Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
File: 207860c2-8f39-42e7-9631-e06b6a545c7d.roa (raw, json)
Hash identifier: Zg8qu1qrYcxEft7l14LfuIMpYVLv3dWv9ck9mrp7WXg=
Subject key identifier: 47:80:5C:6A:91:DD:D3:11:7B:47:92:05:A4:64:C5:CA:DF:2D:A3:52
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4270EC6B58ABC0972591FB47442819D8F46FB1FD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
Signing time: Mon 16 Jun 2025 20:01:26 +0000
ROA not before: Mon 16 Jun 2025 20:01:26 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:70:ec:6b:58:ab:c0:97:25:91:fb:47:44:28:19:d8:f4:6f:b1:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:01:26 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=70b1305cba9de97e2e74c61863f0611e75eb4b4399841b35d8a1fb7558b7a9dd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:53:5e:88:63:84:e5:9f:3f:b2:cb:ff:45:6d:
b7:64:7a:48:dc:29:26:3e:74:10:02:7d:59:6e:8c:
a9:38:76:b9:9e:19:b6:6a:f7:96:21:3b:09:a6:e8:
6d:d4:32:e9:53:44:7d:67:f5:cb:0d:be:3d:fb:4b:
2c:12:94:3c:cb:30:69:dc:78:a9:8b:26:72:e4:4b:
06:2c:c5:58:f1:ce:c2:b3:e8:06:34:9c:19:b0:dc:
8f:d6:85:e3:35:65:91:a8:73:c9:1e:6e:c3:ed:e4:
a0:ef:cc:bf:79:90:92:4f:8f:d6:1e:f7:dc:34:21:
c0:6c:f7:f1:50:68:c6:90:4d:c9:73:ea:0c:71:ca:
87:ec:5a:e8:64:bd:2d:ee:db:57:e8:1b:60:ee:40:
ae:a3:83:e5:6f:fd:ab:43:ba:7e:7d:f6:5c:7a:20:
a2:57:72:0f:41:bf:18:2c:a2:ec:c7:e5:2e:fe:3b:
ef:02:62:b9:51:38:e4:27:b8:16:c1:8d:d2:f9:28:
a6:40:fa:69:df:59:f1:7a:ee:e5:59:3b:f6:49:12:
d1:f5:ad:a0:22:cf:0f:a4:28:1b:41:2a:cc:83:a3:
b5:81:41:7c:3d:29:92:8f:35:36:49:a8:34:57:02:
c1:bb:29:51:6f:37:56:e4:76:85:ea:cc:de:dc:46:
0c:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:80:5C:6A:91:DD:D3:11:7B:47:92:05:A4:64:C5:CA:DF:2D:A3:52
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
9d:ce:2b:e5:d8:22:fc:e5:90:a1:c4:92:0b:24:be:d2:ad:af:
e2:87:64:cb:27:1a:d0:a8:7e:43:7f:c9:c6:fc:ee:da:12:6c:
e6:2c:73:eb:0b:44:ed:62:37:b9:9c:cc:31:81:68:d9:ea:a2:
4f:6c:e3:a1:0e:db:25:ce:05:47:a4:f0:99:36:4d:73:25:21:
4b:77:9c:9d:af:80:0a:6a:be:c9:57:97:60:98:8a:be:e8:6d:
69:21:a1:79:74:ed:9c:2e:7e:cb:02:00:99:5f:d0:33:a1:de:
3f:6d:cf:5f:96:92:67:33:8d:86:ff:1d:bc:50:53:2d:70:a9:
18:d8:1c:a8:11:18:a0:e4:30:f4:1a:dd:41:d7:44:db:ab:66:
84:b5:33:04:7a:7a:0c:a7:80:e7:c2:2c:95:14:cc:f9:fb:aa:
88:1d:db:f9:e4:cb:87:2f:fa:38:f7:28:45:95:68:54:03:be:
b0:4c:49:84:4b:0a:3b:1c:9d:4f:5c:e7:a2:66:89:3c:5a:ca:
8d:29:7c:e5:9b:7a:dd:b7:25:1d:67:b2:37:41:3b:db:72:b3:
49:0b:af:a0:a8:a4:e1:4e:f2:93:35:b7:49:4e:a1:10:e7:fb:
a7:06:b2:3e:46:22:9c:08:39:ee:8f:f2:8d:a2:ea:ec:79:6f:
3a:50:98:9c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQnDsa1irwJclkftHRCgZ2PRvsf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDAxMjZaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwYjEzMDVjYmE5ZGU5N2UyZTc0YzYxODYzZjA2MTFlNzVlYjRiNDM5OTg0
MWIzNWQ4YTFmYjc1NThiN2E5ZGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKdTXohjhOWfP7LL/0Vtt2R6SNwpJj50EAJ9WW6MqTh2uZ4Ztmr3liE7Cabo
bdQy6VNEfWf1yw2+PftLLBKUPMswadx4qYsmcuRLBizFWPHOwrPoBjScGbDcj9aF
4zVlkahzyR5uw+3koO/Mv3mQkk+P1h733DQhwGz38VBoxpBNyXPqDHHKh+xa6GS9
Le7bV+gbYO5ArqOD5W/9q0O6fn32XHogoldyD0G/GCyi7MflLv477wJiuVE45Ce4
FsGN0vkopkD6ad9Z8Xru5Vk79kkS0fWtoCLPD6QoG0EqzIOjtYFBfD0pko81Nkmo
NFcCwbspUW83VuR2herM3txGDNUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRHgFxq
kd3TEXtHkgWkZMXK3y2jUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjA3ODYwYzItOGYzOS00MmU3LTk2MzEtZTA2YjZhNTQ1YzdkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
wDANBgkqhkiG9w0BAQsFAAOCAQEAnc4r5dgi/OWQocSSCyS+0q2v4odkyyca0Kh+
Q3/Jxvzu2hJs5ixz6wtE7WI3uZzMMYFo2eqiT2zjoQ7bJc4FR6TwmTZNcyUhS3ec
na+ACmq+yVeXYJiKvuhtaSGheXTtnC5+ywIAmV/QM6HeP23PX5aSZzONhv8dvFBT
LXCpGNgcqBEYoOQw9BrdQddE26tmhLUzBHp6DKeA58IslRTM+fuqiB3b+eTLhy/6
OPcoRZVoVAO+sExJhEsKOxydT1znomaJPFrKjSl85Zt63bclHWeyN0E723KzSQuv
oKik4U7ykzW3SU6hEOf7pwayPkYinAg57o/yjaLq7HlvOlCYnA==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:51:26 2025 by rpki-client