Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ab48d39-178e-4855-83a6-895690a81d28.roa
File: 0ab48d39-178e-4855-83a6-895690a81d28.roa (raw, json)
Hash identifier: cl3Tf59vVkxwY9una7rNuUfHss2dt917j4HckoDlIrc=
Subject key identifier: 3E:3A:F8:38:DC:AA:F4:F7:97:82:89:33:D8:87:51:B5:C4:53:2A:6D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3B8621B8A3460D5B4C2E22DABE9D2B11BBDA412C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ab48d39-178e-4855-83a6-895690a81d28.roa
Signing time: Mon 16 Jun 2025 20:40:20 +0000
ROA not before: Mon 16 Jun 2025 20:40:20 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d077:a080::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:86:21:b8:a3:46:0d:5b:4c:2e:22:da:be:9d:2b:11:bb:da:41:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:40:20 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=64c4f0a476655539e7da9f7c982c85957dd1d99eb1dbb027f9a826e823155d54, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:80:79:f1:e7:04:a2:bb:03:8d:d7:9e:2f:1a:
58:8e:57:ab:be:2a:84:bd:82:fd:7a:d4:0b:94:e5:
38:d3:84:23:78:69:87:47:18:1c:e4:44:f0:4c:b0:
87:30:3f:fc:1f:5e:77:91:cf:e1:86:d4:1f:a0:87:
a0:b2:55:9f:0a:38:44:74:36:8d:71:48:fb:37:ae:
0d:c1:a2:69:bd:53:dc:19:76:77:6b:07:71:12:58:
d6:4c:ed:5c:7e:bb:48:88:b1:31:9e:b7:11:22:82:
fd:1a:3b:f0:7e:b2:fe:55:4f:2d:7f:fe:21:37:c4:
39:62:d2:84:0d:0e:69:c9:df:62:03:f5:c6:6c:50:
5c:90:e3:bb:6f:a8:0c:1f:c5:79:25:1e:71:e8:3a:
aa:b4:dd:a8:b2:33:5b:93:40:63:0a:09:b4:23:2c:
51:a3:68:63:c3:38:af:d4:c6:7e:d3:ae:60:d9:47:
e9:1b:d6:79:11:9c:28:53:1d:ca:e3:e6:18:9b:79:
2c:5e:c8:1c:ce:62:2b:fb:80:75:50:61:e9:04:71:
c4:a2:3e:b6:5d:7b:cf:2f:e7:b3:65:ca:9f:f1:d3:
09:d8:5b:e9:b7:3d:8e:14:cb:05:98:af:0c:d7:fa:
60:76:ba:85:a1:b8:2f:18:ee:a0:e8:d5:44:90:2d:
6b:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:3A:F8:38:DC:AA:F4:F7:97:82:89:33:D8:87:51:B5:C4:53:2A:6D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ab48d39-178e-4855-83a6-895690a81d28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d077:a080::/46
Signature Algorithm: sha256WithRSAEncryption
42:5f:3d:67:ad:1f:ca:26:a8:3a:3a:48:cd:6f:25:61:33:25:
f5:96:b0:35:5f:78:e6:98:35:98:f7:49:08:b2:43:53:fc:b9:
93:db:db:2c:4d:1c:f4:d2:68:b1:47:5a:08:42:9d:6b:63:78:
12:d1:3d:e7:a6:72:ac:3b:9f:a6:bb:80:35:4a:9f:c3:b2:67:
ed:a6:8a:73:f2:2d:08:c6:a8:c7:1b:a1:ea:b9:7a:a1:40:ac:
e3:77:dc:d0:4d:b9:16:37:75:8d:ea:3d:22:44:41:1e:da:2e:
53:a6:c2:9c:53:56:72:32:02:62:e8:8a:16:eb:f0:34:6c:b7:
7c:af:d2:31:a5:88:22:d6:e5:f0:13:d7:78:0e:29:4f:88:87:
ff:2e:24:0e:91:58:81:9a:a5:08:c4:70:f9:96:de:9b:68:00:
69:c5:9c:ed:ba:c9:7a:a0:c7:30:f6:c4:69:cd:0e:0c:38:26:
f3:5d:26:a7:91:a7:f0:33:dc:af:66:11:62:fc:95:b6:1d:df:
03:41:04:6f:30:14:82:cd:fb:2b:84:3c:75:6a:df:ce:58:ea:
94:b3:76:d9:01:af:d6:df:95:d3:9c:ad:17:48:85:44:e2:a8:
28:f0:78:e1:7a:b3:2c:0d:1c:c7:c9:19:07:12:da:81:4b:b5:
78:c8:c9:9e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUO4YhuKNGDVtMLiLavp0rEbvaQSwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDQwMjBaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0YzRmMGE0NzY2NTU1MzllN2RhOWY3Yzk4MmM4NTk1N2RkMWQ5OWViMWRi
YjAyN2Y5YTgyNmU4MjMxNTVkNTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuAefHnBKK7A43Xni8aWI5Xq74qhL2C/XrUC5TlONOEI3hph0cYHORE8Eyw
hzA//B9ed5HP4YbUH6CHoLJVnwo4RHQ2jXFI+zeuDcGiab1T3Bl2d2sHcRJY1kzt
XH67SIixMZ63ESKC/Ro78H6y/lVPLX/+ITfEOWLShA0OacnfYgP1xmxQXJDju2+o
DB/FeSUeceg6qrTdqLIzW5NAYwoJtCMsUaNoY8M4r9TGftOuYNlH6RvWeRGcKFMd
yuPmGJt5LF7IHM5iK/uAdVBh6QRxxKI+tl17zy/ns2XKn/HTCdhb6bc9jhTLBZiv
DNf6YHa6haG4LxjuoOjVRJAta2MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ+Ovg4
3Kr095eCiTPYh1G1xFMqbTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGFiNDhkMzktMTc4ZS00ODU1LTgzYTYtODk1NjkwYTgxZDI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Heg
gDANBgkqhkiG9w0BAQsFAAOCAQEAQl89Z60fyiaoOjpIzW8lYTMl9ZawNV945pg1
mPdJCLJDU/y5k9vbLE0c9NJosUdaCEKda2N4EtE956ZyrDufpruANUqfw7Jn7aaK
c/ItCMaoxxuh6rl6oUCs43fc0E25Fjd1jeo9IkRBHtouU6bCnFNWcjICYuiKFuvw
NGy3fK/SMaWIItbl8BPXeA4pT4iH/y4kDpFYgZqlCMRw+Zbem2gAacWc7brJeqDH
MPbEac0ODDgm810mp5Gn8DPcr2YRYvyVth3fA0EEbzAUgs37K4Q8dWrfzljqlLN2
2QGv1t+V05ytF0iFROKoKPB44XqzLA0cx8kZBxLagUu1eMjJng==
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:43:04 2025 by rpki-client