Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
File: 9a732efb-e23f-49a4-ad51-1a43431e07c9.roa (raw, json)
Hash identifier: pdj5ejcwQeUfLUkFuA6s+rAOEsqWNCiJGUITV47seTE=
Subject key identifier: C0:BD:A1:C4:2A:C2:BA:AC:09:CC:3D:8D:F0:BF:61:41:3D:D8:25:EB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 202C91CE93EBC300264CFF1A4BEE38565B5E833F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
Signing time: Fri 25 Apr 2025 20:10:38 +0000
ROA not before: Fri 25 Apr 2025 20:10:38 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:2c:91:ce:93:eb:c3:00:26:4c:ff:1a:4b:ee:38:56:5b:5e:83:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 20:10:38 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=4c2568a8035634b7ead17b8d406f51984e3c589c2aac864d2a57d0f543999ea5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:eb:9a:f2:06:02:d5:e4:61:a7:f6:fa:aa:98:
ed:27:fc:a4:ba:64:7a:31:44:52:8e:dd:67:61:b9:
7e:37:b4:7b:65:f8:05:f6:81:f5:1b:1f:fb:00:dc:
2c:eb:b4:47:5f:64:48:97:5e:2a:f8:38:da:6d:5d:
b9:1e:b6:79:b9:ab:9b:3e:d3:0c:f4:f7:87:4e:21:
a0:f3:c0:9a:65:ad:2a:86:4a:0f:4f:bf:80:bd:f4:
ca:9c:2e:91:00:8b:d7:c3:87:d0:4f:24:ed:87:4a:
13:b5:d7:f4:45:f4:67:30:78:36:2c:fb:58:ca:65:
fa:b0:a0:8a:b8:1c:7d:77:fe:c2:d8:01:c1:5f:31:
87:bc:ac:60:df:99:1e:d0:f5:56:d5:81:cb:c2:25:
9c:14:e0:11:b2:4b:37:38:b5:80:fe:57:ad:ea:87:
88:4c:ec:be:02:9c:49:67:74:9f:e6:7c:61:3e:e5:
c1:f1:3a:0d:a7:18:71:90:92:7c:97:21:cc:d0:aa:
23:30:75:13:eb:9f:3f:a3:f7:f6:1c:ac:fb:78:bb:
eb:11:b0:90:52:fb:b5:58:e7:7a:10:8e:40:4e:93:
7e:a0:35:45:ee:33:93:c5:51:41:3a:1d:bf:08:88:
0a:f3:45:8e:5e:be:45:f2:31:0f:66:be:fb:40:7a:
cb:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:BD:A1:C4:2A:C2:BA:AC:09:CC:3D:8D:F0:BF:61:41:3D:D8:25:EB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:9000::/40
Signature Algorithm: sha256WithRSAEncryption
50:f0:dd:ef:b7:4d:2b:a1:7a:bc:c4:63:82:c8:94:4f:ee:6e:
a0:0e:66:f0:b9:e8:a8:2e:4f:83:b5:8e:78:c8:ee:e6:25:ae:
0b:42:a6:26:46:f1:19:4d:50:0c:f1:d1:47:5e:d7:cb:a6:40:
cb:dc:3c:01:e2:cb:8a:d2:f5:60:03:0c:a9:ae:37:0e:38:53:
3f:50:e5:8d:97:7c:8b:18:d3:6f:dd:12:a8:d9:a7:48:c0:1a:
37:3b:40:4b:5f:a9:b5:e2:c6:7d:57:ad:7c:b8:74:55:0d:c5:
5f:8e:d7:00:f7:8c:d1:5c:53:67:36:04:e5:a4:c0:0a:e6:d8:
c5:39:91:70:9f:7a:31:b9:66:8d:db:a8:17:eb:41:74:42:41:
4a:52:cd:0c:65:94:cd:a2:8f:9d:c8:28:c0:b2:be:e8:27:0c:
8a:9d:97:14:4e:4b:a2:3b:7c:98:bd:40:ed:de:cd:c3:7b:50:
b9:39:6c:5f:c5:e0:4c:b8:b3:8d:3d:49:2b:53:5a:c6:48:a8:
1c:ac:30:da:ad:23:10:6d:c0:c8:20:98:25:c2:4b:72:83:89:
c0:f3:36:f6:e7:aa:23:3b:42:fb:fb:d0:93:b9:a1:f0:80:c2:
d5:7f:72:8c:22:87:f7:4c:4b:3d:22:6c:0d:1a:f4:10:68:30:
b4:1c:0d:cb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUICyRzpPrwwAmTP8aS+44Vltegz8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUyMDEwMzhaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjMjU2OGE4MDM1NjM0YjdlYWQxN2I4ZDQwNmY1MTk4NGUzYzU4OWMyYWFj
ODY0ZDJhNTdkMGY1NDM5OTllYTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOXrmvIGAtXkYaf2+qqY7Sf8pLpkejFEUo7dZ2G5fje0e2X4BfaB9Rsf+wDc
LOu0R19kSJdeKvg42m1duR62ebmrmz7TDPT3h04hoPPAmmWtKoZKD0+/gL30ypwu
kQCL18OH0E8k7YdKE7XX9EX0ZzB4Niz7WMpl+rCgirgcfXf+wtgBwV8xh7ysYN+Z
HtD1VtWBy8IlnBTgEbJLNzi1gP5XreqHiEzsvgKcSWd0n+Z8YT7lwfE6DacYcZCS
fJchzNCqIzB1E+ufP6P39hys+3i76xGwkFL7tVjnehCOQE6TfqA1Re4zk8VRQTod
vwiICvNFjl6+RfIxD2a++0B6y/cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTAvaHE
KsK6rAnMPY3wv2FBPdgl6zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE3MzJlZmItZTIzZi00OWE0LWFkNTEtMWE0MzQzMWUwN2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBQ8N3vt00roXq8xGOCyJRP7m6gDmbwueioLk+D
tY54yO7mJa4LQqYmRvEZTVAM8dFHXtfLpkDL3DwB4suK0vVgAwyprjcOOFM/UOWN
l3yLGNNv3RKo2adIwBo3O0BLX6m14sZ9V618uHRVDcVfjtcA94zRXFNnNgTlpMAK
5tjFOZFwn3oxuWaN26gX60F0QkFKUs0MZZTNoo+dyCjAsr7oJwyKnZcUTkuiO3yY
vUDt3s3De1C5OWxfxeBMuLONPUkrU1rGSKgcrDDarSMQbcDIIJglwktyg4nA8zb2
56ojO0L7+9CTuaHwgMLVf3KMIof3TEs9ImwNGvQQaDC0HA3L
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:50:15 2025 by rpki-client