Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
File: 5fe931ae-e353-437d-9738-79004c5e9188.roa (raw, json)
Hash identifier: jiJdJCACDLGqwMzmdtyS1e9UpgKrMomX3qsB5M6Bt48=
Subject key identifier: D4:56:CC:B3:F4:77:89:BB:55:06:B2:4F:2B:A8:13:A2:70:48:A6:0E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1420D7D3030EE299C18EB3A9782F3B7139B71AE4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
Signing time: Fri 25 Apr 2025 20:01:46 +0000
ROA not before: Fri 25 Apr 2025 20:01:46 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:20:d7:d3:03:0e:e2:99:c1:8e:b3:a9:78:2f:3b:71:39:b7:1a:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 20:01:46 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=076e812e7cc27c739ba1b0b01ea37e8d4146f695bc6050e83ebb9bc2660a0725, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:e6:b8:bc:e0:2c:29:e2:4b:08:70:69:b5:2c:
ee:41:00:bb:a5:5d:f7:d9:14:b4:8c:5d:e6:7b:03:
9f:02:0c:31:ab:4a:57:b6:7b:7e:3d:2f:91:b6:7b:
27:18:bb:c2:02:a0:04:44:33:ec:6e:f8:2e:b7:95:
4c:99:0f:d9:b1:90:22:d0:e0:c1:89:ea:6c:1c:b6:
bd:88:dd:72:d3:cb:42:93:5c:12:71:6b:4a:f5:79:
07:84:11:b8:05:90:ec:7b:d1:d2:22:2f:7b:ac:8d:
3c:74:e5:26:db:88:da:80:33:9e:2f:e4:54:24:fe:
29:a8:7c:a8:40:46:f1:d5:92:1c:6a:83:90:9c:16:
c8:00:12:43:86:04:bc:a1:fc:8b:6e:ce:82:63:87:
24:28:3b:7b:b6:25:7f:6f:60:2e:ae:9d:ca:42:4f:
a1:55:67:5f:75:14:a5:b4:09:07:93:9e:09:ec:f7:
2e:ac:b2:4b:03:45:51:57:a5:1e:4c:4e:3e:82:f9:
f6:a9:59:9f:99:4c:37:98:68:f9:32:85:c7:76:2f:
bb:7b:bf:99:04:f3:18:df:2a:36:50:7e:d5:7c:9b:
6a:8d:a3:4c:a3:44:a5:09:a3:05:a8:d8:e8:e8:fb:
19:7f:e0:65:0a:77:3b:2d:52:59:93:37:49:a9:e1:
a3:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:56:CC:B3:F4:77:89:BB:55:06:B2:4F:2B:A8:13:A2:70:48:A6:0E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:c000::/40
Signature Algorithm: sha256WithRSAEncryption
75:3e:74:f5:af:36:8b:d5:10:fb:23:e7:88:37:85:16:6a:ae:
6a:25:36:d9:61:8f:16:a9:c7:65:56:c2:4c:fa:41:51:c5:ed:
1f:ae:43:0f:51:d3:a9:ee:31:c5:e6:d4:02:91:1a:52:07:5b:
f4:75:d9:78:7b:89:8f:ab:23:5c:46:2b:cc:94:bc:9f:79:b9:
cd:51:c4:4d:e7:76:d3:dc:39:ef:ef:78:03:e6:a1:7a:28:6e:
32:34:c3:53:06:e8:ea:20:b1:51:8d:32:3c:c6:d0:97:fb:7a:
5e:ce:c7:d7:4c:3c:6e:60:24:28:43:27:c1:aa:c5:bd:fe:53:
7a:04:ed:1f:40:88:c1:82:a0:42:35:3f:74:dd:72:68:9d:9b:
9f:46:39:9e:48:e1:51:75:af:1f:43:5b:8e:8a:2a:0a:2a:1b:
47:da:c3:27:90:e7:8b:0a:38:19:47:b7:6c:8d:31:7b:df:67:
d8:eb:33:d1:19:c7:b7:b3:26:dc:bd:cc:b9:ef:0a:f1:16:41:
83:cc:92:2e:3d:7a:54:7c:f6:da:84:c7:e5:d8:72:ee:fe:18:
fd:ba:e5:68:72:2f:3f:e7:ea:4a:ff:c5:fc:ea:07:a0:36:aa:
51:a9:8e:fc:59:34:1d:bd:92:5a:67:08:66:10:ad:52:a3:d9:
d7:94:d8:9e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFCDX0wMO4pnBjrOpeC87cTm3GuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUyMDAxNDZaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3NmU4MTJlN2NjMjdjNzM5YmExYjBiMDFlYTM3ZThkNDE0NmY2OTViYzYw
NTBlODNlYmI5YmMyNjYwYTA3MjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANbmuLzgLCniSwhwabUs7kEAu6Vd99kUtIxd5nsDnwIMMatKV7Z7fj0vkbZ7
Jxi7wgKgBEQz7G74LreVTJkP2bGQItDgwYnqbBy2vYjdctPLQpNcEnFrSvV5B4QR
uAWQ7HvR0iIve6yNPHTlJtuI2oAzni/kVCT+Kah8qEBG8dWSHGqDkJwWyAASQ4YE
vKH8i27OgmOHJCg7e7Ylf29gLq6dykJPoVVnX3UUpbQJB5OeCez3LqyySwNFUVel
HkxOPoL59qlZn5lMN5ho+TKFx3Yvu3u/mQTzGN8qNlB+1Xybao2jTKNEpQmjBajY
6Oj7GX/gZQp3Oy1SWZM3Sanho0sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTUVsyz
9HeJu1UGsk8rqBOicEimDjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWZlOTMxYWUtZTM1My00MzdkLTk3MzgtNzkwMDRjNWU5MTg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTA
MA0GCSqGSIb3DQEBCwUAA4IBAQB1PnT1rzaL1RD7I+eIN4UWaq5qJTbZYY8Wqcdl
VsJM+kFRxe0frkMPUdOp7jHF5tQCkRpSB1v0ddl4e4mPqyNcRivMlLyfebnNUcRN
53bT3Dnv73gD5qF6KG4yNMNTBujqILFRjTI8xtCX+3pezsfXTDxuYCQoQyfBqsW9
/lN6BO0fQIjBgqBCNT903XJonZufRjmeSOFRda8fQ1uOiioKKhtH2sMnkOeLCjgZ
R7dsjTF732fY6zPRGce3sybcvcy57wrxFkGDzJIuPXpUfPbahMfl2HLu/hj9uuVo
ci8/5+pK/8X86gegNqpRqY78WTQdvZJaZwhmEK1So9nXlNie
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:45:01 2025 by rpki-client