Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
File: 543bc67d-08f9-4a99-bf5e-68100e034395.roa (raw, json)
Hash identifier: SJ+Oh4zBdjSUhcro9CxrA3ezzm1dzth3LQ5rigHKa3A=
Subject key identifier: 64:DC:4E:AD:C8:8A:CB:DD:2A:70:BE:07:B0:A3:53:41:5C:A6:8B:9E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0794E4072D3C5BB8FF00056FC4D912DD8016C1C2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
Signing time: Mon 16 Jun 2025 20:11:32 +0000
ROA not before: Mon 16 Jun 2025 20:11:32 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:4080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:94:e4:07:2d:3c:5b:b8:ff:00:05:6f:c4:d9:12:dd:80:16:c1:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:11:32 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=d66e6b69a547217dbd5697e8e5798f2c76a5b1e9604b25a6e4063100bc7f05fa, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:8c:47:8f:db:48:8a:09:70:33:a4:44:23:0a:
02:1a:bd:42:1e:22:ce:a2:22:db:ff:b7:ef:ab:19:
0b:b9:10:d7:58:57:64:38:6c:3d:4b:7d:77:f7:29:
a6:0a:eb:2d:8e:c5:27:b2:2c:85:c1:39:26:cd:b1:
49:23:e9:4a:98:de:c5:f3:b6:63:b7:84:e7:7e:42:
8a:28:24:21:18:3d:a5:ce:73:70:c9:9a:d8:be:56:
42:af:a7:6e:b7:6f:f8:00:e3:30:a7:40:91:64:d0:
fc:63:f1:51:dc:49:e0:09:28:8d:87:5a:75:c4:31:
7c:42:6c:81:74:65:90:ff:00:bd:2a:68:b0:90:fc:
32:df:00:87:6a:7c:ae:87:7b:e1:d7:17:18:6b:f2:
51:f3:3e:fa:b7:75:98:93:fc:a5:4b:51:8f:70:a5:
bc:7d:ef:3e:06:4b:a6:eb:76:5e:18:ff:f6:4d:af:
68:22:10:d0:e8:15:8c:73:36:ec:a5:92:31:b0:d1:
17:e9:d9:49:df:be:31:8d:d1:43:7a:39:d9:88:df:
3f:db:a4:65:3e:41:c3:df:0a:cc:d6:cd:1b:6d:c9:
e0:d9:0e:b3:b1:70:64:62:8f:03:f8:10:1b:7a:5f:
1c:99:c0:7e:52:7f:db:6d:b9:e6:aa:5b:65:ac:7a:
a0:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:DC:4E:AD:C8:8A:CB:DD:2A:70:BE:07:B0:A3:53:41:5C:A6:8B:9E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:4080::/48
Signature Algorithm: sha256WithRSAEncryption
0b:64:16:2d:06:3e:70:fa:a3:e1:53:f7:da:60:55:cf:76:5f:
e7:99:cb:ae:1f:1a:9f:7b:73:7f:ea:0d:cb:e2:e8:96:b4:59:
7a:e3:81:68:d7:4e:15:d6:60:6d:f9:93:0a:eb:f9:60:b1:0a:
0b:02:fa:39:72:e1:15:81:94:bd:52:a2:f6:12:cc:04:a7:9c:
b5:64:3d:b5:ce:28:42:e5:ca:4b:71:05:bf:2c:c0:9d:75:fa:
5c:05:9a:ad:38:30:0f:77:4c:53:64:8b:d0:6b:c4:52:77:14:
b0:7b:72:56:af:30:c9:cc:ef:4d:6d:ca:04:2d:34:98:a1:96:
21:92:78:3f:eb:a5:e8:d2:98:f7:57:c5:9f:b9:45:2c:6b:13:
e6:de:47:9d:be:7c:22:65:5c:a6:af:dd:6f:ea:fc:60:45:9a:
25:45:93:e5:e2:44:b4:84:35:16:ad:a3:6c:ae:14:e3:1a:de:
ab:b5:25:db:84:dd:cf:d6:ad:e6:5c:0b:0b:6a:57:2d:aa:41:
3e:84:c2:c7:3b:09:26:cd:fc:6e:31:ce:a9:69:83:99:b5:53:
ab:83:ec:83:73:38:da:dd:40:a7:1b:39:1a:3c:b7:45:28:7f:
df:28:81:1a:27:18:d3:30:2e:5d:99:60:62:91:87:0e:99:49:
aa:96:e2:5c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUB5TkBy08W7j/AAVvxNkS3YAWwcIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDExMzJaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ2NmU2YjY5YTU0NzIxN2RiZDU2OTdlOGU1Nzk4ZjJjNzZhNWIxZTk2MDRi
MjVhNmU0MDYzMTAwYmM3ZjA1ZmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqMR4/bSIoJcDOkRCMKAhq9Qh4izqIi2/+376sZC7kQ11hXZDhsPUt9d/cp
pgrrLY7FJ7IshcE5Js2xSSPpSpjexfO2Y7eE535CiigkIRg9pc5zcMma2L5WQq+n
brdv+ADjMKdAkWTQ/GPxUdxJ4AkojYdadcQxfEJsgXRlkP8AvSposJD8Mt8Ah2p8
rod74dcXGGvyUfM++rd1mJP8pUtRj3ClvH3vPgZLput2Xhj/9k2vaCIQ0OgVjHM2
7KWSMbDRF+nZSd++MY3RQ3o52YjfP9ukZT5Bw98KzNbNG23J4NkOs7FwZGKPA/gQ
G3pfHJnAflJ/22255qpbZax6oK8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRk3E6t
yIrL3Spwvgewo1NBXKaLnjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQzYmM2N2QtMDhmOS00YTk5LWJmNWUtNjgxMDBlMDM0Mzk1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJA
gDANBgkqhkiG9w0BAQsFAAOCAQEAC2QWLQY+cPqj4VP32mBVz3Zf55nLrh8an3tz
f+oNy+LolrRZeuOBaNdOFdZgbfmTCuv5YLEKCwL6OXLhFYGUvVKi9hLMBKectWQ9
tc4oQuXKS3EFvyzAnXX6XAWarTgwD3dMU2SL0GvEUncUsHtyVq8wyczvTW3KBC00
mKGWIZJ4P+ul6NKY91fFn7lFLGsT5t5Hnb58ImVcpq/db+r8YEWaJUWT5eJEtIQ1
Fq2jbK4U4xreq7Ul24Tdz9at5lwLC2pXLapBPoTCxzsJJs38bjHOqWmDmbVTq4Ps
g3M42t1Apxs5Gjy3RSh/3yiBGicY0zAuXZlgYpGHDplJqpbiXA==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:51:08 2025 by rpki-client