Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
File: ad363c67-ff83-46aa-9474-de02e382946b.roa (raw, json)
Hash identifier: J7XuXe/e4RUk6Tr0U+1Tm58D6akq9bPRI8vjEdh0zfA=
Subject key identifier: 71:3F:53:5D:72:51:3C:C6:B0:3C:2F:FF:9F:2C:18:CD:EC:80:C4:49
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 536E00343CF2490F4012EAC15DE93FA888AA9E51
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
Signing time: Tue 05 Aug 2025 19:40:34 +0000
ROA not before: Tue 05 Aug 2025 19:40:34 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:6e:00:34:3c:f2:49:0f:40:12:ea:c1:5d:e9:3f:a8:88:aa:9e:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:40:34 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=feef69c5dd395dadaacf95f163c6ac9bee4c10f64193fb9698dae1170639c19a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c3:e6:f1:b8:9d:95:ba:e3:b5:2a:91:15:dc:
fd:b3:e3:7d:42:ca:1f:1d:ce:94:16:fd:e2:34:d9:
d2:56:5e:a3:93:38:7d:93:02:e5:18:ca:3f:57:4c:
bc:53:bc:2d:4e:32:11:0e:ae:39:de:64:8d:eb:7a:
65:fc:95:0a:84:34:3e:e1:17:6a:bc:a2:32:d0:d1:
b7:7c:e5:31:36:1d:a0:c0:c1:1d:f6:28:d7:94:9c:
2c:16:9c:2f:df:16:17:b2:6c:54:4a:ea:70:86:0a:
92:6f:7e:14:a3:98:41:8b:ea:be:fb:9e:20:b5:98:
4d:8f:0c:4e:e5:e3:72:89:e9:ef:e0:de:3c:d3:6f:
6a:f5:06:be:a8:52:f3:73:c6:f0:0b:98:2b:f6:1c:
4f:b5:4d:27:83:a4:83:ea:79:32:80:30:71:29:74:
7a:0e:17:41:ec:8c:92:f0:fb:a9:4f:34:82:1c:fd:
01:36:0a:85:20:48:3d:3c:40:fc:7e:82:72:10:22:
c4:e0:06:9e:89:9e:b9:7b:a2:a8:28:de:ae:b5:a9:
e5:b4:62:2d:9d:44:37:86:85:17:ee:d7:c8:46:eb:
70:8b:db:f7:1e:f2:d6:ff:e7:df:c8:bd:7a:ef:a1:
b3:16:ad:b0:2d:c4:3b:ed:ca:25:5b:27:92:37:32:
22:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:3F:53:5D:72:51:3C:C6:B0:3C:2F:FF:9F:2C:18:CD:EC:80:C4:49
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:b000::/40
Signature Algorithm: sha256WithRSAEncryption
0f:c3:a5:5b:b5:3d:8e:59:6c:92:12:97:78:f5:4c:97:d5:8f:
74:bc:8b:37:59:48:83:64:ee:86:5b:36:40:7e:84:91:e5:fa:
45:fa:75:90:fb:0e:f4:3b:c4:b7:14:ea:99:56:b2:3a:bc:ff:
56:49:44:81:00:98:44:1f:32:bd:f8:ac:39:89:1e:0d:e0:13:
7c:25:e6:09:6d:89:56:2c:32:09:ac:12:e6:a8:f1:f9:f7:5a:
25:09:5f:ff:5c:54:95:bb:b4:e3:ea:53:67:ab:db:e5:d2:04:
e4:63:b7:02:55:2b:c2:e1:aa:2d:68:40:03:a9:be:31:c1:79:
d0:a8:65:88:4e:cf:99:75:6e:df:ce:81:ac:7b:58:75:79:6c:
01:66:7e:88:59:df:86:b6:06:e6:17:0f:45:d1:b5:d0:45:62:
28:8b:2b:a1:b7:64:e2:e9:7b:8b:35:4c:ad:b3:2e:15:b0:45:
e6:e7:07:bb:43:92:16:5d:3a:f5:b5:40:c3:b6:ce:f6:7a:e9:
07:6f:43:66:6f:aa:9c:62:5e:cb:4c:53:de:2c:54:08:61:d6:
d1:66:69:30:7a:db:9b:1f:df:2e:3b:77:8e:a1:ca:5f:b7:0a:
9d:e3:f6:d2:d7:fc:02:c9:64:b9:45:64:1f:4e:44:e3:6e:8e:
df:80:f6:f0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU24ANDzySQ9AEurBXek/qIiqnlEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQwMzRaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlZWY2OWM1ZGQzOTVkYWRhYWNmOTVmMTYzYzZhYzliZWU0YzEwZjY0MTkz
ZmI5Njk4ZGFlMTE3MDYzOWMxOWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALnD5vG4nZW647UqkRXc/bPjfULKHx3OlBb94jTZ0lZeo5M4fZMC5RjKP1dM
vFO8LU4yEQ6uOd5kjet6ZfyVCoQ0PuEXaryiMtDRt3zlMTYdoMDBHfYo15ScLBac
L98WF7JsVErqcIYKkm9+FKOYQYvqvvueILWYTY8MTuXjconp7+DePNNvavUGvqhS
83PG8AuYK/YcT7VNJ4Okg+p5MoAwcSl0eg4XQeyMkvD7qU80ghz9ATYKhSBIPTxA
/H6CchAixOAGnomeuXuiqCjerrWp5bRiLZ1EN4aFF+7XyEbrcIvb9x7y1v/n38i9
eu+hsxatsC3EO+3KJVsnkjcyIhkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRxP1Nd
clE8xrA8L/+fLBjN7IDESTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQzNjNjNjctZmY4My00NmFhLTk0NzQtZGUwMmUzODI5NDZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGw
MA0GCSqGSIb3DQEBCwUAA4IBAQAPw6VbtT2OWWySEpd49UyX1Y90vIs3WUiDZO6G
WzZAfoSR5fpF+nWQ+w70O8S3FOqZVrI6vP9WSUSBAJhEHzK9+Kw5iR4N4BN8JeYJ
bYlWLDIJrBLmqPH591olCV//XFSVu7Tj6lNnq9vl0gTkY7cCVSvC4aotaEADqb4x
wXnQqGWITs+ZdW7fzoGse1h1eWwBZn6IWd+GtgbmFw9F0bXQRWIoiyuht2Ti6XuL
NUytsy4VsEXm5we7Q5IWXTr1tUDDts72eukHb0Nmb6qcYl7LTFPeLFQIYdbRZmkw
etubH98uO3eOocpftwqd4/bS1/wCyWS5RWQfTkTjbo7fgPbw
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:57:08 2025 by rpki-client