Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04593af5-4653-4d6a-8bb5-65270db84a4f.roa
File: 04593af5-4653-4d6a-8bb5-65270db84a4f.roa (raw, json)
Hash identifier: iHmtO8PLmHtoP4m6zfcMLdRIs+NxEaaI57c2fRfm9ZU=
Subject key identifier: B3:F6:8D:2D:E8:F7:70:1A:FE:C2:F7:F1:3F:0D:F6:1F:FB:F3:43:D2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 34248005D2E06419CB90AA2FE0FACB54ACE5A2B2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04593af5-4653-4d6a-8bb5-65270db84a4f.roa
Signing time: Mon 16 Jun 2025 21:50:14 +0000
ROA not before: Mon 16 Jun 2025 21:50:14 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d02d::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:24:80:05:d2:e0:64:19:cb:90:aa:2f:e0:fa:cb:54:ac:e5:a2:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:50:14 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=b26049f0f269b796cb0dc7761d62f1d36c71a9cfbd4e38d06dd39e10b874d068, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:0a:f6:72:cb:9b:6a:ca:e1:5e:cd:f5:61:e1:
04:0b:27:a6:45:a7:a0:94:e9:70:43:34:57:38:a4:
a5:f4:41:b7:b1:b2:fc:e4:1a:0d:97:12:d1:a9:ad:
35:ce:1b:02:e8:cd:a1:9a:7c:3e:5e:da:66:89:9c:
6e:13:f7:92:27:87:75:08:19:21:87:08:cb:25:f3:
3b:54:59:31:d6:87:73:28:ef:eb:dc:d9:db:f4:1e:
2f:77:52:04:0b:b2:03:ce:5d:da:14:f6:bb:06:e8:
24:cf:63:a3:e1:5f:9e:b8:7d:10:d4:9f:44:22:af:
bf:27:f9:b8:4e:64:0f:15:3e:7e:c3:0e:56:db:4b:
f7:3e:7b:95:56:d5:04:9f:68:86:0c:47:d8:9b:ac:
9c:89:da:da:2f:52:5b:40:f7:fa:bc:52:d5:b7:44:
60:11:fd:7a:e7:c8:88:cb:f7:d0:f3:dd:09:3f:4a:
ad:b2:77:bf:f7:ca:20:b1:f8:38:a1:03:66:5a:9f:
47:bf:da:55:83:1b:7f:38:c6:63:02:aa:68:47:58:
0a:16:25:02:d4:a1:0d:b1:59:d1:d5:ee:63:23:1e:
f5:a2:dd:b3:9d:4a:60:97:e4:31:70:37:e5:e0:0e:
4e:ca:ea:90:e9:07:40:37:fa:39:98:f0:5a:68:a0:
c0:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:F6:8D:2D:E8:F7:70:1A:FE:C2:F7:F1:3F:0D:F6:1F:FB:F3:43:D2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04593af5-4653-4d6a-8bb5-65270db84a4f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d02d::/36
Signature Algorithm: sha256WithRSAEncryption
95:45:df:87:e2:25:3f:60:bf:bb:1b:57:b2:0a:2b:69:12:d5:
c7:a0:cd:fc:81:9d:82:ae:78:ad:9b:cb:6e:06:42:d6:e6:0a:
04:23:3b:cc:77:bc:70:32:46:35:01:41:22:9f:c4:a8:fa:e5:
91:0f:76:27:d3:f8:dc:2a:20:bb:a4:08:71:7f:a6:ba:c3:ba:
ec:a1:9a:05:37:47:58:ab:9e:36:03:3d:ff:51:c4:e8:f9:aa:
09:e5:a6:eb:ec:48:8c:0a:2b:ae:e0:6b:b7:5e:a2:fd:1c:89:
08:19:72:a5:6f:5e:88:99:b9:47:2e:32:ce:63:2b:2e:96:a1:
c3:ce:57:4b:87:18:8a:b6:60:1b:08:56:6e:2b:37:f9:d2:1d:
f1:7a:5c:c1:66:63:34:0e:da:35:c0:02:0c:b9:73:ad:6c:fd:
62:f4:80:f7:26:71:0c:32:84:29:e9:c2:52:91:b2:d3:18:38:
db:60:d9:60:e4:d6:f8:c3:70:f5:63:5a:98:35:79:de:88:d2:
eb:c8:9a:80:ad:fe:dc:a9:a6:28:f1:94:c1:ba:8c:0c:7a:0e:
58:30:59:2e:ba:58:cd:ee:30:8d:ec:95:c6:11:65:67:14:02:
82:ae:fe:ae:e0:ee:ab:47:27:3e:d7:4d:81:24:a1:91:13:2d:
70:06:18:e7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNCSABdLgZBnLkKov4PrLVKzlorIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTUwMTRaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGIyNjA0OWYwZjI2OWI3OTZjYjBkYzc3NjFkNjJmMWQzNmM3MWE5Y2ZiZDRl
MzhkMDZkZDM5ZTEwYjg3NGQwNjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMoK9nLLm2rK4V7N9WHhBAsnpkWnoJTpcEM0VzikpfRBt7Gy/OQaDZcS0amt
Nc4bAujNoZp8Pl7aZomcbhP3kieHdQgZIYcIyyXzO1RZMdaHcyjv69zZ2/QeL3dS
BAuyA85d2hT2uwboJM9jo+Ffnrh9ENSfRCKvvyf5uE5kDxU+fsMOVttL9z57lVbV
BJ9ohgxH2JusnIna2i9SW0D3+rxS1bdEYBH9eufIiMv30PPdCT9KrbJ3v/fKILH4
OKEDZlqfR7/aVYMbfzjGYwKqaEdYChYlAtShDbFZ0dXuYyMe9aLds51KYJfkMXA3
5eAOTsrqkOkHQDf6OZjwWmigwBkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSz9o0t
6PdwGv7C9/E/DfYf+/ND0jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDQ1OTNhZjUtNDY1My00ZDZhLThiYjUtNjUyNzBkYjg0YTRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C0A
MA0GCSqGSIb3DQEBCwUAA4IBAQCVRd+H4iU/YL+7G1eyCitpEtXHoM38gZ2Crnit
m8tuBkLW5goEIzvMd7xwMkY1AUEin8So+uWRD3Yn0/jcKiC7pAhxf6a6w7rsoZoF
N0dYq542Az3/UcTo+aoJ5abr7EiMCiuu4Gu3XqL9HIkIGXKlb16ImblHLjLOYysu
lqHDzldLhxiKtmAbCFZuKzf50h3xelzBZmM0Dto1wAIMuXOtbP1i9ID3JnEMMoQp
6cJSkbLTGDjbYNlg5Nb4w3D1Y1qYNXneiNLryJqArf7cqaYo8ZTBuowMeg5YMFku
uljN7jCN7JXGEWVnFAKCrv6u4O6rRyc+102BJKGREy1wBhjn
-----END CERTIFICATE-----
Generated at Sun Jun 29 05:01:05 2025 by rpki-client