Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/528c97d8-1890-4c86-9eee-907363f046e1.roa
File: 528c97d8-1890-4c86-9eee-907363f046e1.roa (raw, json)
Hash identifier: DnHRw1kvzEfCV0JvBUunTR6A1bEfoGn+BHFSqH/eAZk=
Subject key identifier: 43:31:6B:59:AC:1D:71:34:84:F2:5D:B3:9A:2B:21:36:B5:F6:65:85
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2E7E72E9B5C4DE40CBD96F274B68B6ACB6B72F3A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/528c97d8-1890-4c86-9eee-907363f046e1.roa
Signing time: Thu 26 Jun 2025 19:52:06 +0000
ROA not before: Thu 26 Jun 2025 19:52:06 +0000
ROA not after: Thu 31 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:7e:72:e9:b5:c4:de:40:cb:d9:6f:27:4b:68:b6:ac:b6:b7:2f:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 26 19:52:06 2025 GMT
Not After : Jul 31 23:59:59 2025 GMT
Subject: serialNumber=9175b4de39f3b25d993a5108e1348f8de35334ba69fdab067fcbe863c9c7c6ad, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:25:7f:46:8b:6d:bb:d0:b2:bf:94:8d:82:84:
b8:d6:17:e3:6e:94:db:20:2c:ec:82:db:5a:09:84:
07:5d:c1:b7:25:0c:25:9e:a4:0d:a8:ec:53:16:84:
ae:21:f5:05:20:14:99:1d:b9:a3:6a:ca:45:1e:0d:
35:d7:04:5c:fb:82:35:ff:d9:64:ad:c1:32:4b:8e:
75:ae:7f:e1:59:b9:73:c0:0e:6b:ce:2b:e6:21:15:
89:d8:29:b8:ed:44:da:45:3c:96:fa:09:2e:35:c4:
5d:8a:f8:2a:8e:bb:40:6d:f5:2b:36:dd:ea:84:a7:
c3:de:9f:94:aa:0a:ba:e5:04:73:e6:93:0d:ca:3a:
8d:80:7e:3c:79:35:da:5f:e3:fa:5e:9f:a1:f7:3a:
14:04:53:28:b7:e8:b6:a2:1d:d9:50:0c:73:59:d9:
9c:c0:5f:65:5c:3a:2c:fd:d7:c1:49:b4:32:03:2f:
57:2f:ec:52:5c:9a:b8:47:b1:ed:c0:00:bd:f3:06:
ce:01:ac:ab:92:6c:bb:74:3f:7f:49:37:74:83:55:
1d:f1:61:02:85:ca:df:60:aa:1b:6f:4c:67:3b:22:
18:13:f5:f9:d5:cc:fd:db:fd:50:f2:c0:90:c8:b9:
1f:58:aa:5c:17:e2:75:61:e7:dd:d1:bb:a9:ad:82:
a9:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:31:6B:59:AC:1D:71:34:84:F2:5D:B3:9A:2B:21:36:B5:F6:65:85
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/528c97d8-1890-4c86-9eee-907363f046e1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:6000::/40
Signature Algorithm: sha256WithRSAEncryption
85:65:2b:4d:7c:6f:91:f7:c4:7d:87:c2:07:3f:62:7a:2b:47:
c2:9c:06:ef:5b:d0:1d:98:99:69:59:c5:93:aa:6c:14:00:e5:
8b:3b:4d:ff:46:ff:6f:ec:75:89:d8:d4:0f:29:97:2b:ac:ec:
32:d1:c3:33:0e:9f:41:7d:b4:06:23:20:46:70:da:5b:8b:bf:
3e:32:bc:0e:e3:ea:fc:a0:0a:77:7b:5d:2b:43:19:82:ff:9c:
bc:c7:d1:99:95:cc:b4:71:90:d0:95:df:3e:73:04:37:43:8f:
1b:29:5a:bb:f1:d7:79:dc:98:f8:f0:aa:dc:63:47:8c:5b:60:
0b:0c:49:49:55:92:15:c6:a8:bf:46:13:37:d2:9d:9a:b9:07:
39:fd:67:76:cd:e3:ef:0b:36:c9:c9:43:4d:e5:bc:62:88:7c:
86:01:db:b1:a3:76:b4:d7:ac:2d:2c:ae:d3:21:95:70:57:e6:
08:79:e2:75:de:7d:7d:e3:0a:c5:b2:31:b8:ec:a4:83:08:a7:
52:b0:49:56:08:5d:97:42:8c:f9:f5:25:06:14:b4:94:a3:e2:
dd:31:f1:96:6f:30:21:9d:69:6d:a9:f0:e3:8f:31:75:4c:de:
98:57:f8:a5:ec:94:5a:a7:f8:0f:a3:d2:01:0d:b3:de:a5:ef:
4a:00:56:6b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULn5y6bXE3kDL2W8nS2i2rLa3LzowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MjYxOTUyMDZaFw0yNTA3MzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxNzViNGRlMzlmM2IyNWQ5OTNhNTEwOGUxMzQ4ZjhkZTM1MzM0YmE2OWZk
YWIwNjdmY2JlODYzYzljN2M2YWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYlf0aLbbvQsr+UjYKEuNYX426U2yAs7ILbWgmEB13BtyUMJZ6kDajsUxaE
riH1BSAUmR25o2rKRR4NNdcEXPuCNf/ZZK3BMkuOda5/4Vm5c8AOa84r5iEVidgp
uO1E2kU8lvoJLjXEXYr4Ko67QG31Kzbd6oSnw96flKoKuuUEc+aTDco6jYB+PHk1
2l/j+l6fofc6FARTKLfotqId2VAMc1nZnMBfZVw6LP3XwUm0MgMvVy/sUlyauEex
7cAAvfMGzgGsq5Jsu3Q/f0k3dINVHfFhAoXK32CqG29MZzsiGBP1+dXM/dv9UPLA
kMi5H1iqXBfidWHn3dG7qa2CqW0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRDMWtZ
rB1xNITyXbOaKyE2tfZlhTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTI4Yzk3ZDgtMTg5MC00Yzg2LTllZWUtOTA3MzYzZjA0NmUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HNg
MA0GCSqGSIb3DQEBCwUAA4IBAQCFZStNfG+R98R9h8IHP2J6K0fCnAbvW9AdmJlp
WcWTqmwUAOWLO03/Rv9v7HWJ2NQPKZcrrOwy0cMzDp9BfbQGIyBGcNpbi78+MrwO
4+r8oAp3e10rQxmC/5y8x9GZlcy0cZDQld8+cwQ3Q48bKVq78dd53Jj48KrcY0eM
W2ALDElJVZIVxqi/RhM30p2auQc5/Wd2zePvCzbJyUNN5bxiiHyGAduxo3a016wt
LK7TIZVwV+YIeeJ13n194wrFsjG47KSDCKdSsElWCF2XQoz59SUGFLSUo+LdMfGW
bzAhnWltqfDjjzF1TN6YV/il7JRap/gPo9IBDbPepe9KAFZr
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:45:24 2025 by rpki-client