Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
File: b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa (raw, json)
Hash identifier: 9wwlv6JG9k0ruikxWLf0NnaSdmJlYyE1hekdvVp/bF4=
Subject key identifier: 7F:D0:55:31:11:07:72:5A:29:2E:61:48:FB:BE:16:74:FD:C5:D8:7A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3E23213971A0A26EC61168839BE2F19301B88B85
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
Signing time: Tue 20 May 2025 20:20:11 +0000
ROA not before: Tue 20 May 2025 20:20:11 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d012:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:23:21:39:71:a0:a2:6e:c6:11:68:83:9b:e2:f1:93:01:b8:8b:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:20:11 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=69d816e44a9c7c058a445448babedb8934d882f281c48b4402cf3af7ed7d70b6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ee:fe:70:4f:04:ca:37:02:b1:f1:cc:4b:5a:
71:52:38:b1:8f:20:5b:b5:4b:92:35:8d:3e:97:fd:
1d:29:17:49:b6:b3:20:c8:0f:ae:3c:06:9b:13:c4:
dd:3e:59:44:f3:68:c3:d4:ba:cd:c4:ee:c3:c0:f5:
f3:6b:19:85:4e:1f:fc:a3:b8:cc:6b:fb:11:ed:20:
eb:e8:95:6c:97:ac:5b:24:c2:04:dd:f1:50:76:42:
1f:7a:e6:0a:a0:91:88:f1:71:a4:df:fc:27:ea:c2:
62:71:83:49:b8:a4:c2:d4:90:28:8f:56:4d:6e:e9:
98:12:af:bd:87:f9:a0:65:3e:3d:57:f8:3a:78:58:
86:9f:ca:4e:2c:e4:0a:22:09:63:f3:99:85:aa:b1:
49:e2:52:70:b2:c5:a0:d5:90:7e:a7:eb:f6:7a:b3:
37:58:a8:44:fc:6d:fd:20:1c:c4:38:e0:5b:05:8d:
fb:0f:86:a1:ec:3f:45:c8:36:55:5d:db:59:38:74:
dd:f8:a2:b7:e0:f2:fd:c5:71:63:e7:bf:9f:c0:02:
01:52:0d:99:5b:79:aa:e4:eb:16:f4:09:d4:52:d3:
42:0d:98:b5:82:9b:0c:24:78:12:7d:3a:21:88:35:
03:9e:c8:81:88:bc:9b:6a:43:50:38:52:cd:d9:76:
60:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:D0:55:31:11:07:72:5A:29:2E:61:48:FB:BE:16:74:FD:C5:D8:7A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d012:400::/38
Signature Algorithm: sha256WithRSAEncryption
09:48:1e:93:86:df:7e:ad:bc:ad:f0:9a:52:f7:43:5c:0c:f8:
6d:a4:c4:74:11:7e:43:61:e1:42:55:8e:bd:08:13:15:58:c1:
44:7d:2b:32:06:81:50:46:23:ff:86:2d:b8:bc:2d:c1:de:d1:
35:d0:0b:3a:16:dc:12:f2:6a:24:34:fb:47:de:2d:09:b3:19:
40:dc:7f:c7:83:41:4c:3b:e3:c1:b0:c9:37:39:df:60:91:36:
96:c5:a6:4e:41:2a:45:e1:6b:3e:5a:2a:9a:e3:93:2e:d8:aa:
57:35:8b:e3:eb:c2:d5:1b:77:b6:03:5f:d4:d2:2a:7c:05:e4:
46:99:f0:12:74:8d:6f:a9:8d:dd:a7:06:11:21:44:57:30:25:
15:ba:3f:1a:bd:e3:2c:99:17:d8:81:ac:e4:41:b8:c2:bd:a9:
ab:4b:40:ce:ae:f1:4b:82:1e:2f:73:e0:dc:c8:93:b4:75:4f:
78:b0:eb:d5:a7:9c:89:f9:1a:13:05:8e:96:37:ec:e2:84:55:
f2:0c:90:9e:16:3f:d9:75:62:d4:8c:5a:b0:1f:f9:a7:ac:d5:
ce:a3:7f:bd:5a:10:c6:e5:2e:ab:25:d8:e2:1c:8d:d7:1a:d0:
ca:a9:52:40:3e:3e:f6:1f:13:ed:93:d9:af:ec:ce:18:5e:45:
bb:3c:bc:b6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPiMhOXGgom7GEWiDm+LxkwG4i4UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDIwMTFaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDY5ZDgxNmU0NGE5YzdjMDU4YTQ0NTQ0OGJhYmVkYjg5MzRkODgyZjI4MWM0
OGI0NDAyY2YzYWY3ZWQ3ZDcwYjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKju/nBPBMo3ArHxzEtacVI4sY8gW7VLkjWNPpf9HSkXSbazIMgPrjwGmxPE
3T5ZRPNow9S6zcTuw8D182sZhU4f/KO4zGv7Ee0g6+iVbJesWyTCBN3xUHZCH3rm
CqCRiPFxpN/8J+rCYnGDSbikwtSQKI9WTW7pmBKvvYf5oGU+PVf4OnhYhp/KTizk
CiIJY/OZhaqxSeJScLLFoNWQfqfr9nqzN1ioRPxt/SAcxDjgWwWN+w+Goew/Rcg2
VV3bWTh03fiit+Dy/cVxY+e/n8ACAVINmVt5quTrFvQJ1FLTQg2YtYKbDCR4En06
IYg1A57IgYi8m2pDUDhSzdl2YP0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR/0FUx
EQdyWikuYUj7vhZ0/cXYejAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjcyYTk1NDAtNTFlZi00ZGNjLWE1ZTItMjQxNzI0OWExYWYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BIE
MA0GCSqGSIb3DQEBCwUAA4IBAQAJSB6Tht9+rbyt8JpS90NcDPhtpMR0EX5DYeFC
VY69CBMVWMFEfSsyBoFQRiP/hi24vC3B3tE10As6FtwS8mokNPtH3i0JsxlA3H/H
g0FMO+PBsMk3Od9gkTaWxaZOQSpF4Ws+Wiqa45Mu2KpXNYvj68LVG3e2A1/U0ip8
BeRGmfASdI1vqY3dpwYRIURXMCUVuj8aveMsmRfYgazkQbjCvamrS0DOrvFLgh4v
c+DcyJO0dU94sOvVp5yJ+RoTBY6WN+zihFXyDJCeFj/ZdWLUjFqwH/mnrNXOo3+9
WhDG5S6rJdjiHI3XGtDKqVJAPj72HxPtk9mv7M4YXkW7PLy2
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:40:18 2025 by rpki-client