Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8fa5442d-f7b6-4531-9d3e-f61e3e8920e5.roa
File: 8fa5442d-f7b6-4531-9d3e-f61e3e8920e5.roa (raw, json)
Hash identifier: u9VjgcpNT4RfZCvMCfZBqYKgeAhfYoAwOwv9sksZFFs=
Subject key identifier: 3A:EC:B0:DF:50:20:AA:57:E4:03:E6:33:60:72:E2:07:77:E3:8A:B9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 208066AD310ADDBBEA3CF8512AB7095BC7B2FC15
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8fa5442d-f7b6-4531-9d3e-f61e3e8920e5.roa
Signing time: Mon 12 May 2025 16:11:11 +0000
ROA not before: Mon 12 May 2025 16:11:11 +0000
ROA not after: Mon 16 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d030:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 13:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:80:66:ad:31:0a:dd:bb:ea:3c:f8:51:2a:b7:09:5b:c7:b2:fc:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 12 16:11:11 2025 GMT
Not After : Jun 16 23:59:59 2025 GMT
Subject: serialNumber=16239c04d09cecb84600edcc66e0ead3bb6d06780eb09e2b860cadb3ded3eb61, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:18:60:ce:9e:c3:8e:42:51:13:4c:90:57:2d:
b4:63:40:e6:bb:03:1d:45:72:26:98:94:5f:06:4f:
97:5f:b3:07:b7:ef:a6:e8:9e:94:c5:fe:ac:80:79:
de:2c:35:ec:c6:e5:a5:33:f3:be:0f:08:58:04:bf:
9a:e0:5a:f4:71:1d:50:af:ef:c4:fa:b0:f0:49:b0:
ea:7c:70:51:e4:94:68:b0:0d:9e:72:b2:46:de:c1:
7f:c3:7b:62:4c:e2:09:34:4b:42:62:9e:ba:2f:25:
95:32:b7:30:39:94:75:cf:19:86:c1:26:a5:77:86:
dd:9d:19:50:24:6f:ae:d5:a9:f6:f4:19:79:6f:ae:
94:fc:52:0a:9c:50:dc:fc:1d:96:97:c2:44:bb:35:
ed:a1:11:87:0f:2f:ec:e9:25:4b:7b:f1:7b:ba:69:
9a:36:c1:35:ad:9f:a9:19:ea:85:b6:ca:cb:10:af:
ec:5b:86:4f:e3:0c:eb:d4:65:13:d1:34:c6:08:94:
c4:25:a7:ff:1b:09:60:e4:d7:2b:96:c7:f9:55:9e:
9c:ea:8f:a7:bf:2d:80:ea:19:1f:f5:69:1d:ef:e7:
b3:4b:ce:82:e9:ff:e3:5f:5e:0f:2b:b3:ed:a8:78:
af:59:8b:d6:09:cb:79:63:f4:aa:12:8b:eb:2b:54:
33:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:EC:B0:DF:50:20:AA:57:E4:03:E6:33:60:72:E2:07:77:E3:8A:B9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8fa5442d-f7b6-4531-9d3e-f61e3e8920e5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d030:1000::/40
Signature Algorithm: sha256WithRSAEncryption
a3:6d:ec:73:69:11:bd:59:69:53:7a:d5:b2:b2:01:cd:c9:3a:
0d:3c:d3:c5:92:7a:c6:99:8d:2c:e4:31:c9:dc:65:67:92:b6:
98:ec:07:e9:e4:14:1c:3a:6b:70:d7:cf:16:79:91:09:c3:a5:
d5:70:ae:cc:ba:24:f1:ff:69:10:a8:a8:c7:89:9f:64:eb:54:
e9:d3:7e:ef:3c:c4:b5:1b:23:fc:f8:fc:76:29:a2:e9:b6:b0:
e7:26:8c:e3:f6:bb:46:23:fa:3a:0b:05:c3:2b:ce:25:3e:5e:
6e:1b:f5:53:c7:ab:cb:2a:1b:e3:b6:a8:f6:ee:42:36:22:28:
49:64:80:6c:eb:a4:40:cf:76:fa:46:70:e5:16:e7:ea:83:de:
25:27:48:5a:2e:ed:11:57:b4:6d:45:4f:38:66:b6:7b:89:21:
a6:5b:a6:80:89:29:7d:4c:be:91:6e:6e:8c:a5:7e:ff:d8:6a:
77:33:67:78:ad:a7:ef:d1:92:06:f3:c3:aa:b0:73:05:a7:73:
65:9b:e0:b0:f7:34:7c:fd:67:ab:fa:55:38:20:95:52:12:1d:
f9:2a:cb:03:38:fc:48:f3:d6:63:56:43:84:6d:58:09:bf:15:
23:4b:3f:6a:82:c9:6a:53:55:6f:72:bb:f5:35:f1:95:5b:09:
9e:dc:3c:29
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIIBmrTEK3bvqPPhRKrcJW8ey/BUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MTIxNjExMTFaFw0yNTA2MTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2MjM5YzA0ZDA5Y2VjYjg0NjAwZWRjYzY2ZTBlYWQzYmI2ZDA2NzgwZWIw
OWUyYjg2MGNhZGIzZGVkM2ViNjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsYYM6ew45CURNMkFcttGNA5rsDHUVyJpiUXwZPl1+zB7fvpuielMX+rIB5
3iw17MblpTPzvg8IWAS/muBa9HEdUK/vxPqw8Emw6nxwUeSUaLANnnKyRt7Bf8N7
YkziCTRLQmKeui8llTK3MDmUdc8ZhsEmpXeG3Z0ZUCRvrtWp9vQZeW+ulPxSCpxQ
3PwdlpfCRLs17aERhw8v7OklS3vxe7ppmjbBNa2fqRnqhbbKyxCv7FuGT+MM69Rl
E9E0xgiUxCWn/xsJYOTXK5bH+VWenOqPp78tgOoZH/VpHe/ns0vOgun/419eDyuz
7ah4r1mL1gnLeWP0qhKL6ytUM8UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ67LDf
UCCqV+QD5jNgcuIHd+OKuTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGZhNTQ0MmQtZjdiNi00NTMxLTlkM2UtZjYxZTNlODkyMGU1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCjbexzaRG9WWlTetWysgHNyToNPNPFknrGmY0s
5DHJ3GVnkraY7Afp5BQcOmtw188WeZEJw6XVcK7MuiTx/2kQqKjHiZ9k61Tp037v
PMS1GyP8+Px2KaLptrDnJozj9rtGI/o6CwXDK84lPl5uG/VTx6vLKhvjtqj27kI2
IihJZIBs66RAz3b6RnDlFufqg94lJ0haLu0RV7RtRU84ZrZ7iSGmW6aAiSl9TL6R
bm6MpX7/2Gp3M2d4rafv0ZIG88OqsHMFp3Nlm+Cw9zR8/Wer+lU4IJVSEh35KssD
OPxI89ZjVkOEbVgJvxUjSz9qgslqU1Vvcrv1NfGVWwme3Dwp
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:26:51 2025 by rpki-client