Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa679cd8-5924-43d7-8928-c65bc2ec3659.roa
File: aa679cd8-5924-43d7-8928-c65bc2ec3659.roa (raw, json)
Hash identifier: EsNX1vqD/O8Mc8eAY70ZpRMLjMJ+N14oZhTnw1P8Awk=
Subject key identifier: 4D:04:6C:4D:06:47:B9:C0:20:08:AE:B0:BA:72:9A:DB:E5:27:F2:98
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0CDF268988F3F8BF422C504756A4F6374CBB3BDA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa679cd8-5924-43d7-8928-c65bc2ec3659.roa
Signing time: Tue 05 Aug 2025 19:51:10 +0000
ROA not before: Tue 05 Aug 2025 19:51:10 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:df:26:89:88:f3:f8:bf:42:2c:50:47:56:a4:f6:37:4c:bb:3b:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:51:10 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=0bb6bae58e4d0dd6bc8e1e70c09fe4381718016c6dca8c498c5395a95533b403, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a0:d1:91:ac:f9:1f:9a:6a:cd:54:4b:fa:8e:
dc:24:05:47:d6:9d:9e:38:2f:b2:f6:b8:cf:e6:86:
c1:50:9a:c0:0a:23:fd:84:9f:7a:96:4b:c2:ac:0f:
13:c4:68:3e:61:9e:57:1a:f8:b6:cc:ac:a7:2f:69:
53:e9:51:22:e5:ee:90:e6:ea:36:0b:83:4c:98:e4:
b0:4e:58:13:49:32:46:e6:d9:81:35:b7:f5:86:e9:
76:98:46:3e:19:18:2e:1c:ff:c1:b1:9f:ca:b5:80:
13:53:66:43:2c:d3:88:d6:4d:b1:09:ba:5d:7e:9c:
c0:7a:0e:48:02:10:bd:2f:d3:96:32:89:8c:1a:0f:
1f:aa:c7:a6:7b:bf:08:48:5d:9b:ca:3a:b1:59:b7:
53:63:0c:f8:ac:ee:c4:f8:cd:03:42:11:40:ab:29:
15:63:17:be:d3:3b:73:26:f5:00:54:ac:13:d4:c0:
1a:7d:b7:d3:ba:ea:c0:85:02:e5:86:bb:60:7e:17:
e2:a1:15:fd:30:ad:4f:eb:4f:a2:86:3b:08:53:9c:
34:71:12:dd:32:39:72:ac:0e:7e:11:89:6b:84:f2:
2a:2e:0d:f3:ef:e5:5d:94:dd:0d:31:d1:94:9c:e5:
6b:d8:c5:d7:94:d2:f7:0b:d9:92:95:15:da:3a:b9:
3a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:04:6C:4D:06:47:B9:C0:20:08:AE:B0:BA:72:9A:DB:E5:27:F2:98
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa679cd8-5924-43d7-8928-c65bc2ec3659.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:c000::/40
Signature Algorithm: sha256WithRSAEncryption
b6:c3:65:ad:c2:47:44:6f:1f:ad:42:2c:22:1a:05:ff:90:87:
50:ab:e3:71:80:4b:d1:f9:3a:ca:78:b0:e5:6f:09:88:a4:48:
29:0f:9a:77:6b:f8:1b:b2:ee:6f:3a:8d:8c:a9:59:9f:19:9f:
ab:3a:eb:64:2e:ae:5c:16:3c:f8:78:f4:90:cc:25:4d:fa:f1:
c8:02:63:63:83:8b:c8:73:38:ac:d9:2b:07:3d:ab:95:ca:f9:
a0:56:2f:13:c2:22:cd:65:c5:66:65:dd:5d:6b:63:17:23:7b:
36:03:9f:0b:cc:9c:88:80:1e:1e:10:ec:b0:9a:3b:0a:b4:30:
01:6f:41:d8:3c:22:a5:cb:8c:f2:fa:43:9d:97:57:12:18:ad:
b7:58:32:25:8c:37:82:97:59:81:da:76:18:52:4c:c2:3a:b4:
39:52:98:e9:ef:c3:5d:22:1d:db:4d:7b:78:1a:4e:8b:02:33:
02:82:5d:2f:af:24:cc:ab:b0:4e:1d:f7:3a:e8:8e:9b:b8:48:
8d:2a:04:48:43:35:04:a7:3f:83:52:75:cf:8a:a3:1f:41:d5:
53:16:bc:f5:d4:e8:af:1c:dc:3f:97:91:ff:03:3b:25:6d:9a:
ff:06:f6:15:10:08:3c:b6:ae:d3:1b:35:db:87:7b:a4:6e:a3:
d6:2d:c0:69
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDN8miYjz+L9CLFBHVqT2N0y7O9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTUxMTBaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiYjZiYWU1OGU0ZDBkZDZiYzhlMWU3MGMwOWZlNDM4MTcxODAxNmM2ZGNh
OGM0OThjNTM5NWE5NTUzM2I0MDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKg0ZGs+R+aas1US/qO3CQFR9adnjgvsva4z+aGwVCawAoj/YSfepZLwqwP
E8RoPmGeVxr4tsyspy9pU+lRIuXukObqNguDTJjksE5YE0kyRubZgTW39YbpdphG
PhkYLhz/wbGfyrWAE1NmQyzTiNZNsQm6XX6cwHoOSAIQvS/TljKJjBoPH6rHpnu/
CEhdm8o6sVm3U2MM+KzuxPjNA0IRQKspFWMXvtM7cyb1AFSsE9TAGn2307rqwIUC
5Ya7YH4X4qEV/TCtT+tPooY7CFOcNHES3TI5cqwOfhGJa4TyKi4N8+/lXZTdDTHR
lJzla9jF15TS9wvZkpUV2jq5OnMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRNBGxN
Bke5wCAIrrC6cprb5SfymDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWE2NzljZDgtNTkyNC00M2Q3LTg5MjgtYzY1YmMyZWMzNjU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HjA
MA0GCSqGSIb3DQEBCwUAA4IBAQC2w2WtwkdEbx+tQiwiGgX/kIdQq+NxgEvR+TrK
eLDlbwmIpEgpD5p3a/gbsu5vOo2MqVmfGZ+rOutkLq5cFjz4ePSQzCVN+vHIAmNj
g4vIczis2SsHPauVyvmgVi8TwiLNZcVmZd1da2MXI3s2A58LzJyIgB4eEOywmjsK
tDABb0HYPCKly4zy+kOdl1cSGK23WDIljDeCl1mB2nYYUkzCOrQ5Upjp78NdIh3b
TXt4Gk6LAjMCgl0vryTMq7BOHfc66I6buEiNKgRIQzUEpz+DUnXPiqMfQdVTFrz1
1OivHNw/l5H/AzslbZr/BvYVEAg8tq7TGzXbh3ukbqPWLcBp
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:55:23 2025 by rpki-client