Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/924a4487-e709-4e7a-9c72-9678b465cef8.roa
File: 924a4487-e709-4e7a-9c72-9678b465cef8.roa (raw, json)
Hash identifier: toLEnEqkZZ1gglJyqCEFeqvhNRSMEXJ8+3g6WSd1x7o=
Subject key identifier: F7:48:E5:30:C7:34:69:DE:F4:F6:87:9D:92:0E:AA:72:6E:9B:44:CB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4AED022CF5DD842CF8542E9AD5CA01CE8A8769C5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/924a4487-e709-4e7a-9c72-9678b465cef8.roa
Signing time: Tue 03 Jun 2025 20:53:46 +0000
ROA not before: Tue 03 Jun 2025 20:53:46 +0000
ROA not after: Tue 08 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 15:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:ed:02:2c:f5:dd:84:2c:f8:54:2e:9a:d5:ca:01:ce:8a:87:69:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 3 20:53:46 2025 GMT
Not After : Jul 8 23:59:59 2025 GMT
Subject: serialNumber=11151ceb082f861c2429eebd73a948acb7ec4821fd27405a23fc3997895291a0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ec:60:11:40:15:69:bb:77:71:86:7c:89:76:
83:5f:c6:79:04:ab:c9:2f:ea:0c:c5:92:e3:f1:13:
7f:38:4e:af:4f:a1:b5:07:d1:55:8a:53:de:1a:0e:
2b:22:40:57:d4:5d:70:fe:cd:b8:42:40:b4:1f:4d:
fa:1e:f2:64:bf:6b:9f:ca:81:d4:2a:b2:21:c3:d8:
b1:c7:e1:4c:cc:4e:c6:21:aa:c2:32:51:18:0d:e8:
7a:30:94:21:3e:ff:f5:8d:26:d1:84:47:49:58:d9:
8d:d9:26:bd:3e:25:0b:36:83:9d:96:cb:06:85:41:
5d:a4:1a:b7:81:c9:ae:63:71:b2:52:6e:87:2f:99:
d6:4e:76:30:f2:16:e7:d6:58:e2:92:27:25:d4:4e:
57:b7:de:19:57:f0:33:27:cb:78:17:a3:ac:0c:51:
0c:c2:28:c8:9d:2b:e6:df:31:40:63:79:a8:4e:78:
6a:66:f9:65:0f:c7:ec:11:03:11:d8:a4:66:af:5c:
dd:2c:10:bb:c6:11:05:ca:67:f9:1e:28:2e:67:1c:
57:df:d4:0f:28:9a:30:ec:d8:3d:b1:22:e7:1d:2c:
b0:7b:e2:f0:7f:50:d3:6a:f4:61:16:dd:c8:8f:a2:
2b:30:95:ce:97:3c:0f:5f:f3:ec:f3:90:9e:d9:55:
fb:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:48:E5:30:C7:34:69:DE:F4:F6:87:9D:92:0E:AA:72:6E:9B:44:CB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/924a4487-e709-4e7a-9c72-9678b465cef8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:6000::/40
Signature Algorithm: sha256WithRSAEncryption
ac:0c:15:1b:86:f0:88:fe:94:14:30:4b:27:4f:22:b3:e9:f5:
30:76:26:f2:1e:2f:c4:59:c4:6f:23:ba:df:28:71:be:25:ca:
37:76:af:55:b2:54:30:91:68:fe:64:e3:b3:cb:cb:99:77:15:
99:64:ee:47:73:bb:e2:b3:35:0c:05:8d:d5:f7:dc:0c:79:67:
d6:69:3a:3f:28:95:df:5f:d1:d7:4c:39:d6:29:34:29:1d:dc:
f6:a5:61:06:5b:ea:c5:e5:6a:02:52:95:83:2a:9e:25:a0:06:
b3:87:55:25:b8:1a:95:72:dd:8a:e0:aa:1b:11:13:18:0d:2f:
bd:ac:bd:b9:b6:d6:39:62:34:a4:4d:28:4e:2c:fe:59:ea:d0:
73:cc:d7:7e:9b:76:ac:97:22:d9:03:ee:75:f2:0b:84:01:98:
ef:9b:6c:0c:57:6d:4f:17:25:06:de:ce:13:9a:f6:d2:16:6c:
86:19:b9:c6:2c:8d:5a:c9:31:7f:87:50:fc:5a:ee:47:21:c7:
1d:96:6e:23:c9:93:bd:1e:13:ad:0f:f6:e9:55:80:19:13:98:
30:ff:db:ad:ba:e9:1a:42:8a:8d:02:bb:0e:dc:57:f0:39:7a:
38:e3:c5:a4:35:78:57:f0:8d:06:ee:66:73:2c:5e:9e:d8:a9:
6a:7a:5a:fa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSu0CLPXdhCz4VC6a1coBzoqHacUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MDMyMDUzNDZaFw0yNTA3MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDExMTUxY2ViMDgyZjg2MWMyNDI5ZWViZDczYTk0OGFjYjdlYzQ4MjFmZDI3
NDA1YTIzZmMzOTk3ODk1MjkxYTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALHsYBFAFWm7d3GGfIl2g1/GeQSryS/qDMWS4/ETfzhOr0+htQfRVYpT3hoO
KyJAV9RdcP7NuEJAtB9N+h7yZL9rn8qB1CqyIcPYscfhTMxOxiGqwjJRGA3oejCU
IT7/9Y0m0YRHSVjZjdkmvT4lCzaDnZbLBoVBXaQat4HJrmNxslJuhy+Z1k52MPIW
59ZY4pInJdROV7feGVfwMyfLeBejrAxRDMIoyJ0r5t8xQGN5qE54amb5ZQ/H7BED
EdikZq9c3SwQu8YRBcpn+R4oLmccV9/UDyiaMOzYPbEi5x0ssHvi8H9Q02r0YRbd
yI+iKzCVzpc8D1/z7POQntlV+zsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT3SOUw
xzRp3vT2h52SDqpybptEyzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTI0YTQ0ODctZTcwOS00ZTdhLTljNzItOTY3OGI0NjVjZWY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HRg
MA0GCSqGSIb3DQEBCwUAA4IBAQCsDBUbhvCI/pQUMEsnTyKz6fUwdibyHi/EWcRv
I7rfKHG+Jco3dq9VslQwkWj+ZOOzy8uZdxWZZO5Hc7viszUMBY3V99wMeWfWaTo/
KJXfX9HXTDnWKTQpHdz2pWEGW+rF5WoCUpWDKp4loAazh1UluBqVct2K4KobERMY
DS+9rL25ttY5YjSkTShOLP5Z6tBzzNd+m3aslyLZA+518guEAZjvm2wMV21PFyUG
3s4TmvbSFmyGGbnGLI1ayTF/h1D8Wu5HIccdlm4jyZO9HhOtD/bpVYAZE5gw/9ut
uukaQoqNArsO3FfwOXo448WkNXhX8I0G7mZzLF6e2Klqelr6
-----END CERTIFICATE-----
Generated at Fri Jun 6 19:09:21 2025 by rpki-client