Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
File: f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa (raw, json)
Hash identifier: AR5NXFLMeKjKbMUwZnkbbYdzafNlZNypHfu6pzDUfpM=
Subject key identifier: 02:CD:D0:23:99:CD:6B:26:F8:C6:C7:5A:FC:4A:B1:F9:58:D1:AE:06
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 538A596B5679F7AB759F013CB283C7E3501B94ED
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
Signing time: Tue 20 May 2025 18:50:16 +0000
ROA not before: Tue 20 May 2025 18:50:16 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 13:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:8a:59:6b:56:79:f7:ab:75:9f:01:3c:b2:83:c7:e3:50:1b:94:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:50:16 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=52fb5984fdb0e1e572ccb54b7541e6658810d2f07e95308fd26f20726b639fff, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:98:90:6e:f6:24:fc:82:dd:f9:8b:17:fa:88:
05:cd:17:9d:d3:64:c6:e2:37:9a:8f:46:f4:da:40:
70:2e:2f:4b:b0:ba:00:c9:21:9e:5c:b5:0b:08:83:
6c:91:8e:46:c9:0f:b9:9b:67:7f:92:f2:34:0a:dc:
ea:15:72:1c:bf:7c:6e:28:7c:12:11:20:9b:cf:0c:
5d:c3:da:24:e0:48:3d:3e:0f:05:c4:f7:4c:04:07:
76:2f:7f:c2:84:f8:60:b0:78:e2:a1:da:a2:e6:6f:
47:14:44:d6:5e:c6:6e:34:4e:39:99:eb:2b:33:28:
ab:88:ac:8a:40:2f:9c:76:fc:f0:76:b1:27:5b:f9:
4c:7a:79:25:8f:95:55:1a:81:5c:d1:3a:95:b7:c7:
e5:28:8d:9b:55:12:1d:7a:0c:65:b5:bc:25:52:fd:
c1:ea:7e:da:ce:ca:a9:df:95:29:d4:36:fd:b5:ce:
c0:ed:d3:d6:9b:eb:54:82:d1:e2:3a:90:fd:9b:ad:
0a:67:3d:62:60:62:fb:30:37:c3:35:5c:a1:cd:3b:
85:ca:5d:34:2d:e0:16:d8:ff:d5:36:41:a2:bb:3c:
92:82:e2:c3:d4:97:15:10:f8:bd:cf:66:21:3a:9f:
ec:75:c4:ba:9b:b8:d7:f2:93:a9:ef:e9:00:bc:9e:
a2:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:CD:D0:23:99:CD:6B:26:F8:C6:C7:5A:FC:4A:B1:F9:58:D1:AE:06
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5080::/48
Signature Algorithm: sha256WithRSAEncryption
9f:44:50:73:b2:81:fd:4a:7d:52:1a:3d:7a:a2:35:a8:26:62:
64:01:46:22:10:67:ab:15:4c:e3:02:04:da:93:ad:cf:c6:7e:
e6:3f:32:d3:78:85:a7:04:27:41:51:78:9b:87:71:9c:16:d5:
9e:92:0a:72:51:79:31:00:23:7e:da:82:5d:cf:f3:4a:61:07:
1a:52:79:16:33:0b:07:53:36:07:92:2a:54:9a:2c:e3:b1:18:
b3:48:86:c1:5e:5b:ee:14:e7:e6:b4:2d:de:99:35:4d:32:78:
8a:2c:78:21:75:77:e7:43:13:e6:f1:00:64:81:15:ef:28:62:
c1:81:05:0a:fc:eb:9c:9e:8f:dd:83:0e:f7:f5:b7:7b:d7:56:
07:44:95:e5:cf:9b:93:46:5a:df:73:a5:21:30:3e:fb:c5:6c:
64:69:f3:fa:9d:0d:9b:3f:95:46:67:ed:ac:34:cd:a1:0f:b6:
69:44:db:21:ed:47:2a:ff:96:8b:18:03:75:45:2b:2c:62:e1:
9a:0d:11:01:a9:d9:23:c7:42:aa:10:df:e4:46:9b:6a:2b:11:
e7:cd:d5:54:7e:94:b4:68:b2:43:e2:a3:42:85:ea:c7:50:ab:
de:52:66:4b:b4:65:08:c0:7c:b7:b3:65:68:34:20:8f:ca:f8:
74:4e:4d:fd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUU4pZa1Z596t1nwE8soPH41AblO0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODUwMTZaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDUyZmI1OTg0ZmRiMGUxZTU3MmNjYjU0Yjc1NDFlNjY1ODgxMGQyZjA3ZTk1
MzA4ZmQyNmYyMDcyNmI2MzlmZmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqYkG72JPyC3fmLF/qIBc0XndNkxuI3mo9G9NpAcC4vS7C6AMkhnly1CwiD
bJGORskPuZtnf5LyNArc6hVyHL98bih8EhEgm88MXcPaJOBIPT4PBcT3TAQHdi9/
woT4YLB44qHaouZvRxRE1l7GbjROOZnrKzMoq4isikAvnHb88HaxJ1v5THp5JY+V
VRqBXNE6lbfH5SiNm1USHXoMZbW8JVL9wep+2s7Kqd+VKdQ2/bXOwO3T1pvrVILR
4jqQ/ZutCmc9YmBi+zA3wzVcoc07hcpdNC3gFtj/1TZBors8koLiw9SXFRD4vc9m
ITqf7HXEupu41/KTqe/pALyeolsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQCzdAj
mc1rJvjGx1r8SrH5WNGuBjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjE5NTFiZGEtNTljZC00YjExLWI3YTEtMTliMWY1ZDMyMTE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAn0RQc7KB/Up9Uho9eqI1qCZiZAFGIhBnqxVM
4wIE2pOtz8Z+5j8y03iFpwQnQVF4m4dxnBbVnpIKclF5MQAjftqCXc/zSmEHGlJ5
FjMLB1M2B5IqVJos47EYs0iGwV5b7hTn5rQt3pk1TTJ4iix4IXV350MT5vEAZIEV
7yhiwYEFCvzrnJ6P3YMO9/W3e9dWB0SV5c+bk0Za33OlITA++8VsZGnz+p0Nmz+V
RmftrDTNoQ+2aUTbIe1HKv+WixgDdUUrLGLhmg0RAanZI8dCqhDf5EabaisR583V
VH6UtGiyQ+KjQoXqx1Cr3lJmS7RlCMB8t7NlaDQgj8r4dE5N/Q==
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:27:36 2025 by rpki-client