Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4875c926-8b00-4b21-bffa-08659e5c223d.roa
File: 4875c926-8b00-4b21-bffa-08659e5c223d.roa (raw, json)
Hash identifier: fTU7ON6rkuYvfq+NRUfngiGwi9OjMwQEWg31RKLQL6g=
Subject key identifier: 95:EF:84:00:A9:78:C6:3E:C3:BC:57:21:D0:5C:89:37:11:90:59:E9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 63AC0DDD02C914ACB0106D1FF1900390B19251E0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4875c926-8b00-4b21-bffa-08659e5c223d.roa
Signing time: Fri 18 Apr 2025 18:30:32 +0000
ROA not before: Fri 18 Apr 2025 18:30:32 +0000
ROA not after: Fri 23 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:ac:0d:dd:02:c9:14:ac:b0:10:6d:1f:f1:90:03:90:b1:92:51:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 18 18:30:32 2025 GMT
Not After : May 23 23:59:59 2025 GMT
Subject: serialNumber=0cdf80ad31a0ea34b6d74e59431a096c47161dc0b52836daa3a1755c165c2ac2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:3c:fd:4d:8b:c2:2d:8e:f3:5b:bf:4e:c2:f0:
8f:79:90:bc:9f:2b:43:a5:cf:a8:c9:81:0d:92:95:
ad:33:47:d5:bb:fb:da:ae:5a:c6:4e:f6:7b:36:57:
da:f0:c7:7a:92:1e:d8:1f:9d:63:1c:8a:4b:cd:25:
c5:33:64:93:b3:66:55:92:66:e7:f2:b7:39:df:6a:
fe:59:f4:d0:b1:9c:74:20:d7:ac:7c:a1:45:1d:bb:
1c:85:de:74:00:70:be:b1:4c:d3:7e:5f:3f:8f:a1:
40:9e:97:17:0a:64:08:a3:6c:c7:53:48:52:f7:5e:
73:9c:18:e4:7c:71:94:41:0b:5a:ff:1b:b0:b8:89:
08:81:5e:73:ee:c1:6f:60:65:31:2e:8f:ce:25:1f:
a5:c2:2e:3a:aa:36:15:49:45:48:b9:02:28:74:d8:
11:b8:d5:ad:cf:25:e4:cd:6b:3f:55:ee:9a:33:9c:
ca:c2:60:9f:3b:3f:2d:8e:83:5a:f8:ad:67:e9:0a:
c1:fe:09:12:64:79:51:0c:28:f3:44:2b:23:0a:4d:
ec:6d:78:74:34:89:07:13:c8:38:d4:13:79:6d:3f:
0a:6c:a6:12:f8:2e:d4:7e:f6:73:98:33:c9:0b:41:
d2:c8:df:8c:08:b6:14:94:7c:1e:3d:2d:83:2f:d1:
56:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:EF:84:00:A9:78:C6:3E:C3:BC:57:21:D0:5C:89:37:11:90:59:E9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4875c926-8b00-4b21-bffa-08659e5c223d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:1000::/40
Signature Algorithm: sha256WithRSAEncryption
77:d5:81:cf:c1:1d:32:a9:47:4a:9a:43:57:80:02:5a:ff:3c:
f1:54:91:ac:9e:0f:7e:82:ab:32:db:14:29:48:7b:98:6b:5f:
8f:5e:69:a6:b3:82:bb:70:1b:82:61:d1:4e:8f:f5:9a:32:bc:
24:ae:2a:38:27:fb:0a:2d:73:1c:89:5f:cb:48:5d:17:2d:c9:
c4:dc:97:2b:91:54:08:8c:d3:60:3c:49:45:9b:57:6f:7c:7b:
24:f8:26:15:ac:87:57:b5:11:a8:23:bc:29:29:9b:e4:40:a0:
4b:5f:e3:82:e3:7f:bf:11:fb:19:90:b5:95:84:ea:02:fc:d1:
72:e0:4e:90:69:88:9b:f7:13:d4:d0:9a:fc:2e:ed:4e:3c:b5:
f5:ab:67:6d:c4:c7:fa:11:6d:ec:00:62:1b:07:54:1d:f4:9c:
11:95:80:cb:bc:c4:a5:2e:ef:48:c3:e8:0e:4d:91:51:4a:df:
18:f0:ff:8f:7a:a4:e8:fc:8d:f7:e7:1d:80:59:d3:d7:aa:d8:
05:88:34:a5:89:8a:9b:74:b8:fd:1e:c5:49:03:01:8d:00:f1:
2e:dc:10:9b:84:38:7d:59:2d:4e:df:48:85:c5:ce:ec:1e:79:
bc:a9:f0:fd:f6:65:7a:54:3b:a2:65:23:0f:70:5c:0b:51:e7:
2e:7f:ba:b6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUY6wN3QLJFKywEG0f8ZADkLGSUeAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MTgxODMwMzJaFw0yNTA1MjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDBjZGY4MGFkMzFhMGVhMzRiNmQ3NGU1OTQzMWEwOTZjNDcxNjFkYzBiNTI4
MzZkYWEzYTE3NTVjMTY1YzJhYzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJM8/U2Lwi2O81u/TsLwj3mQvJ8rQ6XPqMmBDZKVrTNH1bv72q5axk72ezZX
2vDHepIe2B+dYxyKS80lxTNkk7NmVZJm5/K3Od9q/ln00LGcdCDXrHyhRR27HIXe
dABwvrFM035fP4+hQJ6XFwpkCKNsx1NIUvdec5wY5HxxlEELWv8bsLiJCIFec+7B
b2BlMS6PziUfpcIuOqo2FUlFSLkCKHTYEbjVrc8l5M1rP1XumjOcysJgnzs/LY6D
WvitZ+kKwf4JEmR5UQwo80QrIwpN7G14dDSJBxPIONQTeW0/CmymEvgu1H72c5gz
yQtB0sjfjAi2FJR8Hj0tgy/RVl8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSV74QA
qXjGPsO8VyHQXIk3EZBZ6TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDg3NWM5MjYtOGIwMC00YjIxLWJmZmEtMDg2NTllNWMyMjNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB31YHPwR0yqUdKmkNXgAJa/zzxVJGsng9+gqsy
2xQpSHuYa1+PXmmms4K7cBuCYdFOj/WaMrwkrio4J/sKLXMciV/LSF0XLcnE3Jcr
kVQIjNNgPElFm1dvfHsk+CYVrIdXtRGoI7wpKZvkQKBLX+OC43+/EfsZkLWVhOoC
/NFy4E6QaYib9xPU0Jr8Lu1OPLX1q2dtxMf6EW3sAGIbB1Qd9JwRlYDLvMSlLu9I
w+gOTZFRSt8Y8P+PeqTo/I335x2AWdPXqtgFiDSliYqbdLj9HsVJAwGNAPEu3BCb
hDh9WS1O30iFxc7sHnm8qfD99mV6VDuiZSMPcFwLUecuf7q2
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:49:23 2025 by rpki-client