Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
File: 3901d4e7-d120-481a-a199-4762783cff5b.roa (raw, json)
Hash identifier: exTPpa2o6ORB5v28++R0Mg+rDA3ywqzEklHk65mPu7E=
Subject key identifier: 18:33:66:B0:8D:73:0D:0D:13:AC:3A:68:2A:1F:AA:E0:98:AA:09:33
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 156AC18EA32A0E7C3D8D3AAD2A440783EE07728D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
Signing time: Wed 16 Apr 2025 19:22:18 +0000
ROA not before: Wed 16 Apr 2025 19:22:18 +0000
ROA not after: Wed 21 May 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:6a:c1:8e:a3:2a:0e:7c:3d:8d:3a:ad:2a:44:07:83:ee:07:72:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 16 19:22:18 2025 GMT
Not After : May 21 23:59:59 2025 GMT
Subject: serialNumber=270fb6c4de75caee97a9727ea23a28b457bcd8bc0a25f6e5949419f390abaadb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:a0:6a:9b:84:da:00:03:e7:c6:b1:d3:c3:80:
57:bd:71:31:f4:6a:36:b1:87:6f:de:4b:26:2c:ef:
35:a8:4e:1b:e2:d0:6f:f8:88:3c:f4:07:4f:4b:e1:
58:d9:79:e3:2b:f1:c5:84:e3:7f:d4:fb:f7:ca:53:
3a:94:c3:4b:96:c5:7c:49:d6:9b:1b:6b:75:7d:fc:
bb:8f:78:80:c0:b9:d7:f0:87:97:6b:e4:9a:01:f6:
1a:1d:91:86:b4:03:70:10:d6:11:3e:a3:cd:d1:d3:
51:d2:77:b2:90:c8:48:fd:ff:ab:38:fc:9d:49:74:
d1:d1:90:91:f0:0d:50:c1:06:b4:22:a1:31:db:8c:
93:59:b5:91:0e:08:7a:95:ba:03:89:05:ac:39:89:
c8:87:af:c4:e3:44:ff:27:7b:cb:5d:52:d0:6e:2a:
ba:da:aa:08:d2:1d:df:43:06:73:ae:d9:1d:2b:02:
5c:1a:38:bc:d7:04:c6:96:99:0b:28:9f:e9:24:35:
6d:bc:78:eb:ce:b9:8a:0c:ba:4f:77:9d:f1:c7:48:
8e:0e:38:04:b8:e8:40:90:8a:dd:de:0e:8f:34:4b:
e5:6f:5e:ac:ee:9f:92:cb:ed:05:6f:a1:f7:0d:2e:
63:5a:95:42:73:14:63:b1:2a:6e:a5:3b:1f:78:ca:
f1:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:33:66:B0:8D:73:0D:0D:13:AC:3A:68:2A:1F:AA:E0:98:AA:09:33
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:4000::/40
Signature Algorithm: sha256WithRSAEncryption
72:00:ed:ee:36:e4:27:90:b0:92:b6:d8:c9:e3:3f:4f:2e:db:
79:e9:6d:83:89:9b:7a:b1:2e:d9:5b:89:3a:bc:fb:9f:9c:7c:
cf:ba:52:25:be:20:48:b6:72:0e:8e:e2:3e:94:f1:b0:81:fe:
0f:fa:f5:f3:00:29:ca:53:63:3b:75:f3:a0:a2:8e:3e:d5:27:
44:cc:33:dd:31:95:93:0d:73:2f:fe:12:bf:be:ec:85:25:cc:
d3:27:a6:fb:78:44:69:fb:1a:ea:da:1e:c4:13:31:9a:6e:ec:
7a:58:9a:01:e6:a6:ac:e8:d9:e2:b8:76:cc:7b:ee:34:50:df:
41:ad:71:fc:23:a5:3c:2c:ab:b7:e1:6c:dc:51:69:21:b2:65:
ad:37:ec:f4:5c:54:37:16:57:8e:4e:46:19:1f:af:79:df:3f:
57:4e:80:10:43:32:32:23:50:81:aa:da:b2:e9:74:81:55:3f:
f9:35:cf:61:24:e3:00:82:25:3c:e6:b7:98:8d:26:d2:b4:57:
a2:7b:1b:ad:be:2c:f8:d9:a5:bf:5b:9d:1a:3e:a5:c1:12:24:
ae:e1:ce:e8:d7:29:34:b1:01:21:4b:a0:39:c6:70:93:13:49:
c5:67:03:1c:28:e7:8f:7d:1b:b2:bd:24:b9:c2:48:52:f2:8b:
96:32:23:bd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFWrBjqMqDnw9jTqtKkQHg+4Hco0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MTYxOTIyMThaFw0yNTA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3MGZiNmM0ZGU3NWNhZWU5N2E5NzI3ZWEyM2EyOGI0NTdiY2Q4YmMwYTI1
ZjZlNTk0OTQxOWYzOTBhYmFhZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKGgapuE2gAD58ax08OAV71xMfRqNrGHb95LJizvNahOG+LQb/iIPPQHT0vh
WNl54yvxxYTjf9T798pTOpTDS5bFfEnWmxtrdX38u494gMC51/CHl2vkmgH2Gh2R
hrQDcBDWET6jzdHTUdJ3spDISP3/qzj8nUl00dGQkfANUMEGtCKhMduMk1m1kQ4I
epW6A4kFrDmJyIevxONE/yd7y11S0G4qutqqCNId30MGc67ZHSsCXBo4vNcExpaZ
Cyif6SQ1bbx46865igy6T3ed8cdIjg44BLjoQJCK3d4OjzRL5W9erO6fksvtBW+h
9w0uY1qVQnMUY7EqbqU7H3jK8dsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQYM2aw
jXMNDROsOmgqH6rgmKoJMzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzkwMWQ0ZTctZDEyMC00ODFhLWExOTktNDc2Mjc4M2NmZjViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQByAO3uNuQnkLCSttjJ4z9PLtt56W2DiZt6sS7Z
W4k6vPufnHzPulIlviBItnIOjuI+lPGwgf4P+vXzACnKU2M7dfOgoo4+1SdEzDPd
MZWTDXMv/hK/vuyFJczTJ6b7eERp+xrq2h7EEzGabux6WJoB5qas6NniuHbMe+40
UN9BrXH8I6U8LKu34WzcUWkhsmWtN+z0XFQ3FleOTkYZH6953z9XToAQQzIyI1CB
qtqy6XSBVT/5Nc9hJOMAgiU85reYjSbStFeiexutviz42aW/W50aPqXBEiSu4c7o
1yk0sQEhS6A5xnCTE0nFZwMcKOePfRuyvSS5wkhS8ouWMiO9
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:47 2025 by rpki-client