Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
File: 84b89066-b432-45c3-befb-ffa2b4be3b71.roa (raw, json)
Hash identifier: EYKzm3rudEAita8Ov6KUGxze6D9g/r1jLLmL9xvhl0g=
Subject key identifier: 1D:C9:06:A7:06:82:02:0D:7A:DE:13:35:22:A1:A4:62:48:71:BE:05
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5E8A582959AF4F7CD8E291629051EB8B87EF16A8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
Signing time: Fri 25 Apr 2025 20:00:13 +0000
ROA not before: Fri 25 Apr 2025 20:00:13 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:8a:58:29:59:af:4f:7c:d8:e2:91:62:90:51:eb:8b:87:ef:16:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 20:00:13 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=057e898f41c5117049dd8e1f3e3449702da92234aa690870c5c41e5b577f74dc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:84:11:93:68:b1:99:fd:95:2a:56:60:0d:1c:
81:78:a4:4d:8f:7e:a3:1c:1b:64:76:b0:17:d1:25:
2b:93:7f:7e:07:30:5e:88:ba:84:2f:06:88:04:e7:
22:b5:24:63:e8:ef:e5:c5:c4:67:5a:f7:f4:00:d4:
43:00:2b:de:9b:60:51:7c:79:91:c9:44:d9:3d:45:
7f:f4:f2:b0:6b:8f:41:e5:1d:72:80:15:85:73:b8:
3e:0c:48:60:f9:e1:4e:23:a5:cd:58:ed:84:8d:da:
3e:01:a8:2a:7d:29:18:b6:f9:74:b3:21:a2:7c:27:
92:39:13:37:22:3f:9f:39:5c:ac:f8:d3:59:30:91:
b3:43:0b:38:d2:f7:db:74:02:fd:78:0c:2f:b2:b4:
66:6c:b0:8d:96:f1:02:13:05:1a:fc:de:98:25:aa:
f5:e7:74:fb:12:cb:0b:28:c1:11:60:bf:13:96:51:
77:f4:b1:1e:a3:ea:0f:13:89:e0:3b:36:34:66:0c:
70:b6:09:9d:6c:72:49:ef:4f:be:59:91:d4:55:fe:
5e:db:4e:14:32:0c:20:d7:cb:30:9f:d2:7d:8e:8c:
3e:21:7c:de:47:f3:9e:53:70:13:6b:08:82:58:6e:
89:fc:9f:95:7c:20:69:3b:70:12:c0:8a:81:7f:16:
97:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:C9:06:A7:06:82:02:0D:7A:DE:13:35:22:A1:A4:62:48:71:BE:05
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:4000::/40
Signature Algorithm: sha256WithRSAEncryption
4b:bc:c9:d5:d9:89:1b:a5:1b:ed:cc:ad:0a:25:ca:9a:b4:82:
c4:f7:f1:42:5d:49:09:53:e1:7d:e9:3e:d2:80:55:ea:c8:13:
e0:70:d1:7c:f8:80:00:25:67:1f:ef:1f:27:c1:71:28:59:42:
09:40:c5:01:a2:62:d2:43:ce:c1:81:74:28:b3:95:c0:a5:4a:
fd:ea:43:ab:2e:7a:fc:ae:45:7d:c4:8c:8a:3b:3b:d8:91:54:
38:a8:b5:ed:33:0e:07:f7:f4:78:7d:dd:b4:72:4b:86:03:5f:
55:39:24:0b:2c:9d:d7:51:3b:f7:db:78:0d:fc:5f:58:e8:69:
4e:31:6e:b8:0c:6b:af:c4:f8:91:a6:61:0b:0e:01:95:52:59:
e3:b8:41:e4:ce:50:f0:74:a3:0d:81:38:f2:be:b6:ef:29:73:
43:b5:7a:b4:a7:7f:da:05:df:7f:0f:6c:7c:4a:28:4e:23:2c:
24:23:01:d3:ca:38:9b:9d:25:1f:90:d5:9a:aa:2e:03:99:05:
18:17:01:7c:67:a0:75:3e:99:41:71:12:83:24:b6:a3:ea:9b:
75:a8:f4:27:41:34:55:17:96:34:1f:00:ab:01:69:6a:cc:f0:
72:56:66:7c:68:56:42:a8:31:d4:3a:2f:24:2c:ef:86:96:7d:
d8:ae:37:b5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXopYKVmvT3zY4pFikFHri4fvFqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUyMDAwMTNaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1N2U4OThmNDFjNTExNzA0OWRkOGUxZjNlMzQ0OTcwMmRhOTIyMzRhYTY5
MDg3MGM1YzQxZTViNTc3Zjc0ZGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOEEZNosZn9lSpWYA0cgXikTY9+oxwbZHawF9ElK5N/fgcwXoi6hC8GiATn
IrUkY+jv5cXEZ1r39ADUQwAr3ptgUXx5kclE2T1Ff/TysGuPQeUdcoAVhXO4PgxI
YPnhTiOlzVjthI3aPgGoKn0pGLb5dLMhonwnkjkTNyI/nzlcrPjTWTCRs0MLONL3
23QC/XgML7K0ZmywjZbxAhMFGvzemCWq9ed0+xLLCyjBEWC/E5ZRd/SxHqPqDxOJ
4Ds2NGYMcLYJnWxySe9PvlmR1FX+XttOFDIMINfLMJ/SfY6MPiF83kfznlNwE2sI
glhuifyflXwgaTtwEsCKgX8WlxUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQdyQan
BoICDXreEzUioaRiSHG+BTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODRiODkwNjYtYjQzMi00NWMzLWJlZmItZmZhMmI0YmUzYjcxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhA
MA0GCSqGSIb3DQEBCwUAA4IBAQBLvMnV2YkbpRvtzK0KJcqatILE9/FCXUkJU+F9
6T7SgFXqyBPgcNF8+IAAJWcf7x8nwXEoWUIJQMUBomLSQ87BgXQos5XApUr96kOr
Lnr8rkV9xIyKOzvYkVQ4qLXtMw4H9/R4fd20ckuGA19VOSQLLJ3XUTv323gN/F9Y
6GlOMW64DGuvxPiRpmELDgGVUlnjuEHkzlDwdKMNgTjyvrbvKXNDtXq0p3/aBd9/
D2x8SihOIywkIwHTyjibnSUfkNWaqi4DmQUYFwF8Z6B1PplBcRKDJLaj6pt1qPQn
QTRVF5Y0HwCrAWlqzPByVmZ8aFZCqDHUOi8kLO+Gln3Yrje1
-----END CERTIFICATE-----
Generated at Sat Apr 26 17:35:44 2025 by rpki-client