Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b65b415-a397-41d3-99dc-207c8689d0ee.roa
File: 5b65b415-a397-41d3-99dc-207c8689d0ee.roa (raw, json)
Hash identifier: oVucpFwMPvjhVaUfzbcwjBZAMZL3qZK50XECHJFVyoA=
Subject key identifier: B6:8B:D0:43:D6:E6:33:71:A0:BA:A4:59:3F:D0:E7:DE:97:9D:27:8C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3D91578B42602D4B7583336D73FA33134F79584F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b65b415-a397-41d3-99dc-207c8689d0ee.roa
Signing time: Tue 15 Apr 2025 15:00:09 +0000
ROA not before: Tue 15 Apr 2025 15:00:09 +0000
ROA not after: Tue 20 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:91:57:8b:42:60:2d:4b:75:83:33:6d:73:fa:33:13:4f:79:58:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 15 15:00:09 2025 GMT
Not After : May 20 23:59:59 2025 GMT
Subject: serialNumber=795a93e2bc5c6e5af4bdce2605d42925160ba3c4de4a56a2094c3f8105294c10, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:39:02:9c:2e:33:67:c3:00:84:c1:7d:c8:e6:
e7:21:65:c7:33:85:17:6a:14:3d:e7:0a:2a:b1:4d:
18:35:37:18:10:14:a6:ae:c7:6e:3b:92:2b:9d:81:
90:80:63:3b:96:49:fd:7b:7b:86:b6:15:0c:0b:9b:
a8:22:07:b8:72:6b:29:b7:25:7b:f6:4b:81:fa:e6:
92:47:d3:a3:7a:da:71:b8:7e:5b:af:33:76:c6:0a:
5f:2f:f1:90:ff:e9:a3:08:c4:0f:aa:e1:39:c4:88:
e2:01:aa:33:00:8f:34:0d:b6:2a:43:9e:61:cc:f6:
c1:ba:e1:a6:a2:ea:39:2e:ab:7c:34:dd:36:42:15:
71:6e:87:b9:63:20:46:7f:b4:e4:e9:3a:a2:de:e9:
77:e7:2e:41:b7:89:a0:d3:1b:8e:eb:11:ff:5e:f3:
e8:ac:ec:96:7b:b6:72:28:34:36:40:a8:59:cf:a1:
93:0d:d1:67:00:ba:d1:a1:75:3f:5a:f8:c0:dc:98:
6c:ed:d8:4e:2c:ab:46:0b:c8:c6:da:64:bc:02:1d:
6c:30:6a:72:3f:73:12:ca:40:a0:cb:56:be:c5:2d:
ca:3b:1b:01:e6:9c:93:81:54:9e:b8:68:b7:74:e8:
b9:df:07:40:4d:b7:3f:1d:06:e1:8f:2a:17:70:82:
b6:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:8B:D0:43:D6:E6:33:71:A0:BA:A4:59:3F:D0:E7:DE:97:9D:27:8C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b65b415-a397-41d3-99dc-207c8689d0ee.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:6000::/40
Signature Algorithm: sha256WithRSAEncryption
58:40:d9:2b:c1:71:e5:db:31:eb:dc:0e:0a:d9:27:70:d0:32:
f2:49:97:14:1f:f1:95:87:64:f5:6e:18:bc:f4:f8:51:e1:0f:
0b:4f:49:a3:96:db:50:74:92:87:8a:0f:85:0f:51:04:f3:3e:
58:2f:4f:08:48:7a:4f:ba:ca:1e:a8:96:6a:56:9b:84:76:8e:
20:33:72:27:c0:0d:5f:30:fa:73:6f:cb:d7:26:7d:c8:45:7a:
1c:60:36:e8:17:e3:fe:a7:b0:58:98:39:ba:9a:2d:ea:92:f4:
5d:7a:6b:9d:78:a8:76:65:df:0f:37:17:96:0b:87:45:48:d6:
76:6c:58:ce:49:41:fa:35:5a:9f:d4:13:9f:b0:3d:26:51:c7:
26:b2:cc:ea:b3:8a:af:42:32:fb:86:07:36:91:16:53:7f:0d:
33:8a:64:df:ec:ed:d3:1d:f5:f8:cc:73:89:57:34:59:d7:e2:
15:6c:d3:79:32:2b:1d:e7:29:5c:fa:7f:f6:f9:44:b6:55:cb:
4e:48:df:f7:39:2f:db:91:c2:a3:69:0e:cc:e9:a2:bb:6e:5e:
d4:2b:37:c2:95:0b:30:13:f5:60:7b:b1:0c:5c:0e:37:ef:b6:
51:67:80:26:c0:bc:f6:66:97:cb:51:e2:35:71:53:4f:fd:07:
6f:9f:d3:98
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPZFXi0JgLUt1gzNtc/ozE095WE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MTUxNTAwMDlaFw0yNTA1MjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDc5NWE5M2UyYmM1YzZlNWFmNGJkY2UyNjA1ZDQyOTI1MTYwYmEzYzRkZTRh
NTZhMjA5NGMzZjgxMDUyOTRjMTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALs5ApwuM2fDAITBfcjm5yFlxzOFF2oUPecKKrFNGDU3GBAUpq7HbjuSK52B
kIBjO5ZJ/Xt7hrYVDAubqCIHuHJrKbcle/ZLgfrmkkfTo3racbh+W68zdsYKXy/x
kP/powjED6rhOcSI4gGqMwCPNA22KkOeYcz2wbrhpqLqOS6rfDTdNkIVcW6HuWMg
Rn+05Ok6ot7pd+cuQbeJoNMbjusR/17z6Kzslnu2cig0NkCoWc+hkw3RZwC60aF1
P1r4wNyYbO3YTiyrRgvIxtpkvAIdbDBqcj9zEspAoMtWvsUtyjsbAeack4FUnrho
t3Toud8HQE23Px0G4Y8qF3CCtikCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS2i9BD
1uYzcaC6pFk/0Ofel50njDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWI2NWI0MTUtYTM5Ny00MWQzLTk5ZGMtMjA3Yzg2ODlkMGVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HZg
MA0GCSqGSIb3DQEBCwUAA4IBAQBYQNkrwXHl2zHr3A4K2Sdw0DLySZcUH/GVh2T1
bhi89PhR4Q8LT0mjlttQdJKHig+FD1EE8z5YL08ISHpPusoeqJZqVpuEdo4gM3In
wA1fMPpzb8vXJn3IRXocYDboF+P+p7BYmDm6mi3qkvRdemudeKh2Zd8PNxeWC4dF
SNZ2bFjOSUH6NVqf1BOfsD0mUccmsszqs4qvQjL7hgc2kRZTfw0zimTf7O3THfX4
zHOJVzRZ1+IVbNN5Misd5ylc+n/2+US2VctOSN/3OS/bkcKjaQ7M6aK7bl7UKzfC
lQswE/Vge7EMXA4377ZRZ4AmwLz2ZpfLUeI1cVNP/Qdvn9OY
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:50:14 2025 by rpki-client