6LK0oJ5rQodWzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjQ5MGNmYTAtY2NiOS00NDNjLTllODUtNzE5NjY4NTkxYzIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DXA
QDANBgkqhkiG9w0BAQsFAAOCAQEAWgd/u9B9mlTSp/DSfFxPZuThOATQrIrNtpYh
CybwgMJ/On8fMmgBkgHccRye45aq0phQx96yI+s3mVnTvlcm3mFC8IbGv39bD2he
Cq6Q39wRc917ywR5P82xTR1g+YDttwHH8hfgU/9aOQZHRJ55h6frocEKv8/5bElH
C39n2TaIaAVIeLhr+KRCdjRFsKpTu8N8pCyCQ6zWPkm6kGEx5T4PwRpk01l8TQe7
MWpPfnqepxs+xmjUXTlzum8MDeJtVEaL6ew8rJ7rJ15orywZYukErxDvezwHftUp
KX2HWKRjEeAB8olUJMWAlufSF4+d+MtvMhD2TahAhLYPpwmEDg==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:46:46 2025 by rpki-client