Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
File: 0f3fbd71-85b4-48a7-8479-e942c9578262.roa (raw, json)
Hash identifier: PcRjHjm+qJwGVFCn7VaQgNJ4eeJgpYmZN237DuAnR5w=
Subject key identifier: ED:6C:1A:0B:C4:A0:0D:CE:FB:84:3F:90:BD:09:14:4F:E3:33:5E:6D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3CE2B62EF2FF4BE3F5838FD13FC8BAC8694FEBEA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
Signing time: Fri 25 Apr 2025 20:00:07 +0000
ROA not before: Fri 25 Apr 2025 20:00:07 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:e2:b6:2e:f2:ff:4b:e3:f5:83:8f:d1:3f:c8:ba:c8:69:4f:eb:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 20:00:07 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=a9b2b734214df493edaa548c2936c5a74148362c24403a5b091fb5ff3f3a9d44, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b1:1b:ad:c0:46:35:81:26:d7:02:33:e3:a7:
e4:ac:e8:46:59:4e:a0:1d:f4:21:75:e8:87:d1:ec:
79:ed:6c:65:8e:ce:88:e5:d1:83:18:54:f1:bf:74:
e3:70:96:3f:40:a5:e4:f3:6d:8e:cc:e3:8d:41:13:
6f:cb:c2:34:25:e0:db:c9:02:ee:c3:98:8a:cb:d1:
e8:28:36:0d:8f:a3:cb:ba:7b:08:ca:32:49:2f:4a:
a4:58:cb:f0:b0:92:a4:98:2c:b4:e8:de:b9:e9:df:
a0:b7:c3:fe:ca:84:6d:dd:bc:41:ef:8c:56:ac:33:
1a:ad:b9:02:f4:5a:c9:f8:d1:da:33:13:88:2a:92:
5a:77:da:55:0b:cd:a3:df:40:67:13:67:25:e8:fb:
0c:af:19:99:cf:3c:8c:6d:83:ce:81:ce:64:0c:81:
86:c3:ef:9e:56:be:b0:32:6e:4e:ef:b8:04:9c:25:
6f:26:2e:f0:1e:99:93:b6:f0:4a:4b:79:f0:26:a3:
a5:7e:fd:8a:7b:0d:fc:45:38:6a:f5:ed:30:6a:d6:
72:13:58:70:25:8a:1c:fc:10:c2:21:4e:76:9b:86:
b4:3e:87:e2:4a:a2:39:22:a5:1b:0e:49:94:1b:7b:
dc:b6:3f:74:db:66:cc:32:c5:54:1f:ae:1c:bc:44:
5b:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:6C:1A:0B:C4:A0:0D:CE:FB:84:3F:90:BD:09:14:4F:E3:33:5E:6D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:1000::/40
Signature Algorithm: sha256WithRSAEncryption
ae:c0:33:79:5a:33:c2:80:75:17:24:b9:e5:8b:c6:4d:fa:a1:
26:c8:4a:5c:73:31:4f:c8:11:45:09:8a:79:88:9f:21:cb:35:
5c:09:95:5e:84:2a:5f:c1:2e:98:f3:31:14:04:8a:29:21:37:
e2:70:7f:57:c6:d7:bb:6a:ec:1d:b6:85:18:a5:c7:8c:88:ef:
44:bb:7e:3b:e9:96:4a:14:c3:51:3d:9f:0c:03:36:f7:97:3f:
14:d8:ee:be:d0:a7:b4:a7:27:4c:55:21:77:05:28:79:06:bf:
3e:a2:cf:45:ff:dc:56:38:fe:75:ee:19:fd:e8:af:65:e1:cf:
16:a9:d7:95:24:dd:56:17:29:ce:33:cf:6b:8e:1c:65:55:d3:
7e:b9:fe:f8:49:b4:7a:99:52:e0:10:85:89:bf:ef:af:ec:56:
9e:89:ea:6e:f7:62:42:20:06:fa:1a:0d:9f:ac:39:0b:9e:52:
97:bf:5c:b7:a7:fe:fb:e7:68:d8:61:a3:36:38:e1:b9:c5:89:
81:b7:3f:27:c6:86:bf:f3:49:8e:90:36:40:e3:4f:e2:9e:bd:
04:4c:c9:ec:0a:dc:86:ca:51:74:6e:31:ff:53:89:78:70:a6:
b3:02:29:ed:92:d4:16:56:18:61:de:fa:89:3d:fc:ff:d3:55:
f9:bf:88:2a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPOK2LvL/S+P1g4/RP8i6yGlP6+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUyMDAwMDdaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5YjJiNzM0MjE0ZGY0OTNlZGFhNTQ4YzI5MzZjNWE3NDE0ODM2MmMyNDQw
M2E1YjA5MWZiNWZmM2YzYTlkNDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuxG63ARjWBJtcCM+On5KzoRllOoB30IXXoh9Hsee1sZY7OiOXRgxhU8b90
43CWP0Cl5PNtjszjjUETb8vCNCXg28kC7sOYisvR6Cg2DY+jy7p7CMoySS9KpFjL
8LCSpJgstOjeuenfoLfD/sqEbd28Qe+MVqwzGq25AvRayfjR2jMTiCqSWnfaVQvN
o99AZxNnJej7DK8Zmc88jG2DzoHOZAyBhsPvnla+sDJuTu+4BJwlbyYu8B6Zk7bw
Skt58CajpX79insN/EU4avXtMGrWchNYcCWKHPwQwiFOdpuGtD6H4kqiOSKlGw5J
lBt73LY/dNtmzDLFVB+uHLxEWz8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTtbBoL
xKANzvuEP5C9CRRP4zNebTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGYzZmJkNzEtODViNC00OGE3LTg0NzktZTk0MmM5NTc4MjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCuwDN5WjPCgHUXJLnli8ZN+qEmyEpcczFPyBFF
CYp5iJ8hyzVcCZVehCpfwS6Y8zEUBIopITficH9Xxte7auwdtoUYpceMiO9Eu347
6ZZKFMNRPZ8MAzb3lz8U2O6+0Ke0pydMVSF3BSh5Br8+os9F/9xWOP517hn96K9l
4c8WqdeVJN1WFynOM89rjhxlVdN+uf74SbR6mVLgEIWJv++v7Faeiepu92JCIAb6
Gg2frDkLnlKXv1y3p/7752jYYaM2OOG5xYmBtz8nxoa/80mOkDZA40/inr0ETMns
CtyGylF0bjH/U4l4cKazAintktQWVhhh3vqJPfz/01X5v4gq
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:25 2025 by rpki-client