Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/190e1645-8146-4d32-be0a-feed324f8efa.roa
File: 190e1645-8146-4d32-be0a-feed324f8efa.roa (raw, json)
Hash identifier: qNCW9WRHDUeBUOfbLtS3FQk/prOoo0oA1hj4BzljMdM=
Subject key identifier: 39:2B:1C:53:AB:A9:4C:36:40:1B:99:9D:67:3C:9F:2F:EB:DC:0B:9C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 527D3EDE482E26681A24265E3993BFF3076362F9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/190e1645-8146-4d32-be0a-feed324f8efa.roa
Signing time: Fri 25 Apr 2025 19:50:02 +0000
ROA not before: Fri 25 Apr 2025 19:50:02 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:7d:3e:de:48:2e:26:68:1a:24:26:5e:39:93:bf:f3:07:63:62:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:50:02 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=63f99f4720075546ce6df94d36d4483e53518d5c272e74a8d651a08aeaf36f50, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e5:66:32:05:1b:ce:ef:6b:60:64:83:bd:80:
26:2e:d7:e2:9f:db:76:dc:33:88:b0:33:2e:d3:9f:
fc:43:02:8b:91:8b:7a:de:54:59:e1:96:5d:c3:03:
20:ca:00:bd:1b:c6:e0:a2:82:f9:c1:7c:a5:bd:e4:
0b:1c:95:9c:78:b9:84:ef:7c:e3:64:75:ee:09:98:
82:97:6e:7e:bf:69:8a:30:18:97:df:2c:15:5d:97:
83:a9:2d:11:66:eb:c6:ab:77:ec:9b:b6:8a:e7:58:
fd:66:12:b0:8d:2e:b7:ca:4f:76:39:a9:7d:0d:ed:
4a:40:a4:b6:c2:84:a0:a2:69:d1:5f:93:09:f0:86:
ac:94:c6:e1:d4:97:f0:5d:c4:03:7a:09:7d:f5:dc:
91:0e:db:9f:c2:25:d5:79:35:d5:ee:a5:69:c2:cf:
d6:fb:c4:6b:41:85:d8:e5:2a:99:95:20:56:8f:d2:
e4:4e:5d:97:c1:cf:b9:13:2b:12:1a:4f:4b:21:22:
bd:1d:66:64:18:83:08:9d:0b:88:a9:b9:da:55:eb:
bc:d6:a5:6f:64:5b:d5:c1:a3:3c:ad:af:34:cd:a3:
71:92:58:fa:b7:8d:00:04:dc:b3:fe:7b:1b:45:14:
20:37:2e:51:ef:ff:10:4d:db:6d:22:a6:6f:97:4f:
f3:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:2B:1C:53:AB:A9:4C:36:40:1B:99:9D:67:3C:9F:2F:EB:DC:0B:9C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/190e1645-8146-4d32-be0a-feed324f8efa.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:a000::/40
Signature Algorithm: sha256WithRSAEncryption
a4:c1:72:cd:b9:19:e3:d6:b5:21:f9:84:c3:97:78:27:af:20:
30:2d:5c:b0:76:c7:31:ee:af:cf:a0:71:b5:ca:e7:b1:9a:90:
d7:65:f9:07:cd:d8:80:21:ec:69:32:78:b6:db:58:1f:b9:2a:
b1:26:8d:11:34:5c:75:da:91:37:2d:a3:bf:05:28:56:20:76:
ac:29:ce:b5:85:4b:45:d5:cb:06:b3:37:9c:81:c1:93:bd:f3:
fa:64:be:c6:3a:40:59:e6:30:f2:5d:35:b1:67:60:e4:e0:a4:
10:f0:07:25:2c:93:46:82:89:c6:40:a0:3d:2c:3c:8a:3e:18:
f0:bd:84:01:ba:ec:6c:72:c1:6e:f3:0e:aa:84:2c:26:3f:b3:
e5:55:d4:14:03:04:5a:ab:d9:53:75:92:89:6f:2e:3e:05:49:
c3:22:b2:85:e0:e6:2a:d5:0b:47:a8:09:ae:27:1e:4c:c5:71:
86:30:e3:7a:c2:17:e5:55:d8:1c:5e:30:e7:52:e5:29:b7:8b:
4e:a8:69:a8:95:67:26:60:28:8a:5f:7a:be:04:90:02:63:6d:
6e:e8:ce:98:9a:22:cd:f3:4e:6c:5e:36:c8:94:99:7d:d2:f2:
f4:3d:e9:70:90:7b:3c:8e:2d:86:3d:04:5f:ad:8e:91:5c:06:
f0:1b:b2:8f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUn0+3kguJmgaJCZeOZO/8wdjYvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTUwMDJaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzZjk5ZjQ3MjAwNzU1NDZjZTZkZjk0ZDM2ZDQ0ODNlNTM1MThkNWMyNzJl
NzRhOGQ2NTFhMDhhZWFmMzZmNTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLlZjIFG87va2Bkg72AJi7X4p/bdtwziLAzLtOf/EMCi5GLet5UWeGWXcMD
IMoAvRvG4KKC+cF8pb3kCxyVnHi5hO9842R17gmYgpdufr9pijAYl98sFV2Xg6kt
EWbrxqt37Ju2iudY/WYSsI0ut8pPdjmpfQ3tSkCktsKEoKJp0V+TCfCGrJTG4dSX
8F3EA3oJffXckQ7bn8Il1Xk11e6lacLP1vvEa0GF2OUqmZUgVo/S5E5dl8HPuRMr
EhpPSyEivR1mZBiDCJ0LiKm52lXrvNalb2Rb1cGjPK2vNM2jcZJY+reNAATcs/57
G0UUIDcuUe//EE3bbSKmb5dP8xsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ5KxxT
q6lMNkAbmZ1nPJ8v69wLnDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTkwZTE2NDUtODE0Ni00ZDMyLWJlMGEtZmVlZDMyNGY4ZWZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSg
MA0GCSqGSIb3DQEBCwUAA4IBAQCkwXLNuRnj1rUh+YTDl3gnryAwLVywdscx7q/P
oHG1yuexmpDXZfkHzdiAIexpMni221gfuSqxJo0RNFx12pE3LaO/BShWIHasKc61
hUtF1csGszecgcGTvfP6ZL7GOkBZ5jDyXTWxZ2Dk4KQQ8AclLJNGgonGQKA9LDyK
PhjwvYQBuuxscsFu8w6qhCwmP7PlVdQUAwRaq9lTdZKJby4+BUnDIrKF4OYq1QtH
qAmuJx5MxXGGMON6whflVdgcXjDnUuUpt4tOqGmolWcmYCiKX3q+BJACY21u6M6Y
miLN805sXjbIlJl90vL0PelwkHs8ji2GPQRfrY6RXAbwG7KP
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:46:22 2025 by rpki-client