Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File: 68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier: /qQmfwgMrFdFXAeiezLE+qaOAwSL+WhAzaaVYHqaePU=
Subject key identifier: 57:7E:69:21:C1:3B:0D:91:B0:20:8E:5D:D5:72:08:30:96:5E:66:AC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7B1A70A941A9C38ED8A8D3AB73C60AF5BB8FEB7A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time: Mon 16 Jun 2025 21:10:01 +0000
ROA not before: Mon 16 Jun 2025 21:10:01 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:1a:70:a9:41:a9:c3:8e:d8:a8:d3:ab:73:c6:0a:f5:bb:8f:eb:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:10:01 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=8c013db954781e6f35c85ed0ecebe8dc6aad53dc8e0053ab7120b664ec77c06b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d2:3b:dd:0c:72:5b:46:df:61:da:96:2c:1f:
97:f4:28:1c:e3:fb:6e:03:7c:50:e4:ef:73:98:4b:
37:f8:fd:04:6a:18:42:a6:ce:29:46:6f:d4:02:c1:
81:47:2b:0f:61:e9:c0:b2:0f:52:05:1f:ef:13:e6:
b3:94:80:62:14:6d:0a:25:9f:35:6f:da:6a:25:0a:
4b:f6:df:94:62:24:aa:b0:cd:0f:20:6f:c0:da:e1:
87:35:76:dd:36:a4:f3:09:71:cf:7f:35:ea:fc:79:
0e:51:03:25:14:6e:e6:f7:b6:26:72:42:11:bd:b8:
4a:25:26:9d:cd:d6:3e:de:cf:2e:82:21:f3:92:c4:
73:d4:2e:7d:66:04:a3:2d:42:6d:f6:0b:c5:e4:f4:
bb:67:c7:90:41:f5:14:6f:a1:a9:14:69:2e:10:1b:
14:cd:a1:74:06:ee:dd:05:8c:87:cc:6e:e7:fb:e1:
42:f7:f3:85:bf:9f:a0:09:83:df:a1:c8:f9:12:59:
0b:42:24:49:9b:10:23:bd:68:ee:54:e2:73:6c:b0:
3d:cb:92:86:87:b7:cf:41:69:17:71:29:f0:94:e0:
c4:7b:b0:c5:22:17:fd:f4:77:8f:97:51:cd:4a:d4:
b8:89:e4:41:27:cd:e6:81:c1:96:a0:52:59:dd:90:
82:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:7E:69:21:C1:3B:0D:91:B0:20:8E:5D:D5:72:08:30:96:5E:66:AC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:a000::/40
Signature Algorithm: sha256WithRSAEncryption
74:84:f2:9d:cb:d9:3b:4a:fd:7a:37:10:72:d1:98:0c:c0:f4:
c2:b4:10:24:52:98:4b:16:6b:d4:d0:ed:81:49:42:6b:7a:d0:
2b:59:13:5d:4f:11:53:01:c7:3b:98:6c:71:7e:3f:8b:2a:3b:
b1:73:42:01:df:96:02:a4:10:35:ed:3c:96:1b:18:82:2b:70:
f9:f4:9a:c7:35:dd:a1:99:0f:53:20:0f:e7:0e:11:bf:aa:2d:
ba:a8:65:87:37:c4:c1:04:3d:06:3c:82:8d:13:83:ed:f7:ba:
c1:22:fa:19:68:ad:27:48:e6:53:2b:58:0f:91:bf:2d:72:81:
07:2e:28:84:94:58:a5:69:06:9d:2f:fd:b8:85:41:71:fa:2b:
a6:11:fc:26:53:94:bb:e6:96:f4:17:99:8d:b2:2b:2e:51:30:
4a:bc:d6:f3:1e:d6:d2:aa:22:46:9d:fa:a7:e1:e5:45:fe:82:
09:6d:05:65:65:a2:af:a2:d3:62:56:46:ab:73:bc:f8:15:67:
f5:31:33:5c:51:ab:40:2c:d2:10:c8:e1:d7:98:c5:ef:da:b3:
08:34:df:23:e9:db:16:c0:64:ec:c6:71:f3:5b:96:b0:11:66:
ad:6a:61:18:33:b0:96:9b:86:cf:27:98:8f:c8:0b:d5:84:c2:
f3:3e:0a:1f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUexpwqUGpw47YqNOrc8YK9buP63owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTEwMDFaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjMDEzZGI5NTQ3ODFlNmYzNWM4NWVkMGVjZWJlOGRjNmFhZDUzZGM4ZTAw
NTNhYjcxMjBiNjY0ZWM3N2MwNmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM/SO90McltG32Haliwfl/QoHOP7bgN8UOTvc5hLN/j9BGoYQqbOKUZv1ALB
gUcrD2HpwLIPUgUf7xPms5SAYhRtCiWfNW/aaiUKS/bflGIkqrDNDyBvwNrhhzV2
3Tak8wlxz3816vx5DlEDJRRu5ve2JnJCEb24SiUmnc3WPt7PLoIh85LEc9QufWYE
oy1CbfYLxeT0u2fHkEH1FG+hqRRpLhAbFM2hdAbu3QWMh8xu5/vhQvfzhb+foAmD
36HI+RJZC0IkSZsQI71o7lTic2ywPcuShoe3z0FpF3Ep8JTgxHuwxSIX/fR3j5dR
zUrUuInkQSfN5oHBlqBSWd2QgpUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRXfmkh
wTsNkbAgjl3Vcggwll5mrDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQB0hPKdy9k7Sv16NxBy0ZgMwPTCtBAkUphLFmvU
0O2BSUJretArWRNdTxFTAcc7mGxxfj+LKjuxc0IB35YCpBA17TyWGxiCK3D59JrH
Nd2hmQ9TIA/nDhG/qi26qGWHN8TBBD0GPIKNE4Pt97rBIvoZaK0nSOZTK1gPkb8t
coEHLiiElFilaQadL/24hUFx+iumEfwmU5S75pb0F5mNsisuUTBKvNbzHtbSqiJG
nfqn4eVF/oIJbQVlZaKvotNiVkarc7z4FWf1MTNcUatALNIQyOHXmMXv2rMINN8j
6dsWwGTsxnHzW5awEWatamEYM7CWm4bPJ5iPyAvVhMLzPgof
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:51:00 2025 by rpki-client