Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c7c4703-2876-4e04-b857-8c0298bd0897.roa
File: 3c7c4703-2876-4e04-b857-8c0298bd0897.roa (raw, json)
Hash identifier: yar4CkCl3pd5u/v7TbjhIwmCgamGM+S0GjMURk0JdnA=
Subject key identifier: 39:E6:A1:24:2D:25:6C:00:03:88:FC:96:4E:05:AD:EF:7A:DA:3B:84
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2212FAD063C085E72FE768FA313EA262C109D0A8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c7c4703-2876-4e04-b857-8c0298bd0897.roa
Signing time: Tue 05 Aug 2025 18:50:55 +0000
ROA not before: Tue 05 Aug 2025 18:50:55 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:12:fa:d0:63:c0:85:e7:2f:e7:68:fa:31:3e:a2:62:c1:09:d0:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 18:50:55 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=d106596bf2c5fa879b31a21512a74c8c3891394878b62f336112624159825899, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:eb:08:99:f8:17:3d:cd:10:7c:2e:d7:25:1c:
8c:4e:11:d2:b6:ee:04:e9:01:cc:72:a3:20:98:39:
d1:9f:64:1d:b0:1b:0e:9a:70:32:47:f1:14:78:c0:
c5:99:29:60:2d:f9:b3:5f:43:51:77:d5:9c:0a:27:
b9:3c:fe:2f:30:a4:66:53:7f:30:f3:b4:38:1d:8d:
12:34:2e:1c:c0:43:08:f0:b2:4c:0c:c8:f2:91:fb:
8d:87:2c:11:6a:b8:51:27:43:21:ee:9e:68:5a:94:
2d:9d:b0:3f:dd:f0:3f:b0:68:92:5d:95:74:a6:fd:
75:d0:74:1b:34:2e:48:29:2b:0b:b3:76:4e:be:cf:
ec:2a:85:d5:b8:ac:3c:f4:b3:b0:b7:ec:ec:1e:06:
ac:8b:78:ca:8e:0e:c9:87:82:68:9f:39:6c:59:d8:
9c:bf:fa:e5:27:50:b8:4e:a2:17:e8:57:00:fb:e7:
d3:f7:e8:0a:01:3a:67:a9:c2:7c:9c:c2:64:3a:c2:
39:c7:8e:f8:28:3e:9e:9c:7b:27:9b:9a:97:e2:6f:
7a:01:c1:22:d5:60:ed:39:e8:9b:eb:fa:3d:84:86:
08:6c:ad:83:e7:28:2f:4b:9d:ab:e0:05:5d:6b:46:
9d:56:c7:2d:c3:09:ab:1f:e0:3a:be:89:7e:bb:32:
3c:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:E6:A1:24:2D:25:6C:00:03:88:FC:96:4E:05:AD:EF:7A:DA:3B:84
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c7c4703-2876-4e04-b857-8c0298bd0897.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:b000::/40
Signature Algorithm: sha256WithRSAEncryption
28:60:e8:48:14:de:e9:98:b9:31:aa:5c:60:d5:84:59:e5:b6:
0d:ac:63:75:c4:5a:04:32:73:0f:7c:e5:49:4a:b9:26:90:0d:
cd:ec:9a:b5:61:63:b9:40:4b:3d:85:3f:ed:58:a8:1b:1c:92:
d7:25:ce:37:40:db:0d:d0:d6:67:06:9b:40:ab:f5:19:4f:1f:
81:44:1e:7f:2d:dd:78:97:93:ef:93:93:97:c6:49:e3:f2:f6:
b8:70:37:92:d0:9e:d1:88:ed:38:88:5f:d0:51:a4:e7:5d:92:
d7:aa:93:81:05:2d:4d:1c:27:06:ad:53:7d:33:51:65:3d:c4:
cd:35:5b:fe:55:d6:16:b6:da:d0:94:b6:90:df:df:5e:46:ab:
d4:57:3f:c8:d8:b3:92:75:bb:40:cf:35:7d:e1:f4:21:5e:e8:
2e:67:0c:b5:8a:17:fa:1c:98:fa:bb:86:dc:8a:36:a1:8d:3d:
0a:6f:7c:f8:dd:cd:62:d3:44:5b:00:6c:af:03:7b:ba:41:dc:
c0:3b:03:6d:a8:28:b5:1e:9b:cf:a2:43:a0:05:db:c8:f4:2e:
b5:55:52:30:01:65:a4:2b:7e:eb:27:60:8f:52:40:32:dc:80:
88:1b:21:a9:47:22:35:d8:ea:50:bb:a1:40:ae:75:51:fe:95:
48:57:16:df
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIhL60GPAhecv52j6MT6iYsEJ0KgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxODUwNTVaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxMDY1OTZiZjJjNWZhODc5YjMxYTIxNTEyYTc0YzhjMzg5MTM5NDg3OGI2
MmYzMzYxMTI2MjQxNTk4MjU4OTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANPrCJn4Fz3NEHwu1yUcjE4R0rbuBOkBzHKjIJg50Z9kHbAbDppwMkfxFHjA
xZkpYC35s19DUXfVnAonuTz+LzCkZlN/MPO0OB2NEjQuHMBDCPCyTAzI8pH7jYcs
EWq4USdDIe6eaFqULZ2wP93wP7Bokl2VdKb9ddB0GzQuSCkrC7N2Tr7P7CqF1bis
PPSzsLfs7B4GrIt4yo4OyYeCaJ85bFnYnL/65SdQuE6iF+hXAPvn0/foCgE6Z6nC
fJzCZDrCOceO+Cg+npx7J5ual+JvegHBItVg7Tnom+v6PYSGCGytg+coL0udq+AF
XWtGnVbHLcMJqx/gOr6JfrsyPB0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ55qEk
LSVsAAOI/JZOBa3veto7hDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2M3YzQ3MDMtMjg3Ni00ZTA0LWI4NTctOGMwMjk4YmQwODk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H+w
MA0GCSqGSIb3DQEBCwUAA4IBAQAoYOhIFN7pmLkxqlxg1YRZ5bYNrGN1xFoEMnMP
fOVJSrkmkA3N7Jq1YWO5QEs9hT/tWKgbHJLXJc43QNsN0NZnBptAq/UZTx+BRB5/
Ld14l5Pvk5OXxknj8va4cDeS0J7RiO04iF/QUaTnXZLXqpOBBS1NHCcGrVN9M1Fl
PcTNNVv+VdYWttrQlLaQ399eRqvUVz/I2LOSdbtAzzV94fQhXuguZwy1ihf6HJj6
u4bcijahjT0Kb3z43c1i00RbAGyvA3u6QdzAOwNtqCi1HpvPokOgBdvI9C61VVIw
AWWkK37rJ2CPUkAy3ICIGyGpRyI12OpQu6FArnVR/pVIVxbf
-----END CERTIFICATE-----
Generated at Sat Aug 23 12:00:05 2025 by rpki-client