Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17057de1-0841-47c5-9f52-f4f803d5e2d4.roa
File: 17057de1-0841-47c5-9f52-f4f803d5e2d4.roa (raw, json)
Hash identifier: yPBkUfe7mpP83XYwlN32CNg39IMAOq7D/NpMhli1P10=
Subject key identifier: 85:A8:4B:64:FC:24:C0:64:8B:D9:D1:9C:32:DE:A4:AE:E4:A6:F9:21
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2C18ACC9211741333CD5B7ED9416ADD5A923B507
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17057de1-0841-47c5-9f52-f4f803d5e2d4.roa
Signing time: Fri 25 Apr 2025 19:51:03 +0000
ROA not before: Fri 25 Apr 2025 19:51:03 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:18:ac:c9:21:17:41:33:3c:d5:b7:ed:94:16:ad:d5:a9:23:b5:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:51:03 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=6330a607ce5a6449449949fb4ac6cdf8290b96e29ef4f126d4935cd76148ded1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:bd:b1:89:2b:fe:2c:c4:4f:35:52:39:8f:6f:
ff:53:dd:39:4e:40:f1:18:fd:99:c3:1e:48:aa:db:
b9:8b:96:61:9b:e7:0b:b9:cd:05:e4:50:ef:3f:02:
56:e4:c7:ce:c2:eb:cc:d3:ce:ba:27:3a:00:0a:52:
e9:85:85:19:9e:93:12:03:de:3f:12:98:fe:95:86:
e4:5e:9b:2b:33:47:2c:4a:3d:e9:b9:61:5a:5a:bd:
cf:30:ad:b3:8a:de:c2:e0:74:0b:99:3f:ff:9f:4e:
ee:2c:5f:f9:43:3d:d7:25:ab:a9:86:80:5d:f3:05:
1b:1e:42:31:0a:84:63:80:88:6c:06:72:6e:97:51:
96:78:fe:dc:fc:58:18:37:d7:07:c1:3d:6b:b2:cf:
88:e0:fa:43:e7:e0:5f:6d:e3:a9:d5:a4:80:cb:da:
27:9e:dd:62:f4:eb:ff:34:ed:64:df:b3:41:d4:b1:
ad:e6:ed:2c:64:be:ce:77:35:d6:ec:76:74:62:fa:
75:74:46:09:47:b8:d4:8a:d4:2a:29:4a:fa:fc:8f:
17:55:59:aa:af:cc:aa:a6:dc:64:66:16:81:9f:8b:
d1:d3:1c:ae:67:f4:32:f7:23:e1:ee:5a:e7:b0:38:
33:1f:2f:e6:4f:b9:11:e1:10:30:58:36:c4:09:ac:
1c:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A8:4B:64:FC:24:C0:64:8B:D9:D1:9C:32:DE:A4:AE:E4:A6:F9:21
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17057de1-0841-47c5-9f52-f4f803d5e2d4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:6000::/40
Signature Algorithm: sha256WithRSAEncryption
a6:3b:dd:8f:73:51:93:73:a1:be:0d:25:89:d0:3e:e0:4e:77:
00:e8:e8:f8:f5:65:b5:c5:4c:05:33:0f:5e:2b:a3:e8:a7:f3:
30:1a:05:d4:65:5f:6f:25:5b:65:8b:05:13:8c:fd:0f:29:bd:
4e:9d:d2:57:5f:21:07:c3:b8:d6:a9:88:90:26:8c:fd:36:1c:
c0:14:18:c4:9f:09:ab:61:36:da:fd:cf:be:92:a4:e3:78:e4:
a0:7f:75:3c:9c:2f:b8:48:ae:38:c6:c5:a5:ab:37:62:4f:a4:
52:d8:65:fa:04:aa:1d:24:46:04:d0:87:0b:5c:3e:f1:94:2f:
7f:b9:d9:bc:9a:8b:87:2d:53:91:03:fa:6b:de:36:bd:07:55:
05:4f:d5:81:fa:39:4e:86:33:8e:a8:c1:8b:b8:11:32:a4:80:
51:00:2f:97:11:54:62:68:e9:97:7b:cb:df:b0:ec:0b:72:d8:
45:3f:98:38:97:75:5d:83:35:66:05:c4:11:17:44:de:0a:57:
b6:2a:a9:b4:6e:a9:5c:44:34:b9:e2:8e:bc:1b:4f:6b:ad:41:
05:52:4a:47:75:be:b6:e3:05:32:29:60:68:8c:87:37:d8:6c:
dd:a8:a8:7a:a3:7f:96:57:64:6e:9f:9f:73:d0:d0:39:cf:b9:
41:22:30:0a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULBisySEXQTM81bftlBat1akjtQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTUxMDNaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzMzBhNjA3Y2U1YTY0NDk0NDk5NDlmYjRhYzZjZGY4MjkwYjk2ZTI5ZWY0
ZjEyNmQ0OTM1Y2Q3NjE0OGRlZDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJu9sYkr/izETzVSOY9v/1PdOU5A8Rj9mcMeSKrbuYuWYZvnC7nNBeRQ7z8C
VuTHzsLrzNPOuic6AApS6YWFGZ6TEgPePxKY/pWG5F6bKzNHLEo96blhWlq9zzCt
s4rewuB0C5k//59O7ixf+UM91yWrqYaAXfMFGx5CMQqEY4CIbAZybpdRlnj+3PxY
GDfXB8E9a7LPiOD6Q+fgX23jqdWkgMvaJ57dYvTr/zTtZN+zQdSxrebtLGS+znc1
1ux2dGL6dXRGCUe41IrUKilK+vyPF1VZqq/MqqbcZGYWgZ+L0dMcrmf0Mvcj4e5a
57A4Mx8v5k+5EeEQMFg2xAmsHAUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSFqEtk
/CTAZIvZ0Zwy3qSu5Kb5ITAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTcwNTdkZTEtMDg0MS00N2M1LTlmNTItZjRmODAzZDVlMmQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dpg
MA0GCSqGSIb3DQEBCwUAA4IBAQCmO92Pc1GTc6G+DSWJ0D7gTncA6Oj49WW1xUwF
Mw9eK6Pop/MwGgXUZV9vJVtliwUTjP0PKb1OndJXXyEHw7jWqYiQJoz9NhzAFBjE
nwmrYTba/c++kqTjeOSgf3U8nC+4SK44xsWlqzdiT6RS2GX6BKodJEYE0IcLXD7x
lC9/udm8mouHLVORA/pr3ja9B1UFT9WB+jlOhjOOqMGLuBEypIBRAC+XEVRiaOmX
e8vfsOwLcthFP5g4l3VdgzVmBcQRF0TeCle2Kqm0bqlcRDS54o68G09rrUEFUkpH
db624wUyKWBojIc32GzdqKh6o3+WV2Run59z0NA5z7lBIjAK
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:23 2025 by rpki-client