Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa
File: 2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa (raw, json)
Hash identifier: 6+LS2a+oia2Lh2yi2zOR92Wx9uQQwkVm5R/hdFauML0=
Subject key identifier: 88:48:A0:B2:67:A1:99:3A:35:38:CC:55:D1:90:7A:91:38:A0:FB:91
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6836C35B2221DF9CD24DD55F66BECB9D2E1820A0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa
Signing time: Wed 18 Jun 2025 00:30:33 +0000
ROA not before: Wed 18 Jun 2025 00:30:33 +0000
ROA not after: Wed 23 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:36:c3:5b:22:21:df:9c:d2:4d:d5:5f:66:be:cb:9d:2e:18:20:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 18 00:30:33 2025 GMT
Not After : Jul 23 23:59:59 2025 GMT
Subject: serialNumber=913fcfd10fb70912f6f371415dc439177018a950798ae4e35cccb49e4a9d0b1d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:8f:b3:ae:9e:02:e2:91:fa:0b:6e:b6:ce:ca:
4f:b1:d3:6d:3c:5e:b5:41:5d:2b:16:32:60:a6:00:
05:8e:65:c7:31:f7:a3:03:82:ae:df:1d:a3:5b:91:
ba:45:d2:55:d3:d5:ad:99:2e:02:ea:e7:3c:ed:4e:
e5:5f:2c:b9:8a:49:2b:a6:63:94:52:45:b4:98:23:
6f:57:a9:c3:98:a9:af:6e:36:26:9b:41:94:13:20:
90:e5:72:4c:db:fc:8a:cc:4f:1b:3c:8b:74:9c:84:
82:e3:88:8a:b6:7d:be:b7:dc:c1:f8:51:58:cd:5d:
45:a2:fb:93:86:5a:ed:7a:70:f1:93:70:3a:02:9b:
d0:07:00:af:e9:e5:0f:2b:2e:79:0f:5b:0b:bf:74:
c3:79:10:84:d7:bf:b7:99:e9:ad:3c:04:e2:d8:6c:
e4:ac:8e:1f:7a:67:65:17:0e:2d:5d:31:8f:81:fe:
f2:ab:43:5d:30:2f:f2:e7:8b:b1:94:a8:ef:2a:89:
40:54:bd:06:fc:8f:a0:c8:7f:79:68:49:d8:48:32:
3d:d9:31:6d:5c:bd:1f:f0:af:cf:15:f6:77:a4:1f:
03:d3:9a:85:c2:9d:98:8f:f2:64:4b:90:36:06:95:
01:a2:20:17:51:aa:05:bd:5c:22:61:33:58:24:cc:
13:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:48:A0:B2:67:A1:99:3A:35:38:CC:55:D1:90:7A:91:38:A0:FB:91
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014::/35
Signature Algorithm: sha256WithRSAEncryption
a5:a6:cf:6c:1d:52:62:bb:de:af:9c:27:ef:33:86:37:2c:9a:
78:65:04:c9:3c:45:e5:b5:b5:c7:14:bc:67:e5:49:d2:0e:f1:
ab:54:90:9b:39:f9:51:1e:07:5d:68:31:41:64:23:25:3f:f0:
b3:ca:f3:ee:8e:6d:f9:db:1c:b6:bb:eb:37:4f:24:26:4e:7d:
1b:58:d5:18:46:5f:6b:ab:1f:a8:e6:c0:54:ef:3e:cb:29:8a:
5c:bd:0f:68:91:eb:fe:60:99:1b:c3:c1:3e:c8:5f:92:6a:d4:
fe:ed:1f:2d:17:59:3b:ae:96:00:52:cb:3f:d1:f2:91:72:dc:
3c:97:24:d1:52:86:2c:ab:ed:53:38:c2:3e:92:7a:19:ff:4b:
d4:08:b5:b9:40:8f:ef:41:48:d8:44:d5:5b:9d:ab:ad:c3:be:
6c:d3:7a:6c:15:69:cd:7b:1f:cf:b9:55:b4:49:94:ed:6a:e3:
30:95:d8:02:7d:09:7f:14:49:06:f6:02:4e:91:38:d5:8e:c0:
f8:08:93:15:ae:4b:4e:5c:eb:2a:1b:49:97:3c:e0:67:43:eb:
32:3f:40:5f:2e:da:f3:0f:ef:d4:e8:c4:ce:97:4f:58:be:0d:
ff:e7:08:7f:91:e4:31:82:20:9e:10:10:c2:a7:c3:37:48:61:
82:e0:69:f3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaDbDWyIh35zSTdVfZr7LnS4YIKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTgwMDMwMzNaFw0yNTA3MjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxM2ZjZmQxMGZiNzA5MTJmNmYzNzE0MTVkYzQzOTE3NzAxOGE5NTA3OThh
ZTRlMzVjY2NiNDllNGE5ZDBiMWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOPs66eAuKR+gtuts7KT7HTbTxetUFdKxYyYKYABY5lxzH3owOCrt8do1uR
ukXSVdPVrZkuAurnPO1O5V8suYpJK6ZjlFJFtJgjb1epw5ipr242JptBlBMgkOVy
TNv8isxPGzyLdJyEguOIirZ9vrfcwfhRWM1dRaL7k4Za7Xpw8ZNwOgKb0AcAr+nl
DysueQ9bC790w3kQhNe/t5nprTwE4ths5KyOH3pnZRcOLV0xj4H+8qtDXTAv8ueL
sZSo7yqJQFS9BvyPoMh/eWhJ2EgyPdkxbVy9H/CvzxX2d6QfA9OahcKdmI/yZEuQ
NgaVAaIgF1GqBb1cImEzWCTME3cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSISKCy
Z6GZOjU4zFXRkHqROKD7kTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmM1YmE2NzMtNmQ5YS00ZWYyLWI4YTAtMTFkMGRkYmYzMDJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBSoF0BQA
MA0GCSqGSIb3DQEBCwUAA4IBAQClps9sHVJiu96vnCfvM4Y3LJp4ZQTJPEXltbXH
FLxn5UnSDvGrVJCbOflRHgddaDFBZCMlP/CzyvPujm352xy2u+s3TyQmTn0bWNUY
Rl9rqx+o5sBU7z7LKYpcvQ9okev+YJkbw8E+yF+SatT+7R8tF1k7rpYAUss/0fKR
ctw8lyTRUoYsq+1TOMI+knoZ/0vUCLW5QI/vQUjYRNVbnautw75s03psFWnNex/P
uVW0SZTtauMwldgCfQl/FEkG9gJOkTjVjsD4CJMVrktOXOsqG0mXPOBnQ+syP0Bf
LtrzD+/U6MTOl09Yvg3/5wh/keQxgiCeEBDCp8M3SGGC4Gnz
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:27:54 2025 by rpki-client