Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
File: 72c1c04d-5c77-431c-825c-1633fac1964d.roa (raw, json)
Hash identifier: q0Zw0u4u2Vl+szY8ruU9QVzJqxjMm+b45H8RlywcGYI=
Subject key identifier: F2:C2:C0:A5:8A:86:54:1A:55:9B:11:22:42:1B:6A:AE:1C:20:FF:2A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 33CAA70C44F322F6D13D33CA06F9CF92F30C75F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
Signing time: Mon 16 Jun 2025 20:20:20 +0000
ROA not before: Mon 16 Jun 2025 20:20:20 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8030::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:ca:a7:0c:44:f3:22:f6:d1:3d:33:ca:06:f9:cf:92:f3:0c:75:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:20:20 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=ba5e0d35a4c8098521185de91877570c4f021c826f9c8501e5f57640ffcf20ff, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9e:dc:a6:66:2b:23:31:7b:4e:8d:a6:6a:64:
d8:26:a5:7d:4d:fc:f9:18:17:90:69:6b:5e:ab:73:
7e:dd:71:55:d3:f7:09:1d:32:e6:03:89:89:aa:97:
b9:69:d8:5f:37:00:6c:d9:f8:ab:77:d4:e3:6c:a6:
80:27:86:84:a8:8e:08:23:be:9c:c2:15:40:28:86:
73:1b:83:f8:97:db:8e:53:df:cb:50:9c:01:25:e6:
f1:b0:54:b9:4d:1d:6d:ea:f1:5c:c6:cb:e7:c1:d1:
e7:f7:ac:40:80:fb:52:f4:52:0d:20:9b:0d:51:21:
ab:2f:1b:0e:d8:aa:88:1d:3d:06:ed:d2:48:ea:75:
c1:3c:2e:58:9e:05:dc:56:1e:81:5c:f3:d9:c3:64:
87:99:b6:78:ff:a9:bb:99:e9:00:d6:41:30:86:59:
95:57:31:13:5c:5d:ac:28:f5:5b:ba:32:b2:93:38:
57:5c:59:bc:d8:5b:72:11:be:04:7d:51:ca:49:e4:
7d:12:6e:e8:d4:67:6c:90:a9:14:3e:07:b4:60:ef:
ca:a0:fa:1f:bf:7f:a0:f9:ef:04:16:1d:8a:d2:ba:
39:e3:e0:06:de:cf:cf:a4:34:10:89:cc:ea:01:28:
8f:49:91:00:44:fa:4d:fe:a8:6f:fa:e1:5f:ed:3d:
a4:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:C2:C0:A5:8A:86:54:1A:55:9B:11:22:42:1B:6A:AE:1C:20:FF:2A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8030::/48
Signature Algorithm: sha256WithRSAEncryption
c4:7c:5b:5e:06:39:82:4a:df:88:69:5b:0d:71:15:f2:f4:2c:
7c:51:7e:4c:d5:cc:54:0d:ac:87:6c:ae:e0:0c:4a:2b:c2:ad:
6c:e7:95:59:db:a5:a2:89:1e:57:15:83:ab:44:3c:97:38:ba:
0c:0c:e5:ba:e9:2a:22:f8:97:72:7b:f8:ab:6d:a6:15:0c:a2:
3e:0c:52:6d:e5:a9:c4:01:a1:25:8a:78:7d:cc:08:fa:af:df:
86:71:eb:bb:44:30:c1:4c:e8:f5:6f:7b:1e:07:49:79:ce:fd:
8d:80:c3:2b:9d:bd:ac:e3:4e:4a:2f:4e:0e:3a:68:93:1f:d0:
1e:86:e5:67:eb:0d:7d:de:76:4c:e7:a9:23:9c:0e:3c:b8:07:
6f:75:05:9d:79:37:4e:47:a6:e8:c7:49:91:5d:5e:53:03:20:
20:d5:16:1b:f8:1f:b5:3b:bb:a9:84:87:95:11:61:c6:89:b7:
d1:5b:af:66:f6:a8:2f:25:2e:01:3f:19:30:20:fb:41:7a:6d:
5e:88:d6:61:fe:70:03:f6:05:ec:50:37:25:51:f6:45:7e:6e:
26:e7:25:7c:8c:4f:e8:da:39:41:d2:7f:9f:d6:5e:e5:cf:e5:
9a:94:9e:1c:79:f8:15:d9:6a:f2:43:42:b2:b9:bd:0c:78:ca:
09:f3:fa:c9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUM8qnDETzIvbRPTPKBvnPkvMMdfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDIwMjBaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhNWUwZDM1YTRjODA5ODUyMTE4NWRlOTE4Nzc1NzBjNGYwMjFjODI2Zjlj
ODUwMWU1ZjU3NjQwZmZjZjIwZmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMee3KZmKyMxe06Npmpk2CalfU38+RgXkGlrXqtzft1xVdP3CR0y5gOJiaqX
uWnYXzcAbNn4q3fU42ymgCeGhKiOCCO+nMIVQCiGcxuD+JfbjlPfy1CcASXm8bBU
uU0dberxXMbL58HR5/esQID7UvRSDSCbDVEhqy8bDtiqiB09Bu3SSOp1wTwuWJ4F
3FYegVzz2cNkh5m2eP+pu5npANZBMIZZlVcxE1xdrCj1W7oyspM4V1xZvNhbchG+
BH1RyknkfRJu6NRnbJCpFD4HtGDvyqD6H79/oPnvBBYditK6OePgBt7Pz6Q0EInM
6gEoj0mRAET6Tf6ob/rhX+09pKsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTywsCl
ioZUGlWbESJCG2quHCD/KjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzJjMWMwNGQtNWM3Ny00MzFjLTgyNWMtMTYzM2ZhYzE5NjRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
MDANBgkqhkiG9w0BAQsFAAOCAQEAxHxbXgY5gkrfiGlbDXEV8vQsfFF+TNXMVA2s
h2yu4AxKK8KtbOeVWdulookeVxWDq0Q8lzi6DAzluukqIviXcnv4q22mFQyiPgxS
beWpxAGhJYp4fcwI+q/fhnHru0QwwUzo9W97HgdJec79jYDDK529rONOSi9ODjpo
kx/QHoblZ+sNfd52TOepI5wOPLgHb3UFnXk3Tkem6MdJkV1eUwMgINUWG/gftTu7
qYSHlRFhxom30VuvZvaoLyUuAT8ZMCD7QXptXojWYf5wA/YF7FA3JVH2RX5uJucl
fIxP6No5QdJ/n9Ze5c/lmpSeHHn4Fdlq8kNCsrm9DHjKCfP6yQ==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:52:32 2025 by rpki-client