Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3af05485-fd97-4026-a50e-0227f46bd107.roa
File: 3af05485-fd97-4026-a50e-0227f46bd107.roa (raw, json)
Hash identifier: 9LJjV6D5oeAEpumh8fbjTDzCKwKTOq3LQ7aObJldtcI=
Subject key identifier: 79:58:C1:C6:E8:7F:2C:56:2F:D1:03:50:CA:14:6A:FE:DC:D7:9A:1D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0470A93342407D4B70F7656665DA0A62C918AC74
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3af05485-fd97-4026-a50e-0227f46bd107.roa
Signing time: Mon 16 Jun 2025 20:11:22 +0000
ROA not before: Mon 16 Jun 2025 20:11:22 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:70:a9:33:42:40:7d:4b:70:f7:65:66:65:da:0a:62:c9:18:ac:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:11:22 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=6901d58d708ef4e750e0a076674fbe1974eeabd0c9f0c21a980293bd9fc01d5d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:5a:9f:2a:00:03:0c:d7:b2:96:a6:90:5f:e2:
f6:03:55:40:e0:c0:43:14:c0:16:3f:09:68:12:5b:
09:a5:49:c2:89:c6:de:07:e5:cf:a7:be:17:ae:a8:
22:6e:0c:48:1d:2c:9f:75:aa:27:b2:24:37:14:ad:
4a:cf:88:0d:67:10:2e:58:ee:fc:8e:3a:84:29:60:
1d:96:03:06:b2:93:6b:19:7f:c0:4d:a7:12:93:dd:
08:d4:8e:7d:9c:6c:cd:09:ad:84:18:53:74:4e:3f:
07:2d:30:e5:4b:06:f5:bb:d8:a0:bd:7f:5f:cd:9e:
fc:6c:9a:5e:7c:1a:11:b4:d1:8f:71:85:a6:c7:a0:
62:92:07:a7:ae:be:9c:6c:e0:b6:c5:d9:23:9e:1f:
4e:56:9f:38:b9:80:8d:c5:ee:c1:b6:ba:b2:1f:8b:
c0:1f:c0:f0:dd:1a:b5:f1:84:9b:f7:2e:73:7c:bf:
14:8e:4e:9c:28:5a:23:f0:60:6c:5a:cd:a9:ae:b7:
97:af:cd:ac:4b:85:80:e8:4b:60:bb:ff:b4:2c:e8:
ee:e5:78:30:e6:85:2d:52:e8:bc:13:8c:25:9d:6a:
0a:61:17:a7:dc:fa:f1:38:ad:7d:2a:25:61:91:ae:
ab:fe:84:d0:f3:06:91:b6:dd:dd:7c:00:ec:01:83:
14:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:58:C1:C6:E8:7F:2C:56:2F:D1:03:50:CA:14:6A:FE:DC:D7:9A:1D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3af05485-fd97-4026-a50e-0227f46bd107.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:6000::/40
Signature Algorithm: sha256WithRSAEncryption
24:c5:c4:11:c1:82:0f:28:a6:d7:22:31:93:4c:09:77:53:94:
84:5b:f2:56:cf:d0:14:2c:9c:8f:cb:6a:3d:d7:8e:b0:7b:3a:
80:f4:15:fa:b7:c7:f6:c4:d9:39:b1:ac:97:1d:33:57:05:a9:
42:03:1e:77:24:b6:bb:ae:b8:98:fb:93:37:6f:54:c1:e7:9e:
bf:00:4b:f8:73:a7:3a:d5:a2:84:3b:ca:75:95:b9:99:5b:60:
a0:7a:0d:4b:08:eb:3c:27:06:a6:66:ce:ad:ac:7b:8d:31:f7:
af:09:be:c1:b6:18:15:6e:f0:ac:99:0c:01:8d:57:67:1e:04:
f0:a0:d4:56:fc:51:9e:87:bb:ad:8a:53:4d:02:e2:76:f6:03:
94:54:1f:9b:f8:ba:b2:2d:df:29:51:66:ca:ee:1f:55:a6:3a:
08:62:62:78:20:57:65:75:79:76:65:db:81:9c:16:53:80:b1:
61:42:0b:a4:96:2d:02:c5:6d:e7:eb:3e:2a:96:97:06:46:b3:
2a:2b:4c:6b:3b:fd:cc:cf:b8:b4:ce:37:1d:84:b9:07:12:95:
92:fa:08:48:51:52:ca:ac:85:06:b6:d4:8f:b3:9d:cf:f6:d6:
59:6a:3e:4b:86:63:9f:d5:4e:ec:ee:41:2e:29:dd:95:d4:a9:
e8:ab:7b:ee
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBHCpM0JAfUtw92VmZdoKYskYrHQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDExMjJaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY5MDFkNThkNzA4ZWY0ZTc1MGUwYTA3NjY3NGZiZTE5NzRlZWFiZDBjOWYw
YzIxYTk4MDI5M2JkOWZjMDFkNWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZanyoAAwzXspamkF/i9gNVQODAQxTAFj8JaBJbCaVJwonG3gflz6e+F66o
Im4MSB0sn3WqJ7IkNxStSs+IDWcQLlju/I46hClgHZYDBrKTaxl/wE2nEpPdCNSO
fZxszQmthBhTdE4/By0w5UsG9bvYoL1/X82e/GyaXnwaEbTRj3GFpsegYpIHp66+
nGzgtsXZI54fTlafOLmAjcXuwba6sh+LwB/A8N0atfGEm/cuc3y/FI5OnChaI/Bg
bFrNqa63l6/NrEuFgOhLYLv/tCzo7uV4MOaFLVLovBOMJZ1qCmEXp9z68TitfSol
YZGuq/6E0PMGkbbd3XwA7AGDFPECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR5WMHG
6H8sVi/RA1DKFGr+3NeaHTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2FmMDU0ODUtZmQ5Ny00MDI2LWE1MGUtMDIyN2Y0NmJkMTA3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9g
MA0GCSqGSIb3DQEBCwUAA4IBAQAkxcQRwYIPKKbXIjGTTAl3U5SEW/JWz9AULJyP
y2o9146wezqA9BX6t8f2xNk5sayXHTNXBalCAx53JLa7rriY+5M3b1TB556/AEv4
c6c61aKEO8p1lbmZW2Cgeg1LCOs8JwamZs6trHuNMfevCb7BthgVbvCsmQwBjVdn
HgTwoNRW/FGeh7utilNNAuJ29gOUVB+b+LqyLd8pUWbK7h9VpjoIYmJ4IFdldXl2
ZduBnBZTgLFhQgukli0CxW3n6z4qlpcGRrMqK0xrO/3Mz7i0zjcdhLkHEpWS+ghI
UVLKrIUGttSPs53P9tZZaj5LhmOf1U7s7kEuKd2V1Knoq3vu
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:53:36 2025 by rpki-client