Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
File: a37b3e49-cec5-4def-b3ef-5356277d82ab.roa (raw, json)
Hash identifier: kUS32kzgeBn7kojsyl1L8tJdyH7ZDtZklwxnrrSJeZ4=
Subject key identifier: 92:40:75:44:30:CC:4C:2C:42:8A:0D:1C:BD:62:BB:FC:94:13:69:B6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 14ED91F762B5AF72FCB5498F7535CC901FA119FD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
Signing time: Tue 01 Apr 2025 15:01:28 +0000
ROA not before: Tue 01 Apr 2025 15:01:28 +0000
ROA not after: Tue 06 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:ed:91:f7:62:b5:af:72:fc:b5:49:8f:75:35:cc:90:1f:a1:19:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 1 15:01:28 2025 GMT
Not After : May 6 23:59:59 2025 GMT
Subject: serialNumber=4433c4f65d95fa8fcdd496d4f5c8f8b196627c8ad4e03ba1c8ef754ba9cd15d6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:48:a4:1c:17:cc:2b:dc:a9:bc:99:22:dc:96:
7a:eb:f8:13:58:6d:ce:be:41:85:35:79:0f:dc:3e:
ca:56:be:d2:ee:cf:3d:56:1a:57:77:5d:03:94:55:
33:e3:a9:33:5f:4f:3e:03:c4:52:81:28:e6:1e:95:
43:9a:9a:49:21:a8:43:11:a9:81:5d:43:d6:2b:a4:
e4:4d:c3:c4:68:29:7e:55:b6:06:33:63:bd:11:d4:
f1:71:06:82:05:69:fb:50:6b:6d:8f:00:f1:b5:0c:
f0:68:ef:a8:aa:4b:ed:f5:8d:8f:55:e2:71:4a:bb:
85:de:b4:89:3d:83:31:05:da:73:d9:be:a3:60:cc:
31:9d:63:a3:ab:79:c0:b1:6e:8e:19:8b:cb:5f:f9:
5e:33:37:27:e4:68:7c:81:46:ab:90:ea:d9:42:b6:
7d:a4:4c:05:cb:d1:9a:1c:9f:5b:21:fe:56:62:b6:
6e:a2:1c:43:d2:2d:92:62:78:b5:81:83:20:ea:ba:
20:bf:f2:79:77:bd:99:07:bd:d3:86:a4:16:ec:97:
37:d7:83:50:6c:96:33:96:07:50:24:e8:10:64:75:
47:e2:ec:0c:7f:55:f6:cc:b8:a5:c7:2a:45:0e:8c:
21:cc:d9:d4:94:1b:b2:67:21:18:74:a0:91:b5:a0:
cd:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:40:75:44:30:CC:4C:2C:42:8A:0D:1C:BD:62:BB:FC:94:13:69:B6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:1000::/40
Signature Algorithm: sha256WithRSAEncryption
77:14:03:6b:26:cd:aa:68:40:e7:47:9c:f8:2c:3a:7b:02:f7:
29:c8:0f:3f:66:66:23:f1:cd:a8:23:19:f1:0c:50:d1:cf:7e:
22:9c:26:b8:6a:94:64:76:d2:7f:67:c2:ff:6a:90:5f:91:4f:
0a:26:8f:b6:12:26:75:a6:e3:0b:17:f9:ab:6a:f4:e1:4e:d0:
db:01:ab:17:e7:ab:86:aa:b7:a2:6c:96:f0:d3:65:d8:a7:85:
20:9b:2f:c2:4b:8d:fa:02:ef:0d:fa:91:74:4c:75:3c:58:bd:
5e:d4:7a:bd:6f:99:28:52:4a:52:a6:b3:c8:a3:9d:9b:92:6b:
be:f0:ac:7e:18:a1:7f:6e:0a:15:2c:39:8b:b5:14:9e:df:f4:
e6:b7:80:9f:70:69:e5:b1:ad:ee:31:08:ad:e8:38:7b:84:16:
f0:45:b7:9f:c6:ab:d0:9c:7f:bf:34:4e:00:08:75:67:7b:03:
10:b9:2f:44:a7:dd:5e:ac:08:10:e4:32:45:a5:de:f7:c5:a9:
f0:8e:4b:31:95:fd:a3:38:27:70:3c:37:10:8a:05:67:3c:68:
2e:50:73:b4:33:d4:54:bd:b0:43:72:4e:79:a9:c7:9d:9a:ec:
d9:d7:ca:6d:e2:ef:0c:3d:71:b9:8a:3b:c1:37:93:4d:77:0f:
02:f0:92:31
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFO2R92K1r3L8tUmPdTXMkB+hGf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAxMjhaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0MzNjNGY2NWQ5NWZhOGZjZGQ0OTZkNGY1YzhmOGIxOTY2MjdjOGFkNGUw
M2JhMWM4ZWY3NTRiYTljZDE1ZDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKBIpBwXzCvcqbyZItyWeuv4E1htzr5BhTV5D9w+yla+0u7PPVYaV3ddA5RV
M+OpM19PPgPEUoEo5h6VQ5qaSSGoQxGpgV1D1iuk5E3DxGgpflW2BjNjvRHU8XEG
ggVp+1BrbY8A8bUM8GjvqKpL7fWNj1XicUq7hd60iT2DMQXac9m+o2DMMZ1jo6t5
wLFujhmLy1/5XjM3J+RofIFGq5Dq2UK2faRMBcvRmhyfWyH+VmK2bqIcQ9ItkmJ4
tYGDIOq6IL/yeXe9mQe904akFuyXN9eDUGyWM5YHUCToEGR1R+LsDH9V9sy4pccq
RQ6MIczZ1JQbsmchGHSgkbWgzYUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSSQHVE
MMxMLEKKDRy9Yrv8lBNptjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTM3YjNlNDktY2VjNS00ZGVmLWIzZWYtNTM1NjI3N2Q4MmFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB3FANrJs2qaEDnR5z4LDp7AvcpyA8/ZmYj8c2o
IxnxDFDRz34inCa4apRkdtJ/Z8L/apBfkU8KJo+2EiZ1puMLF/mravThTtDbAasX
56uGqreibJbw02XYp4Ugmy/CS436Au8N+pF0THU8WL1e1Hq9b5koUkpSprPIo52b
kmu+8Kx+GKF/bgoVLDmLtRSe3/Tmt4CfcGnlsa3uMQit6Dh7hBbwRbefxqvQnH+/
NE4ACHVnewMQuS9Ep91erAgQ5DJFpd73xanwjksxlf2jOCdwPDcQigVnPGguUHO0
M9RUvbBDck55qcedmuzZ18pt4u8MPXG5ijvBN5NNdw8C8JIx
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:38 2025 by rpki-client