Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4304a130-e9d1-47a4-8ecf-5d755740a478.roa
File: 4304a130-e9d1-47a4-8ecf-5d755740a478.roa (raw, json)
Hash identifier: PXhLXLgbq+DjMVIoaWbOqDhDUmKjIo1+ZqllQv4K+cw=
Subject key identifier: F6:85:39:F3:52:E3:F8:84:69:79:81:50:A3:D9:08:67:07:5F:82:C4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 649A9151169EA191ACCCB99716B910B6EC55DAB9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4304a130-e9d1-47a4-8ecf-5d755740a478.roa
Signing time: Mon 16 Jun 2025 20:10:21 +0000
ROA not before: Mon 16 Jun 2025 20:10:21 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:80e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:9a:91:51:16:9e:a1:91:ac:cc:b9:97:16:b9:10:b6:ec:55:da:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:10:21 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=051a23c212a565716eb2b59109d4f965a1614c43d141c5bdba637083b14431a8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d1:33:db:76:f2:04:14:2a:d1:6e:a9:ec:80:
ef:b9:51:ff:de:49:c9:1c:06:0f:59:47:e2:7d:01:
aa:63:2a:50:6a:46:40:b9:5a:16:aa:21:c4:2e:70:
d5:74:d1:b7:f4:f6:26:d2:78:ec:fd:91:e0:7a:34:
ae:04:a3:34:e5:ee:f2:44:5a:16:fa:5e:64:3c:bc:
64:59:09:b1:dd:bd:99:c8:1e:fa:0f:46:80:eb:67:
4d:b0:5a:88:bb:a4:fa:76:2a:f0:47:f5:a8:f6:2c:
50:93:fb:fc:57:7c:f0:ab:e4:09:45:c5:d0:2c:a3:
5e:66:dc:1c:24:92:7c:6b:d9:07:b2:67:d9:70:a9:
d1:e0:78:1a:c5:68:ca:63:5d:29:eb:19:b5:5b:37:
37:57:29:37:dc:ad:09:a4:8e:82:84:5e:14:a2:e0:
da:52:0b:aa:27:64:da:94:8f:4e:0e:70:06:68:42:
ca:d0:bf:e5:0e:12:d3:69:a2:2b:4a:fa:c6:a5:53:
c6:23:3d:a4:c5:ba:ab:6b:f1:6e:f0:99:7e:ac:08:
dc:45:34:40:72:1c:0e:fa:9b:02:42:20:43:35:dc:
7c:c3:97:de:9f:b1:a9:79:4f:12:7d:41:b7:27:02:
e6:75:bd:49:f6:c9:8e:8f:d7:e1:00:2e:eb:c5:bd:
7f:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:85:39:F3:52:E3:F8:84:69:79:81:50:A3:D9:08:67:07:5F:82:C4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4304a130-e9d1-47a4-8ecf-5d755740a478.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:80e0::/48
Signature Algorithm: sha256WithRSAEncryption
40:77:d0:19:52:f5:95:a5:5e:1f:3d:c5:5b:f4:c4:6b:82:2c:
3b:71:31:ae:25:c7:f3:1e:63:75:b5:f4:cb:4c:07:98:c9:38:
05:21:8e:5b:bd:13:4e:d9:39:a6:80:da:e2:a6:c7:62:ba:48:
65:84:d7:fb:2b:0d:17:e7:87:7d:7e:f8:d6:82:2c:7b:c5:15:
e3:6b:e5:b3:8f:b2:96:c1:de:33:eb:fd:aa:35:3f:d2:5a:02:
88:dc:d8:4d:b3:5d:81:85:94:de:1a:4a:e2:85:f5:02:5a:7e:
92:16:a2:df:92:84:0b:1d:d3:63:4c:64:17:b4:65:1f:3e:b8:
c1:83:3e:f5:08:7b:02:db:1f:e1:8b:af:d9:db:b8:63:af:ef:
f8:83:52:11:51:75:ca:59:25:2d:c3:76:ca:4f:3f:d2:d4:a7:
87:4e:28:4c:2f:a1:81:27:82:b8:bd:33:70:52:ab:ea:3e:99:
65:5d:c8:90:0c:30:8a:aa:0e:3c:2c:0f:57:a9:49:cc:15:3b:
48:ef:51:7f:99:9a:ed:00:77:51:99:ab:6b:a4:3f:e7:4d:48:
18:6f:77:66:d5:fd:f6:99:5a:02:39:bd:ab:8f:94:74:5f:a5:
55:76:8d:81:65:5c:29:05:6e:68:44:23:be:4f:57:ec:19:6c:
af:21:c1:7a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZJqRURaeoZGszLmXFrkQtuxV2rkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDEwMjFaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1MWEyM2MyMTJhNTY1NzE2ZWIyYjU5MTA5ZDRmOTY1YTE2MTRjNDNkMTQx
YzViZGJhNjM3MDgzYjE0NDMxYTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJbRM9t28gQUKtFuqeyA77lR/95JyRwGD1lH4n0BqmMqUGpGQLlaFqohxC5w
1XTRt/T2JtJ47P2R4Ho0rgSjNOXu8kRaFvpeZDy8ZFkJsd29mcge+g9GgOtnTbBa
iLuk+nYq8Ef1qPYsUJP7/Fd88KvkCUXF0CyjXmbcHCSSfGvZB7Jn2XCp0eB4GsVo
ymNdKesZtVs3N1cpN9ytCaSOgoReFKLg2lILqidk2pSPTg5wBmhCytC/5Q4S02mi
K0r6xqVTxiM9pMW6q2vxbvCZfqwI3EU0QHIcDvqbAkIgQzXcfMOX3p+xqXlPEn1B
tycC5nW9SfbJjo/X4QAu68W9f60CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT2hTnz
UuP4hGl5gVCj2QhnB1+CxDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMwNGExMzAtZTlkMS00N2E0LThlY2YtNWQ3NTU3NDBhNDc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
4DANBgkqhkiG9w0BAQsFAAOCAQEAQHfQGVL1laVeHz3FW/TEa4IsO3ExriXH8x5j
dbX0y0wHmMk4BSGOW70TTtk5poDa4qbHYrpIZYTX+ysNF+eHfX741oIse8UV42vl
s4+ylsHeM+v9qjU/0loCiNzYTbNdgYWU3hpK4oX1Alp+khai35KECx3TY0xkF7Rl
Hz64wYM+9Qh7Atsf4Yuv2du4Y6/v+INSEVF1ylklLcN2yk8/0tSnh04oTC+hgSeC
uL0zcFKr6j6ZZV3IkAwwiqoOPCwPV6lJzBU7SO9Rf5ma7QB3UZmra6Q/501IGG93
ZtX99plaAjm9q4+UdF+lVXaNgWVcKQVuaEQjvk9X7BlsryHBeg==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:59:10 2025 by rpki-client