Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
File: 1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa (raw, json)
Hash identifier: pIzTAF+IktrYEw7YjWzHWoY8dXg/75GT741yNclVLo8=
Subject key identifier: F5:C1:A1:55:33:A8:97:34:62:09:8B:99:90:51:36:A0:9B:FD:25:D1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 149EDF48EE6D32798135B05BCEB8B1CC23E244EC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
Signing time: Fri 25 Apr 2025 18:50:12 +0000
ROA not before: Fri 25 Apr 2025 18:50:12 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:9e:df:48:ee:6d:32:79:81:35:b0:5b:ce:b8:b1:cc:23:e2:44:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:50:12 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=a3e8717877eb50f7ae66bdfc64f0e671f485d448360afdd6cc8aa7ee20fdd01c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:43:75:99:1e:c9:71:5e:1c:5d:11:25:d3:dd:
88:3c:94:a2:b6:0f:22:fc:1d:66:ad:04:24:67:7f:
0f:a3:7f:aa:a7:b7:50:27:95:eb:e9:0d:7e:f5:2f:
0b:86:ed:75:be:d9:c5:16:a8:d6:44:e2:84:5f:47:
c4:3c:82:ad:fa:1f:77:bd:80:86:9b:4d:9c:c2:d1:
ca:43:fc:a7:f4:d7:e2:28:54:6a:bc:f7:07:50:e0:
7d:4d:06:84:2d:7d:25:cd:86:8f:fd:98:4d:7e:8c:
95:f6:7b:05:cb:df:59:f2:8f:cc:0a:27:61:93:6e:
79:2b:05:42:19:e4:cd:7d:8a:70:75:75:4a:30:07:
82:7a:4d:43:74:1b:6d:a3:aa:59:c0:e2:89:3e:98:
fc:31:af:28:5e:bb:0b:a9:bb:e7:cf:7e:bd:6e:01:
4d:ae:2e:d8:f7:a3:8f:df:ba:66:0a:0e:b1:33:64:
77:6d:98:10:1d:f6:33:20:b8:33:dd:e4:b7:74:3a:
d8:5c:86:8b:63:00:63:16:a5:bc:cc:40:88:55:16:
85:9a:c6:b6:9d:ef:38:f3:6f:f4:ea:ed:85:35:50:
5d:f5:01:81:fe:7e:47:1e:67:f0:2d:0f:84:45:e9:
3e:41:20:bd:50:a3:a1:73:6e:fa:36:0a:15:77:bc:
55:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:C1:A1:55:33:A8:97:34:62:09:8B:99:90:51:36:A0:9B:FD:25:D1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a040::/48
Signature Algorithm: sha256WithRSAEncryption
4f:c3:df:84:d4:7c:f0:70:f8:8c:ec:c2:3f:9e:e1:f4:59:d2:
1e:77:9b:ed:8a:45:2c:ea:e5:29:e5:d8:38:7a:34:1d:85:1e:
46:cd:8d:ef:38:e1:39:f1:e3:b0:32:11:0c:f7:38:40:ae:4e:
89:3b:66:6a:d9:f9:e2:18:13:50:6c:ad:ae:af:96:cb:cb:93:
60:6d:9a:6e:73:73:c0:a5:95:6e:6e:8f:bd:0c:f3:94:6e:30:
de:b3:10:d9:3e:55:09:2c:0f:2b:1f:67:7d:ac:ce:c2:60:26:
77:15:1a:0e:45:bd:5c:82:e9:2c:ff:56:51:2f:e2:bb:0f:81:
ee:90:d8:de:c1:76:93:f7:f6:39:6b:47:84:17:62:36:e8:36:
87:3d:c6:1d:f0:5e:e6:3f:89:e9:45:4c:ff:93:78:59:37:d3:
fc:bc:4f:f1:8b:5d:34:63:2e:57:29:6c:7d:17:f8:ce:95:c9:
7b:8a:9d:ef:67:d1:5d:f7:07:4b:f4:31:cd:c2:b9:6f:31:4d:
5d:a8:68:3e:98:40:e7:c7:f1:5f:90:4c:50:cd:da:0a:7f:d2:
c9:39:06:78:bb:60:6d:dd:17:52:e1:bc:fc:8b:4b:d3:a7:cc:
e4:79:74:3e:05:63:f7:56:b6:cf:bd:e6:1f:c6:86:1c:75:93:
42:1d:fc:b0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFJ7fSO5tMnmBNbBbzrixzCPiROwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODUwMTJaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzZTg3MTc4NzdlYjUwZjdhZTY2YmRmYzY0ZjBlNjcxZjQ4NWQ0NDgzNjBh
ZmRkNmNjOGFhN2VlMjBmZGQwMWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJDdZkeyXFeHF0RJdPdiDyUorYPIvwdZq0EJGd/D6N/qqe3UCeV6+kNfvUv
C4btdb7ZxRao1kTihF9HxDyCrfofd72AhptNnMLRykP8p/TX4ihUarz3B1DgfU0G
hC19Jc2Gj/2YTX6MlfZ7BcvfWfKPzAonYZNueSsFQhnkzX2KcHV1SjAHgnpNQ3Qb
baOqWcDiiT6Y/DGvKF67C6m7589+vW4BTa4u2Pejj9+6ZgoOsTNkd22YEB32MyC4
M93kt3Q62FyGi2MAYxalvMxAiFUWhZrGtp3vOPNv9OrthTVQXfUBgf5+Rx5n8C0P
hEXpPkEgvVCjoXNu+jYKFXe8VScCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT1waFV
M6iXNGIJi5mQUTagm/0l0TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWM4MWFlODUtYTk3YS00MWM0LTk3ZjctMzMyN2NjZjBkYzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
QDANBgkqhkiG9w0BAQsFAAOCAQEAT8PfhNR88HD4jOzCP57h9FnSHneb7YpFLOrl
KeXYOHo0HYUeRs2N7zjhOfHjsDIRDPc4QK5OiTtmatn54hgTUGytrq+Wy8uTYG2a
bnNzwKWVbm6PvQzzlG4w3rMQ2T5VCSwPKx9nfazOwmAmdxUaDkW9XILpLP9WUS/i
uw+B7pDY3sF2k/f2OWtHhBdiNug2hz3GHfBe5j+J6UVM/5N4WTfT/LxP8YtdNGMu
VylsfRf4zpXJe4qd72fRXfcHS/QxzcK5bzFNXahoPphA58fxX5BMUM3aCn/SyTkG
eLtgbd0XUuG8/ItL06fM5Hl0PgVj91a2z73mH8aGHHWTQh38sA==
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:54 2025 by rpki-client