Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
File: 33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa (raw, json)
Hash identifier: Xkwz+8I/1lkErUkIRqLiihXKYOCpVM+MtqZve+NXLQ4=
Subject key identifier: DD:31:79:9C:EF:9F:C0:E0:9D:64:C8:84:A3:C3:36:BF:80:3D:94:49
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 65CAA42CE8895EB86A0AB49626F39552AEDF4298
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
Signing time: Fri 25 Apr 2025 19:51:07 +0000
ROA not before: Fri 25 Apr 2025 19:51:07 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:ca:a4:2c:e8:89:5e:b8:6a:0a:b4:96:26:f3:95:52:ae:df:42:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:51:07 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=58bc767ee84a0ba2ed551388490585b14a02497616fa6637e91464fa817ad689, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:62:f6:5b:64:5a:0c:34:4f:bc:c5:93:96:34:
c4:bc:66:3e:b1:09:a9:a5:24:82:a4:31:02:aa:df:
2e:47:5d:26:45:43:1c:4e:de:25:4f:65:99:6f:64:
05:1e:0f:43:ef:ee:34:3f:f7:d9:0d:5d:3b:3f:00:
66:cb:0b:7e:d5:5f:85:2e:96:d6:e2:b7:cd:39:46:
f2:4a:c2:9b:44:de:52:0b:4b:6f:cf:9b:78:f3:77:
c5:e8:9c:f1:9a:f3:33:3e:92:be:69:20:b6:45:88:
9c:42:92:a3:3f:5d:e9:86:84:82:ad:42:e2:fd:e0:
d3:f9:3c:96:d7:1a:d8:ec:90:ed:16:ad:22:e2:43:
43:42:05:af:e0:88:a7:70:3b:95:56:85:19:cd:b3:
c8:d7:09:15:a8:79:2e:a8:f6:e0:f2:a8:1d:cf:d2:
2a:6a:b1:26:c3:9d:64:8d:2c:0e:d8:88:d6:d6:f0:
b0:ac:85:54:e4:92:2f:f8:0e:56:f3:c1:eb:66:d0:
03:8b:58:c0:77:c1:25:b4:f6:c0:47:d7:3a:64:0d:
06:2b:02:77:2a:fe:ce:39:56:b8:a5:87:a1:12:8c:
36:5c:8e:e5:0a:ab:24:f3:94:b6:7b:55:12:b4:f3:
8a:f1:b7:e8:d6:42:19:10:6d:f8:55:75:6a:99:21:
db:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:31:79:9C:EF:9F:C0:E0:9D:64:C8:84:A3:C3:36:BF:80:3D:94:49
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:6000::/40
Signature Algorithm: sha256WithRSAEncryption
19:39:50:5c:8f:10:7d:0b:2d:43:97:fc:00:09:5d:19:68:43:
bf:d5:c6:e3:c5:4b:f7:50:32:81:a6:9d:c4:e4:3c:e3:04:7a:
82:a8:d9:75:f3:8d:77:ea:12:dd:2f:c7:db:fa:6f:39:a8:d8:
8d:bf:e7:8a:34:22:6d:f7:9c:d0:f8:df:c0:c9:99:fd:ed:a6:
94:c0:4a:b0:b4:a4:09:62:08:da:49:8b:6d:d7:fb:fc:79:d6:
39:71:bc:e4:48:35:29:06:bc:ae:14:43:1a:39:7e:0c:09:7d:
43:83:3f:41:1e:e3:b0:f9:06:2c:62:18:46:ef:c6:39:d7:4a:
a4:37:2e:85:70:45:14:a0:bd:54:b8:64:1c:46:fe:c5:9a:5b:
9f:3e:49:8a:69:85:1f:02:da:ff:fd:97:d1:4d:3c:98:ea:de:
e9:99:88:77:c7:7e:b7:e2:d5:e6:f1:86:25:6b:dc:f1:51:ec:
99:be:e1:39:f7:48:24:dd:aa:3d:dc:c6:39:44:86:3b:2d:70:
e6:a3:ba:66:f8:81:38:cb:6d:59:08:5e:42:fa:6c:bc:39:07:
01:0b:00:e0:82:91:be:cf:db:9f:71:3c:8e:bf:21:be:19:c3:
b7:a3:e8:af:e9:ae:9e:96:92:54:86:bf:12:c2:62:78:34:3a:
71:e2:6f:8a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZcqkLOiJXrhqCrSWJvOVUq7fQpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTUxMDdaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4YmM3NjdlZTg0YTBiYTJlZDU1MTM4ODQ5MDU4NWIxNGEwMjQ5NzYxNmZh
NjYzN2U5MTQ2NGZhODE3YWQ2ODkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANVi9ltkWgw0T7zFk5Y0xLxmPrEJqaUkgqQxAqrfLkddJkVDHE7eJU9lmW9k
BR4PQ+/uND/32Q1dOz8AZssLftVfhS6W1uK3zTlG8krCm0TeUgtLb8+bePN3xeic
8ZrzMz6SvmkgtkWInEKSoz9d6YaEgq1C4v3g0/k8ltca2OyQ7RatIuJDQ0IFr+CI
p3A7lVaFGc2zyNcJFah5Lqj24PKoHc/SKmqxJsOdZI0sDtiI1tbwsKyFVOSSL/gO
VvPB62bQA4tYwHfBJbT2wEfXOmQNBisCdyr+zjlWuKWHoRKMNlyO5QqrJPOUtntV
ErTzivG36NZCGRBt+FV1apkh28UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTdMXmc
75/A4J1kyISjwza/gD2USTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzNmNDQyZTEtNzY2ZS00NjFkLWEzYjktMmIwZmQwMWIwOGNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hhg
MA0GCSqGSIb3DQEBCwUAA4IBAQAZOVBcjxB9Cy1Dl/wACV0ZaEO/1cbjxUv3UDKB
pp3E5DzjBHqCqNl184136hLdL8fb+m85qNiNv+eKNCJt95zQ+N/AyZn97aaUwEqw
tKQJYgjaSYtt1/v8edY5cbzkSDUpBryuFEMaOX4MCX1Dgz9BHuOw+QYsYhhG78Y5
10qkNy6FcEUUoL1UuGQcRv7FmlufPkmKaYUfAtr//ZfRTTyY6t7pmYh3x3634tXm
8YYla9zxUeyZvuE590gk3ao93MY5RIY7LXDmo7pm+IE4y21ZCF5C+my8OQcBCwDg
gpG+z9ufcTyOvyG+GcO3o+iv6a6elpJUhr8SwmJ4NDpx4m+K
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:50:26 2025 by rpki-client