Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa
File: 9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa (raw, json)
Hash identifier: KZ/El1fEoQB6wdOCQsez/Tt43qiNbdzKEX9K8OA+UGI=
Subject key identifier: 3F:13:D7:94:E5:10:F7:99:ED:D1:C9:59:D1:43:C3:97:69:2C:B2:E7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0AE0A8BBC1BD8841F3B091B6D4B1928054304210
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa
Signing time: Mon 16 Jun 2025 20:20:10 +0000
ROA not before: Mon 16 Jun 2025 20:20:10 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:9040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:e0:a8:bb:c1:bd:88:41:f3:b0:91:b6:d4:b1:92:80:54:30:42:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:20:10 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=4dabc761be1ab457be810249837329f5a8268543162690059e5f3b645fb92902, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:17:c5:de:7f:e0:09:0b:57:17:5f:ab:21:d6:
0d:f1:96:80:ca:6d:30:a3:fd:bc:a3:c8:16:29:1c:
c9:a1:5c:01:b1:67:97:88:44:1c:13:d3:39:60:b4:
04:51:0a:ef:ab:24:3e:12:02:6a:71:d5:3f:90:8f:
e4:0c:dc:c0:b9:8e:02:85:4a:70:a2:06:ba:4e:47:
34:68:79:2f:7e:f6:e0:bb:2b:57:8c:28:19:8d:01:
a7:87:41:f7:c0:63:e5:83:bc:ce:e0:0a:40:7c:fc:
4d:8e:9b:45:5d:d4:59:b3:e5:6c:f7:de:0f:14:f6:
56:81:88:d6:e4:26:4c:64:7c:8a:ce:1d:50:b0:d5:
8f:9f:61:c7:09:d9:09:d1:0e:98:ad:a0:29:ec:12:
4e:ae:3a:69:0e:00:0b:58:b2:6e:94:af:d3:28:45:
59:4f:a6:81:96:ae:9f:96:a9:20:97:5d:bc:51:7b:
e1:d9:c4:90:0d:98:79:79:64:a9:92:b1:2c:39:12:
8e:07:87:45:a0:81:61:c2:2b:ea:1e:04:78:e7:74:
d3:99:6d:c2:d9:b7:00:38:28:a4:54:f7:a4:55:bc:
74:20:5d:d8:fd:a9:a4:6a:e6:25:b9:29:ef:98:cf:
32:05:fa:40:33:1b:2f:c8:65:98:c5:00:14:87:12:
c4:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:13:D7:94:E5:10:F7:99:ED:D1:C9:59:D1:43:C3:97:69:2C:B2:E7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:9040::/48
Signature Algorithm: sha256WithRSAEncryption
bc:f6:1c:29:19:6c:32:3a:53:02:00:ca:75:d1:09:0c:22:95:
d9:fe:ec:94:2d:7d:f8:47:70:99:3c:f8:4e:38:d5:0c:21:47:
b6:91:55:22:f4:98:f3:47:36:8c:e7:f4:e8:c2:97:07:0b:01:
da:8d:47:29:42:0d:4e:f9:4f:fc:68:ce:f0:52:d2:7e:e8:18:
d8:2b:d2:0d:ea:d1:cc:4c:96:19:ff:37:7c:e6:e1:25:eb:a2:
c2:0a:99:52:93:ea:d1:c3:62:71:8c:89:40:e5:85:67:b4:95:
11:e4:72:92:6e:e7:76:55:e9:bf:f9:b3:49:fc:68:bf:3b:8f:
88:31:b3:55:79:9d:5f:c6:f1:be:9f:83:6b:85:55:e8:c3:23:
88:c2:e9:8b:23:85:06:c8:45:b7:50:87:5d:f5:51:81:55:c7:
2d:dc:a8:39:82:f9:c5:20:be:83:03:a8:21:91:80:54:25:75:
31:4a:98:71:9b:eb:26:31:31:48:33:8c:cf:a8:0b:93:67:12:
9f:20:3c:5c:22:c3:50:9f:98:95:fa:d5:ea:f3:71:3f:80:5f:
fc:01:b1:9f:ab:33:55:cd:4c:4f:02:3c:c8:61:7e:14:78:8f:
b7:ba:2a:1a:d3:ad:7b:53:dc:86:27:99:95:59:ca:80:53:a2:
a1:f3:7b:42
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCuCou8G9iEHzsJG21LGSgFQwQhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDIwMTBaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkYWJjNzYxYmUxYWI0NTdiZTgxMDI0OTgzNzMyOWY1YTgyNjg1NDMxNjI2
OTAwNTllNWYzYjY0NWZiOTI5MDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsXxd5/4AkLVxdfqyHWDfGWgMptMKP9vKPIFikcyaFcAbFnl4hEHBPTOWC0
BFEK76skPhICanHVP5CP5AzcwLmOAoVKcKIGuk5HNGh5L3724LsrV4woGY0Bp4dB
98Bj5YO8zuAKQHz8TY6bRV3UWbPlbPfeDxT2VoGI1uQmTGR8is4dULDVj59hxwnZ
CdEOmK2gKewSTq46aQ4AC1iybpSv0yhFWU+mgZaun5apIJddvFF74dnEkA2YeXlk
qZKxLDkSjgeHRaCBYcIr6h4EeOd005ltwtm3ADgopFT3pFW8dCBd2P2ppGrmJbkp
75jPMgX6QDMbL8hlmMUAFIcSxCECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ/E9eU
5RD3me3RyVnRQ8OXaSyy5zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTIwNzU5NWUtM2JiYy00NWY3LThmMGEtODEzZTFiMDFmOWExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAvPYcKRlsMjpTAgDKddEJDCKV2f7slC19+Edw
mTz4TjjVDCFHtpFVIvSY80c2jOf06MKXBwsB2o1HKUINTvlP/GjO8FLSfugY2CvS
DerRzEyWGf83fObhJeuiwgqZUpPq0cNicYyJQOWFZ7SVEeRykm7ndlXpv/mzSfxo
vzuPiDGzVXmdX8bxvp+Da4VV6MMjiMLpiyOFBshFt1CHXfVRgVXHLdyoOYL5xSC+
gwOoIZGAVCV1MUqYcZvrJjExSDOMz6gLk2cSnyA8XCLDUJ+YlfrV6vNxP4Bf/AGx
n6szVc1MTwI8yGF+FHiPt7oqGtOte1PchieZlVnKgFOiofN7Qg==
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:26:18 2025 by rpki-client