Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
File: 9fb96617-2d2f-468d-b766-35c52d9f2681.roa (raw, json)
Hash identifier: yNWoEnKrMSMIGSrJzyTpzCsJxaWuUQCV59dNJTCpWsc=
Subject key identifier: 67:04:96:7C:84:30:75:CC:07:67:11:5C:84:E6:90:29:38:03:B1:60
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5A9F3B20314BB0572664729FEF7717B38297429E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
Signing time: Mon 16 Jun 2025 21:30:21 +0000
ROA not before: Mon 16 Jun 2025 21:30:21 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d015:800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:9f:3b:20:31:4b:b0:57:26:64:72:9f:ef:77:17:b3:82:97:42:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:30:21 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=ab63852f4899cf949dc18cc3adf51c131c86fa835d816161fa7033362121223e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:9e:17:a3:fe:47:50:9b:17:a0:ab:64:36:d0:
4b:ce:49:06:b4:d2:4f:f5:ed:8b:48:02:af:16:08:
c8:53:dd:e3:c4:9f:ce:5b:14:d8:68:74:09:0e:92:
5c:be:bc:12:d3:a9:be:9c:1b:dc:33:56:0b:47:6c:
71:f7:16:20:52:94:b3:03:01:6c:d8:24:c4:a5:3a:
a8:7a:4f:38:78:87:6a:f7:27:db:13:af:3b:8d:09:
cf:35:24:d0:26:ac:80:af:95:6b:4f:b8:09:19:58:
d3:d5:19:b1:50:b4:57:ec:ef:40:b1:72:c6:20:c1:
c8:5b:0a:12:5f:4f:63:1c:4f:fe:bc:9f:45:d1:93:
cd:6d:16:5d:c9:58:24:be:d7:66:60:28:5c:91:4a:
4d:f3:67:ca:29:ef:f3:7e:51:23:4b:82:f6:47:a3:
d3:03:53:ed:ad:ae:f6:2b:e5:ce:3d:20:df:ba:90:
f2:a6:15:9e:9e:a0:55:26:a4:8f:48:af:71:8c:d8:
a4:b1:bf:93:55:3b:1d:13:06:c0:76:0d:3f:ec:27:
20:e2:f6:45:f2:6a:a8:33:f0:f9:62:06:a9:a6:4b:
46:78:37:81:d5:cf:a2:5c:12:2e:b5:c0:61:94:1d:
01:88:f4:5e:9e:6f:6e:b6:4a:fa:30:1c:52:a1:0c:
9f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:04:96:7C:84:30:75:CC:07:67:11:5C:84:E6:90:29:38:03:B1:60
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d015:800::/38
Signature Algorithm: sha256WithRSAEncryption
62:d2:39:91:2e:23:73:1e:20:f1:4e:27:9f:0d:16:f9:67:99:
76:0e:1b:50:5d:47:8c:4b:41:5d:e3:15:53:e9:58:58:e5:8a:
46:61:3b:a1:5b:47:1e:5d:9d:8e:50:0a:7a:bf:ec:17:50:e3:
be:e7:30:30:c1:26:91:2a:e0:98:fe:33:74:24:ff:96:f4:0a:
7b:b3:f8:18:2a:42:42:d4:cc:dc:64:d0:43:7a:b7:66:69:28:
4c:d7:44:c1:3b:12:42:36:14:a0:8f:9a:fe:9d:af:ba:86:fa:
a9:ec:b2:6d:b2:c3:2c:12:0c:14:15:f3:e6:3f:bc:06:87:99:
cf:3b:da:a5:60:05:8d:0e:6a:8d:70:e8:c1:49:07:19:06:cd:
b2:54:98:e8:ea:04:99:af:f2:ea:97:09:87:dc:c7:82:c3:8c:
66:50:9e:09:0b:3f:5c:51:81:ef:e7:7b:6e:4e:92:92:1a:b8:
ee:b4:60:ad:87:d2:2a:c9:c6:5a:79:81:2b:d8:55:0c:d3:91:
65:fc:58:6f:67:a8:28:1a:7c:a5:00:6d:25:52:90:30:81:c2:
97:08:08:3a:ee:c0:41:ae:5a:fc:d6:3c:fb:3a:e2:e6:69:7a:
55:c7:1e:3a:13:92:1d:df:28:67:09:61:90:2f:24:ac:af:5f:
d5:f8:ff:f1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWp87IDFLsFcmZHKf73cXs4KXQp4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTMwMjFaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiNjM4NTJmNDg5OWNmOTQ5ZGMxOGNjM2FkZjUxYzEzMWM4NmZhODM1ZDgx
NjE2MWZhNzAzMzM2MjEyMTIyM2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANqeF6P+R1CbF6CrZDbQS85JBrTST/Xti0gCrxYIyFPd48SfzlsU2Gh0CQ6S
XL68EtOpvpwb3DNWC0dscfcWIFKUswMBbNgkxKU6qHpPOHiHavcn2xOvO40JzzUk
0CasgK+Va0+4CRlY09UZsVC0V+zvQLFyxiDByFsKEl9PYxxP/ryfRdGTzW0WXclY
JL7XZmAoXJFKTfNnyinv835RI0uC9kej0wNT7a2u9ivlzj0g37qQ8qYVnp6gVSak
j0ivcYzYpLG/k1U7HRMGwHYNP+wnIOL2RfJqqDPw+WIGqaZLRng3gdXPolwSLrXA
YZQdAYj0Xp5vbrZK+jAcUqEMn7kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRnBJZ8
hDB1zAdnEVyE5pApOAOxYDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWZiOTY2MTctMmQyZi00NjhkLWI3NjYtMzVjNTJkOWYyNjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BUI
MA0GCSqGSIb3DQEBCwUAA4IBAQBi0jmRLiNzHiDxTiefDRb5Z5l2DhtQXUeMS0Fd
4xVT6VhY5YpGYTuhW0ceXZ2OUAp6v+wXUOO+5zAwwSaRKuCY/jN0JP+W9Ap7s/gY
KkJC1MzcZNBDerdmaShM10TBOxJCNhSgj5r+na+6hvqp7LJtssMsEgwUFfPmP7wG
h5nPO9qlYAWNDmqNcOjBSQcZBs2yVJjo6gSZr/LqlwmH3MeCw4xmUJ4JCz9cUYHv
53tuTpKSGrjutGCth9IqycZaeYEr2FUM05Fl/FhvZ6goGnylAG0lUpAwgcKXCAg6
7sBBrlr81jz7OuLmaXpVxx46E5Id3yhnCWGQLySsr1/V+P/x
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:28:33 2025 by rpki-client