Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
File: 599e0695-4b67-4a37-994a-8c71d61260b3.roa (raw, json)
Hash identifier: Y75d6RYgMtDESnZTG1ZUg1zp0BCZE1G1m9KpMm4O/c8=
Subject key identifier: D4:20:D0:2D:E5:F3:B4:2A:F4:CE:31:93:72:38:7C:AC:ED:1E:D1:DD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1C4EAD8D9A7E5FA260FC866F53A624C227F6B66C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
Signing time: Fri 25 Apr 2025 18:50:47 +0000
ROA not before: Fri 25 Apr 2025 18:50:47 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:4e:ad:8d:9a:7e:5f:a2:60:fc:86:6f:53:a6:24:c2:27:f6:b6:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:50:47 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=083f1cb09ffdf266bef04ce1875796a435a430fd1aa001661326606bf7b0549c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:4e:e2:c9:c2:4b:3b:81:93:7d:b1:59:ac:4d:
78:c3:3b:58:56:32:d0:5c:24:ad:25:b7:bf:18:10:
78:2b:ac:e0:c4:07:17:5d:62:0b:99:e7:67:65:20:
be:20:d1:fe:e1:7e:87:ef:ff:77:23:34:bc:8d:58:
bb:9a:15:cc:a0:35:8c:48:71:0f:cf:83:c7:fb:1d:
30:77:b9:77:a2:5b:bd:ba:0a:23:6d:6f:42:b1:cc:
c4:81:fc:67:39:dd:df:48:74:9e:05:7b:36:d7:16:
57:a0:37:95:43:6f:60:aa:12:72:5b:9a:e3:cd:3b:
79:60:ad:ab:0a:6f:c2:28:e6:84:31:9d:14:b1:5c:
be:8b:03:b1:d4:ec:64:89:14:76:9b:ba:30:b8:50:
b4:d1:a9:34:58:a6:49:d8:d5:31:41:a6:81:b9:a4:
fb:2e:f4:69:72:2d:d7:81:a4:58:63:f5:c2:96:50:
9c:e3:91:5b:81:1e:c8:8f:16:9a:b7:1d:ba:a6:2e:
08:65:0c:de:ee:41:58:7d:47:ae:47:c4:b6:33:01:
50:f3:04:56:b3:16:03:9d:95:03:78:95:1c:2d:ba:
f1:f9:b2:fe:0e:50:d1:ed:01:92:45:5f:04:20:35:
02:28:dc:5f:18:49:c9:24:18:4c:55:a3:c8:03:e8:
c2:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:20:D0:2D:E5:F3:B4:2A:F4:CE:31:93:72:38:7C:AC:ED:1E:D1:DD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
4d:b8:3b:94:65:d6:ae:22:31:66:df:82:87:a7:c3:d1:d8:bd:
5d:9c:84:e4:59:d7:9a:50:d5:e7:d1:cd:fa:9a:c4:e8:45:66:
8f:76:cb:31:90:c0:65:d9:8a:b9:ed:b2:80:c7:03:47:ba:42:
d7:c9:0b:77:bf:7a:2d:b1:b6:03:57:b7:d3:e6:28:33:c1:32:
3d:b4:52:d2:9d:e6:50:a3:cd:fa:82:12:b2:d4:10:16:f4:f9:
41:68:a8:ef:88:5f:52:87:71:fc:7a:5b:29:03:d9:bd:d3:3f:
58:c0:0e:27:81:5c:ec:8c:e8:1e:be:cb:4a:3e:c4:3b:96:e5:
1f:0e:95:02:e2:db:fb:54:48:fc:65:4b:48:62:b0:97:b9:ee:
62:c3:a9:4d:35:c1:90:99:07:30:c7:d3:c2:d4:2b:80:bf:70:
bb:36:38:61:26:2f:24:bf:ae:27:13:c4:ec:28:87:b0:62:38:
41:15:83:9d:0a:62:ad:b3:53:54:8a:65:d8:39:d8:06:81:2d:
59:dd:e2:a3:22:5e:2a:2d:2b:b1:cd:e2:9a:d5:61:fa:01:c5:
e6:32:96:c5:de:34:17:58:2b:86:e5:d9:85:e6:04:0a:0e:ff:
53:2b:61:68:eb:98:be:24:06:28:d8:3e:81:c2:34:09:64:bb:
a2:66:d7:ff
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHE6tjZp+X6Jg/IZvU6Ykwif2tmwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODUwNDdaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4M2YxY2IwOWZmZGYyNjZiZWYwNGNlMTg3NTc5NmE0MzVhNDMwZmQxYWEw
MDE2NjEzMjY2MDZiZjdiMDU0OWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJO4snCSzuBk32xWaxNeMM7WFYy0FwkrSW3vxgQeCus4MQHF11iC5nnZ2Ug
viDR/uF+h+//dyM0vI1Yu5oVzKA1jEhxD8+Dx/sdMHe5d6JbvboKI21vQrHMxIH8
Zznd30h0ngV7NtcWV6A3lUNvYKoSclua4807eWCtqwpvwijmhDGdFLFcvosDsdTs
ZIkUdpu6MLhQtNGpNFimSdjVMUGmgbmk+y70aXIt14GkWGP1wpZQnOORW4EeyI8W
mrcduqYuCGUM3u5BWH1HrkfEtjMBUPMEVrMWA52VA3iVHC268fmy/g5Q0e0BkkVf
BCA1AijcXxhJySQYTFWjyAPowhUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTUINAt
5fO0KvTOMZNyOHys7R7R3TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk5ZTA2OTUtNGI2Ny00YTM3LTk5NGEtOGM3MWQ2MTI2MGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
wDANBgkqhkiG9w0BAQsFAAOCAQEATbg7lGXWriIxZt+Ch6fD0di9XZyE5FnXmlDV
59HN+prE6EVmj3bLMZDAZdmKue2ygMcDR7pC18kLd796LbG2A1e30+YoM8EyPbRS
0p3mUKPN+oISstQQFvT5QWio74hfUodx/HpbKQPZvdM/WMAOJ4Fc7IzoHr7LSj7E
O5blHw6VAuLb+1RI/GVLSGKwl7nuYsOpTTXBkJkHMMfTwtQrgL9wuzY4YSYvJL+u
JxPE7CiHsGI4QRWDnQpirbNTVIpl2DnYBoEtWd3ioyJeKi0rsc3imtVh+gHF5jKW
xd40F1grhuXZheYECg7/UythaOuYviQGKNg+gcI0CWS7ombX/w==
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:44:15 2025 by rpki-client