Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a96d9971-6d4e-47a3-9408-d633699b643b.roa
File: a96d9971-6d4e-47a3-9408-d633699b643b.roa (raw, json)
Hash identifier: MxTIG3nteohXX1xi3ddPzhT+SJyLOnYlb74k6DaglS8=
Subject key identifier: 12:D8:10:3C:21:6B:68:0B:3E:E9:33:9B:A3:0B:2A:48:48:5C:09:42
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1EB18E563F542B7C93023BAD646578836C9E1C9D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a96d9971-6d4e-47a3-9408-d633699b643b.roa
Signing time: Mon 16 Jun 2025 21:00:09 +0000
ROA not before: Mon 16 Jun 2025 21:00:09 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07e:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:b1:8e:56:3f:54:2b:7c:93:02:3b:ad:64:65:78:83:6c:9e:1c:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:00:09 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=9987879ba32f94e9a1f4297d9b0eacc539ea0b8560316172c6c47351c7b5ae30, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ef:58:17:e9:9c:5f:2f:b4:b7:bb:b7:7d:91:
80:7a:10:4e:fd:62:cc:09:fc:d8:8b:ca:71:64:26:
f8:91:db:cc:61:9c:87:54:f4:37:9c:6e:39:fa:53:
8e:40:05:c2:fb:cb:e4:10:cd:a2:f8:db:ac:0e:04:
59:02:2c:bf:e1:2f:6a:0e:e9:63:97:58:18:34:02:
ad:40:fd:02:80:22:5a:f9:4c:4f:34:d8:98:f4:68:
40:00:ba:c8:cc:9e:8d:e8:14:75:05:c2:24:3d:dd:
4a:24:50:21:45:2d:3b:0c:a4:1a:c2:31:fc:61:f2:
3f:e9:71:a0:7e:a4:92:06:ba:26:de:16:d1:c7:91:
f3:ac:92:87:19:9a:f9:d8:c9:44:da:1a:a8:1f:0b:
cc:77:89:ca:db:f9:67:d1:9d:4c:26:b8:22:4b:af:
23:14:f4:32:11:40:04:70:d0:38:21:af:6d:ff:c4:
70:18:4e:5b:2d:d7:32:50:0b:9a:f4:fb:9d:92:fc:
a1:1a:1b:08:b2:87:0c:44:3a:42:fa:29:40:90:62:
69:7a:f0:c4:58:00:bc:7b:ac:b1:9c:c1:a9:9a:fa:
7b:4a:31:8b:39:9c:0e:67:29:08:87:8c:e8:5d:20:
44:97:c7:29:6b:f5:7f:89:8a:6d:a6:48:3a:55:14:
24:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:D8:10:3C:21:6B:68:0B:3E:E9:33:9B:A3:0B:2A:48:48:5C:09:42
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a96d9971-6d4e-47a3-9408-d633699b643b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07e:2000::/40
Signature Algorithm: sha256WithRSAEncryption
13:6c:4d:26:d8:ec:44:87:e8:52:68:85:fc:ed:6d:1a:35:f8:
f4:b5:41:90:32:42:bc:7a:f5:7a:41:d1:2d:15:fb:2f:c6:f1:
2e:a2:63:ba:d5:ba:98:45:e8:09:8b:60:ba:12:ac:30:23:5f:
c2:71:8d:4b:9a:21:6c:5a:85:d3:5d:95:2d:a8:f9:43:5c:aa:
bf:37:49:3d:f1:8d:d8:3a:32:ad:9f:92:0b:98:d6:ce:10:85:
de:f2:8b:b0:68:49:b9:6c:8e:09:4c:37:6b:e7:b1:60:3b:46:
a2:4d:bd:3b:f9:ce:99:d3:0e:f6:39:2c:ee:a3:a9:7e:81:9a:
bd:93:8b:60:69:6b:29:2c:81:ec:2c:6b:ab:de:21:6e:14:a2:
8a:24:f0:28:6e:ce:7b:27:b6:5e:35:b3:2c:12:73:3e:03:01:
e5:5b:d7:6a:00:15:31:75:1f:71:72:b4:6a:3e:6e:f8:e4:20:
f2:e4:3a:20:12:aa:88:ab:e6:f6:23:0a:d7:b4:ff:2b:2e:1f:
51:34:f3:80:a0:9f:63:3b:47:11:6a:cd:04:12:63:ef:f5:c3:
13:49:b2:c8:cf:e3:85:39:61:e5:e1:3b:08:c1:30:89:de:68:
39:ae:a5:ca:ff:d9:d3:4d:64:c3:36:9a:e7:98:90:05:bb:0c:
97:3f:91:9d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHrGOVj9UK3yTAjutZGV4g2yeHJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTAwMDlaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5ODc4NzliYTMyZjk0ZTlhMWY0Mjk3ZDliMGVhY2M1MzllYTBiODU2MDMx
NjE3MmM2YzQ3MzUxYzdiNWFlMzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPvWBfpnF8vtLe7t32RgHoQTv1izAn82IvKcWQm+JHbzGGch1T0N5xuOfpT
jkAFwvvL5BDNovjbrA4EWQIsv+Evag7pY5dYGDQCrUD9AoAiWvlMTzTYmPRoQAC6
yMyejegUdQXCJD3dSiRQIUUtOwykGsIx/GHyP+lxoH6kkga6Jt4W0ceR86yShxma
+djJRNoaqB8LzHeJytv5Z9GdTCa4IkuvIxT0MhFABHDQOCGvbf/EcBhOWy3XMlAL
mvT7nZL8oRobCLKHDEQ6QvopQJBiaXrwxFgAvHussZzBqZr6e0oxizmcDmcpCIeM
6F0gRJfHKWv1f4mKbaZIOlUUJJkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQS2BA8
IWtoCz7pM5ujCypISFwJQjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTk2ZDk5NzEtNmQ0ZS00N2EzLTk0MDgtZDYzMzY5OWI2NDNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H4g
MA0GCSqGSIb3DQEBCwUAA4IBAQATbE0m2OxEh+hSaIX87W0aNfj0tUGQMkK8evV6
QdEtFfsvxvEuomO61bqYRegJi2C6EqwwI1/CcY1LmiFsWoXTXZUtqPlDXKq/N0k9
8Y3YOjKtn5ILmNbOEIXe8ouwaEm5bI4JTDdr57FgO0aiTb07+c6Z0w72OSzuo6l+
gZq9k4tgaWspLIHsLGur3iFuFKKKJPAobs57J7ZeNbMsEnM+AwHlW9dqABUxdR9x
crRqPm745CDy5DogEqqIq+b2IwrXtP8rLh9RNPOAoJ9jO0cRas0EEmPv9cMTSbLI
z+OFOWHl4TsIwTCJ3mg5rqXK/9nTTWTDNprnmJAFuwyXP5Gd
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:55:21 2025 by rpki-client