Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
File: 3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa (raw, json)
Hash identifier: Ni2omkSWX+r9i+KC8ZGA7QQ4mojiBXeroUU4Uspj0/4=
Subject key identifier: A1:96:8A:D8:EE:6B:65:B7:14:43:98:3B:EF:99:14:5A:8A:7D:5C:48
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0FD429CC1FA365DDD906A17E0B4900EEC17A6F36
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
Signing time: Tue 17 Jun 2025 00:40:45 +0000
ROA not before: Tue 17 Jun 2025 00:40:45 +0000
ROA not after: Tue 22 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:d4:29:cc:1f:a3:65:dd:d9:06:a1:7e:0b:49:00:ee:c1:7a:6f:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 17 00:40:45 2025 GMT
Not After : Jul 22 23:59:59 2025 GMT
Subject: serialNumber=9b33beaef01ce86a30aaf992ea682f3ae6c8032bab2f5df8ab3b0ef2e4a26964, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:74:51:2d:2c:de:79:12:06:e1:2a:94:fb:ff:
49:65:68:de:3c:fe:2a:b3:e1:ed:47:f8:86:ac:c3:
47:d7:87:69:dc:f7:9f:ab:a0:74:26:57:15:42:74:
4b:44:2d:60:2f:c0:4f:a1:0e:f4:96:43:2e:7e:94:
c4:20:da:44:86:20:82:3e:44:af:2a:fb:44:e3:76:
34:fd:9b:66:24:d3:11:3d:48:b6:d6:06:c5:71:ae:
1b:97:1f:90:41:eb:12:a6:8b:bb:42:f3:3d:ad:61:
41:73:89:e0:38:9c:cd:d3:c2:e2:39:5a:6e:b0:14:
81:c1:b1:81:8b:78:83:c0:70:c5:02:ee:b8:7b:83:
28:86:a9:60:b5:be:02:5e:2b:57:fb:f5:45:20:54:
7f:12:b2:b5:37:87:b2:ce:8b:21:12:e3:9f:e4:f6:
95:55:28:5a:90:69:2d:a3:eb:11:52:2b:dd:81:f9:
8d:9c:ce:0c:99:30:36:e3:01:a4:1f:38:5f:47:d2:
5d:64:8e:f8:da:ad:8e:b1:a3:88:0d:9a:3a:ed:79:
9a:14:5a:c6:92:78:49:cb:1b:14:e3:dd:e5:00:90:
5c:77:b0:92:24:33:ba:b4:6b:ac:5d:3d:f5:fe:19:
9c:4a:0c:4e:54:b6:9e:20:de:bd:b0:46:59:c5:c4:
62:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:96:8A:D8:EE:6B:65:B7:14:43:98:3B:EF:99:14:5A:8A:7D:5C:48
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:c000::/40
Signature Algorithm: sha256WithRSAEncryption
7b:40:b7:d5:5f:fe:30:08:d8:16:9d:54:ff:0f:15:1f:28:7b:
2d:b8:32:d1:4a:82:76:55:f6:4f:26:cc:4b:b6:7f:d4:1e:af:
7c:71:84:c5:c6:c5:32:3b:7f:2b:09:05:4d:ae:6f:70:dc:3f:
ec:d1:38:42:bf:53:7b:5d:75:7e:a6:bc:cf:3a:f4:9e:dd:2d:
c6:56:cc:da:f4:94:09:fd:8f:37:2e:35:47:1d:b3:56:f1:3c:
01:cc:78:52:5b:a9:85:0f:dc:2c:cf:97:15:12:20:00:07:bd:
f7:43:98:77:01:cc:ad:d4:2a:3a:5b:15:f6:01:e6:39:2a:b4:
41:d2:8a:57:67:0b:f9:ea:c8:02:dc:f9:e3:a4:ea:b0:78:8a:
89:3b:85:85:07:cf:c0:6f:6c:a5:3c:9b:dd:72:68:a9:af:cd:
65:30:9a:d9:c1:6e:c4:1b:ea:90:87:e5:e5:81:8d:f4:ea:7e:
b7:63:5b:87:25:cb:8f:1a:b3:e0:f9:59:c0:d6:c7:d3:01:87:
56:6f:98:d3:8f:f4:cd:83:8f:c3:5e:e5:c5:e9:e5:6a:1f:d0:
7d:77:c5:d3:fa:38:d7:93:c4:af:a9:f5:ec:60:51:2d:85:16:
27:6f:c4:e0:0a:7c:52:3f:0a:b7:03:46:f5:59:dd:a6:8e:e1:
8d:8b:51:d0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUD9QpzB+jZd3ZBqF+C0kA7sF6bzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTcwMDQwNDVaFw0yNTA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDliMzNiZWFlZjAxY2U4NmEzMGFhZjk5MmVhNjgyZjNhZTZjODAzMmJhYjJm
NWRmOGFiM2IwZWYyZTRhMjY5NjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALN0US0s3nkSBuEqlPv/SWVo3jz+KrPh7Uf4hqzDR9eHadz3n6ugdCZXFUJ0
S0QtYC/AT6EO9JZDLn6UxCDaRIYggj5Eryr7RON2NP2bZiTTET1IttYGxXGuG5cf
kEHrEqaLu0LzPa1hQXOJ4DiczdPC4jlabrAUgcGxgYt4g8BwxQLuuHuDKIapYLW+
Al4rV/v1RSBUfxKytTeHss6LIRLjn+T2lVUoWpBpLaPrEVIr3YH5jZzODJkwNuMB
pB84X0fSXWSO+NqtjrGjiA2aOu15mhRaxpJ4ScsbFOPd5QCQXHewkiQzurRrrF09
9f4ZnEoMTlS2niDevbBGWcXEYpkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBShlorY
7mtltxRDmDvvmRRain1cSDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2I1YzY4ZDMtZTVhMS00NzQyLWE5MGMtNTliMWUyOWNmYzAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G/A
MA0GCSqGSIb3DQEBCwUAA4IBAQB7QLfVX/4wCNgWnVT/DxUfKHstuDLRSoJ2VfZP
JsxLtn/UHq98cYTFxsUyO38rCQVNrm9w3D/s0ThCv1N7XXV+przPOvSe3S3GVsza
9JQJ/Y83LjVHHbNW8TwBzHhSW6mFD9wsz5cVEiAAB733Q5h3Acyt1Co6WxX2AeY5
KrRB0opXZwv56sgC3PnjpOqweIqJO4WFB8/Ab2ylPJvdcmipr81lMJrZwW7EG+qQ
h+XlgY306n63Y1uHJcuPGrPg+VnA1sfTAYdWb5jTj/TNg4/DXuXF6eVqH9B9d8XT
+jjXk8SvqfXsYFEthRYnb8TgCnxSPwq3A0b1Wd2mjuGNi1HQ
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:49:07 2025 by rpki-client