Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
File: 4dc2c958-c749-4f2f-a83c-b419f7f45487.roa (raw, json)
Hash identifier: yJxJllz+2s5AcgK1za+LptpB2IdN0H2WgYqKgpeC1HE=
Subject key identifier: 89:56:72:E8:F7:04:EA:17:4A:29:25:76:FD:C1:F6:39:EC:E1:6A:19
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2D065887D47216ABA308C416DD6C57F53E36CA7D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
Signing time: Fri 25 Apr 2025 20:01:06 +0000
ROA not before: Fri 25 Apr 2025 20:01:06 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:06:58:87:d4:72:16:ab:a3:08:c4:16:dd:6c:57:f5:3e:36:ca:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 20:01:06 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=67ee04557ee3f0d66cb9498d4654bc978bff7f9071a543a99ab54a714d1732e5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:5a:33:9e:72:be:ff:23:67:00:f3:9e:3a:1c:
79:45:20:6f:db:bf:d4:93:14:b3:d8:18:88:26:11:
41:ff:f3:39:d8:41:52:06:ed:ad:8b:af:a3:72:e0:
47:1e:5d:5c:65:38:54:1e:a3:cc:e1:3d:7d:1b:73:
3c:a2:8a:75:c5:4c:f3:14:a3:32:a4:24:d9:21:b8:
68:42:6a:8d:50:8e:e1:aa:74:5c:b7:78:60:16:7f:
3d:e0:a6:d5:03:1e:b4:a7:4d:54:b0:ae:34:cc:df:
4c:b1:39:0f:e1:a6:dc:c2:52:66:55:9a:2a:c5:0d:
4c:23:e9:84:de:23:89:92:a1:05:34:e1:64:12:ae:
1d:04:d8:c4:94:b1:91:c4:60:24:e8:4e:eb:e7:65:
4c:bd:c0:e7:33:88:9c:1b:a7:37:40:e5:eb:e5:4e:
ab:04:c0:27:90:ce:ce:61:e6:b1:b0:bf:90:25:3a:
f9:02:a0:a9:30:bf:bc:b5:75:a1:b9:ca:ce:66:0e:
b7:d1:4c:50:6b:c0:5f:09:0d:37:dd:90:3a:ab:20:
96:1f:02:e3:e5:16:b5:2e:54:5b:b6:df:aa:0e:88:
f9:21:58:dd:d1:90:1c:b3:e9:36:95:5f:d4:1e:98:
6a:a4:c3:f0:26:ae:4a:33:fd:d6:d1:22:38:47:af:
fc:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:56:72:E8:F7:04:EA:17:4A:29:25:76:FD:C1:F6:39:EC:E1:6A:19
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:e000::/40
Signature Algorithm: sha256WithRSAEncryption
71:86:66:2d:ae:77:ff:0d:d3:ea:68:5a:52:8f:ce:94:c8:e2:
a9:c2:2a:fd:f1:1c:f8:ba:c4:1f:5d:02:d6:9e:2f:09:ad:2d:
f4:1b:a2:aa:5b:74:e7:32:40:c6:36:75:cd:2e:52:ec:2c:19:
28:11:89:a2:10:67:4d:eb:cf:c5:7f:d8:be:f1:a4:4e:42:1f:
de:ca:b8:20:38:55:48:eb:59:62:c0:68:3f:98:5a:18:3d:b2:
51:7a:06:8c:38:6b:ae:fc:4d:83:03:21:a1:2c:9d:f9:ae:a3:
e5:57:4a:72:c4:a2:3a:33:ce:92:b4:86:45:bf:ea:a1:45:00:
81:70:c6:0c:83:00:bf:5c:5b:1a:60:3b:b8:82:67:bd:e2:65:
0a:b3:1c:6a:e2:01:e3:04:ff:e3:11:c9:1b:45:07:24:18:30:
3d:36:ef:b9:d5:0d:9b:f5:f8:63:27:f0:b9:ad:c3:77:3c:fb:
1e:31:11:0c:ab:8b:8d:65:9b:66:e0:9f:3c:77:f1:99:a6:4c:
da:7d:8f:ec:bf:0b:74:9e:35:f4:d0:96:1c:67:c5:fb:c1:f9:
f5:b8:2b:f8:c1:2b:1a:46:61:88:5e:1f:1b:f1:e2:f5:e5:93:
b3:20:62:41:40:14:a0:8e:d6:c9:74:2b:77:65:24:cc:6e:af:
9f:8a:98:fe
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULQZYh9RyFqujCMQW3WxX9T42yn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUyMDAxMDZaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3ZWUwNDU1N2VlM2YwZDY2Y2I5NDk4ZDQ2NTRiYzk3OGJmZjdmOTA3MWE1
NDNhOTlhYjU0YTcxNGQxNzMyZTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN1aM55yvv8jZwDznjoceUUgb9u/1JMUs9gYiCYRQf/zOdhBUgbtrYuvo3Lg
Rx5dXGU4VB6jzOE9fRtzPKKKdcVM8xSjMqQk2SG4aEJqjVCO4ap0XLd4YBZ/PeCm
1QMetKdNVLCuNMzfTLE5D+Gm3MJSZlWaKsUNTCPphN4jiZKhBTThZBKuHQTYxJSx
kcRgJOhO6+dlTL3A5zOInBunN0Dl6+VOqwTAJ5DOzmHmsbC/kCU6+QKgqTC/vLV1
obnKzmYOt9FMUGvAXwkNN92QOqsglh8C4+UWtS5UW7bfqg6I+SFY3dGQHLPpNpVf
1B6YaqTD8CauSjP91tEiOEev/GECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSJVnLo
9wTqF0opJXb9wfY57OFqGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGRjMmM5NTgtYzc0OS00ZjJmLWE4M2MtYjQxOWY3ZjQ1NDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hrg
MA0GCSqGSIb3DQEBCwUAA4IBAQBxhmYtrnf/DdPqaFpSj86UyOKpwir98Rz4usQf
XQLWni8JrS30G6KqW3TnMkDGNnXNLlLsLBkoEYmiEGdN68/Ff9i+8aROQh/eyrgg
OFVI61liwGg/mFoYPbJRegaMOGuu/E2DAyGhLJ35rqPlV0pyxKI6M86StIZFv+qh
RQCBcMYMgwC/XFsaYDu4gme94mUKsxxq4gHjBP/jEckbRQckGDA9Nu+51Q2b9fhj
J/C5rcN3PPseMREMq4uNZZtm4J88d/GZpkzafY/svwt0njX00JYcZ8X7wfn1uCv4
wSsaRmGIXh8b8eL15ZOzIGJBQBSgjtbJdCt3ZSTMbq+fipj+
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:50:41 2025 by rpki-client