Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
File: 4dc2c958-c749-4f2f-a83c-b419f7f45487.roa (raw, json)
Hash identifier: xyJH+jAxUAq0vzlXgdSqMwtTMZ3AhE3hNSbjf8umz4I=
Subject key identifier: C2:6D:5F:55:2E:FB:60:1F:36:EA:DF:A1:A9:3F:A2:EE:27:38:70:19
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5D3D8376E47590A3093FC4BF92B59498D543DAB6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
Signing time: Tue 20 May 2025 20:11:04 +0000
ROA not before: Tue 20 May 2025 20:11:04 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:3d:83:76:e4:75:90:a3:09:3f:c4:bf:92:b5:94:98:d5:43:da:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:11:04 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=35a922537c5d5e0cb747ee319c4e4274509659832a079e884295ae2b7d8ed43a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:0f:d8:d5:81:7c:64:74:70:35:2f:cf:81:81:
d2:5c:f8:86:ba:4d:4a:18:84:2f:9d:1f:c0:67:ce:
a1:7b:af:ff:f7:80:d0:3b:49:7c:26:45:95:d4:44:
ba:5c:6d:9d:4e:6e:be:49:ab:18:82:a1:29:4f:44:
51:1e:79:2b:bf:f3:6c:85:b4:c6:17:8c:75:7a:f7:
41:a1:12:f7:d4:cd:bc:32:d9:db:53:78:91:b7:5a:
7c:69:80:18:42:c5:5d:7a:e3:21:5a:69:98:59:c8:
2e:07:43:4e:52:d6:b4:b5:6c:2c:2c:81:2d:74:10:
9b:60:b3:08:02:31:e1:3b:39:37:24:52:d4:d7:66:
cd:3e:9e:73:04:89:d2:05:89:81:14:98:13:29:a5:
d4:85:ba:a6:ce:53:68:db:f7:1e:dc:5b:eb:fb:d9:
ec:00:29:82:cf:2a:4f:eb:c8:02:9c:64:3f:8b:f7:
ac:56:4b:92:17:63:fa:9b:3e:31:72:06:7f:31:46:
d8:2d:c6:58:37:9d:2e:bd:f9:f5:d8:f8:c9:58:e5:
61:67:52:83:fd:46:24:81:48:3b:94:9b:c4:f0:4a:
87:dc:f4:f8:0d:b8:2b:96:ed:db:5e:8d:dd:2b:fb:
d9:85:47:09:96:7c:f0:e6:86:9c:1e:4f:ae:76:69:
09:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:6D:5F:55:2E:FB:60:1F:36:EA:DF:A1:A9:3F:A2:EE:27:38:70:19
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:e000::/40
Signature Algorithm: sha256WithRSAEncryption
bd:f8:bf:48:c2:bc:a9:1d:15:00:51:7e:4c:77:6c:5b:e7:07:
97:47:29:9b:83:15:13:19:3f:78:5f:62:36:55:43:de:7a:37:
b0:2b:39:88:14:df:50:23:39:e2:80:39:6f:16:7c:9a:81:c7:
58:8d:c7:90:6a:48:c7:a3:b7:92:20:76:88:25:25:91:93:5a:
ef:98:53:4a:8c:d1:af:dc:99:59:a6:a7:94:83:b8:bb:5f:b6:
12:40:cf:16:11:40:7b:e3:3d:ee:80:5e:7b:ba:bb:31:0c:7a:
3a:df:18:2d:34:68:05:d5:2d:6e:7c:85:ff:e2:05:69:42:ee:
0f:1b:61:ee:e0:88:e3:a8:03:0d:30:f1:c9:d3:c0:85:75:5f:
1a:b7:9f:c6:96:31:17:4d:21:d6:1f:b4:4c:cc:c7:86:57:1e:
f7:e5:88:5f:4e:8b:41:4d:a5:ba:4f:b5:5b:bb:33:61:2e:24:
78:2c:83:b0:72:a1:60:ad:f7:2c:0b:65:0f:d9:f6:89:35:f0:
1b:f3:20:49:46:12:ca:08:71:dc:b1:a6:33:fd:b3:ae:44:dd:
2c:8a:19:07:e8:0f:dc:ac:9e:74:01:8f:ca:bb:b9:f9:54:b9:
4c:4a:32:e2:41:5f:47:c7:fb:e4:aa:37:22:04:6e:23:1d:2b:
e3:10:b9:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXT2DduR1kKMJP8S/krWUmNVD2rYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDExMDRaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1YTkyMjUzN2M1ZDVlMGNiNzQ3ZWUzMTljNGU0Mjc0NTA5NjU5ODMyYTA3
OWU4ODQyOTVhZTJiN2Q4ZWQ0M2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcP2NWBfGR0cDUvz4GB0lz4hrpNShiEL50fwGfOoXuv//eA0DtJfCZFldRE
ulxtnU5uvkmrGIKhKU9EUR55K7/zbIW0xheMdXr3QaES99TNvDLZ21N4kbdafGmA
GELFXXrjIVppmFnILgdDTlLWtLVsLCyBLXQQm2CzCAIx4Ts5NyRS1NdmzT6ecwSJ
0gWJgRSYEyml1IW6ps5TaNv3Htxb6/vZ7AApgs8qT+vIApxkP4v3rFZLkhdj+ps+
MXIGfzFG2C3GWDedLr359dj4yVjlYWdSg/1GJIFIO5SbxPBKh9z0+A24K5bt216N
3Sv72YVHCZZ88OaGnB5PrnZpCcECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTCbV9V
LvtgHzbq36GpP6LuJzhwGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGRjMmM5NTgtYzc0OS00ZjJmLWE4M2MtYjQxOWY3ZjQ1NDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hrg
MA0GCSqGSIb3DQEBCwUAA4IBAQC9+L9IwrypHRUAUX5Md2xb5weXRymbgxUTGT94
X2I2VUPeejewKzmIFN9QIznigDlvFnyagcdYjceQakjHo7eSIHaIJSWRk1rvmFNK
jNGv3JlZpqeUg7i7X7YSQM8WEUB74z3ugF57ursxDHo63xgtNGgF1S1ufIX/4gVp
Qu4PG2Hu4IjjqAMNMPHJ08CFdV8at5/GljEXTSHWH7RMzMeGVx735YhfTotBTaW6
T7VbuzNhLiR4LIOwcqFgrfcsC2UP2faJNfAb8yBJRhLKCHHcsaYz/bOuRN0sihkH
6A/crJ50AY/Ku7n5VLlMSjLiQV9Hx/vkqjciBG4jHSvjELma
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:35:27 2025 by rpki-client