Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/41abc6c7-a6fb-4666-b503-a8a0784797a1.roa
File: 41abc6c7-a6fb-4666-b503-a8a0784797a1.roa (raw, json)
Hash identifier: fIXVS/gU8C84bWPKQXufjP7bp9GmhF3/Yy+fq2jsNe0=
Subject key identifier: C8:8A:2A:33:AA:30:4D:B6:BB:A2:3C:1F:C4:51:C9:EE:73:D1:A6:43
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 118CBFE9D4FACEAD90FA0DAF3EDEC85E579A9C53
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/41abc6c7-a6fb-4666-b503-a8a0784797a1.roa
Signing time: Mon 16 Jun 2025 20:21:24 +0000
ROA not before: Mon 16 Jun 2025 20:21:24 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:8c:bf:e9:d4:fa:ce:ad:90:fa:0d:af:3e:de:c8:5e:57:9a:9c:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:21:24 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=20eca678c09c0745406611786fbfbd14b8cc5b3731301f9c61d7ee95e3b32bb3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a4:fb:1f:25:a3:e0:b9:8b:fe:b9:b4:92:dc:
fa:a8:83:0b:3d:cf:c6:9e:32:e1:c3:8a:49:8a:91:
11:f7:87:cb:b4:b6:48:18:cb:36:c0:e0:27:76:09:
6c:c8:e7:07:48:44:a1:eb:77:c8:d9:80:b1:75:33:
e1:3a:bd:e8:ca:4f:1c:d1:3b:4b:ad:c1:77:1a:ad:
7a:56:85:38:53:c2:31:08:c6:2f:c1:b8:c9:58:bb:
17:78:32:04:b9:bf:72:62:36:be:62:8d:a9:2c:1b:
be:90:11:e4:de:77:67:58:a8:81:b0:37:f1:51:0f:
a9:f6:62:92:63:cd:46:df:e9:ed:0a:18:9a:c9:78:
a1:00:ec:41:ae:ca:87:9a:a4:9d:94:81:11:89:6a:
22:09:52:56:9e:af:f9:00:be:d0:ea:b2:65:ce:02:
f5:3e:4d:38:39:55:b5:0c:ac:3b:bb:0c:3a:8c:da:
3c:16:f4:bb:b9:c7:7e:55:89:5f:d2:97:dc:6d:af:
f2:55:a7:ef:4c:d2:68:49:52:8a:e8:1e:21:e3:d1:
85:d7:e1:18:52:91:92:9e:06:a1:f1:05:84:06:f8:
0f:1d:52:ed:6a:e5:d2:de:a6:9a:84:cc:64:1d:7d:
dc:64:62:c8:04:38:ac:e4:25:b4:93:78:a3:a6:3a:
61:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:8A:2A:33:AA:30:4D:B6:BB:A2:3C:1F:C4:51:C9:EE:73:D1:A6:43
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/41abc6c7-a6fb-4666-b503-a8a0784797a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:8000::/40
Signature Algorithm: sha256WithRSAEncryption
7d:d6:19:20:08:ba:bc:7a:bc:cd:38:8e:d9:c2:b6:55:20:e0:
2c:ed:1e:cf:d6:a0:44:f1:6e:52:93:e9:22:a3:96:4e:ba:c4:
28:72:31:77:4a:6f:15:a0:6e:36:7d:4b:ca:b6:75:ea:1e:85:
26:d6:9e:01:15:df:8c:7b:34:ad:1c:34:68:42:26:f7:d0:bf:
fd:60:b6:7d:07:1c:29:d6:36:9b:37:9a:ac:c8:cf:35:be:ab:
2c:47:cf:cd:7e:18:b7:31:73:96:5e:d6:64:34:a3:c6:61:a0:
e2:74:ac:31:70:80:46:7d:3a:db:72:c3:59:e8:ea:80:d6:ea:
9a:8e:d9:26:a9:cb:68:02:65:ad:fc:ad:95:4e:9a:7f:b5:32:
cb:fa:10:92:e4:90:c7:2e:e6:7a:6f:02:ca:48:52:d0:c5:60:
6b:cf:4f:87:0b:47:a1:9c:f2:54:ee:51:56:62:72:24:90:7b:
55:f1:08:c7:dd:36:cb:79:e1:fa:ea:41:79:0e:4c:40:d8:5e:
16:50:59:66:3a:26:2b:ba:aa:54:20:63:1b:fa:52:69:1d:fa:
b5:33:56:c7:4e:ac:df:42:98:a6:5e:4b:f6:d4:a3:0b:34:1a:
ea:92:20:d7:ce:00:ad:0e:44:bd:e3:70:6a:1e:58:f4:ba:28:
9c:27:de:9e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEYy/6dT6zq2Q+g2vPt7IXleanFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDIxMjRaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwZWNhNjc4YzA5YzA3NDU0MDY2MTE3ODZmYmZiZDE0YjhjYzViMzczMTMw
MWY5YzYxZDdlZTk1ZTNiMzJiYjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKek+x8lo+C5i/65tJLc+qiDCz3Pxp4y4cOKSYqREfeHy7S2SBjLNsDgJ3YJ
bMjnB0hEoet3yNmAsXUz4Tq96MpPHNE7S63BdxqtelaFOFPCMQjGL8G4yVi7F3gy
BLm/cmI2vmKNqSwbvpAR5N53Z1iogbA38VEPqfZikmPNRt/p7QoYmsl4oQDsQa7K
h5qknZSBEYlqIglSVp6v+QC+0OqyZc4C9T5NODlVtQysO7sMOozaPBb0u7nHflWJ
X9KX3G2v8lWn70zSaElSiugeIePRhdfhGFKRkp4GofEFhAb4Dx1S7Wrl0t6mmoTM
ZB193GRiyAQ4rOQltJN4o6Y6YUUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTIiioz
qjBNtruiPB/EUcnuc9GmQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDFhYmM2YzctYTZmYi00NjY2LWI1MDMtYThhMDc4NDc5N2ExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACA
MA0GCSqGSIb3DQEBCwUAA4IBAQB91hkgCLq8erzNOI7ZwrZVIOAs7R7P1qBE8W5S
k+kio5ZOusQocjF3Sm8VoG42fUvKtnXqHoUm1p4BFd+MezStHDRoQib30L/9YLZ9
Bxwp1jabN5qsyM81vqssR8/Nfhi3MXOWXtZkNKPGYaDidKwxcIBGfTrbcsNZ6OqA
1uqajtkmqctoAmWt/K2VTpp/tTLL+hCS5JDHLuZ6bwLKSFLQxWBrz0+HC0ehnPJU
7lFWYnIkkHtV8QjH3TbLeeH66kF5DkxA2F4WUFlmOiYruqpUIGMb+lJpHfq1M1bH
TqzfQpimXkv21KMLNBrqkiDXzgCtDkS943BqHlj0uiicJ96e
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:49:06 2025 by rpki-client