Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File: 68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier: abwLhW+lKi9mM8dUEWxa19UAp1lrz6QIFcjY1vtIDAU=
Subject key identifier: DF:DA:47:8D:34:FD:FA:54:66:C2:AE:89:0A:80:B7:E6:F0:CC:59:92
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1745FE93877F014028C2D38085EB449F6C583CA0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time: Tue 20 May 2025 20:01:29 +0000
ROA not before: Tue 20 May 2025 20:01:29 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:45:fe:93:87:7f:01:40:28:c2:d3:80:85:eb:44:9f:6c:58:3c:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:01:29 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=66532c2de78ac163e457662c8db4de68c3f9bfe6f91b562b642ac90886bc2855, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:7e:6a:e0:92:b9:ab:63:03:72:06:4e:d0:0d:
6b:29:fa:6a:10:d6:35:94:5d:e0:91:06:e6:3e:a0:
79:00:25:fa:38:4e:73:e0:57:73:c5:e0:fb:09:a5:
9d:51:30:5b:fe:3d:a2:6f:a0:80:18:c9:48:b1:5d:
85:91:eb:ba:23:33:49:dc:21:53:ef:53:74:58:e8:
36:25:6e:e1:05:2a:41:1e:5f:a9:aa:9e:d2:0f:e8:
d5:82:a7:24:04:f9:6a:2e:dd:61:89:02:9d:65:29:
b7:c3:fb:bf:51:3b:af:f7:e7:92:19:5c:22:6c:4f:
b1:8a:38:25:f1:4e:7e:2b:36:44:df:3a:e7:e2:36:
a9:3d:3f:25:4a:59:27:7b:83:c4:4f:f3:08:a4:6f:
de:65:3c:32:d9:c1:1b:80:9f:e0:88:89:5a:28:18:
f9:f5:d9:29:49:55:c3:f1:82:e2:c3:7e:34:ae:04:
1e:60:e2:1c:0b:5f:49:c8:71:96:3a:21:32:66:f4:
de:a9:8c:ac:56:61:d6:9d:40:87:b2:f1:4c:4c:a6:
37:17:bd:09:0b:09:ac:7c:ed:94:e2:09:f5:aa:1e:
5f:0c:29:5c:65:68:4a:02:8f:82:eb:c8:02:5a:19:
e4:54:ac:5d:46:ff:ef:a7:de:e4:c5:f0:fc:0f:2e:
5c:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:DA:47:8D:34:FD:FA:54:66:C2:AE:89:0A:80:B7:E6:F0:CC:59:92
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:a000::/40
Signature Algorithm: sha256WithRSAEncryption
87:73:79:0f:3e:03:b9:85:7f:e9:a8:2a:16:de:28:e6:32:4c:
d0:1d:94:c5:e6:0c:d1:d9:e5:16:b2:bc:00:19:85:01:3c:d7:
f1:81:f5:d5:48:f0:e8:41:ab:9c:dc:94:71:66:ff:97:27:c7:
62:16:b8:88:87:fb:d9:62:9c:94:e1:da:77:3a:4f:84:c2:e7:
47:ef:fd:9c:dd:75:72:04:d6:4e:e7:76:ed:b2:57:e3:a0:94:
d4:6e:f7:b0:5d:d4:48:68:a4:3c:a8:44:ec:33:3a:71:6f:57:
9a:4b:93:60:97:41:85:88:f4:bf:77:26:7f:3d:d9:ff:6c:17:
5e:16:e7:df:d4:e8:3f:ce:6f:d2:3d:6c:87:92:3a:38:c1:5e:
58:b0:ae:5d:7a:35:16:78:1c:b8:6f:69:c7:2f:48:37:e2:80:
d8:e8:9a:6c:37:e1:f3:59:0f:09:91:55:8c:10:a9:2a:6d:63:
64:9b:d2:6a:bb:ec:4a:b2:50:0f:b6:a2:9b:89:4f:75:56:ae:
d6:83:91:a1:32:a0:47:1c:e6:0f:b4:c9:5e:9f:8a:77:1e:47:
8e:c7:7a:50:ef:ff:c0:1c:93:a4:15:71:c4:1b:e3:07:20:78:
30:df:b2:fd:01:60:ce:ca:90:fd:72:6e:e8:fc:f7:cb:0c:12:
93:6c:58:5b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF0X+k4d/AUAowtOAhetEn2xYPKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDAxMjlaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDY2NTMyYzJkZTc4YWMxNjNlNDU3NjYyYzhkYjRkZTY4YzNmOWJmZTZmOTFi
NTYyYjY0MmFjOTA4ODZiYzI4NTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5+auCSuatjA3IGTtANayn6ahDWNZRd4JEG5j6geQAl+jhOc+BXc8Xg+wml
nVEwW/49om+ggBjJSLFdhZHruiMzSdwhU+9TdFjoNiVu4QUqQR5fqaqe0g/o1YKn
JAT5ai7dYYkCnWUpt8P7v1E7r/fnkhlcImxPsYo4JfFOfis2RN865+I2qT0/JUpZ
J3uDxE/zCKRv3mU8MtnBG4Cf4IiJWigY+fXZKUlVw/GC4sN+NK4EHmDiHAtfSchx
ljohMmb03qmMrFZh1p1Ah7LxTEymNxe9CQsJrHztlOIJ9aoeXwwpXGVoSgKPguvI
AloZ5FSsXUb/76fe5MXw/A8uXA0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTf2keN
NP36VGbCrokKgLfm8MxZkjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQCHc3kPPgO5hX/pqCoW3ijmMkzQHZTF5gzR2eUW
srwAGYUBPNfxgfXVSPDoQauc3JRxZv+XJ8diFriIh/vZYpyU4dp3Ok+EwudH7/2c
3XVyBNZO53btslfjoJTUbvewXdRIaKQ8qETsMzpxb1eaS5Ngl0GFiPS/dyZ/Pdn/
bBdeFuff1Og/zm/SPWyHkjo4wV5YsK5dejUWeBy4b2nHL0g34oDY6JpsN+HzWQ8J
kVWMEKkqbWNkm9Jqu+xKslAPtqKbiU91Vq7Wg5GhMqBHHOYPtMlen4p3HkeOx3pQ
7//AHJOkFXHEG+MHIHgw37L9AWDOypD9cm7o/PfLDBKTbFhb
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:37:51 2025 by rpki-client