Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
File: f97778b4-85b1-4580-ac38-a4872d19261b.roa (raw, json)
Hash identifier: vlXUwWU1VcyXx7QYzwfKFWX1l5ajSmfmO8rHwHpsk+w=
Subject key identifier: FC:E1:CB:E3:5C:3A:2C:30:06:86:B9:D6:57:91:A3:CA:F5:A6:A0:B4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 20585CC1E2F67F001FCB0A41A5B66694837EDCB5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
Signing time: Mon 16 Jun 2025 21:20:51 +0000
ROA not before: Mon 16 Jun 2025 21:20:51 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 14:23:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:58:5c:c1:e2:f6:7f:00:1f:cb:0a:41:a5:b6:66:94:83:7e:dc:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:20:51 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=f99fd13c47bc04938e89469c2b1f0176d54972dc74a5d22b1c83490b8bc78e7b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:b7:44:eb:eb:e2:c5:72:ab:fd:49:7b:41:38:
47:10:8d:80:ef:ed:94:9a:81:d3:d6:6c:8b:68:40:
db:36:cb:4d:e5:4b:ce:43:f8:82:14:70:b9:c7:dc:
04:f9:e2:e4:8b:ee:f2:cb:b9:78:1a:f1:84:1b:f5:
3d:4e:87:81:9a:b3:e9:e1:e5:03:26:11:c7:72:c0:
93:79:91:31:ff:ac:73:ee:18:62:f1:93:0a:a1:27:
4b:9d:e3:a8:97:85:b3:42:b9:d7:73:97:5e:48:02:
91:65:7a:c7:17:5c:de:f3:c2:23:8d:28:b9:25:ad:
d2:96:80:1c:f8:24:70:c0:34:b3:7f:12:17:d5:fc:
f6:b9:0e:66:4e:e8:25:ff:e4:1d:31:85:15:26:12:
42:47:cb:54:b0:a7:c1:5e:e9:fd:f0:ee:b7:d7:c3:
e9:4d:53:8f:1d:40:74:70:c8:3b:dc:c1:7e:ea:05:
24:96:77:42:78:7c:f7:ef:5a:4e:fd:f1:45:1a:42:
cb:5d:6f:49:91:8f:0c:ba:5e:65:a1:ba:ad:61:35:
57:b5:8e:ae:a5:55:86:dc:4a:cb:24:7c:1c:b1:04:
06:33:3a:ed:11:ae:9a:59:f6:96:9d:fa:29:58:9b:
93:46:0a:2e:e1:b1:9d:fe:bc:b4:a6:58:87:af:41:
90:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:E1:CB:E3:5C:3A:2C:30:06:86:B9:D6:57:91:A3:CA:F5:A6:A0:B4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:5000::/40
Signature Algorithm: sha256WithRSAEncryption
30:94:a0:27:fb:23:42:b8:9a:4c:df:89:8e:94:b2:3b:b9:5e:
3c:a3:89:fb:fc:79:f6:30:19:f2:93:c2:2e:38:f6:ac:64:c5:
0b:8a:66:94:fe:90:fa:fc:0f:22:9e:2e:d8:5a:c4:08:ba:b8:
59:d2:4d:23:f1:cf:a6:e2:b0:d2:58:6f:2c:c9:41:3d:1d:4b:
90:59:fe:8e:c5:98:d9:cc:b5:8a:55:8c:d9:70:b9:a9:51:ac:
4e:b8:5f:57:b6:f2:47:dd:de:8e:a4:54:34:cd:9a:1c:8b:24:
59:3c:ae:26:94:48:d1:92:97:6c:5f:72:ae:c7:b3:c7:13:bc:
19:35:6d:f4:3c:24:42:ed:67:9a:0e:8b:76:19:22:65:c9:38:
0b:47:d5:3d:50:1b:68:9f:f2:7c:a5:72:1c:80:6a:49:3a:67:
7a:21:6a:e9:06:3b:63:06:49:15:db:40:59:c4:2e:60:6f:81:
e6:0b:2b:21:dc:35:f2:0a:d4:89:2e:ea:9b:1b:e3:a8:50:24:
82:90:ff:81:ad:b8:39:a7:5b:b0:ed:a8:a9:69:31:d9:b5:11:
7b:0e:3d:17:8e:99:54:0c:29:10:40:8c:44:20:1c:08:f3:c4:
9f:ea:79:5c:92:e6:e1:ba:97:67:a5:7a:c6:c1:3c:51:0d:b2:
da:3f:1d:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIFhcweL2fwAfywpBpbZmlIN+3LUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTIwNTFaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY5OWZkMTNjNDdiYzA0OTM4ZTg5NDY5YzJiMWYwMTc2ZDU0OTcyZGM3NGE1
ZDIyYjFjODM0OTBiOGJjNzhlN2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ63ROvr4sVyq/1Je0E4RxCNgO/tlJqB09Zsi2hA2zbLTeVLzkP4ghRwucfc
BPni5Ivu8su5eBrxhBv1PU6HgZqz6eHlAyYRx3LAk3mRMf+sc+4YYvGTCqEnS53j
qJeFs0K513OXXkgCkWV6xxdc3vPCI40ouSWt0paAHPgkcMA0s38SF9X89rkOZk7o
Jf/kHTGFFSYSQkfLVLCnwV7p/fDut9fD6U1Tjx1AdHDIO9zBfuoFJJZ3Qnh89+9a
Tv3xRRpCy11vSZGPDLpeZaG6rWE1V7WOrqVVhtxKyyR8HLEEBjM67RGumln2lp36
KVibk0YKLuGxnf68tKZYh69BkEsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT84cvj
XDosMAaGudZXkaPK9aagtDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3Nzc4YjQtODViMS00NTgwLWFjMzgtYTQ4NzJkMTkyNjFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAwlKAn+yNCuJpM34mOlLI7uV48o4n7/Hn2MBny
k8IuOPasZMULimaU/pD6/A8ini7YWsQIurhZ0k0j8c+m4rDSWG8syUE9HUuQWf6O
xZjZzLWKVYzZcLmpUaxOuF9XtvJH3d6OpFQ0zZociyRZPK4mlEjRkpdsX3Kux7PH
E7wZNW30PCRC7WeaDot2GSJlyTgLR9U9UBton/J8pXIcgGpJOmd6IWrpBjtjBkkV
20BZxC5gb4HmCysh3DXyCtSJLuqbG+OoUCSCkP+Brbg5p1uw7aipaTHZtRF7Dj0X
jplUDCkQQIxEIBwI88Sf6nlckubhupdnpXrGwTxRDbLaPx0N
-----END CERTIFICATE-----
Generated at Mon Jun 30 19:35:08 2025 by rpki-client