Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
File: 3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa (raw, json)
Hash identifier: KHdF27bWk6ODkuH3tqqkCChRCEMn5qdnaNwuf9yvxNI=
Subject key identifier: 40:A4:A0:03:2D:37:DE:0F:4E:08:51:C5:87:B7:F9:77:FB:2B:45:82
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 17890E42A85F0397A691B92D92E9AEB282E34866
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
Signing time: Mon 16 Jun 2025 21:10:16 +0000
ROA not before: Mon 16 Jun 2025 21:10:16 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:89:0e:42:a8:5f:03:97:a6:91:b9:2d:92:e9:ae:b2:82:e3:48:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:10:16 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=c0d09c0f0a4dc152f326e0373ce5b5ac1b97b656b8dd96e32e9c36ddc060b3ba, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:a6:0a:dc:65:8f:8c:b8:de:ac:f7:61:82:64:
d2:ba:68:55:97:ef:11:69:47:a5:ab:79:95:61:27:
06:10:96:44:d2:94:09:9d:27:59:79:57:9c:d5:dc:
4a:0c:d6:ad:d1:1e:12:be:27:e6:6a:bf:4a:5a:72:
a2:cb:19:45:67:e1:9c:f6:aa:6a:6b:60:03:c0:5d:
ba:0f:73:e2:1c:ac:8b:e8:e7:19:7d:07:da:78:e1:
02:af:68:55:b7:dd:5d:1f:be:cf:ee:8c:28:76:36:
ea:9c:b8:24:90:42:93:ee:e0:cc:d9:f2:74:63:9a:
cc:a4:a7:3b:8b:90:6c:a4:9e:4f:6d:13:2a:4e:8c:
ac:a6:ec:5a:4d:cf:98:b4:1e:87:de:cf:ee:12:2d:
5e:c9:a7:2f:3a:34:63:f1:c7:b9:5f:93:10:06:b2:
c6:f3:f1:f4:f4:a9:b5:f1:e2:89:49:d7:27:63:37:
16:e8:86:3f:f7:94:57:52:07:dd:80:76:0b:75:cf:
fe:07:f4:0f:28:fb:48:f6:b7:7d:be:69:23:80:b3:
41:7b:ef:13:ed:76:9d:4d:bd:f4:42:79:84:1d:40:
8b:d9:70:d4:27:8a:76:4e:e0:9d:03:ab:65:a2:32:
28:8a:c4:35:cf:18:4c:ac:be:b5:8f:e4:70:0d:45:
28:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A4:A0:03:2D:37:DE:0F:4E:08:51:C5:87:B7:F9:77:FB:2B:45:82
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:a000::/40
Signature Algorithm: sha256WithRSAEncryption
41:42:10:a1:05:06:6c:e7:fa:f9:66:ce:a3:51:3c:9d:c0:92:
66:68:ee:dd:a5:3f:81:07:cc:27:6f:fd:3b:77:4d:93:a9:ed:
02:f6:dd:dc:64:a1:82:e2:25:bc:e2:0a:07:23:48:61:39:ab:
ae:09:ef:38:70:45:29:ed:09:dc:7c:f1:f1:74:d5:b7:cd:0a:
0a:58:40:70:7d:1d:4e:93:4a:54:06:a4:2d:a9:67:9b:3e:6c:
9f:0b:49:ae:88:c1:1b:8f:27:21:92:de:b9:e6:e7:11:94:75:
cd:e3:c7:69:00:df:94:98:bf:b7:37:ea:29:28:b9:38:3e:54:
f8:ef:46:4e:e6:0c:b8:33:ce:c3:23:11:f0:1c:21:7f:05:e5:
d9:ac:14:d0:41:bf:66:06:87:48:b7:f0:b9:8d:94:ac:82:96:
c7:43:71:32:1d:8d:14:4a:a7:d9:62:9f:3e:f9:6a:8a:50:8c:
5f:22:eb:3a:e6:64:2c:21:cb:be:58:3e:bb:f6:b2:e0:71:e1:
07:01:72:8d:d7:83:e2:d7:f6:9c:93:bf:c3:b3:c9:f3:f6:54:
29:13:d9:cf:98:45:15:88:4c:ba:74:e8:03:d1:8a:19:82:a3:
b1:02:65:43:bd:22:e9:22:7f:a3:4e:3d:fa:e8:26:dd:89:15:
d6:03:9f:be
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF4kOQqhfA5emkbktkumusoLjSGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTEwMTZaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwZDA5YzBmMGE0ZGMxNTJmMzI2ZTAzNzNjZTViNWFjMWI5N2I2NTZiOGRk
OTZlMzJlOWMzNmRkYzA2MGIzYmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALimCtxlj4y43qz3YYJk0rpoVZfvEWlHpat5lWEnBhCWRNKUCZ0nWXlXnNXc
SgzWrdEeEr4n5mq/SlpyossZRWfhnPaqamtgA8Bdug9z4hysi+jnGX0H2njhAq9o
VbfdXR++z+6MKHY26py4JJBCk+7gzNnydGOazKSnO4uQbKSeT20TKk6MrKbsWk3P
mLQeh97P7hItXsmnLzo0Y/HHuV+TEAayxvPx9PSptfHiiUnXJ2M3FuiGP/eUV1IH
3YB2C3XP/gf0Dyj7SPa3fb5pI4CzQXvvE+12nU299EJ5hB1Ai9lw1CeKdk7gnQOr
ZaIyKIrENc8YTKy+tY/kcA1FKC8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRApKAD
LTfeD04IUcWHt/l3+ytFgjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2E2MjcxYzgtNmYwMi00NWYxLTk3ZDYtY2UyN2I0NjNkM2I1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dqg
MA0GCSqGSIb3DQEBCwUAA4IBAQBBQhChBQZs5/r5Zs6jUTydwJJmaO7dpT+BB8wn
b/07d02Tqe0C9t3cZKGC4iW84goHI0hhOauuCe84cEUp7QncfPHxdNW3zQoKWEBw
fR1Ok0pUBqQtqWebPmyfC0muiMEbjychkt655ucRlHXN48dpAN+UmL+3N+opKLk4
PlT470ZO5gy4M87DIxHwHCF/BeXZrBTQQb9mBodIt/C5jZSsgpbHQ3EyHY0USqfZ
Yp8++WqKUIxfIus65mQsIcu+WD679rLgceEHAXKN14Pi1/ack7/Ds8nz9lQpE9nP
mEUViEy6dOgD0YoZgqOxAmVDvSLpIn+jTj366CbdiRXWA5++
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:55:35 2025 by rpki-client