Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
File: c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa (raw, json)
Hash identifier: d9IQDsQzMS95PVqFMM3wm1MvGIQ/WVmCtq8IjZ1VEtc=
Subject key identifier: F5:F5:19:F8:D3:6D:81:05:FD:7C:C4:3E:2F:0F:56:40:5B:63:01:CF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7B519437BD0E95A04C74694A13CCA3EA54082551
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
Signing time: Fri 06 Jun 2025 15:00:24 +0000
ROA not before: Fri 06 Jun 2025 15:00:24 +0000
ROA not after: Fri 11 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 176.34.128.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:51:94:37:bd:0e:95:a0:4c:74:69:4a:13:cc:a3:ea:54:08:25:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 6 15:00:24 2025 GMT
Not After : Jul 11 23:59:59 2025 GMT
Subject: serialNumber=5583b710e30d7a2b71028c8e17e2fdbfbd4e1e0c3c8337d3fa88a862842ea397, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:5c:e4:d2:d8:77:65:46:9b:1a:6b:3a:01:a8:
a2:9f:73:3c:4f:71:b0:45:74:64:d9:be:ff:74:21:
1b:3d:8a:c2:57:51:28:6a:44:50:51:c1:19:46:23:
66:c6:01:32:3a:8f:3d:e6:0f:5f:d6:bf:ba:86:88:
9f:aa:da:8f:50:4f:24:1b:fa:ea:ee:fc:7d:7a:94:
7c:6f:56:d6:2e:11:87:84:fc:97:d3:11:18:91:43:
9f:7b:ec:55:31:19:9d:c0:36:0b:60:ed:29:7f:d5:
39:01:18:53:d6:d2:b8:23:d2:e0:8c:e4:b6:6f:53:
8e:05:96:b7:cd:55:f7:cb:62:2f:a8:9c:66:13:a1:
8f:2e:6d:25:16:4d:55:cb:0f:89:92:87:14:c4:d6:
06:1b:3a:37:7f:cc:e6:51:3a:99:04:cc:c3:1d:d5:
5b:74:e4:8c:0d:1d:89:03:58:be:d6:6d:91:c2:98:
22:ff:93:71:f6:b4:bc:3a:33:e1:5b:14:7a:29:d6:
86:80:53:fe:28:5c:bc:df:48:f5:fa:ff:52:3e:ad:
89:bf:b0:27:c3:e8:33:8f:0f:82:9d:13:e4:4a:94:
80:5d:a1:71:7d:bd:be:47:b1:1c:19:cf:a9:e2:ab:
5f:a3:c2:10:3d:9c:8d:12:79:6d:f1:12:28:1c:86:
7d:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:F5:19:F8:D3:6D:81:05:FD:7C:C4:3E:2F:0F:56:40:5B:63:01:CF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.34.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a7:00:f7:f1:05:fb:a9:27:b8:56:f0:0b:c6:4f:6f:42:f5:e8:
bb:95:d8:2b:f6:cd:21:79:95:b4:36:84:60:98:1e:71:b1:43:
1c:ad:4f:3b:df:49:c4:51:f5:ae:3d:74:96:d5:0b:eb:bb:a9:
f9:e4:ed:73:21:62:d7:78:e1:b7:80:c4:2f:c4:3c:84:68:2e:
f3:6e:cd:18:7c:6f:72:76:c7:3c:a9:31:db:44:05:a4:8a:f8:
d9:79:a6:da:99:cd:9c:50:97:94:fb:6a:a7:50:84:ee:8a:c5:
cf:77:f1:05:e5:d6:af:03:8c:52:08:2c:7e:6a:bf:eb:5f:15:
41:e1:88:c5:5b:6e:d9:0d:97:6b:8e:1d:83:12:27:37:34:ae:
2a:72:55:18:07:19:c5:e7:e1:85:39:a7:00:d9:e2:fe:eb:c2:
1a:75:c4:a1:f2:db:1f:4e:15:d9:91:0b:1f:4d:91:42:81:df:
7d:ee:86:7e:78:8e:55:d5:48:4b:68:5d:ff:d2:f9:44:68:cd:
0d:d6:bb:57:6c:4d:64:14:a4:a8:41:38:e2:db:3a:b0:9c:ea:
df:72:dc:92:21:3b:88:6f:9f:a8:6d:2c:20:95:4a:4c:f4:92:
27:ac:6e:93:e5:49:a8:a6:19:4f:ff:90:76:5b:c4:86:30:c8:
d4:ec:cd:e8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUe1GUN70OlaBMdGlKE8yj6lQIJVEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MDYxNTAwMjRaFw0yNTA3MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1ODNiNzEwZTMwZDdhMmI3MTAyOGM4ZTE3ZTJmZGJmYmQ0ZTFlMGMzYzgz
MzdkM2ZhODhhODYyODQyZWEzOTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI1c5NLYd2VGmxprOgGoop9zPE9xsEV0ZNm+/3QhGz2KwldRKGpEUFHBGUYj
ZsYBMjqPPeYPX9a/uoaIn6raj1BPJBv66u78fXqUfG9W1i4Rh4T8l9MRGJFDn3vs
VTEZncA2C2DtKX/VOQEYU9bSuCPS4Izktm9TjgWWt81V98tiL6icZhOhjy5tJRZN
VcsPiZKHFMTWBhs6N3/M5lE6mQTMwx3VW3TkjA0diQNYvtZtkcKYIv+Tcfa0vDoz
4VsUeinWhoBT/ihcvN9I9fr/Uj6tib+wJ8PoM48Pgp0T5EqUgF2hcX29vkexHBnP
qeKrX6PCED2cjRJ5bfESKByGfYkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT19Rn4
022BBf18xD4vD1ZAW2MBzzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzJjZDRkZGYtOWEzOC00MjVhLTgwMjEtYzQ1ZWQ5NmM1MGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAigDAN
BgkqhkiG9w0BAQsFAAOCAQEApwD38QX7qSe4VvALxk9vQvXou5XYK/bNIXmVtDaE
YJgecbFDHK1PO99JxFH1rj10ltUL67up+eTtcyFi13jht4DEL8Q8hGgu827NGHxv
cnbHPKkx20QFpIr42Xmm2pnNnFCXlPtqp1CE7orFz3fxBeXWrwOMUggsfmq/618V
QeGIxVtu2Q2Xa44dgxInNzSuKnJVGAcZxefhhTmnANni/uvCGnXEofLbH04V2ZEL
H02RQoHffe6GfniOVdVIS2hd/9L5RGjNDda7V2xNZBSkqEE44ts6sJzq33LckiE7
iG+fqG0sIJVKTPSSJ6xuk+VJqKYZT/+QdlvEhjDI1OzN6A==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:55:36 2025 by rpki-client