Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
File: 599e0695-4b67-4a37-994a-8c71d61260b3.roa (raw, json)
Hash identifier: +OaaEENIptjeRBOcOznp5HtaktdAR07Gx7hgxFRjbGA=
Subject key identifier: 15:0A:BB:EC:06:DD:DE:9E:8C:8A:B9:F2:A6:AB:8E:09:A8:94:94:F9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 695EA6967B46F54FB0F2552E95359B563B6D59A3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
Signing time: Mon 16 Jun 2025 20:10:15 +0000
ROA not before: Mon 16 Jun 2025 20:10:15 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:5e:a6:96:7b:46:f5:4f:b0:f2:55:2e:95:35:9b:56:3b:6d:59:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:10:15 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=8f5d8f9d0281f0e2fdcb711fa9286f3d59bde6201f5aff4deb7459212f5ad475, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:bf:26:91:ac:59:68:6e:74:2f:1d:c1:5e:65:
d9:03:f2:6e:fa:e5:c3:ba:21:2d:83:44:90:7f:13:
bd:44:88:bc:f2:be:f8:f6:b3:4e:3a:75:98:14:87:
12:56:44:e0:65:a4:ab:11:ea:64:d0:7a:c4:ae:66:
a8:04:a1:39:d1:2a:ff:e2:c2:46:a3:dd:3e:a8:85:
c6:91:64:5d:f2:04:1b:2a:2a:10:a9:dc:fe:21:63:
d8:be:38:52:b0:03:7f:f3:db:81:9f:9b:2b:e9:de:
56:74:b2:be:fa:71:82:a8:39:13:a9:85:2a:9d:ea:
ac:86:7b:97:5a:1b:a5:73:1a:3c:91:e0:e8:fd:65:
74:30:21:54:db:3b:fd:59:0d:12:6d:40:d1:99:c3:
77:85:21:7c:bc:6b:d0:21:43:73:41:02:d6:fd:20:
3b:0d:2c:f3:2f:86:97:49:60:2e:b0:0b:d5:7c:f4:
bd:44:63:b9:53:cc:9f:10:74:71:92:25:f7:a4:a4:
de:26:83:86:0e:ab:c9:73:12:85:d7:9c:1f:79:89:
a3:20:2f:ab:7f:fb:72:6f:88:29:59:94:70:56:3e:
bb:d4:db:ed:b8:66:be:de:ee:0e:e4:39:41:51:45:
ac:6b:e3:42:f7:9c:f2:bd:12:eb:32:f3:49:78:b4:
6f:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:0A:BB:EC:06:DD:DE:9E:8C:8A:B9:F2:A6:AB:8E:09:A8:94:94:F9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
08:f4:8c:1d:e3:75:7b:af:38:6e:1f:69:be:15:72:85:06:02:
b2:47:9d:9b:b3:aa:e4:ea:22:3f:66:4e:ba:5b:36:5a:d2:b6:
7e:19:00:87:5b:28:4e:9a:07:4d:9e:fa:52:f2:09:c1:2b:1d:
97:41:0a:d7:22:a5:49:c9:f4:bc:8a:5b:d8:43:9c:4b:1b:c9:
71:10:72:60:1d:84:ae:57:b3:24:3e:18:38:22:aa:50:cf:d3:
99:1f:e7:24:72:42:9f:78:40:5a:a9:ad:98:c2:7f:20:be:71:
a0:64:f6:d3:1d:18:1f:8f:0d:88:d0:e5:b0:a1:20:9a:a3:d9:
f8:0e:1e:c6:09:6b:33:fa:b5:12:10:21:6a:a3:9b:53:71:9f:
13:ad:68:c7:7a:43:ca:fc:d1:c3:e0:cd:01:b3:ed:34:37:33:
b2:57:c4:03:9d:6f:d3:97:42:b3:d6:20:a9:c9:9b:31:31:74:
4f:76:b3:85:83:01:fc:1f:86:63:d8:18:35:42:bb:9f:bf:b8:
0e:34:24:23:b8:de:d9:f4:de:91:db:96:22:b5:83:88:9a:72:
04:77:d6:da:c7:33:f6:a8:ea:2f:cb:9e:3a:37:00:d0:18:12:
9f:41:2d:15:ae:f3:fc:b6:55:5b:9f:ae:55:20:5c:fd:6f:76:
5a:71:9c:cd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUaV6mlntG9U+w8lUulTWbVjttWaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDEwMTVaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhmNWQ4ZjlkMDI4MWYwZTJmZGNiNzExZmE5Mjg2ZjNkNTliZGU2MjAxZjVh
ZmY0ZGViNzQ1OTIxMmY1YWQ0NzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKO/JpGsWWhudC8dwV5l2QPybvrlw7ohLYNEkH8TvUSIvPK++PazTjp1mBSH
ElZE4GWkqxHqZNB6xK5mqAShOdEq/+LCRqPdPqiFxpFkXfIEGyoqEKnc/iFj2L44
UrADf/PbgZ+bK+neVnSyvvpxgqg5E6mFKp3qrIZ7l1obpXMaPJHg6P1ldDAhVNs7
/VkNEm1A0ZnDd4UhfLxr0CFDc0EC1v0gOw0s8y+Gl0lgLrAL1Xz0vURjuVPMnxB0
cZIl96Sk3iaDhg6ryXMShdecH3mJoyAvq3/7cm+IKVmUcFY+u9Tb7bhmvt7uDuQ5
QVFFrGvjQvec8r0S6zLzSXi0b2sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQVCrvs
Bt3enoyKufKmq44JqJSU+TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk5ZTA2OTUtNGI2Ny00YTM3LTk5NGEtOGM3MWQ2MTI2MGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
wDANBgkqhkiG9w0BAQsFAAOCAQEACPSMHeN1e684bh9pvhVyhQYCskedm7Oq5Ooi
P2ZOuls2WtK2fhkAh1soTpoHTZ76UvIJwSsdl0EK1yKlScn0vIpb2EOcSxvJcRBy
YB2ErlezJD4YOCKqUM/TmR/nJHJCn3hAWqmtmMJ/IL5xoGT20x0YH48NiNDlsKEg
mqPZ+A4exglrM/q1EhAhaqObU3GfE61ox3pDyvzRw+DNAbPtNDczslfEA51v05dC
s9YgqcmbMTF0T3azhYMB/B+GY9gYNUK7n7+4DjQkI7je2fTekduWIrWDiJpyBHfW
2scz9qjqL8ueOjcA0BgSn0EtFa7z/LZVW5+uVSBc/W92WnGczQ==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:58:57 2025 by rpki-client