Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
File: fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa (raw, json)
Hash identifier: 1lFsJn8TcjbAfZXX8IheLnZZe6GjxLrA3BqUlZYNT3A=
Subject key identifier: 56:E4:CB:AC:C4:EE:E6:A8:38:82:EC:C8:C8:ED:63:42:34:D2:27:EC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 61D5F1FA23725CC6219BECCFEA50F164034E708F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
Signing time: Fri 11 Jul 2025 19:10:53 +0000
ROA not before: Fri 11 Jul 2025 19:10:53 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:d5:f1:fa:23:72:5c:c6:21:9b:ec:cf:ea:50:f1:64:03:4e:70:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 11 19:10:53 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=a848561b24884a4637f6fb3e606a3bc278afdc62a321b7db858f03a1c713cd03, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:af:0f:f1:b8:5d:ac:e0:e4:fe:32:f0:06:67:
4a:9c:2c:05:a1:fd:fa:17:2b:2c:4e:61:6a:6e:f2:
2f:24:d7:08:8d:fe:4f:fa:02:17:53:22:ba:05:62:
d2:24:dc:5c:f1:16:e6:b6:99:4f:29:e6:04:57:65:
24:91:92:cc:08:e9:85:21:75:1f:ac:5e:50:39:c9:
e6:9a:60:67:35:3c:3e:60:6f:57:93:2a:97:f7:76:
7f:24:e2:cc:77:25:b6:32:a6:37:6e:d6:e6:93:41:
84:42:46:54:bd:8b:7e:76:d9:ca:23:7c:dc:f7:ad:
be:f0:a1:78:71:73:6c:43:ad:3c:42:ff:a7:28:5d:
8c:e1:61:0f:b9:df:be:b1:5b:b9:d3:7b:58:db:3c:
6c:b3:49:a0:9d:aa:21:11:21:f8:51:28:63:4c:73:
59:9d:b1:43:45:5d:ec:fc:e2:64:08:a8:ba:57:a1:
ce:b3:60:0b:57:c9:bc:e2:7e:96:df:07:40:75:d1:
3a:d3:ec:b8:91:1f:78:e6:d2:42:cf:44:77:02:8d:
0c:d9:dd:4c:09:a2:30:08:e4:d2:4f:38:3c:91:6e:
10:9e:86:a5:07:55:8d:4e:8c:49:99:dd:ae:f0:8f:
55:72:29:43:75:73:48:df:52:6e:5b:c3:c9:83:10:
7c:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:E4:CB:AC:C4:EE:E6:A8:38:82:EC:C8:C8:ED:63:42:34:D2:27:EC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:8000::/40
Signature Algorithm: sha256WithRSAEncryption
bc:06:52:8c:b4:7b:c4:b5:3c:f6:d9:7c:a8:05:8d:93:76:71:
c1:d7:e0:82:11:d7:f4:09:a0:78:e9:37:fd:9b:a4:f4:44:31:
18:de:c7:d9:7d:26:22:0e:19:8e:d0:84:74:37:fa:23:5a:3f:
3a:68:6c:cc:9d:85:aa:16:1d:32:6d:8c:ac:ba:c3:f3:e2:43:
f2:81:21:ad:67:35:d4:ef:25:4e:e6:c8:d6:20:f0:30:4b:74:
e6:77:cf:85:03:de:ec:83:85:b4:98:8b:2f:8f:83:58:63:55:
87:da:e3:87:ec:5f:cb:ce:0a:e6:23:ee:37:5e:88:72:45:34:
1d:5c:f3:ff:fd:84:ce:f8:ce:f5:c7:39:76:b8:24:cc:76:4d:
dc:bf:70:78:94:6a:80:ab:74:f5:ac:c1:74:54:63:27:83:ae:
03:87:64:b1:a6:56:0c:e4:10:ca:71:5c:ac:54:b3:e9:a6:07:
c1:75:5c:52:d2:bb:49:df:1e:53:66:e6:82:b2:a7:e2:08:ec:
46:1c:cc:cc:9d:6b:b1:fa:8d:b9:ac:de:73:f4:16:3a:58:90:
61:80:80:b9:f1:d2:e7:85:dd:c8:3f:5b:4f:2d:94:d8:c6:3e:
c1:df:d2:5a:b8:88:0e:1b:1f:44:23:01:3e:1b:e5:5d:a2:46:
fc:a2:07:e0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYdXx+iNyXMYhm+zP6lDxZANOcI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTEwNTNaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4NDg1NjFiMjQ4ODRhNDYzN2Y2ZmIzZTYwNmEzYmMyNzhhZmRjNjJhMzIx
YjdkYjg1OGYwM2ExYzcxM2NkMDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOvD/G4Xazg5P4y8AZnSpwsBaH9+hcrLE5ham7yLyTXCI3+T/oCF1MiugVi
0iTcXPEW5raZTynmBFdlJJGSzAjphSF1H6xeUDnJ5ppgZzU8PmBvV5Mql/d2fyTi
zHcltjKmN27W5pNBhEJGVL2LfnbZyiN83PetvvCheHFzbEOtPEL/pyhdjOFhD7nf
vrFbudN7WNs8bLNJoJ2qIREh+FEoY0xzWZ2xQ0Vd7PziZAioulehzrNgC1fJvOJ+
lt8HQHXROtPsuJEfeObSQs9EdwKNDNndTAmiMAjk0k84PJFuEJ6GpQdVjU6MSZnd
rvCPVXIpQ3VzSN9SblvDyYMQfHMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRW5Mus
xO7mqDiC7MjI7WNCNNIn7DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmMzY2YxZmYtMjA5ZC00NmY2LWE3ZGQtYTdiYTVkNWJmYmE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DiA
MA0GCSqGSIb3DQEBCwUAA4IBAQC8BlKMtHvEtTz22XyoBY2TdnHB1+CCEdf0CaB4
6Tf9m6T0RDEY3sfZfSYiDhmO0IR0N/ojWj86aGzMnYWqFh0ybYysusPz4kPygSGt
ZzXU7yVO5sjWIPAwS3Tmd8+FA97sg4W0mIsvj4NYY1WH2uOH7F/LzgrmI+43Xohy
RTQdXPP//YTO+M71xzl2uCTMdk3cv3B4lGqAq3T1rMF0VGMng64Dh2SxplYM5BDK
cVysVLPppgfBdVxS0rtJ3x5TZuaCsqfiCOxGHMzMnWux+o25rN5z9BY6WJBhgIC5
8dLnhd3IP1tPLZTYxj7B39JauIgOGx9EIwE+G+Vdokb8ogfg
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:35:52 2025 by rpki-client