Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
File: 3bde61a2-7506-48c2-8365-3447411d858e.roa (raw, json)
Hash identifier: DNSqVFG88dxl5nFoz2hqnbtYGB1e1bYg3fNZZf/eaQY=
Subject key identifier: E0:91:3A:5D:1D:D0:FA:37:CD:D0:28:82:A7:42:56:05:A8:CB:8F:B3
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 17C5BF0CD5ABC5871C8C44E99815F6DCF8EBAB96
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
Signing time: Mon 16 Jun 2025 21:20:15 +0000
ROA not before: Mon 16 Jun 2025 21:20:15 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:c5:bf:0c:d5:ab:c5:87:1c:8c:44:e9:98:15:f6:dc:f8:eb:ab:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:20:15 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=fc01ff63878b0a19d3139c30b2c11c895ae8edf7bb10d33756ed5504cb1d6250, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:ec:f8:79:ab:62:0d:67:c8:78:19:d4:77:90:
6a:a2:4e:73:28:b7:18:7d:a2:cd:65:59:da:42:3b:
88:c0:d8:a0:03:0b:08:ad:d7:26:5e:98:47:60:30:
57:17:22:c2:f7:4f:9e:98:c1:25:cb:f4:cc:da:61:
c6:a5:d2:eb:42:a8:3e:ae:c4:e5:31:df:a2:f7:8f:
fc:1b:d7:15:30:05:03:92:aa:8e:c4:5b:a0:72:25:
fe:3a:0e:08:5f:39:d2:82:ab:b8:5e:bb:42:35:0f:
ec:5b:18:1a:60:2d:ab:c5:fa:1a:20:48:89:7f:3d:
6e:8a:09:91:e3:fb:7b:88:18:64:9b:88:dc:6f:9b:
48:26:b6:56:60:02:d5:ad:bb:13:3f:b0:f7:5f:f0:
c8:3a:b2:c7:1d:fb:69:c9:69:a8:3f:72:2b:1e:50:
99:4f:17:86:04:e4:c3:c7:34:69:73:52:73:74:d2:
80:f0:f8:20:fa:44:d9:f3:3c:f4:45:b6:f4:f1:9c:
c5:8e:f9:bc:ff:8a:40:48:2e:5b:12:74:db:29:b0:
55:3a:b2:ca:bf:64:d0:30:51:3e:77:59:4c:e0:b5:
c1:ab:1b:52:9f:96:5e:f2:5b:2e:c5:c6:bb:ac:fb:
d4:b3:38:1e:13:01:35:d3:4c:37:3a:02:ec:fb:6b:
63:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:91:3A:5D:1D:D0:FA:37:CD:D0:28:82:A7:42:56:05:A8:CB:8F:B3
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:5000::/40
Signature Algorithm: sha256WithRSAEncryption
0a:f2:94:b4:2f:f0:11:b4:67:2a:75:9a:f6:91:8f:43:c5:50:
52:5c:f5:b2:7c:2d:6c:14:da:bf:c0:40:20:06:af:f6:b5:18:
3c:71:ac:c7:47:f4:74:8e:b7:02:e1:96:c3:29:33:4f:8e:18:
f3:7f:39:f1:74:e1:c9:33:16:18:d5:97:eb:5d:f0:40:a4:87:
c7:c2:4e:39:83:b4:89:bb:6b:ba:3a:27:7a:90:24:8e:69:d7:
a3:9c:1a:a9:38:fe:8d:1a:f5:6f:74:a6:5b:e1:3b:49:74:1d:
b5:60:4f:cf:05:ab:30:4f:0f:ba:b2:c1:fc:d4:90:43:ed:aa:
fc:1c:8a:12:3a:00:6a:08:7c:52:08:d5:81:a9:04:58:ae:69:
cf:b7:d2:cd:a3:66:fe:01:54:cd:fb:dd:15:30:24:66:14:61:
16:78:b6:41:83:a6:8e:ba:aa:b9:21:d7:1b:5d:82:cd:80:d5:
e3:ce:1b:ff:de:24:e7:e7:30:f9:4d:3c:84:f2:e5:08:d5:2d:
10:07:18:d4:25:f5:7d:36:b9:a7:c7:fe:b5:b4:0b:67:e9:26:
d9:9d:e4:11:8e:a5:81:71:13:84:31:9a:79:25:d0:65:b2:81:
82:74:6f:2f:a1:05:f9:24:0d:cc:48:f7:79:42:e6:c2:5a:57:
2e:58:8a:db
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF8W/DNWrxYccjETpmBX23Pjrq5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTIwMTVaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGZjMDFmZjYzODc4YjBhMTlkMzEzOWMzMGIyYzExYzg5NWFlOGVkZjdiYjEw
ZDMzNzU2ZWQ1NTA0Y2IxZDYyNTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOfs+HmrYg1nyHgZ1HeQaqJOcyi3GH2izWVZ2kI7iMDYoAMLCK3XJl6YR2Aw
VxciwvdPnpjBJcv0zNphxqXS60KoPq7E5THfoveP/BvXFTAFA5KqjsRboHIl/joO
CF850oKruF67QjUP7FsYGmAtq8X6GiBIiX89booJkeP7e4gYZJuI3G+bSCa2VmAC
1a27Ez+w91/wyDqyxx37aclpqD9yKx5QmU8XhgTkw8c0aXNSc3TSgPD4IPpE2fM8
9EW29PGcxY75vP+KQEguWxJ02ymwVTqyyr9k0DBRPndZTOC1wasbUp+WXvJbLsXG
u6z71LM4HhMBNdNMNzoC7PtrY4cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTgkTpd
HdD6N83QKIKnQlYFqMuPszAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2JkZTYxYTItNzUwNi00OGMyLTgzNjUtMzQ0NzQxMWQ4NThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAK8pS0L/ARtGcqdZr2kY9DxVBSXPWyfC1sFNq/
wEAgBq/2tRg8cazHR/R0jrcC4ZbDKTNPjhjzfznxdOHJMxYY1ZfrXfBApIfHwk45
g7SJu2u6Oid6kCSOadejnBqpOP6NGvVvdKZb4TtJdB21YE/PBaswTw+6ssH81JBD
7ar8HIoSOgBqCHxSCNWBqQRYrmnPt9LNo2b+AVTN+90VMCRmFGEWeLZBg6aOuqq5
IdcbXYLNgNXjzhv/3iTn5zD5TTyE8uUI1S0QBxjUJfV9Nrmnx/61tAtn6SbZneQR
jqWBcROEMZp5JdBlsoGCdG8voQX5JA3MSPd5QubCWlcuWIrb
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:26:48 2025 by rpki-client