Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
File: 4a7b2b27-8130-47da-97da-78c91087b05e.roa (raw, json)
Hash identifier: kvmVlZBaDuDJrBiFFoJk/5DiHb2+7Nxt4yn6YXUAMU0=
Subject key identifier: F9:79:3C:A0:DC:DC:3F:F2:AE:5B:AC:1B:6C:40:1D:1F:CB:E7:6D:0F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0462F47D9E593DF14FF251612CE22CF3F64C2BA7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
Signing time: Tue 20 May 2025 18:31:01 +0000
ROA not before: Tue 20 May 2025 18:31:01 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:62:f4:7d:9e:59:3d:f1:4f:f2:51:61:2c:e2:2c:f3:f6:4c:2b:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:31:01 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=ccd6eb0b361b1efe62540d95e00d12657ca42fa7c48a3ed9acdc2bb71e22f91c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:38:d4:0b:93:ef:be:cc:f4:b5:15:73:b8:16:
fd:64:6d:4e:3d:dc:e5:74:58:b7:fb:f1:ab:27:8e:
39:6f:99:d0:a0:1e:b6:33:a9:e9:63:a7:ca:1f:eb:
df:a7:9b:1e:22:f1:7e:ac:12:92:32:d7:f3:a9:bd:
99:3b:04:9a:9a:6b:5d:f2:e2:a1:a4:6a:c3:b8:a6:
fc:40:f3:cf:dc:df:6d:68:77:55:af:ab:2f:c3:a2:
3f:96:f6:dc:d5:a2:f5:aa:a2:e7:d0:b0:75:32:bd:
92:2e:bb:0c:a0:30:17:6c:c8:f6:6c:41:ff:94:26:
22:3a:31:2e:0a:6b:82:0f:d2:db:3b:68:1f:e0:b3:
b3:a1:93:f4:af:43:08:01:f9:07:11:d5:52:1d:c9:
2c:7a:51:55:e1:fb:32:eb:64:06:25:a3:9c:8e:c1:
99:c0:78:11:fd:b2:11:81:fe:71:01:99:ac:41:1b:
69:00:21:7e:4c:fc:e7:0b:ce:12:41:a0:4b:64:1e:
c8:1a:17:4d:8c:b3:11:8c:d2:99:00:63:a9:90:4e:
22:00:37:45:9e:10:61:ba:9c:65:df:c2:7a:09:cc:
7f:8c:84:a2:43:62:06:ec:bd:cd:99:ef:c7:81:0b:
53:86:6d:00:f4:6c:ef:bb:a5:36:56:64:0c:17:42:
ed:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:79:3C:A0:DC:DC:3F:F2:AE:5B:AC:1B:6C:40:1D:1F:CB:E7:6D:0F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:c040::/48
Signature Algorithm: sha256WithRSAEncryption
70:57:d3:5a:e6:4c:78:c2:81:b9:08:2b:c2:c3:23:93:7c:0c:
16:7a:9d:92:90:21:ce:23:4e:a1:b1:7e:ce:e8:e5:81:52:52:
e9:40:2a:80:6e:b5:8d:6b:e9:27:ff:b1:01:84:04:4f:6f:58:
41:81:11:92:31:7a:f6:b8:c6:54:b9:20:4b:f3:2e:a6:ac:13:
8e:fc:55:14:90:1a:82:95:1e:42:f1:ec:9a:99:aa:58:11:c3:
a9:e6:4e:9a:e9:5d:d5:6a:24:c6:c5:2b:4e:7f:12:a0:7f:fc:
6b:96:8b:f4:b6:f7:31:48:ae:43:fd:22:27:ae:8d:d1:48:1f:
80:f1:b4:2e:29:37:6f:df:d6:b5:90:d4:a4:3c:65:ca:b4:ef:
d9:4a:31:4a:fb:59:f4:ae:a0:92:14:3c:18:6a:6d:82:0a:aa:
7a:3c:59:16:af:4c:d8:33:3e:ac:8e:3c:bf:86:2c:71:d9:73:
11:00:b7:fc:1e:ea:55:b4:65:d2:eb:de:21:97:62:ad:7e:2b:
de:51:24:26:7e:21:5e:4c:4d:c3:c4:3d:df:6e:79:d7:29:de:
ee:a1:42:49:74:b7:a5:a2:a1:69:e5:9e:0b:e6:90:d3:1f:9d:
66:0a:5d:df:9a:97:2f:61:db:a6:ff:24:96:11:bb:a8:3f:17:
d0:f6:61:90
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBGL0fZ5ZPfFP8lFhLOIs8/ZMK6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODMxMDFaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjZDZlYjBiMzYxYjFlZmU2MjU0MGQ5NWUwMGQxMjY1N2NhNDJmYTdjNDhh
M2VkOWFjZGMyYmI3MWUyMmY5MWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALg41AuT777M9LUVc7gW/WRtTj3c5XRYt/vxqyeOOW+Z0KAetjOp6WOnyh/r
36ebHiLxfqwSkjLX86m9mTsEmpprXfLioaRqw7im/EDzz9zfbWh3Va+rL8OiP5b2
3NWi9aqi59CwdTK9ki67DKAwF2zI9mxB/5QmIjoxLgprgg/S2ztoH+Czs6GT9K9D
CAH5BxHVUh3JLHpRVeH7MutkBiWjnI7BmcB4Ef2yEYH+cQGZrEEbaQAhfkz85wvO
EkGgS2QeyBoXTYyzEYzSmQBjqZBOIgA3RZ4QYbqcZd/CegnMf4yEokNiBuy9zZnv
x4ELU4ZtAPRs77ulNlZkDBdC7RMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT5eTyg
3Nw/8q5brBtsQB0fy+dtDzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGE3YjJiMjctODEzMC00N2RhLTk3ZGEtNzhjOTEwODdiMDVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
QDANBgkqhkiG9w0BAQsFAAOCAQEAcFfTWuZMeMKBuQgrwsMjk3wMFnqdkpAhziNO
obF+zujlgVJS6UAqgG61jWvpJ/+xAYQET29YQYERkjF69rjGVLkgS/MupqwTjvxV
FJAagpUeQvHsmpmqWBHDqeZOmuld1WokxsUrTn8SoH/8a5aL9Lb3MUiuQ/0iJ66N
0UgfgPG0Lik3b9/WtZDUpDxlyrTv2UoxSvtZ9K6gkhQ8GGptggqqejxZFq9M2DM+
rI48v4YscdlzEQC3/B7qVbRl0uveIZdirX4r3lEkJn4hXkxNw8Q932551yne7qFC
SXS3paKhaeWeC+aQ0x+dZgpd35qXL2Hbpv8klhG7qD8X0PZhkA==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:41:06 2025 by rpki-client