Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: LVmTDNWQui3URr2c05BN7t1/AfeagyjfrNz59Pw7mi4=
Subject key identifier: 91:46:A4:4D:8C:7E:86:2F:11:65:4B:A0:8C:C5:91:81:12:32:2D:9E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1D7270D904934FACC713DDE6DDF3FF57F2815016
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Fri 25 Apr 2025 19:51:31 +0000
ROA not before: Fri 25 Apr 2025 19:51:31 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:72:70:d9:04:93:4f:ac:c7:13:dd:e6:dd:f3:ff:57:f2:81:50:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:51:31 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=96233cb35d2c353a86bd928267bfa8a5655c7e5337e9a8413339812f8efd3c72, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:42:64:bc:62:4d:02:e4:a7:e9:96:08:d2:11:
3b:53:00:ad:10:10:58:65:c3:f2:07:c0:21:5e:82:
8b:91:0c:8b:4b:2f:02:10:37:0b:9e:6e:7f:f4:05:
2e:bd:b0:f7:c5:7c:6e:52:af:3b:39:01:62:37:80:
7b:b6:ca:16:9d:e1:db:a2:80:c1:bb:d5:1c:58:f0:
20:a3:29:ac:3e:b0:c3:d5:36:71:f2:34:2a:b0:8d:
c1:76:2f:2e:74:d7:b2:48:e6:42:61:e6:59:d2:36:
e5:3d:8b:ed:f9:5f:66:7c:dc:20:5c:4f:72:51:85:
9a:67:3a:04:0b:3f:2f:54:51:ab:bc:df:d0:00:fc:
38:9d:0c:fd:a2:27:39:39:87:65:bb:6e:0b:d5:11:
37:ec:16:a4:d3:14:6a:ac:8e:5f:cf:03:85:d3:40:
da:65:c9:5a:0d:8a:07:44:4c:8e:3c:fd:2e:2a:83:
58:4e:17:47:9f:ec:8e:34:5f:fd:88:2f:58:d8:2c:
14:8e:e8:fe:b6:1c:30:2f:10:90:30:a8:b0:02:d7:
1e:85:09:49:a7:d3:e8:a7:ee:2f:cb:cd:30:0c:96:
d2:13:40:8d:00:41:82:74:a6:d1:ff:01:f9:cd:3e:
85:e8:7a:87:9d:ac:67:1b:a5:c6:41:d8:22:e1:2e:
5c:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:46:A4:4D:8C:7E:86:2F:11:65:4B:A0:8C:C5:91:81:12:32:2D:9E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
72:c1:5c:a9:77:3c:0a:e8:03:3f:47:bb:5e:1f:51:61:f0:3a:
9e:80:93:aa:45:c5:6d:7c:38:9a:94:db:5b:23:56:e9:ff:58:
46:9f:59:f3:50:f5:f3:84:f3:b5:09:c4:36:55:b5:29:9f:a2:
a4:5e:9b:cc:7b:ee:4c:34:f8:93:18:5c:51:28:2f:70:98:c3:
08:57:b3:c9:8f:0b:4c:11:23:86:29:7a:e8:fa:bc:e5:98:60:
ef:99:74:5b:fc:71:db:b0:88:04:b9:72:41:65:dd:24:ef:20:
bd:5e:1f:8d:ba:de:43:7f:28:9f:a8:a8:64:04:e2:a2:04:7d:
a2:0d:2f:ab:c4:45:39:cd:c2:a2:ec:10:d4:26:4d:52:a4:3d:
14:aa:82:87:56:60:71:a9:a7:3f:bb:24:fc:3c:6a:f2:b2:ee:
96:f2:58:1b:bc:66:90:a6:00:54:61:c2:60:68:8b:8b:e3:9f:
f9:bb:b0:a0:46:a0:fd:47:a4:61:7f:38:d3:32:87:ee:5e:cc:
f7:97:a1:cd:e4:f2:9b:03:e1:9c:8b:51:d8:a6:35:3b:a3:23:
50:1d:94:18:41:dc:98:75:09:29:98:b5:53:66:06:d8:fa:c1:
a6:0a:80:a0:4c:78:00:63:a0:0d:44:6e:be:e1:61:dc:ee:e3:
b5:2b:c7:f1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHXJw2QSTT6zHE93m3fP/V/KBUBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTUxMzFaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDk2MjMzY2IzNWQyYzM1M2E4NmJkOTI4MjY3YmZhOGE1NjU1YzdlNTMzN2U5
YTg0MTMzMzk4MTJmOGVmZDNjNzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdCZLxiTQLkp+mWCNIRO1MArRAQWGXD8gfAIV6Ci5EMi0svAhA3C55uf/QF
Lr2w98V8blKvOzkBYjeAe7bKFp3h26KAwbvVHFjwIKMprD6ww9U2cfI0KrCNwXYv
LnTXskjmQmHmWdI25T2L7flfZnzcIFxPclGFmmc6BAs/L1RRq7zf0AD8OJ0M/aIn
OTmHZbtuC9URN+wWpNMUaqyOX88DhdNA2mXJWg2KB0RMjjz9LiqDWE4XR5/sjjRf
/YgvWNgsFI7o/rYcMC8QkDCosALXHoUJSafT6KfuL8vNMAyW0hNAjQBBgnSm0f8B
+c0+heh6h52sZxulxkHYIuEuXMMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSRRqRN
jH6GLxFlS6CMxZGBEjItnjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQBywVypdzwK6AM/R7teH1Fh8DqegJOqRcVtfDia
lNtbI1bp/1hGn1nzUPXzhPO1CcQ2VbUpn6KkXpvMe+5MNPiTGFxRKC9wmMMIV7PJ
jwtMESOGKXro+rzlmGDvmXRb/HHbsIgEuXJBZd0k7yC9Xh+Nut5DfyifqKhkBOKi
BH2iDS+rxEU5zcKi7BDUJk1SpD0UqoKHVmBxqac/uyT8PGrysu6W8lgbvGaQpgBU
YcJgaIuL45/5u7CgRqD9R6RhfzjTMofuXsz3l6HN5PKbA+Gci1HYpjU7oyNQHZQY
QdyYdQkpmLVTZgbY+sGmCoCgTHgAY6ANRG6+4WHc7uO1K8fx
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:50:03 2025 by rpki-client