Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
File: e584cad3-b485-48b5-a920-636e55268d8b.roa (raw, json)
Hash identifier: f+w9/A5DkF6txXVE+VSEuMStZZyCJz3HZT1CDFRfRHI=
Subject key identifier: A5:3D:8D:C8:FD:C0:77:9F:A8:9F:68:D4:7E:E4:5F:FC:C0:39:46:2A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 45254837BD251132932D09DF014C3E9E71CDC108
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
Signing time: Mon 16 Jun 2025 20:10:54 +0000
ROA not before: Mon 16 Jun 2025 20:10:54 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:20c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:25:48:37:bd:25:11:32:93:2d:09:df:01:4c:3e:9e:71:cd:c1:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 16 20:10:54 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=9ae69268c86be71f0122758d31bc4b6666490e9f1dc3f364747f784e08a4099f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:04:42:4e:80:2a:db:46:66:9b:c9:73:b1:6a:
79:33:2b:f8:b3:33:91:89:d8:95:9b:03:22:df:b6:
59:5e:b5:76:c7:fd:e6:e2:8b:df:58:52:c2:e9:20:
1a:e4:98:4c:6e:2b:e4:3d:8f:5e:ee:55:b2:95:63:
38:9d:75:b1:12:ca:44:cb:a0:c7:8e:d8:65:05:fe:
cd:d2:04:94:7c:b2:4a:5d:b7:12:b7:3b:60:79:e3:
11:89:ed:39:4c:6c:5b:b5:0d:a9:bf:94:4e:ef:47:
32:a9:23:bb:65:27:81:1f:82:5e:da:9a:83:fd:d2:
c7:2a:61:96:e5:35:84:c2:bc:e0:89:7e:bb:c4:9b:
9a:c5:ed:aa:01:ff:3a:c5:4d:70:8d:5a:b1:1a:78:
ab:f9:ac:bc:01:ae:e1:89:af:e9:6f:ec:dd:15:85:
27:10:b9:6e:db:cf:c1:77:81:8b:18:2e:2e:27:03:
2d:5a:17:96:63:d9:20:b2:57:1e:43:a5:de:62:d1:
43:35:00:d3:c1:2a:b3:ff:a7:62:4b:4c:07:03:65:
e7:89:c8:e5:95:e4:06:92:e1:a7:3d:c2:af:39:24:
d7:9e:8c:03:53:d5:59:7f:ca:a9:df:82:1c:01:70:
66:9f:c2:31:f1:e8:eb:38:32:3e:33:f6:b1:83:6f:
23:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:3D:8D:C8:FD:C0:77:9F:A8:9F:68:D4:7E:E4:5F:FC:C0:39:46:2A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:20c0::/48
Signature Algorithm: sha256WithRSAEncryption
2f:f6:8f:94:d8:97:22:55:d9:f3:0f:92:26:52:27:00:1e:5d:
ee:28:ce:46:4d:c1:b2:6f:6b:df:d7:01:44:7a:2f:e5:56:4f:
46:d0:c9:60:59:b8:91:e5:cd:49:09:f8:22:e7:7d:ea:1e:b0:
08:28:0c:46:65:0f:b7:ee:b2:a5:08:f5:7e:35:06:15:1f:d0:
1e:4b:36:26:bd:c5:2d:2e:95:2c:ad:1a:b3:a9:e9:a0:f5:55:
2e:cf:05:ac:e3:7f:cc:a7:bf:48:7b:fc:71:f1:d0:d9:12:43:
4a:d9:f3:26:66:b0:97:81:48:27:ec:c8:03:c4:cb:db:52:0c:
89:55:ce:2e:b6:ba:53:75:47:0f:5b:fe:0d:60:19:b7:b9:91:
6b:de:69:a3:b3:3f:18:c5:8c:19:b9:2b:a0:21:ec:ce:df:d6:
71:63:85:0a:fe:bc:f9:58:d6:b9:36:09:09:05:49:e1:d0:b6:
47:bb:d2:5e:a8:ec:64:78:fb:d0:d6:4a:5e:f2:bf:88:ae:8a:
7f:ca:90:9a:30:cb:11:67:48:7d:ca:58:eb:36:bd:26:a1:36:
18:31:b9:5e:0c:0f:db:cd:f8:0f:a4:c3:bd:86:52:7f:53:8e:
0e:3d:6a:46:48:89:f0:0b:6b:af:75:74:92:a1:c2:eb:28:e0:
b5:0c:6c:a8
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURSVIN70lETKTLQnfAUw+nnHNwQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMDEwNTRaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDlhZTY5MjY4Yzg2YmU3MWYwMTIyNzU4ZDMxYmM0YjY2NjY0OTBlOWYxZGMz
ZjM2NDc0N2Y3ODRlMDhhNDA5OWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIcEQk6AKttGZpvJc7FqeTMr+LMzkYnYlZsDIt+2WV61dsf95uKL31hSwukg
GuSYTG4r5D2PXu5VspVjOJ11sRLKRMugx47YZQX+zdIElHyySl23Erc7YHnjEYnt
OUxsW7UNqb+UTu9HMqkju2UngR+CXtqag/3SxyphluU1hMK84Il+u8SbmsXtqgH/
OsVNcI1asRp4q/msvAGu4Ymv6W/s3RWFJxC5btvPwXeBixguLicDLVoXlmPZILJX
HkOl3mLRQzUA08Eqs/+nYktMBwNl54nI5ZXkBpLhpz3Crzkk156MA1PVWX/Kqd+C
HAFwZp/CMfHo6zgyPjP2sYNvI3MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSlPY3I
/cB3n6ifaNR+5F/8wDlGKjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU4NGNhZDMtYjQ4NS00OGI1LWE5MjAtNjM2ZTU1MjY4ZDhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8g
wDANBgkqhkiG9w0BAQsFAAOCAQEAL/aPlNiXIlXZ8w+SJlInAB5d7ijORk3Bsm9r
39cBRHov5VZPRtDJYFm4keXNSQn4Iud96h6wCCgMRmUPt+6ypQj1fjUGFR/QHks2
Jr3FLS6VLK0as6npoPVVLs8FrON/zKe/SHv8cfHQ2RJDStnzJmawl4FIJ+zIA8TL
21IMiVXOLra6U3VHD1v+DWAZt7mRa95po7M/GMWMGbkroCHszt/WcWOFCv68+VjW
uTYJCQVJ4dC2R7vSXqjsZHj70NZKXvK/iK6Kf8qQmjDLEWdIfcpY6za9JqE2GDG5
XgwP2834D6TDvYZSf1OODj1qRkiJ8Atrr3V0kqHC6yjgtQxsqA==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:53:48 2025 by rpki-client