Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
File: 68f2af14-43e2-4447-a8a7-f8fe713e249e.roa (raw, json)
Hash identifier: /KjxO8rINoV/+qdHbUY4kb4P3pvweYua8w5V9OujuOA=
Subject key identifier: 73:06:F9:BE:58:61:80:B5:14:15:F1:E5:07:F5:3E:BC:8E:F0:57:A8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3FBCA94EEE33CEFA5E1812DA5E759040E6369404
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
Signing time: Fri 20 Jun 2025 00:10:38 +0000
ROA not before: Fri 20 Jun 2025 00:10:38 +0000
ROA not after: Fri 25 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01f:800::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:bc:a9:4e:ee:33:ce:fa:5e:18:12:da:5e:75:90:40:e6:36:94:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 20 00:10:38 2025 GMT
Not After : Jul 25 23:59:59 2025 GMT
Subject: serialNumber=79ba1ced20c35004de3ca75b99efa44c6364ed0da9745b9f54f98adba5f1630c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:7f:8b:3e:f2:a1:65:50:d2:d4:cf:7c:cf:1c:
53:1c:f6:1f:cc:c2:cb:71:8a:0a:80:20:9f:a5:67:
70:76:64:48:5a:e1:2c:11:f9:29:14:ff:c4:8b:d9:
06:68:48:f5:13:12:63:2e:d8:0f:52:4c:1f:e1:aa:
03:f1:81:c3:bd:98:61:6d:a7:cb:85:ef:4b:84:e1:
fb:85:03:ae:3a:e9:1b:ca:6a:1a:83:a2:e1:8a:a0:
54:97:10:4a:4a:12:55:8c:b1:21:37:06:04:83:17:
1b:59:8c:e7:35:37:ef:88:38:51:ae:fb:b6:49:f5:
b5:bf:ca:34:c7:a9:13:db:41:a4:0e:68:e9:2f:2e:
fa:d3:e1:0f:bc:fa:6c:5e:4b:aa:85:63:8b:7a:32:
5c:e7:41:00:c1:4c:de:a0:3e:b3:ce:a1:e9:5f:17:
f7:69:a4:ac:14:7f:8c:3e:96:a3:fd:ec:c4:02:11:
ef:bc:d2:86:82:32:90:f1:37:68:51:40:30:a0:53:
8a:6b:a0:f9:76:76:85:bc:da:4c:b6:fa:e5:fd:f5:
39:a6:cd:84:e3:de:55:9b:ad:cf:98:3f:b2:76:38:
22:87:68:09:7f:f3:b3:03:a9:9e:8b:b2:6d:28:35:
32:e1:d1:bf:e6:d0:57:94:61:03:28:e0:ee:5f:d5:
3f:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:06:F9:BE:58:61:80:B5:14:15:F1:E5:07:F5:3E:BC:8E:F0:57:A8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01f:800::/37
Signature Algorithm: sha256WithRSAEncryption
5c:d0:68:71:43:de:dc:64:84:3f:04:1e:1e:07:2e:91:6a:2d:
b2:64:01:62:e5:a5:81:22:f6:32:86:ee:4d:0d:e8:bb:e8:af:
76:c3:cb:1f:66:b5:8f:c2:f5:e6:78:59:b1:b8:4b:6a:e8:5b:
e1:e2:e2:d6:2b:a3:f5:18:74:26:6c:ba:6c:fe:e7:3a:10:c6:
79:7c:80:19:53:ad:64:4d:99:22:63:12:63:72:58:f2:2f:62:
f5:66:7d:c0:5c:95:8f:28:18:af:11:5f:3d:88:92:a9:b7:51:
8c:de:a1:11:2a:e0:d2:ab:75:4f:ac:28:e9:9d:8f:5f:9b:da:
3f:30:d0:36:e1:8d:59:34:c8:bb:3d:06:26:d7:98:0c:bd:08:
8f:59:b8:f8:81:96:2c:f2:26:b1:62:50:ae:50:29:e5:00:4d:
80:3b:3e:b5:05:0f:ef:71:86:21:94:57:fa:4f:55:d5:4c:0e:
ba:cb:17:92:31:06:6b:8b:61:a8:97:24:ef:24:79:11:07:1a:
1e:dd:48:e1:26:1a:33:4a:d3:aa:ee:94:54:56:7d:bf:b2:75:
51:a0:33:8b:f7:0e:3f:a8:b5:0e:08:c9:a2:e4:06:d2:a4:79:
66:12:b6:22:24:8f:26:05:87:47:10:78:a3:b5:07:41:d9:2b:
8d:44:4b:f8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUP7ypTu4zzvpeGBLaXnWQQOY2lAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MjAwMDEwMzhaFw0yNTA3MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc5YmExY2VkMjBjMzUwMDRkZTNjYTc1Yjk5ZWZhNDRjNjM2NGVkMGRhOTc0
NWI5ZjU0Zjk4YWRiYTVmMTYzMGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJl/iz7yoWVQ0tTPfM8cUxz2H8zCy3GKCoAgn6VncHZkSFrhLBH5KRT/xIvZ
BmhI9RMSYy7YD1JMH+GqA/GBw72YYW2ny4XvS4Th+4UDrjrpG8pqGoOi4YqgVJcQ
SkoSVYyxITcGBIMXG1mM5zU374g4Ua77tkn1tb/KNMepE9tBpA5o6S8u+tPhD7z6
bF5LqoVji3oyXOdBAMFM3qA+s86h6V8X92mkrBR/jD6Wo/3sxAIR77zShoIykPE3
aFFAMKBTimug+XZ2hbzaTLb65f31OabNhOPeVZutz5g/snY4IodoCX/zswOpnouy
bSg1MuHRv+bQV5RhAyjg7l/VP4UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRzBvm+
WGGAtRQV8eUH9T68jvBXqDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhmMmFmMTQtNDNlMi00NDQ3LWE4YTctZjhmZTcxM2UyNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8I
MA0GCSqGSIb3DQEBCwUAA4IBAQBc0GhxQ97cZIQ/BB4eBy6Rai2yZAFi5aWBIvYy
hu5NDei76K92w8sfZrWPwvXmeFmxuEtq6Fvh4uLWK6P1GHQmbLps/uc6EMZ5fIAZ
U61kTZkiYxJjcljyL2L1Zn3AXJWPKBivEV89iJKpt1GM3qERKuDSq3VPrCjpnY9f
m9o/MNA24Y1ZNMi7PQYm15gMvQiPWbj4gZYs8iaxYlCuUCnlAE2AOz61BQ/vcYYh
lFf6T1XVTA66yxeSMQZri2GolyTvJHkRBxoe3UjhJhozStOq7pRUVn2/snVRoDOL
9w4/qLUOCMmi5AbSpHlmErYiJI8mBYdHEHijtQdB2SuNREv4
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:52:30 2025 by rpki-client