Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
File: 4a7b2b27-8130-47da-97da-78c91087b05e.roa (raw, json)
Hash identifier: K50X+BRIfiubXNN49iLXtmwlm+gdoMVW5I5h6Esl62Y=
Subject key identifier: 9A:A6:C5:FA:C9:32:D5:EF:E1:FC:52:C0:E3:0D:9B:15:5C:A6:9A:2E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6D503B44478B0FB61FFC33A176425CED208ED4EB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
Signing time: Fri 25 Apr 2025 18:21:21 +0000
ROA not before: Fri 25 Apr 2025 18:21:21 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:50:3b:44:47:8b:0f:b6:1f:fc:33:a1:76:42:5c:ed:20:8e:d4:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:21:21 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=3e29640191af71ab136dd323b5cb7d8e1940735db21fa4ec89c36721b63211e5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:91:a2:de:fd:b4:b4:22:c6:ca:bb:14:5b:8d:
ba:5c:c1:8c:fc:93:db:38:fe:7e:04:d6:23:16:84:
b0:be:ff:09:94:fd:90:d5:6e:54:2e:2c:17:41:93:
b3:89:fb:dc:a6:44:47:8e:99:b4:97:a5:0f:77:a8:
e5:29:f8:6f:58:fc:86:57:e0:b8:ab:31:00:35:62:
90:31:63:aa:a0:0d:b3:0b:7e:f8:ec:6c:26:d6:4b:
c1:93:09:fe:9d:4b:34:75:de:60:6c:e4:25:bf:16:
12:3f:4f:c9:2b:23:ec:c5:7c:c8:81:09:3b:c9:3c:
a5:90:05:43:0c:aa:6e:f8:4c:67:17:75:b2:19:45:
34:ac:f5:3a:28:64:e9:57:1f:f0:c1:e6:4a:58:58:
9f:07:c2:2a:59:bb:df:67:bc:04:d6:90:4d:20:54:
10:16:5d:e6:1b:65:8e:9b:4e:6a:7f:32:ea:a1:b6:
ba:d3:f0:f2:b0:44:f8:5d:e9:45:40:52:a0:e7:3b:
f1:ba:95:b0:29:43:b3:79:a8:a1:b3:4a:6e:0b:6b:
26:0f:6b:2d:81:a1:8f:60:2d:51:f1:f5:48:dd:c6:
a4:61:7b:d3:1b:cf:2d:7a:95:74:b9:1c:a1:1b:30:
b0:63:d3:ee:3b:fb:a4:08:26:44:cc:2b:1d:1a:4c:
df:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:A6:C5:FA:C9:32:D5:EF:E1:FC:52:C0:E3:0D:9B:15:5C:A6:9A:2E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:c040::/48
Signature Algorithm: sha256WithRSAEncryption
03:85:2b:9c:f5:b5:53:e3:dd:6f:00:c8:4f:b5:6b:31:d4:66:
3f:88:89:fe:85:b7:6f:75:a6:16:c2:6f:be:b3:46:30:14:94:
62:62:1f:22:5c:78:c0:c4:cf:ba:fd:fc:5c:88:3a:07:31:3d:
a4:2c:80:5f:a9:cd:96:d8:3b:79:b3:e2:15:a0:9c:06:b2:94:
92:ec:59:97:ec:11:19:81:af:89:15:45:42:00:0a:aa:57:86:
45:fe:38:e3:70:d5:50:7c:18:0f:d1:f9:5c:64:a4:ac:d2:70:
88:8d:68:51:f0:21:f0:e4:d5:48:ab:89:88:54:a9:44:97:9f:
df:c4:02:a1:5a:4e:a1:ed:23:4c:84:30:93:4c:72:ac:3e:23:
d3:91:1c:27:40:6a:10:23:33:c0:68:a6:17:54:6c:fd:24:1d:
f8:2f:0f:61:65:37:35:78:bf:fd:6c:20:7f:a1:bd:7d:9d:70:
2d:eb:67:31:1d:d0:af:bd:d6:c4:5f:97:f7:10:12:94:b2:bb:
a9:24:0e:d5:43:03:5c:ed:ef:ca:cd:e7:ce:86:c5:64:ee:a1:
30:2a:1d:23:c9:83:9f:f5:b6:f7:68:57:39:d3:63:c2:36:74:
d8:8d:99:54:58:bc:20:95:49:3f:cb:87:ea:40:98:d4:26:bb:
98:fc:e8:e0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbVA7REeLD7Yf/DOhdkJc7SCO1OswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODIxMjFaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlMjk2NDAxOTFhZjcxYWIxMzZkZDMyM2I1Y2I3ZDhlMTk0MDczNWRiMjFm
YTRlYzg5YzM2NzIxYjYzMjExZTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSRot79tLQixsq7FFuNulzBjPyT2zj+fgTWIxaEsL7/CZT9kNVuVC4sF0GT
s4n73KZER46ZtJelD3eo5Sn4b1j8hlfguKsxADVikDFjqqANswt++OxsJtZLwZMJ
/p1LNHXeYGzkJb8WEj9PySsj7MV8yIEJO8k8pZAFQwyqbvhMZxd1shlFNKz1Oihk
6Vcf8MHmSlhYnwfCKlm732e8BNaQTSBUEBZd5htljptOan8y6qG2utPw8rBE+F3p
RUBSoOc78bqVsClDs3moobNKbgtrJg9rLYGhj2AtUfH1SN3GpGF70xvPLXqVdLkc
oRswsGPT7jv7pAgmRMwrHRpM31sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSapsX6
yTLV7+H8UsDjDZsVXKaaLjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGE3YjJiMjctODEzMC00N2RhLTk3ZGEtNzhjOTEwODdiMDVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
QDANBgkqhkiG9w0BAQsFAAOCAQEAA4UrnPW1U+PdbwDIT7VrMdRmP4iJ/oW3b3Wm
FsJvvrNGMBSUYmIfIlx4wMTPuv38XIg6BzE9pCyAX6nNltg7ebPiFaCcBrKUkuxZ
l+wRGYGviRVFQgAKqleGRf4443DVUHwYD9H5XGSkrNJwiI1oUfAh8OTVSKuJiFSp
RJef38QCoVpOoe0jTIQwk0xyrD4j05EcJ0BqECMzwGimF1Rs/SQd+C8PYWU3NXi/
/Wwgf6G9fZ1wLetnMR3Qr73WxF+X9xASlLK7qSQO1UMDXO3vys3nzobFZO6hMCod
I8mDn/W292hXOdNjwjZ02I2ZVFi8IJVJP8uH6kCY1Ca7mPzo4A==
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:21 2025 by rpki-client