Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: TquYEgZh6FKUZiJn27b3T59lbdEYgC0FeByp49IlAC0=
Subject key identifier: 3F:B2:78:C3:08:90:17:2A:AD:25:01:9B:13:EC:09:0E:7F:A9:A9:15
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1FE7AC91FE4C138E91D7EBA7881F15A69B3EA139
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Tue 17 Jun 2025 00:41:25 +0000
ROA not before: Tue 17 Jun 2025 00:41:25 +0000
ROA not after: Tue 22 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:e7:ac:91:fe:4c:13:8e:91:d7:eb:a7:88:1f:15:a6:9b:3e:a1:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 17 00:41:25 2025 GMT
Not After : Jul 22 23:59:59 2025 GMT
Subject: serialNumber=14822b9d4566747dfa4c9af2f035c94c9ccf255aceaba1c8c73bfe4106ca8f3b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:98:bc:cc:41:b1:4f:a0:79:9d:97:54:25:bf:
d3:6e:90:2c:e5:94:f2:71:3f:5c:83:68:a2:5c:16:
7f:c8:5d:f9:6e:5c:7d:38:e3:f5:9f:29:b5:5b:4e:
7c:89:a2:ad:01:94:9d:d4:67:a5:9d:60:e0:79:90:
9b:15:07:dd:5e:55:15:34:ac:4b:9a:af:08:43:9a:
d5:12:37:1a:f9:09:49:93:30:63:9b:d6:c7:68:2b:
58:07:96:85:16:cc:d2:0c:c6:70:96:b5:e5:ff:54:
b7:bd:c2:75:30:eb:ce:0f:f0:8e:22:6d:7a:15:b0:
be:00:55:19:d6:f2:de:86:fe:4e:23:3e:61:06:20:
96:f1:e4:72:da:ca:b5:c4:fc:d2:b0:b3:90:0c:e1:
fd:2c:d4:33:03:0d:f0:c2:d3:ae:e2:fc:08:90:9b:
7a:01:65:c4:50:e4:07:7c:f3:12:d4:46:36:46:f0:
d5:df:58:31:57:ea:2b:25:fb:6c:8b:54:02:42:1c:
e3:8f:8b:98:e1:7c:16:03:c7:a6:eb:89:31:4c:a9:
f2:3f:8c:ab:b9:24:6f:a7:c5:c0:35:89:85:46:f8:
c0:ce:60:bc:49:a2:32:18:de:24:cd:1f:42:d7:86:
b8:f0:bf:77:c6:f8:28:c2:a0:07:75:e3:e4:69:bb:
6a:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:B2:78:C3:08:90:17:2A:AD:25:01:9B:13:EC:09:0E:7F:A9:A9:15
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
0f:62:94:3f:ed:13:a3:8f:09:86:e8:44:fc:24:9a:ea:c4:a3:
a2:24:3a:46:51:25:63:da:ae:29:30:84:6e:db:4d:41:c5:fc:
00:5d:5d:d6:28:db:5d:24:70:79:05:6d:7c:1c:a2:42:fc:a2:
f2:da:ad:d1:b2:ea:cd:23:0a:6b:f2:77:dc:a9:7e:f0:a7:fc:
6f:9a:c5:f9:cd:5b:4c:ea:be:94:27:93:91:62:a7:e7:4e:ab:
e6:44:74:0f:5d:15:2d:cd:d0:b3:89:79:82:d6:d3:8f:87:f6:
f0:40:34:86:38:f5:94:9c:b2:1b:fd:81:e9:83:bd:d4:3f:cd:
28:a3:83:7a:18:c3:3e:d3:ed:cc:99:9a:d6:08:06:00:c4:99:
c9:c6:94:e6:4b:5a:cf:64:ff:52:b6:8c:f1:44:04:83:2d:ec:
d0:8a:1e:b7:be:22:38:3f:aa:53:e2:38:47:c4:5e:2f:e1:9f:
e0:cc:2a:c5:b7:2f:6c:70:12:02:18:3c:1e:2b:ca:a1:88:0d:
3b:bd:38:11:e7:4e:65:ac:55:8d:45:dc:ce:8c:e0:22:4d:5c:
1d:9d:c9:60:2c:e9:ff:44:91:1e:0b:c6:af:be:49:d3:09:b0:
0e:c1:2e:88:e8:4d:62:ee:b2:aa:e8:81:d0:48:dc:d4:94:4e:
b3:17:fa:86
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUH+eskf5ME46R1+uniB8Vpps+oTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTcwMDQxMjVaFw0yNTA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0ODIyYjlkNDU2Njc0N2RmYTRjOWFmMmYwMzVjOTRjOWNjZjI1NWFjZWFi
YTFjOGM3M2JmZTQxMDZjYThmM2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+YvMxBsU+geZ2XVCW/026QLOWU8nE/XINoolwWf8hd+W5cfTjj9Z8ptVtO
fImirQGUndRnpZ1g4HmQmxUH3V5VFTSsS5qvCEOa1RI3GvkJSZMwY5vWx2grWAeW
hRbM0gzGcJa15f9Ut73CdTDrzg/wjiJtehWwvgBVGdby3ob+TiM+YQYglvHkctrK
tcT80rCzkAzh/SzUMwMN8MLTruL8CJCbegFlxFDkB3zzEtRGNkbw1d9YMVfqKyX7
bItUAkIc44+LmOF8FgPHpuuJMUyp8j+Mq7kkb6fFwDWJhUb4wM5gvEmiMhjeJM0f
QteGuPC/d8b4KMKgB3Xj5Gm7ao8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ/snjD
CJAXKq0lAZsT7AkOf6mpFTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAPYpQ/7ROjjwmG6ET8JJrqxKOiJDpGUSVj2q4p
MIRu201BxfwAXV3WKNtdJHB5BW18HKJC/KLy2q3RsurNIwpr8nfcqX7wp/xvmsX5
zVtM6r6UJ5ORYqfnTqvmRHQPXRUtzdCziXmC1tOPh/bwQDSGOPWUnLIb/YHpg73U
P80oo4N6GMM+0+3MmZrWCAYAxJnJxpTmS1rPZP9StozxRASDLezQih63viI4P6pT
4jhHxF4v4Z/gzCrFty9scBICGDweK8qhiA07vTgR505lrFWNRdzOjOAiTVwdnclg
LOn/RJEeC8avvknTCbAOwS6I6E1i7rKq6IHQSNzUlE6zF/qG
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:52:32 2025 by rpki-client