Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
File: 90bd72ba-b30d-4433-a47e-e0543a4ea451.roa (raw, json)
Hash identifier: Do9vE7iWsqx+aioUNlcbl63wUfdE0LKu740ehOjikdM=
Subject key identifier: AE:C0:E0:A6:27:44:EB:17:B4:52:CD:E8:0D:27:4E:E9:C3:39:87:2B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5EE4796F1267013D455305CE8D2CBAD02F7FF540
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
Signing time: Tue 05 Aug 2025 19:41:21 +0000
ROA not before: Tue 05 Aug 2025 19:41:21 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:e4:79:6f:12:67:01:3d:45:53:05:ce:8d:2c:ba:d0:2f:7f:f5:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:41:21 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=c1b17b35f99afc9c1ebff09d287bc20f28d61e6adab0cb9aee02aa0917273ccf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ec:e6:74:70:4d:ea:65:22:0c:c4:04:07:43:
3b:28:03:e6:dc:94:69:aa:ce:a1:f5:a7:71:43:eb:
9b:4d:d3:4e:ad:41:29:df:e3:f6:2f:50:c3:c6:d1:
a8:c2:de:9e:78:b3:9d:ca:54:27:76:e9:45:93:2a:
45:0a:bf:15:3e:c6:99:75:be:76:bb:9c:a9:0c:43:
f9:01:43:9d:fd:0f:52:65:49:e9:52:41:66:92:2f:
c5:45:9a:9a:c6:4b:a8:48:e8:4e:c7:b7:d1:20:49:
a5:98:2c:b1:1e:2c:f9:92:b5:53:b8:79:b3:6e:43:
37:d0:c6:f4:0c:de:73:41:c6:71:67:2b:3f:31:c1:
88:6e:ec:7b:df:9f:25:e4:fd:1e:19:ec:94:08:10:
1e:77:e5:eb:64:b0:10:a4:63:42:4a:10:53:16:8a:
05:f6:b4:c1:3c:e4:4b:d2:a7:d6:81:97:27:61:5c:
77:40:5c:1e:d2:12:a5:94:c3:db:00:df:c1:bc:dc:
cf:81:3e:86:76:95:cb:e7:c8:0e:71:59:e3:a9:20:
6d:6f:ba:99:25:67:a0:b8:69:ba:5d:1d:fd:f8:2f:
01:c2:a7:e3:9d:ad:89:2a:cb:c2:0f:12:a4:8e:1f:
31:e6:e6:f7:12:57:25:a2:12:b2:a4:a5:d5:28:2a:
67:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:C0:E0:A6:27:44:EB:17:B4:52:CD:E8:0D:27:4E:E9:C3:39:87:2B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:e000::/40
Signature Algorithm: sha256WithRSAEncryption
76:fb:ac:fa:26:be:55:e0:a9:84:2e:98:e3:79:e0:3e:b7:cf:
b6:48:39:c8:61:02:ae:dc:59:35:82:71:98:7b:42:86:9a:99:
87:15:f2:47:96:db:b1:20:02:ea:ff:11:ae:32:9d:d4:ee:f5:
c5:20:ed:3f:64:70:74:13:74:51:8a:df:1f:1e:06:4c:b7:65:
3f:d0:ed:39:0f:38:51:25:bc:01:45:af:83:f3:59:54:8f:6b:
38:11:a7:06:26:c9:59:1e:b9:2f:07:7e:3b:1f:74:f1:94:e3:
ad:1e:34:65:dc:9a:a2:9a:82:f1:04:55:fd:6d:d0:b1:14:43:
cf:08:93:2e:da:de:20:50:b0:a3:c8:16:f4:23:fc:f0:84:d7:
49:ff:ed:63:1f:80:c1:30:45:d5:be:29:28:1e:79:53:7b:ad:
db:b5:0a:8b:8c:ae:b9:ac:4f:ff:50:d2:72:2f:25:b5:78:19:
28:08:3b:bd:07:c6:68:8d:ec:18:72:fd:16:62:7b:fe:3f:69:
a4:93:be:1f:f1:32:77:4a:94:64:d7:78:a7:a6:79:db:9b:7f:
0f:4c:ae:d7:b1:66:49:36:de:3a:f7:8b:b2:cf:07:b9:07:6c:
9c:26:0e:04:c8:91:a4:0f:22:2a:a6:43:3e:e0:69:09:e5:e7:
f4:bb:a0:5b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXuR5bxJnAT1FUwXOjSy60C9/9UAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQxMjFaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxYjE3YjM1Zjk5YWZjOWMxZWJmZjA5ZDI4N2JjMjBmMjhkNjFlNmFkYWIw
Y2I5YWVlMDJhYTA5MTcyNzNjY2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKns5nRwTeplIgzEBAdDOygD5tyUaarOofWncUPrm03TTq1BKd/j9i9Qw8bR
qMLennizncpUJ3bpRZMqRQq/FT7GmXW+drucqQxD+QFDnf0PUmVJ6VJBZpIvxUWa
msZLqEjoTse30SBJpZgssR4s+ZK1U7h5s25DN9DG9Azec0HGcWcrPzHBiG7se9+f
JeT9HhnslAgQHnfl62SwEKRjQkoQUxaKBfa0wTzkS9Kn1oGXJ2Fcd0BcHtISpZTD
2wDfwbzcz4E+hnaVy+fIDnFZ46kgbW+6mSVnoLhpul0d/fgvAcKn452tiSrLwg8S
pI4fMebm9xJXJaISsqSl1SgqZx0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSuwOCm
J0TrF7RSzegNJ07pwzmHKzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTBiZDcyYmEtYjMwZC00NDMzLWE0N2UtZTA1NDNhNGVhNDUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTg
MA0GCSqGSIb3DQEBCwUAA4IBAQB2+6z6Jr5V4KmELpjjeeA+t8+2SDnIYQKu3Fk1
gnGYe0KGmpmHFfJHltuxIALq/xGuMp3U7vXFIO0/ZHB0E3RRit8fHgZMt2U/0O05
DzhRJbwBRa+D81lUj2s4EacGJslZHrkvB347H3TxlOOtHjRl3JqimoLxBFX9bdCx
FEPPCJMu2t4gULCjyBb0I/zwhNdJ/+1jH4DBMEXVvikoHnlTe63btQqLjK65rE//
UNJyLyW1eBkoCDu9B8ZojewYcv0WYnv+P2mkk74f8TJ3SpRk13inpnnbm38PTK7X
sWZJNt4694uyzwe5B2ycJg4EyJGkDyIqpkM+4GkJ5ef0u6Bb
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:37:38 2025 by rpki-client