Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
File: 5f28c807-572d-4641-be39-53109963f4c3.roa (raw, json)
Hash identifier: nKBItTHKh0u7/Uu71fNX5smwt+ZqVfmlHYUl+O4bTxc=
Subject key identifier: CD:F7:0F:E2:9A:62:B3:97:EF:A3:B5:C2:68:AF:6F:04:9B:15:3C:9E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3CEA61DD6FD7BEF08F066EC1930C70B11DE46B80
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
Signing time: Fri 25 Apr 2025 19:40:06 +0000
ROA not before: Fri 25 Apr 2025 19:40:06 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:ea:61:dd:6f:d7:be:f0:8f:06:6e:c1:93:0c:70:b1:1d:e4:6b:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:40:06 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=97763a2711a8e917c0b225068fe47eaa4361c5563075d450d1d696e56e8f8060, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:3f:6d:a3:fa:3c:d6:ba:d2:6a:24:5e:01:62:
b1:e7:c9:f1:4c:f4:b6:a5:88:f0:2a:8e:46:f0:04:
2a:f1:f5:11:c1:d2:24:b6:72:46:ec:eb:e0:b2:92:
4b:9a:36:93:9a:f5:ff:34:9c:0e:36:8c:9e:26:6a:
d4:97:b6:b0:33:0d:7b:8e:be:ba:c7:bf:ab:a5:ce:
e6:83:8a:f0:9b:83:fb:c0:e6:6f:8f:ec:47:08:98:
24:10:2b:c3:3f:96:e7:8e:87:2a:b2:6d:1a:9c:b6:
54:b1:fe:58:47:5c:d1:43:d7:58:10:73:3d:8d:7d:
0e:3c:5a:c2:7d:8a:47:da:f4:b2:11:fa:b8:0a:b8:
8b:7e:9b:1e:67:ef:6c:a8:99:ee:fc:f1:11:b2:65:
62:29:a0:5b:38:2c:12:c0:af:dc:0a:5d:8f:27:c1:
c0:23:60:5f:34:14:4f:c5:74:24:51:b7:a7:e0:e3:
01:00:f1:4e:9e:a7:7e:28:d0:bc:42:9d:c1:e3:2c:
da:ad:18:a5:bb:ae:b5:32:8c:e0:88:b0:1e:6a:2f:
59:9d:23:5e:e2:26:98:07:39:a0:da:66:f5:20:6e:
c8:41:e8:37:a9:49:21:ec:f5:e0:63:9d:61:cd:b6:
1b:47:58:03:89:0e:01:a6:0f:54:bc:e3:d9:e9:23:
5f:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:F7:0F:E2:9A:62:B3:97:EF:A3:B5:C2:68:AF:6F:04:9B:15:3C:9E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:a000::/40
Signature Algorithm: sha256WithRSAEncryption
84:b8:35:b4:e9:65:57:cd:bf:bd:2f:b9:48:be:fa:db:9d:be:
ac:c1:8f:2f:59:77:59:88:ca:e9:16:20:77:80:48:8d:8a:5a:
26:eb:86:5b:1d:d8:63:b6:a8:c0:28:e1:58:46:b4:3e:af:d7:
26:42:f9:28:e2:76:49:68:68:e2:3b:bc:4e:47:62:cd:ec:ef:
c1:8d:4b:82:b4:98:c9:16:8a:e9:70:63:c7:1c:34:c3:ed:9d:
c6:30:47:a9:36:40:75:90:ad:22:d7:8f:35:81:c5:d4:c4:df:
5a:30:b6:59:13:9c:ec:a4:a1:21:8d:73:15:f9:1d:d5:4a:46:
ff:ed:31:d2:c9:a3:27:94:bc:db:3d:10:f0:1f:b9:fe:96:e0:
a0:24:aa:75:82:9c:7f:27:87:9f:1b:73:21:c8:e2:a6:32:ca:
c2:0b:dd:d0:e8:25:fc:06:9e:5c:d0:7c:df:04:de:4f:61:f3:
95:f4:71:04:14:8c:39:bb:81:45:3d:db:06:26:b1:a1:96:27:
9a:33:08:4e:28:08:bb:a0:b1:5d:4f:ce:41:ad:6a:7e:0f:f9:
e4:a5:48:7c:68:8c:76:7b:eb:6e:2c:54:4d:a9:6e:3d:c5:b2:
e5:1c:ce:25:0e:2c:6c:eb:9a:f7:b5:5b:89:7c:db:94:d4:08:
51:72:b8:51
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPOph3W/XvvCPBm7BkwxwsR3ka4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTQwMDZaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDk3NzYzYTI3MTFhOGU5MTdjMGIyMjUwNjhmZTQ3ZWFhNDM2MWM1NTYzMDc1
ZDQ1MGQxZDY5NmU1NmU4ZjgwNjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJk/baP6PNa60mokXgFisefJ8Uz0tqWI8CqORvAEKvH1EcHSJLZyRuzr4LKS
S5o2k5r1/zScDjaMniZq1Je2sDMNe46+use/q6XO5oOK8JuD+8Dmb4/sRwiYJBAr
wz+W546HKrJtGpy2VLH+WEdc0UPXWBBzPY19Djxawn2KR9r0shH6uAq4i36bHmfv
bKiZ7vzxEbJlYimgWzgsEsCv3ApdjyfBwCNgXzQUT8V0JFG3p+DjAQDxTp6nfijQ
vEKdweMs2q0YpbuutTKM4IiwHmovWZ0jXuImmAc5oNpm9SBuyEHoN6lJIez14GOd
Yc22G0dYA4kOAaYPVLzj2ekjX2MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTN9w/i
mmKzl++jtcJor28EmxU8njAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWYyOGM4MDctNTcyZC00NjQxLWJlMzktNTMxMDk5NjNmNGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dag
MA0GCSqGSIb3DQEBCwUAA4IBAQCEuDW06WVXzb+9L7lIvvrbnb6swY8vWXdZiMrp
FiB3gEiNilom64ZbHdhjtqjAKOFYRrQ+r9cmQvko4nZJaGjiO7xOR2LN7O/BjUuC
tJjJForpcGPHHDTD7Z3GMEepNkB1kK0i1481gcXUxN9aMLZZE5zspKEhjXMV+R3V
Skb/7THSyaMnlLzbPRDwH7n+luCgJKp1gpx/J4efG3MhyOKmMsrCC93Q6CX8Bp5c
0HzfBN5PYfOV9HEEFIw5u4FFPdsGJrGhlieaMwhOKAi7oLFdT85BrWp+D/nkpUh8
aIx2e+tuLFRNqW49xbLlHM4lDixs65r3tVuJfNuU1AhRcrhR
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:49:12 2025 by rpki-client