Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
File: 63af811a-6e40-455f-b7a8-223951036a11.roa (raw, json)
Hash identifier: /ep1+Vj2ndAnbXOC17X33eqVd0vZ6jH6fSKHeNT8rLw=
Subject key identifier: A4:18:C6:31:8D:D7:61:6E:12:55:9B:F6:A7:12:0D:EE:C2:0E:A7:CF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0ECB11150D6CB5D258F926E07A426777864C580F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
Signing time: Mon 16 Jun 2025 20:20:16 +0000
ROA not before: Mon 16 Jun 2025 20:20:16 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:cb:11:15:0d:6c:b5:d2:58:f9:26:e0:7a:42:67:77:86:4c:58:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:20:16 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=480f186e5e447c76c170cc453b3e4a2e62d6769c44fda0d4df14747d2f6fbab7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a7:ac:b5:53:53:c1:2b:20:24:cb:3b:d2:37:
66:1a:7b:fa:cd:e3:9f:c4:20:f1:98:27:33:ef:01:
99:ff:0b:a5:08:ca:2b:52:cd:7b:fb:0e:44:af:ba:
5b:25:71:9a:d9:62:84:ce:d5:ea:4b:66:c6:cc:81:
76:72:b3:c1:8b:d8:6c:30:f7:29:41:ca:20:7f:10:
be:bd:21:98:56:73:27:fd:98:07:53:09:00:47:01:
f1:60:0b:47:c1:04:e9:e8:f7:24:a7:4e:cc:c5:17:
89:9d:39:d4:1c:f5:91:42:7c:25:a5:6a:c6:1d:21:
0f:72:f1:4c:bc:96:79:08:0d:a9:da:2c:c2:0f:4d:
25:02:9e:74:6f:6e:57:96:c1:2f:c5:5d:e8:1c:c5:
9c:b1:da:b0:22:21:5d:91:4b:57:ef:1b:d5:df:c2:
c6:95:80:ae:d2:b6:17:88:f7:25:28:ff:12:35:d4:
c3:7c:4f:fd:f1:a3:be:e0:bb:31:aa:38:72:f3:37:
d4:14:90:7f:cc:05:e5:1f:7c:73:51:28:9f:6e:f3:
eb:51:43:a0:a3:bc:7e:73:1e:39:37:08:dc:b8:e7:
81:cc:16:47:97:b7:69:00:e1:e5:1b:a0:3d:e8:b6:
d4:84:07:35:20:f3:99:ae:89:52:82:ff:97:f5:66:
82:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:18:C6:31:8D:D7:61:6E:12:55:9B:F6:A7:12:0D:EE:C2:0E:A7:CF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:9000::/40
Signature Algorithm: sha256WithRSAEncryption
ad:36:5d:08:4d:8b:37:aa:72:71:42:4d:03:60:fd:31:5f:e2:
e3:4a:5c:f2:af:f3:e8:34:53:ea:fa:b2:77:d2:cc:e5:39:8e:
d7:e9:81:de:b9:92:70:ab:93:51:f8:b4:c3:5a:9e:34:85:dd:
75:7f:e5:b9:50:f9:8c:5f:7e:11:bc:6c:44:02:a9:e5:10:3a:
57:ea:5b:c6:60:1d:61:db:03:03:87:c5:06:33:88:6f:da:18:
77:15:97:2d:f8:f3:a6:e8:76:4d:9a:2c:c2:46:79:1a:e6:3d:
53:53:f2:ac:2b:52:8f:c5:7d:11:da:21:45:97:84:ed:5e:12:
1e:c8:06:f5:a6:89:7c:70:9f:b4:9f:b4:7b:d0:3f:29:57:9d:
46:9f:48:7e:36:7b:f9:bc:40:2a:aa:5f:28:7f:28:5c:c2:80:
ea:16:3c:a0:dd:97:47:6e:55:8e:1a:b7:23:cd:3b:82:6d:c3:
ad:c0:ac:53:ed:3f:34:e3:aa:4e:f9:8e:1b:7c:1c:12:d7:f9:
d9:a1:d9:dd:a4:9b:5e:11:24:6f:eb:60:1a:7c:3d:ba:d5:74:
b6:b5:a2:1c:b6:e2:33:10:19:02:36:5e:ed:72:a9:69:c8:da:
93:34:de:cb:63:9e:a2:4a:bd:d8:ce:37:4f:56:64:1f:2a:ce:
3b:b9:4c:21
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDssRFQ1stdJY+SbgekJnd4ZMWA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDIwMTZaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ4MGYxODZlNWU0NDdjNzZjMTcwY2M0NTNiM2U0YTJlNjJkNjc2OWM0NGZk
YTBkNGRmMTQ3NDdkMmY2ZmJhYjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGnrLVTU8ErICTLO9I3Zhp7+s3jn8Qg8ZgnM+8Bmf8LpQjKK1LNe/sORK+6
WyVxmtlihM7V6ktmxsyBdnKzwYvYbDD3KUHKIH8Qvr0hmFZzJ/2YB1MJAEcB8WAL
R8EE6ej3JKdOzMUXiZ051Bz1kUJ8JaVqxh0hD3LxTLyWeQgNqdoswg9NJQKedG9u
V5bBL8Vd6BzFnLHasCIhXZFLV+8b1d/CxpWArtK2F4j3JSj/EjXUw3xP/fGjvuC7
Mao4cvM31BSQf8wF5R98c1Eon27z61FDoKO8fnMeOTcI3LjngcwWR5e3aQDh5Rug
Pei21IQHNSDzma6JUoL/l/Vmgs0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSkGMYx
jddhbhJVm/anEg3uwg6nzzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjNhZjgxMWEtNmU0MC00NTVmLWI3YTgtMjIzOTUxMDM2YTExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCtNl0ITYs3qnJxQk0DYP0xX+LjSlzyr/PoNFPq
+rJ30szlOY7X6YHeuZJwq5NR+LTDWp40hd11f+W5UPmMX34RvGxEAqnlEDpX6lvG
YB1h2wMDh8UGM4hv2hh3FZct+POm6HZNmizCRnka5j1TU/KsK1KPxX0R2iFFl4Tt
XhIeyAb1pol8cJ+0n7R70D8pV51Gn0h+Nnv5vEAqql8ofyhcwoDqFjyg3ZdHblWO
GrcjzTuCbcOtwKxT7T8046pO+Y4bfBwS1/nZodndpJteESRv62AafD261XS2taIc
tuIzEBkCNl7tcqlpyNqTNN7LY56iSr3YzjdPVmQfKs47uUwh
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:49:14 2025 by rpki-client