Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
File: 09a66d07-54a4-4c26-8a49-e43710070e4d.roa (raw, json)
Hash identifier: 60mZNTX6uXsC2Yu1RIzsIx2H3E2HpNtvYl5SGYcgvco=
Subject key identifier: 31:57:1B:E2:BD:07:9F:B7:B2:73:CE:4B:C3:3C:56:AC:35:ED:AA:CF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1C0135F25F61FF4D5A61095A71D48CB03ACCD88E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
Signing time: Mon 16 Jun 2025 20:10:07 +0000
ROA not before: Mon 16 Jun 2025 20:10:07 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:01:35:f2:5f:61:ff:4d:5a:61:09:5a:71:d4:8c:b0:3a:cc:d8:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:10:07 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=c842f102c27d82d9b02ed5f273d3218fc4c62050f98a164c0128f6d3c0032197, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:9f:2a:0b:36:33:21:9b:54:4a:e0:39:8a:63:
15:1c:cd:29:6d:fe:7f:f5:c0:67:2b:fb:0d:41:d6:
40:cc:31:21:84:3a:07:14:2c:35:a4:46:dd:d9:f3:
45:fe:61:41:a6:83:25:11:5d:5c:d2:ca:d8:97:06:
85:e0:51:7e:62:3b:37:09:b2:0e:80:bd:8c:0a:dd:
2f:fa:04:45:42:79:9a:3d:da:d8:d0:8c:cb:00:a7:
b2:b9:d2:0b:0b:7e:a5:3d:32:c5:89:f1:fc:d1:1f:
4a:12:28:3d:4c:85:80:92:89:75:98:2e:da:bc:fe:
c0:b4:02:7d:4c:32:d8:65:c4:5f:a1:28:dc:11:76:
d6:bb:7a:2e:44:0d:ff:96:6a:a0:d5:ab:dd:c9:7f:
80:42:40:b2:62:39:22:4d:6f:d0:09:0d:c5:fd:6e:
b9:eb:76:71:20:ce:e1:d7:f1:be:0a:3d:64:7a:f7:
10:5a:a1:c8:fd:93:5f:e4:be:aa:36:d8:d0:25:23:
30:24:79:57:bd:d0:c0:d4:83:c6:cd:a0:dc:3b:72:
2e:2f:f8:7c:69:82:67:26:fc:81:c2:77:07:82:00:
7c:e5:ba:81:ed:b8:df:e0:e9:e3:6b:c5:eb:90:a1:
38:f5:4c:1a:10:59:6a:2c:e9:9d:f1:19:be:44:a7:
3d:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:57:1B:E2:BD:07:9F:B7:B2:73:CE:4B:C3:3C:56:AC:35:ED:AA:CF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:1080::/48
Signature Algorithm: sha256WithRSAEncryption
a7:7d:f5:45:66:c0:31:5d:dc:c3:21:36:d5:7c:2a:be:c8:32:
e8:cd:9f:0f:77:18:32:19:6d:90:9c:83:f6:8f:39:40:36:b4:
09:41:a6:33:43:42:bf:ce:19:a6:4d:23:ee:18:f2:26:64:63:
5e:c1:bf:a8:87:91:ca:55:a6:c3:26:10:2a:e2:ed:f3:e3:a0:
a7:62:6d:23:8d:c7:73:79:60:06:e3:69:db:44:0a:08:0f:3d:
e9:84:f7:d8:e6:a4:06:de:f5:62:aa:ee:8d:51:96:58:a8:02:
76:72:7b:8c:b9:30:60:8a:e6:e3:f4:fe:ad:f2:47:e1:e1:41:
25:82:ab:ff:17:14:bf:3d:a3:c6:87:93:c8:e9:ab:04:c7:a5:
71:21:b2:78:4e:87:78:d8:e9:bd:67:5b:c0:c0:6f:51:39:0d:
fd:56:46:24:c3:05:4c:a5:1a:44:2c:f6:40:bb:e1:11:73:3a:
52:26:4f:e5:1b:80:af:d3:15:45:1f:b0:a1:ec:41:a4:04:3c:
cd:cd:bb:98:5b:57:6f:5a:2c:2b:60:05:20:f8:49:8a:fb:6a:
52:2c:21:1a:7c:61:18:31:42:16:6b:24:5a:81:8b:ff:f2:23:
46:0b:4e:68:71:eb:31:0d:30:c5:ad:a3:15:ad:44:fe:9a:6f:
bd:eb:79:05
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHAE18l9h/01aYQlacdSMsDrM2I4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDEwMDdaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGM4NDJmMTAyYzI3ZDgyZDliMDJlZDVmMjczZDMyMThmYzRjNjIwNTBmOThh
MTY0YzAxMjhmNmQzYzAwMzIxOTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKfKgs2MyGbVErgOYpjFRzNKW3+f/XAZyv7DUHWQMwxIYQ6BxQsNaRG3dnz
Rf5hQaaDJRFdXNLK2JcGheBRfmI7NwmyDoC9jArdL/oERUJ5mj3a2NCMywCnsrnS
Cwt+pT0yxYnx/NEfShIoPUyFgJKJdZgu2rz+wLQCfUwy2GXEX6Eo3BF21rt6LkQN
/5ZqoNWr3cl/gEJAsmI5Ik1v0AkNxf1uuet2cSDO4dfxvgo9ZHr3EFqhyP2TX+S+
qjbY0CUjMCR5V73QwNSDxs2g3DtyLi/4fGmCZyb8gcJ3B4IAfOW6ge243+Dp42vF
65ChOPVMGhBZaizpnfEZvkSnPWsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQxVxvi
vQeft7JzzkvDPFasNe2qzzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDlhNjZkMDctNTRhNC00YzI2LThhNDktZTQzNzEwMDcwZTRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8Q
gDANBgkqhkiG9w0BAQsFAAOCAQEAp331RWbAMV3cwyE21Xwqvsgy6M2fD3cYMhlt
kJyD9o85QDa0CUGmM0NCv84Zpk0j7hjyJmRjXsG/qIeRylWmwyYQKuLt8+Ogp2Jt
I43Hc3lgBuNp20QKCA896YT32OakBt71YqrujVGWWKgCdnJ7jLkwYIrm4/T+rfJH
4eFBJYKr/xcUvz2jxoeTyOmrBMelcSGyeE6HeNjpvWdbwMBvUTkN/VZGJMMFTKUa
RCz2QLvhEXM6UiZP5RuAr9MVRR+woexBpAQ8zc27mFtXb1osK2AFIPhJivtqUiwh
GnxhGDFCFmskWoGL//IjRgtOaHHrMQ0wxa2jFa1E/ppvvet5BQ==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:52:45 2025 by rpki-client