Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File: 68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier: Cr3MPI8NhE0RGmX0voM6UEhIzo2vmDRZ0taF2prRDU4=
Subject key identifier: 2D:51:30:9F:F6:BD:B8:B3:BA:34:99:AF:2D:2D:19:CC:9D:64:E1:3F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0309CB602C437C79F2976EAAE2D23D33FB81BB69
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time: Fri 25 Apr 2025 19:50:56 +0000
ROA not before: Fri 25 Apr 2025 19:50:56 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:09:cb:60:2c:43:7c:79:f2:97:6e:aa:e2:d2:3d:33:fb:81:bb:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:50:56 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=fe57195210f0e7699c7f0bdf823c721d3f6e1cd16b67bd829151907fb34aa05c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:05:bc:1c:b0:3a:06:53:66:f1:4d:be:2d:d4:
8e:09:99:95:83:27:20:2e:e1:31:cc:a4:03:51:53:
9e:2c:91:5e:2f:96:16:89:52:6f:12:f2:29:61:89:
c8:1a:99:8a:89:9e:60:52:5c:19:21:93:87:1d:5e:
a0:06:5b:cc:ab:23:f3:3a:b6:c9:2e:f4:ae:8e:ea:
e7:8c:a0:f0:8d:ea:56:2f:39:ea:f7:68:4d:9c:ef:
8d:82:a1:b6:ab:72:f1:85:4b:69:d9:2b:c5:a6:16:
35:fa:24:52:df:c1:2b:c0:9a:41:f6:a9:1c:63:3c:
60:17:c6:0d:7c:89:75:2d:1c:5a:ba:89:e7:f2:56:
80:a0:0e:e4:32:84:7e:c8:1c:ba:83:80:79:eb:46:
3c:71:9c:b4:3b:0e:75:c8:ed:74:ce:11:b6:56:34:
a6:41:33:84:fa:f4:d0:dc:36:3b:8a:72:90:54:0a:
4e:3b:43:4b:df:a2:0a:70:de:f2:77:a4:58:85:b2:
9c:08:8a:ad:d7:70:ea:77:ca:95:fd:1b:66:8a:6b:
4c:67:1a:2a:b6:ab:1d:5e:84:91:84:03:c9:46:9c:
ee:86:2f:34:0e:7a:1d:af:b2:cb:a0:34:af:f7:31:
18:6c:4b:78:7c:c5:88:dd:a1:2e:d3:69:8a:ec:40:
74:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:51:30:9F:F6:BD:B8:B3:BA:34:99:AF:2D:2D:19:CC:9D:64:E1:3F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:a000::/40
Signature Algorithm: sha256WithRSAEncryption
2c:6c:15:63:65:f7:ba:45:56:74:01:b5:41:66:2b:67:2c:b9:
26:d0:e5:42:91:34:76:91:b9:9e:87:48:86:7d:b1:23:0b:dc:
e2:79:48:1c:8c:92:4e:8e:9a:4f:65:1c:1b:a5:8e:f9:ed:7f:
75:3d:94:d4:bc:c1:11:a5:21:7e:8f:cd:77:cb:03:49:98:03:
26:3d:e1:d6:07:e4:a5:43:bc:64:f3:c5:40:08:13:d9:20:c5:
d4:ca:17:40:af:30:54:4e:89:03:3c:e1:31:90:8c:7a:3c:6b:
e3:7a:72:df:41:69:fe:08:b5:6e:19:6b:e3:3f:94:53:5b:39:
93:99:06:26:4b:9b:9b:4d:ed:01:7b:06:16:ec:86:43:5c:67:
a4:65:5f:9f:a9:02:86:b2:95:f0:9b:b2:fe:04:42:62:87:d2:
f4:2f:51:8e:ff:d3:90:da:6d:fc:7b:d7:c1:40:20:55:40:17:
f1:3d:e2:66:50:60:a5:17:56:03:63:9c:df:97:e7:d8:31:b2:
85:33:51:00:18:de:89:ef:9b:aa:8a:3b:39:79:3f:1d:3f:6a:
1d:a1:f5:ed:1e:7c:c9:11:57:46:18:91:0d:fb:1b:96:23:01:
4c:71:37:9e:c4:53:56:ab:b5:76:06:71:f1:c0:b6:03:c7:09:
38:88:10:cd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAwnLYCxDfHnyl26q4tI9M/uBu2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTUwNTZaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlNTcxOTUyMTBmMGU3Njk5YzdmMGJkZjgyM2M3MjFkM2Y2ZTFjZDE2YjY3
YmQ4MjkxNTE5MDdmYjM0YWEwNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0FvBywOgZTZvFNvi3UjgmZlYMnIC7hMcykA1FTniyRXi+WFolSbxLyKWGJ
yBqZiomeYFJcGSGThx1eoAZbzKsj8zq2yS70ro7q54yg8I3qVi856vdoTZzvjYKh
tqty8YVLadkrxaYWNfokUt/BK8CaQfapHGM8YBfGDXyJdS0cWrqJ5/JWgKAO5DKE
fsgcuoOAeetGPHGctDsOdcjtdM4RtlY0pkEzhPr00Nw2O4pykFQKTjtDS9+iCnDe
8nekWIWynAiKrddw6nfKlf0bZoprTGcaKrarHV6EkYQDyUac7oYvNA56Ha+yy6A0
r/cxGGxLeHzFiN2hLtNpiuxAdP8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQtUTCf
9r24s7o0ma8tLRnMnWThPzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQAsbBVjZfe6RVZ0AbVBZitnLLkm0OVCkTR2kbme
h0iGfbEjC9zieUgcjJJOjppPZRwbpY757X91PZTUvMERpSF+j813ywNJmAMmPeHW
B+SlQ7xk88VACBPZIMXUyhdArzBUTokDPOExkIx6PGvjenLfQWn+CLVuGWvjP5RT
WzmTmQYmS5ubTe0BewYW7IZDXGekZV+fqQKGspXwm7L+BEJih9L0L1GO/9OQ2m38
e9fBQCBVQBfxPeJmUGClF1YDY5zfl+fYMbKFM1EAGN6J75uqijs5eT8dP2odofXt
HnzJEVdGGJEN+xuWIwFMcTeexFNWq7V2BnHxwLYDxwk4iBDN
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:58 2025 by rpki-client