Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: haSPa6FTF/ps5G/iiYW5YcsnWgaAbGIlkgLQHGgAuYA=
Subject key identifier: 20:1F:33:BE:D1:50:16:72:6C:DB:C7:24:5B:F7:8D:EC:6A:FC:89:BD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B5F9CC5D394AF1215C36392A59ACBD694843ECE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Tue 01 Apr 2025 15:01:24 +0000
ROA not before: Tue 01 Apr 2025 15:01:24 +0000
ROA not after: Tue 06 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:5f:9c:c5:d3:94:af:12:15:c3:63:92:a5:9a:cb:d6:94:84:3e:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 1 15:01:24 2025 GMT
Not After : May 6 23:59:59 2025 GMT
Subject: serialNumber=94c31a8d08bbbaa5fd1422c93a1bff09c11ee269404476c6e5e2a6a57c784804, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:c1:e3:1c:8b:1d:c6:9a:9e:3d:9f:bf:ea:13:
b8:19:b1:99:9b:67:77:12:b8:38:0a:66:4b:79:32:
bb:02:71:d2:1c:cf:1c:08:75:f5:40:1e:f8:85:b6:
3c:f2:7e:90:fa:02:6c:af:90:cd:f9:9a:3e:05:4b:
c8:d5:78:57:3b:67:59:7b:fa:d3:41:3f:2a:41:da:
46:41:d8:87:71:b3:a5:74:f6:28:03:3e:b3:9b:b4:
94:fc:f7:0c:10:cc:e5:df:b1:dd:29:24:26:6b:f2:
cc:f4:f9:19:ae:ec:1c:2f:31:94:9e:b9:7e:73:16:
11:fc:d0:4c:f7:fa:73:f0:cd:3a:ff:0f:55:27:11:
5c:a9:d6:af:f7:8e:18:ad:34:35:65:ad:3a:10:fc:
bd:30:3d:9d:8e:7a:47:eb:98:32:ac:ef:b3:3f:25:
72:f3:81:59:cf:cf:27:4c:58:c8:c7:2e:e0:e7:8a:
88:79:32:64:88:70:29:c3:39:d5:34:2f:d0:c4:57:
10:a3:46:10:58:71:8e:1b:ff:20:c7:56:28:65:ed:
8f:e0:e0:aa:f0:11:71:27:dd:49:69:6e:93:a5:ef:
91:32:2f:4a:11:be:dd:05:60:fb:e1:74:4b:9b:0c:
bb:94:0e:2c:4d:91:b1:31:b4:2f:ff:5f:bb:75:5f:
16:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:1F:33:BE:D1:50:16:72:6C:DB:C7:24:5B:F7:8D:EC:6A:FC:89:BD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
1f:c4:df:ec:58:ce:ce:c7:b5:2a:f5:1c:bc:8f:ce:a1:b4:cc:
07:10:6f:a6:f2:1f:64:f8:c5:45:89:0e:32:62:d0:8c:e9:4e:
05:a9:ed:52:e1:f5:c3:4c:d6:25:b5:f1:6a:9d:dc:ea:98:8e:
43:b5:12:d2:a7:d7:08:12:26:c0:86:b6:ee:f3:2d:5a:cd:21:
ce:13:e6:a6:42:85:9a:f4:ca:b4:a2:74:41:20:56:a9:45:cb:
98:e2:fd:86:d5:5f:7c:7e:03:b8:10:14:bd:ab:ac:c0:28:2a:
3f:2f:80:59:cc:a0:18:0c:5e:47:bb:6d:96:61:33:61:b9:b7:
04:db:a2:4f:03:b4:2e:4e:52:6b:dc:a8:4d:9b:8d:4b:84:26:
cb:3d:7f:c2:46:73:1c:ad:dc:db:17:8f:27:22:e8:3b:f0:ef:
f3:71:d9:d8:76:65:69:43:1d:51:10:db:20:19:04:82:d3:62:
04:0a:54:14:9d:e3:61:27:7e:97:48:0e:9b:b1:f7:86:4c:b0:
81:1e:29:00:af:c9:e0:36:c7:57:78:f3:c1:1d:7a:45:c4:08:
ff:9b:2b:f5:ef:13:a0:20:89:5e:4b:50:aa:03:bd:ea:94:cc:
93:ae:aa:42:1e:4f:d6:2b:cb:14:ec:a6:ec:6d:63:13:f6:be:
bb:6e:48:e0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUW1+cxdOUrxIVw2OSpZrL1pSEPs4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAxMjRaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0YzMxYThkMDhiYmJhYTVmZDE0MjJjOTNhMWJmZjA5YzExZWUyNjk0MDQ0
NzZjNmU1ZTJhNmE1N2M3ODQ4MDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLB4xyLHcaanj2fv+oTuBmxmZtndxK4OApmS3kyuwJx0hzPHAh19UAe+IW2
PPJ+kPoCbK+QzfmaPgVLyNV4VztnWXv600E/KkHaRkHYh3GzpXT2KAM+s5u0lPz3
DBDM5d+x3SkkJmvyzPT5Ga7sHC8xlJ65fnMWEfzQTPf6c/DNOv8PVScRXKnWr/eO
GK00NWWtOhD8vTA9nY56R+uYMqzvsz8lcvOBWc/PJ0xYyMcu4OeKiHkyZIhwKcM5
1TQv0MRXEKNGEFhxjhv/IMdWKGXtj+DgqvARcSfdSWluk6XvkTIvShG+3QVg++F0
S5sMu5QOLE2RsTG0L/9fu3VfFkcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQgHzO+
0VAWcmzbxyRb943savyJvTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAfxN/sWM7Ox7Uq9Ry8j86htMwHEG+m8h9k+MVF
iQ4yYtCM6U4Fqe1S4fXDTNYltfFqndzqmI5DtRLSp9cIEibAhrbu8y1azSHOE+am
QoWa9Mq0onRBIFapRcuY4v2G1V98fgO4EBS9q6zAKCo/L4BZzKAYDF5Hu22WYTNh
ubcE26JPA7QuTlJr3KhNm41LhCbLPX/CRnMcrdzbF48nIug78O/zcdnYdmVpQx1R
ENsgGQSC02IEClQUneNhJ36XSA6bsfeGTLCBHikAr8ngNsdXePPBHXpFxAj/myv1
7xOgIIleS1CqA73qlMyTrqpCHk/WK8sU7KbsbWMT9r67bkjg
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:41 2025 by rpki-client