Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa
File: 35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa (raw, json)
Hash identifier: c/04knlcIPSoZcAwyiJQFQWhGESHpAbm7edAhGcvEL4=
Subject key identifier: 76:E2:D6:DA:BE:0F:E2:17:4F:6F:E0:A5:AA:24:97:1D:A3:63:C1:82
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 14C285BAE4F106B67CE4880C452E46CBFFD02FF6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa
Signing time: Tue 17 Jun 2025 00:40:47 +0000
ROA not before: Tue 17 Jun 2025 00:40:47 +0000
ROA not after: Tue 22 Jul 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 15:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:c2:85:ba:e4:f1:06:b6:7c:e4:88:0c:45:2e:46:cb:ff:d0:2f:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 17 00:40:47 2025 GMT
Not After : Jul 22 23:59:59 2025 GMT
Subject: serialNumber=d5df43626bbdd8003e3616694c34e5403d28094cc8196813e7ad54e984e208e1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:70:54:4d:b5:61:46:93:4e:55:03:31:30:5d:
e4:bf:91:0c:13:aa:a7:f6:96:79:0c:22:a8:b0:de:
41:d1:d8:fa:cc:da:9b:a8:7d:dc:bf:54:b7:d1:11:
f8:40:c2:e2:2e:9a:13:3c:d0:49:7b:39:6d:16:cf:
13:de:6f:90:37:b0:b8:d6:f5:c8:f9:7a:7e:b9:78:
cb:f6:b5:32:d1:1b:87:37:5b:57:3c:ce:01:1a:d3:
fa:cd:5f:5b:aa:48:11:da:6a:21:f0:c3:36:46:68:
bd:06:31:94:e5:0a:46:7d:9f:35:97:f1:b7:5c:8a:
38:cb:a2:34:63:59:65:d2:8f:47:52:2b:c2:8f:cf:
aa:3d:a2:65:5c:4d:c4:7c:9e:6c:33:f6:64:93:00:
9f:10:31:cc:15:3b:3e:8b:58:d1:45:4b:ac:06:2f:
8a:18:88:3c:a0:a3:77:f5:2d:f5:73:08:49:96:e0:
ab:a9:54:5e:fb:af:d3:6e:10:fb:11:91:ff:54:d3:
d3:a0:aa:ef:4b:14:81:52:0f:a7:37:ee:d5:3d:83:
01:c0:37:43:d3:e7:b8:8c:b0:e1:42:7d:86:9d:5d:
9d:8d:24:db:c9:cf:79:15:e5:6d:d9:c4:95:4e:2b:
6e:d9:0e:dc:84:44:cb:6b:a5:45:eb:c3:10:71:2e:
fe:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:E2:D6:DA:BE:0F:E2:17:4F:6F:E0:A5:AA:24:97:1D:A3:63:C1:82
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:2000::/40
Signature Algorithm: sha256WithRSAEncryption
be:7f:91:b3:98:f1:a4:96:d4:1a:14:00:e5:10:56:6e:f5:7f:
0c:42:30:0a:8d:4d:87:18:ad:17:ad:c9:d9:1e:27:f9:85:c7:
e1:fc:6b:93:4c:64:df:2c:af:47:64:85:24:3d:b7:c7:31:15:
c7:e1:0d:8c:ce:54:8a:fa:b3:05:a5:ab:f2:05:99:3a:39:14:
88:12:44:c5:28:d3:0f:d6:db:a3:fb:b7:5d:a0:cd:e2:13:d2:
5e:16:0e:04:58:38:18:13:4a:19:70:b7:47:90:9e:a7:35:01:
e9:0c:5b:36:8e:a0:55:4c:7f:f2:15:bc:fa:5c:40:a1:95:d4:
cd:a5:df:9c:71:2a:13:55:a3:52:3d:ae:a9:48:73:c9:81:b3:
9b:2a:3d:cc:e4:a1:53:45:4e:94:fd:d9:c6:ef:c5:0a:7e:8e:
8c:ba:0d:dc:73:ff:a8:ae:13:39:63:1c:31:35:ea:cb:66:9d:
9c:f4:c5:0d:27:83:02:15:2c:d8:8d:ca:38:35:30:d1:be:96:
f9:ec:6f:1c:c3:40:de:58:b0:da:a1:fa:80:a6:5e:fe:07:cb:
38:53:cb:90:d9:14:f9:d4:4c:d2:48:5d:39:37:37:12:2a:e7:
61:d6:64:1b:9a:20:05:8e:dc:dc:b2:59:0d:16:9e:4a:93:53:
bd:a9:e2:76
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFMKFuuTxBrZ85IgMRS5Gy//QL/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTcwMDQwNDdaFw0yNTA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1ZGY0MzYyNmJiZGQ4MDAzZTM2MTY2OTRjMzRlNTQwM2QyODA5NGNjODE5
NjgxM2U3YWQ1NGU5ODRlMjA4ZTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNwVE21YUaTTlUDMTBd5L+RDBOqp/aWeQwiqLDeQdHY+szam6h93L9Ut9ER
+EDC4i6aEzzQSXs5bRbPE95vkDewuNb1yPl6frl4y/a1MtEbhzdbVzzOARrT+s1f
W6pIEdpqIfDDNkZovQYxlOUKRn2fNZfxt1yKOMuiNGNZZdKPR1Irwo/Pqj2iZVxN
xHyebDP2ZJMAnxAxzBU7PotY0UVLrAYvihiIPKCjd/Ut9XMISZbgq6lUXvuv024Q
+xGR/1TT06Cq70sUgVIPpzfu1T2DAcA3Q9PnuIyw4UJ9hp1dnY0k28nPeRXlbdnE
lU4rbtkO3IREy2ulRevDEHEu/pECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR24tba
vg/iF09v4KWqJJcdo2PBgjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVhODcxN2MtZWNmNi00Y2Y3LWE3M2MtZjU2NmY3ODg0YTE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fkg
MA0GCSqGSIb3DQEBCwUAA4IBAQC+f5GzmPGkltQaFADlEFZu9X8MQjAKjU2HGK0X
rcnZHif5hcfh/GuTTGTfLK9HZIUkPbfHMRXH4Q2MzlSK+rMFpavyBZk6ORSIEkTF
KNMP1tuj+7ddoM3iE9JeFg4EWDgYE0oZcLdHkJ6nNQHpDFs2jqBVTH/yFbz6XECh
ldTNpd+ccSoTVaNSPa6pSHPJgbObKj3M5KFTRU6U/dnG78UKfo6Mug3cc/+orhM5
YxwxNerLZp2c9MUNJ4MCFSzYjco4NTDRvpb57G8cw0DeWLDaofqApl7+B8s4U8uQ
2RT51EzSSF05NzcSKudh1mQbmiAFjtzcslkNFp5Kk1O9qeJ2
-----END CERTIFICATE-----
Generated at Sat Jun 28 23:49:04 2025 by rpki-client