Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
File: 4a3909fa-da3d-4cd8-918f-7755304d49d1.roa (raw, json)
Hash identifier: y/5xV/JIAtzuxhmpQ8uff1V5mKoLdwRNsk5l0/ZGwnw=
Subject key identifier: 91:50:A7:FB:5B:52:CC:06:78:29:62:50:06:53:5E:DE:41:D6:3A:11
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0B8EF0CAB97C3535136566260E9972FB8269B5DA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
Signing time: Wed 02 Apr 2025 00:30:26 +0000
ROA not before: Wed 02 Apr 2025 00:30:26 +0000
ROA not after: Wed 07 May 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:8e:f0:ca:b9:7c:35:35:13:65:66:26:0e:99:72:fb:82:69:b5:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 2 00:30:26 2025 GMT
Not After : May 7 23:59:59 2025 GMT
Subject: serialNumber=a0f1521f49148c2bd13f96ec376917f7243e40767d5b409d1cb1eee2d4e78997, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:6a:86:55:e7:42:7c:fb:0a:02:e7:e9:63:a7:
b5:2d:2d:6e:44:f7:95:21:81:65:0d:d2:e1:33:e3:
d6:86:91:00:10:52:87:7c:b5:d2:0f:52:87:ee:fc:
77:dc:db:ce:2d:23:41:6c:4e:f3:5d:89:97:55:73:
8d:a6:25:df:aa:7a:46:31:da:71:f9:3e:ee:77:c5:
ea:2c:74:fa:87:72:85:88:23:fb:d9:c7:cf:e4:b1:
01:6f:89:0e:c0:10:ec:21:12:f9:5e:60:0b:5b:45:
35:5c:73:c8:72:36:63:0d:41:35:fd:a1:26:7d:69:
51:ff:dd:f5:26:c1:b6:1f:a4:3f:74:3d:23:f4:ac:
d7:52:26:e9:11:3e:d1:d2:f0:67:71:3b:b7:fd:b5:
26:f7:8c:a2:54:26:3d:15:c6:01:2b:32:8a:16:4c:
62:e9:15:5d:f1:75:11:ae:12:17:a3:10:13:93:e9:
88:98:55:c7:3a:45:1b:db:ee:0c:f2:68:c8:a8:cf:
9e:6e:e2:5c:c9:15:98:b7:b5:ef:39:fe:c9:3f:b3:
38:bc:0b:d7:74:6a:47:f0:c6:83:3a:de:ba:64:e8:
79:ac:0d:b8:50:34:1c:ea:b9:4b:d4:bd:e7:71:66:
a9:32:45:6c:c5:b4:9c:57:3a:66:51:90:78:97:d0:
45:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:50:A7:FB:5B:52:CC:06:78:29:62:50:06:53:5E:DE:41:D6:3A:11
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:a000::/40
Signature Algorithm: sha256WithRSAEncryption
a1:24:7f:ae:f6:ab:57:77:3d:ea:dc:d6:d7:a8:95:3d:73:38:
9d:fe:3b:07:7e:49:cc:97:16:db:03:d8:65:41:e6:29:ee:18:
12:8f:ed:8e:5b:97:13:74:01:6d:a5:b0:70:92:23:09:5d:4b:
c0:4e:e2:84:44:1c:40:26:c9:94:97:4f:00:45:e2:e8:fe:e5:
2f:df:72:0b:69:c4:3e:62:3d:9f:e5:2a:5b:91:0b:eb:91:d6:
21:5c:89:71:b1:81:63:b6:81:58:96:20:ef:02:4a:fb:0f:08:
d6:64:0b:29:0e:fb:33:07:bc:9e:cb:43:bc:8c:12:da:ca:40:
e9:cd:9f:e6:a0:b8:99:eb:8e:88:70:0d:d3:c4:db:9f:b4:93:
26:d4:ae:0e:5d:be:1c:30:8c:15:97:f7:60:04:61:58:45:cd:
86:39:42:ad:af:b6:b8:d6:db:40:ba:1d:9a:6c:7f:25:13:54:
65:f9:de:8b:13:23:c3:e3:23:ee:39:ad:a5:d6:b1:91:a8:88:
8b:c7:ad:41:0c:9f:95:7a:89:08:96:1d:d1:11:aa:3e:48:b5:
6e:55:97:8e:2b:b5:af:c1:a7:16:e3:8f:09:7b:54:8a:18:c5:
15:77:fc:b1:9f:fe:2d:df:bd:72:81:ee:09:31:03:fb:e5:0c:
94:eb:0b:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUC47wyrl8NTUTZWYmDply+4JptdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwMjZaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGEwZjE1MjFmNDkxNDhjMmJkMTNmOTZlYzM3NjkxN2Y3MjQzZTQwNzY3ZDVi
NDA5ZDFjYjFlZWUyZDRlNzg5OTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN9qhlXnQnz7CgLn6WOntS0tbkT3lSGBZQ3S4TPj1oaRABBSh3y10g9Sh+78
d9zbzi0jQWxO812Jl1VzjaYl36p6RjHacfk+7nfF6ix0+odyhYgj+9nHz+SxAW+J
DsAQ7CES+V5gC1tFNVxzyHI2Yw1BNf2hJn1pUf/d9SbBth+kP3Q9I/Ss11Im6RE+
0dLwZ3E7t/21JveMolQmPRXGASsyihZMYukVXfF1Ea4SF6MQE5PpiJhVxzpFG9vu
DPJoyKjPnm7iXMkVmLe17zn+yT+zOLwL13RqR/DGgzreumToeawNuFA0HOq5S9S9
53FmqTJFbMW0nFc6ZlGQeJfQRTECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSRUKf7
W1LMBngpYlAGU17eQdY6ETAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGEzOTA5ZmEtZGEzZC00Y2Q4LTkxOGYtNzc1NTMwNGQ0OWQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+g
MA0GCSqGSIb3DQEBCwUAA4IBAQChJH+u9qtXdz3q3NbXqJU9czid/jsHfknMlxbb
A9hlQeYp7hgSj+2OW5cTdAFtpbBwkiMJXUvATuKERBxAJsmUl08AReLo/uUv33IL
acQ+Yj2f5SpbkQvrkdYhXIlxsYFjtoFYliDvAkr7DwjWZAspDvszB7yey0O8jBLa
ykDpzZ/moLiZ646IcA3TxNuftJMm1K4OXb4cMIwVl/dgBGFYRc2GOUKtr7a41ttA
uh2abH8lE1Rl+d6LEyPD4yPuOa2l1rGRqIiLx61BDJ+VeokIlh3REao+SLVuVZeO
K7WvwacW448Je1SKGMUVd/yxn/4t371yge4JMQP75QyU6wua
-----END CERTIFICATE-----
Generated at Sat Apr 26 17:35:27 2025 by rpki-client