Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
File: ad363c67-ff83-46aa-9474-de02e382946b.roa (raw, json)
Hash identifier: dGMkkAd9XfkBXWJZUR5jGdOZO2U4NlbDfhYSKl5++p4=
Subject key identifier: EF:29:4F:C0:55:4C:CE:C6:47:16:18:AE:D4:11:9B:E4:A4:AD:4A:50
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3FBD3C6E3CC0C2801DAF5B6E1A2BF27013584904
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
Signing time: Mon 16 Jun 2025 21:11:27 +0000
ROA not before: Mon 16 Jun 2025 21:11:27 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:bd:3c:6e:3c:c0:c2:80:1d:af:5b:6e:1a:2b:f2:70:13:58:49:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 21:11:27 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=5d20130deb8fe4ee9239d7c70478e971d8b47f87dc16d1e031af99eff808be98, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:2a:3f:af:cb:15:96:e7:90:9c:58:f9:e9:94:
08:99:9c:09:d5:ef:74:df:70:c5:2c:e0:8c:86:d3:
e0:6c:2d:c8:83:fa:a8:78:07:e8:80:dd:6f:34:c2:
9e:e3:f5:26:2b:03:95:46:7a:5c:ec:ed:63:fc:84:
39:0d:b6:28:06:85:1f:6a:a4:5d:a9:26:c8:31:39:
8f:9a:69:28:d3:ce:df:c1:44:a5:04:4f:88:19:e2:
3b:7f:92:33:84:8e:1f:4f:58:a4:e1:2a:9c:b4:73:
c0:69:18:08:ff:3b:36:47:ef:d9:a5:a6:fe:3a:26:
39:b1:74:e6:9a:a0:58:e1:ba:5f:f8:ef:c5:44:34:
df:93:67:9a:9b:9e:51:7f:31:f1:1f:e6:bc:e3:63:
4b:86:78:1b:f0:d8:dc:e0:9a:ba:f4:b0:28:98:38:
ac:02:42:d0:ba:61:e6:9b:68:ef:3b:b7:32:1e:09:
5b:f9:31:56:21:c0:9d:68:6c:ce:e3:0a:59:33:08:
3a:38:b5:b5:b6:0c:f5:b8:02:da:97:18:e1:d3:85:
7b:b0:fb:a3:8d:54:88:ad:35:d9:a5:2d:7e:75:ca:
78:4f:7e:0b:86:06:20:f6:e9:f2:65:c4:d0:ce:70:
d4:4a:f3:3f:26:f6:a5:cf:27:ff:e2:70:8c:e6:91:
c0:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:29:4F:C0:55:4C:CE:C6:47:16:18:AE:D4:11:9B:E4:A4:AD:4A:50
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:b000::/40
Signature Algorithm: sha256WithRSAEncryption
96:8b:74:e2:ad:94:a9:17:43:db:fa:27:f7:68:5e:dd:5f:19:
5d:b0:bf:64:67:79:56:56:1b:d1:dd:93:8d:ab:6a:0c:00:83:
14:15:b6:fe:1f:2a:4f:23:80:a4:53:1c:ee:3d:4d:83:b9:1d:
e9:f3:75:6f:4a:27:90:c5:ef:b7:2d:84:42:48:47:bf:31:49:
69:5a:ed:90:9f:65:93:14:1e:28:cf:35:c9:2c:05:46:fb:ad:
38:44:00:b3:ee:34:9c:bd:b5:4a:74:aa:fe:ac:b6:0b:cc:07:
23:8a:7d:65:45:6e:60:63:a6:44:03:f7:72:bb:76:c6:bd:2c:
6b:d1:b7:5a:25:41:ab:71:76:48:dc:25:64:f4:6d:3f:78:da:
39:1f:55:b0:cd:07:82:f8:e2:bc:27:39:88:e5:9f:6a:70:de:
6a:d1:db:69:24:9e:3c:7e:bb:f1:a9:22:ce:54:74:60:3b:23:
8f:e5:3e:cb:82:76:8b:56:c9:80:d8:c1:20:a5:5d:7c:eb:23:
7c:97:c4:31:f2:06:0d:a6:dd:ab:39:53:3e:d7:a8:21:6d:9c:
15:c8:8f:1f:a1:4d:52:e7:7d:80:4a:2e:70:38:c6:ea:41:b0:
25:ab:e3:e0:c5:d6:bf:b6:68:60:d8:dd:02:83:2c:72:07:fa:
83:6b:7b:a4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUP708bjzAwoAdr1tuGivycBNYSQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTExMjdaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkMjAxMzBkZWI4ZmU0ZWU5MjM5ZDdjNzA0NzhlOTcxZDhiNDdmODdkYzE2
ZDFlMDMxYWY5OWVmZjgwOGJlOTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0qP6/LFZbnkJxY+emUCJmcCdXvdN9wxSzgjIbT4GwtyIP6qHgH6IDdbzTC
nuP1JisDlUZ6XOztY/yEOQ22KAaFH2qkXakmyDE5j5ppKNPO38FEpQRPiBniO3+S
M4SOH09YpOEqnLRzwGkYCP87Nkfv2aWm/jomObF05pqgWOG6X/jvxUQ035Nnmpue
UX8x8R/mvONjS4Z4G/DY3OCauvSwKJg4rAJC0Lph5pto7zu3Mh4JW/kxViHAnWhs
zuMKWTMIOji1tbYM9bgC2pcY4dOFe7D7o41UiK012aUtfnXKeE9+C4YGIPbp8mXE
0M5w1ErzPyb2pc8n/+JwjOaRwHsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTvKU/A
VUzOxkcWGK7UEZvkpK1KUDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQzNjNjNjctZmY4My00NmFhLTk0NzQtZGUwMmUzODI5NDZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGw
MA0GCSqGSIb3DQEBCwUAA4IBAQCWi3TirZSpF0Pb+if3aF7dXxldsL9kZ3lWVhvR
3ZONq2oMAIMUFbb+HypPI4CkUxzuPU2DuR3p83VvSieQxe+3LYRCSEe/MUlpWu2Q
n2WTFB4ozzXJLAVG+604RACz7jScvbVKdKr+rLYLzAcjin1lRW5gY6ZEA/dyu3bG
vSxr0bdaJUGrcXZI3CVk9G0/eNo5H1WwzQeC+OK8JzmI5Z9qcN5q0dtpJJ48frvx
qSLOVHRgOyOP5T7LgnaLVsmA2MEgpV186yN8l8Qx8gYNpt2rOVM+16ghbZwVyI8f
oU1S532ASi5wOMbqQbAlq+Pgxda/tmhg2N0CgyxyB/qDa3uk
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:55:24 2025 by rpki-client