Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
File: df59e31f-1e32-4e7a-a595-74adb3f93176.roa (raw, json)
Hash identifier: pnDTBADsulSMn+m49Hf2BIZU/T468W8xLfNlhRbfq+s=
Subject key identifier: A1:15:4C:BE:E2:5D:41:4F:C4:4C:32:8A:4F:A5:C1:AD:D9:18:D4:F7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2DDA145D1E0E8562B08EB1153A393D5EBE35A252
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
Signing time: Mon 16 Jun 2025 20:11:03 +0000
ROA not before: Mon 16 Jun 2025 20:11:03 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:da:14:5d:1e:0e:85:62:b0:8e:b1:15:3a:39:3d:5e:be:35:a2:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:11:03 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=a4537872dbb06e7b1a863b3220fd5cdbf89ba63cb01c1e116951ffac6f8d726e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:c0:f5:08:44:2b:0c:14:d2:3d:12:52:12:07:
3c:bb:eb:26:0e:0c:e9:4f:fa:3f:65:82:31:17:da:
b8:ff:0b:c1:9b:33:fa:dc:24:cc:ed:cf:c0:2c:1f:
d8:16:d5:1c:e2:0c:6c:c3:ec:3c:cf:d0:3b:cf:17:
35:f8:64:7d:68:a3:d4:54:d8:22:82:b8:78:a1:ac:
72:fe:20:46:67:d0:9f:45:8a:81:9b:01:2d:b3:1b:
0e:b6:24:a6:19:a2:82:d9:bd:e8:ef:7a:36:c7:e0:
ac:8a:10:ac:57:72:41:b1:dc:e7:5a:42:8a:88:f6:
29:db:04:f9:de:53:a8:92:75:85:45:10:2f:eb:46:
a7:cf:58:b7:ea:8e:21:d8:15:f9:37:db:66:ec:31:
44:71:f7:3d:6c:06:61:ec:3a:1f:6e:83:30:4d:16:
ef:7b:98:51:72:0d:19:c4:33:20:43:70:e8:a3:22:
19:f9:af:91:1c:3b:70:40:84:a8:2f:8d:52:98:25:
e8:41:90:cf:4e:2f:74:1b:83:59:6c:53:96:e8:e7:
87:9e:09:af:a9:16:ad:52:db:41:71:c1:16:9b:5b:
d9:e7:ef:54:ad:68:7d:0c:7f:6f:cb:8f:e8:de:77:
b6:18:bd:d2:97:78:4e:bd:7d:be:d4:45:a9:48:9b:
e5:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:15:4C:BE:E2:5D:41:4F:C4:4C:32:8A:4F:A5:C1:AD:D9:18:D4:F7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:e000::/40
Signature Algorithm: sha256WithRSAEncryption
16:88:c3:7e:1f:8c:5c:f9:48:64:19:89:57:62:21:d7:b4:9a:
f7:54:41:8c:83:27:e2:d4:2f:65:88:08:92:8a:a3:53:95:87:
a3:98:3d:d8:56:ba:1e:71:ec:ab:c2:0c:68:80:9c:db:74:76:
95:f7:cf:bf:76:70:a0:1f:1d:14:b0:1f:6d:0e:64:dc:73:8e:
ce:d3:74:c0:9d:45:be:10:29:41:61:e8:10:77:7f:5e:71:19:
13:c8:0a:05:85:0c:e8:9a:9c:0a:b2:5b:d4:98:5e:9d:f8:95:
47:ee:ea:8f:71:6b:0a:ab:21:72:a2:49:b2:f0:a9:56:df:f5:
2a:f7:f5:ec:35:78:ce:b4:42:8e:a5:0b:56:78:29:5f:04:1e:
8e:5f:8e:f3:4f:8f:b8:25:db:48:a2:74:8c:8a:08:73:9d:33:
a5:51:56:6d:cb:13:5d:46:6c:b6:a4:9c:35:dc:d0:34:a8:a4:
f9:8a:01:89:6b:c1:1a:6c:9a:5c:0d:33:96:92:71:cf:88:24:
2a:bb:58:5d:7a:f1:f6:98:64:26:ca:3b:ad:7b:56:bb:3e:71:
ab:10:80:0c:7c:f3:4a:b7:70:4f:84:68:8d:74:c8:fb:d4:7c:
f0:75:73:20:89:fb:33:3f:f4:8e:20:f1:ee:48:d5:b2:91:8f:
6a:40:4d:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULdoUXR4OhWKwjrEVOjk9Xr41olIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDExMDNaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0NTM3ODcyZGJiMDZlN2IxYTg2M2IzMjIwZmQ1Y2RiZjg5YmE2M2NiMDFj
MWUxMTY5NTFmZmFjNmY4ZDcyNmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMrA9QhEKwwU0j0SUhIHPLvrJg4M6U/6P2WCMRfauP8LwZsz+twkzO3PwCwf
2BbVHOIMbMPsPM/QO88XNfhkfWij1FTYIoK4eKGscv4gRmfQn0WKgZsBLbMbDrYk
phmigtm96O96NsfgrIoQrFdyQbHc51pCioj2KdsE+d5TqJJ1hUUQL+tGp89Yt+qO
IdgV+TfbZuwxRHH3PWwGYew6H26DME0W73uYUXINGcQzIENw6KMiGfmvkRw7cECE
qC+NUpgl6EGQz04vdBuDWWxTlujnh54Jr6kWrVLbQXHBFptb2efvVK1ofQx/b8uP
6N53thi90pd4Tr19vtRFqUib5QECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBShFUy+
4l1BT8RMMopPpcGt2RjU9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGY1OWUzMWYtMWUzMi00ZTdhLWE1OTUtNzRhZGIzZjkzMTc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHg
MA0GCSqGSIb3DQEBCwUAA4IBAQAWiMN+H4xc+UhkGYlXYiHXtJr3VEGMgyfi1C9l
iAiSiqNTlYejmD3YVroeceyrwgxogJzbdHaV98+/dnCgHx0UsB9tDmTcc47O03TA
nUW+EClBYegQd39ecRkTyAoFhQzompwKslvUmF6d+JVH7uqPcWsKqyFyokmy8KlW
3/Uq9/XsNXjOtEKOpQtWeClfBB6OX47zT4+4JdtIonSMighznTOlUVZtyxNdRmy2
pJw13NA0qKT5igGJa8EabJpcDTOWknHPiCQqu1hdevH2mGQmyjute1a7PnGrEIAM
fPNKt3BPhGiNdMj71HzwdXMgifszP/SOIPHuSNWykY9qQE0N
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:50:23 2025 by rpki-client