Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: uyyJi0fc4Xj3TsRrP+P7jesdJyIVLzE1Ig0W+X1cLs0=
Subject key identifier: 20:0E:B3:0A:39:83:C4:97:77:9B:E4:75:51:F4:6F:76:46:30:78:49
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 48D7951879715F78CF179503586314514FCF3635
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Mon 16 Jun 2025 21:11:24 +0000
ROA not before: Mon 16 Jun 2025 21:11:24 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:d7:95:18:79:71:5f:78:cf:17:95:03:58:63:14:51:4f:cf:36:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:11:24 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=106d12b4ff32af5452a28b072468e26744777410cb3045c94aa3ef2859601e1e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:b7:24:a8:65:75:37:2f:87:7d:f1:74:af:bc:
c8:13:09:dd:b1:9c:23:77:3e:9d:51:4d:0f:83:d9:
a7:3a:bb:33:f9:1f:00:e7:83:4d:d0:c1:05:55:51:
be:e4:dc:82:3f:be:36:59:bc:96:9d:71:db:15:7d:
41:a2:bb:b0:ba:0f:14:27:24:c2:ea:81:a3:44:7c:
ed:2f:85:dd:bd:7e:1a:90:e6:41:7f:e3:1a:e0:4e:
5b:e4:75:af:4e:fc:93:db:d5:4f:fa:94:93:65:e6:
31:55:ee:0c:3e:a4:df:e4:c9:b9:a2:26:49:db:06:
07:f3:a2:54:18:cb:5b:87:69:cb:92:8c:46:40:fe:
40:b0:35:8d:e0:23:f2:2b:ad:03:f1:52:a9:07:b6:
6d:bf:31:fd:4c:83:6b:d4:ad:fa:2b:ca:14:53:2d:
0f:7a:02:8c:25:71:fa:86:7e:ad:c7:18:99:55:de:
48:a0:ac:e8:3f:ce:d9:4e:b9:43:21:f0:45:7e:ba:
ba:4d:e9:47:82:7a:b9:91:0f:3e:88:2f:e0:7d:3b:
12:b7:43:a7:ea:20:ec:1f:30:78:51:d9:65:90:b9:
a4:83:98:aa:f6:35:e0:c5:69:53:3f:06:3d:84:60:
26:a3:14:7e:b2:15:3a:7a:cc:80:dd:df:eb:fd:2d:
95:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:0E:B3:0A:39:83:C4:97:77:9B:E4:75:51:F4:6F:76:46:30:78:49
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
4a:74:e0:53:9c:dc:3b:a4:59:17:58:b6:91:00:ea:06:54:6e:
81:28:e1:06:10:f7:94:43:8d:cc:44:0f:b3:bc:05:a8:2b:59:
3a:09:ce:de:97:47:42:ba:de:4e:54:71:92:c4:55:2f:d2:77:
4c:47:3a:1b:e7:a5:fe:dd:18:de:95:77:20:9c:ee:8f:51:1d:
e8:b8:c9:98:92:ea:8a:1b:31:78:23:7c:fc:2f:ee:a3:d5:85:
68:79:9b:64:ab:1c:b4:37:8e:bd:bc:17:e5:61:54:a5:7c:02:
1e:95:71:89:b5:ee:4c:6f:47:65:1f:c5:a2:ac:7c:c2:29:8c:
9f:a2:49:1a:8b:44:c0:8e:75:58:b4:95:8c:4e:49:39:64:26:
37:77:30:e7:ed:22:0f:10:63:0a:c3:ad:9a:37:3c:2a:e3:24:
ef:08:3e:5b:64:e3:d7:d0:e5:10:b1:e9:41:56:0a:02:08:19:
1d:bf:16:2d:47:ba:be:7b:c2:8a:26:b9:55:49:04:af:ca:d0:
09:73:5b:0c:8e:5f:43:a4:09:d9:2b:5a:24:dd:fd:4e:e0:9f:
8d:38:d0:df:60:2a:66:21:56:79:7c:06:b4:12:60:09:33:12:
4e:a1:4b:9a:da:c7:23:e4:c0:d4:66:77:75:24:43:40:3d:9f:
e7:b6:5f:b2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSNeVGHlxX3jPF5UDWGMUUU/PNjUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTExMjRaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDEwNmQxMmI0ZmYzMmFmNTQ1MmEyOGIwNzI0NjhlMjY3NDQ3Nzc0MTBjYjMw
NDVjOTRhYTNlZjI4NTk2MDFlMWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJe3JKhldTcvh33xdK+8yBMJ3bGcI3c+nVFND4PZpzq7M/kfAOeDTdDBBVVR
vuTcgj++Nlm8lp1x2xV9QaK7sLoPFCckwuqBo0R87S+F3b1+GpDmQX/jGuBOW+R1
r078k9vVT/qUk2XmMVXuDD6k3+TJuaImSdsGB/OiVBjLW4dpy5KMRkD+QLA1jeAj
8iutA/FSqQe2bb8x/UyDa9St+ivKFFMtD3oCjCVx+oZ+rccYmVXeSKCs6D/O2U65
QyHwRX66uk3pR4J6uZEPPogv4H07ErdDp+og7B8weFHZZZC5pIOYqvY14MVpUz8G
PYRgJqMUfrIVOnrMgN3f6/0tlS0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQgDrMK
OYPEl3eb5HVR9G92RjB4STAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQBKdOBTnNw7pFkXWLaRAOoGVG6BKOEGEPeUQ43M
RA+zvAWoK1k6Cc7el0dCut5OVHGSxFUv0ndMRzob56X+3RjelXcgnO6PUR3ouMmY
kuqKGzF4I3z8L+6j1YVoeZtkqxy0N469vBflYVSlfAIelXGJte5Mb0dlH8WirHzC
KYyfokkai0TAjnVYtJWMTkk5ZCY3dzDn7SIPEGMKw62aNzwq4yTvCD5bZOPX0OUQ
selBVgoCCBkdvxYtR7q+e8KKJrlVSQSvytAJc1sMjl9DpAnZK1ok3f1O4J+NONDf
YCpmIVZ5fAa0EmAJMxJOoUua2scj5MDUZnd1JENAPZ/ntl+y
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:51:09 2025 by rpki-client