Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
File: b9f26696-5522-477d-b8bf-72de7350b09a.roa (raw, json)
Hash identifier: i9r5wQhkm1SxGG9alc0hPkKzhYaJhdd3X5xOGPA0CMs=
Subject key identifier: DA:06:12:3A:95:02:9B:C0:EF:1A:C0:2D:88:E6:D9:17:16:A5:AD:DB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0688209805BA3F67A8BE3C63058C9447E2EFE0D3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
Signing time: Fri 25 Apr 2025 18:41:35 +0000
ROA not before: Fri 25 Apr 2025 18:41:35 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:88:20:98:05:ba:3f:67:a8:be:3c:63:05:8c:94:47:e2:ef:e0:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:41:35 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=fadda8e51056b4115f81c40140f54a084b270efdbbb02a482c9ce2d5dec6e4a5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:38:b1:f2:8d:07:34:a8:7e:6f:ab:13:87:42:
b0:86:06:13:1f:d0:c9:0d:e2:4f:cd:8d:b7:59:c5:
86:f9:23:cb:26:3b:c7:54:05:0b:06:d6:55:27:02:
bc:3e:2e:85:3b:16:22:5c:0b:7e:50:ae:87:f1:ea:
46:f2:90:96:b3:1a:9a:aa:47:2b:16:b7:e0:42:1c:
77:fa:f6:ec:71:a8:2a:79:6c:29:70:dd:bc:32:ed:
ca:eb:71:32:17:7f:82:45:01:86:3c:11:be:9f:78:
5b:29:9b:dd:ce:2b:36:64:81:50:36:7e:90:dc:b7:
55:1f:a8:0a:6e:28:73:06:cd:7f:3e:32:50:d9:2e:
ec:f7:b9:5c:33:1d:2c:31:a9:39:64:d5:f9:7a:d5:
1f:df:05:a3:ff:46:5e:1a:73:9f:59:c7:88:39:dc:
56:d4:5f:c7:91:6e:53:0f:4e:08:f0:8a:df:15:37:
b2:73:b5:01:22:65:08:46:4b:ef:5b:32:aa:90:f0:
a4:3a:85:bb:86:b0:9b:ff:ce:a7:f3:8f:60:ab:e0:
b4:64:4c:66:fb:c0:88:84:91:47:47:8e:98:67:b5:
09:40:4a:05:47:b5:30:c0:60:40:17:d7:9b:44:f0:
11:5b:11:d7:94:08:b0:29:1e:f5:ba:b2:7c:2a:e0:
a6:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:06:12:3A:95:02:9B:C0:EF:1A:C0:2D:88:E6:D9:17:16:A5:AD:DB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5000::/40
Signature Algorithm: sha256WithRSAEncryption
c5:4b:33:72:ae:67:0a:cd:81:59:41:30:a4:f0:90:ff:2d:2a:
6d:95:2c:3e:8c:62:5d:90:ca:2f:eb:81:45:23:a0:b1:39:11:
31:f7:e1:7d:fb:00:53:36:38:32:d0:a7:0f:36:d7:d5:c5:d2:
e4:84:c5:d4:2a:07:d8:72:24:76:8d:20:0f:d2:88:01:16:c4:
bf:d1:62:1b:a0:bc:d9:4e:9a:ea:f2:cf:0e:99:e8:68:62:ed:
dc:8e:05:e3:18:40:11:a1:41:e8:7f:83:20:37:d5:3c:4b:a2:
d0:8b:7e:3a:4c:f3:a6:90:5e:af:85:cb:0a:a2:21:a6:f1:d2:
18:4a:eb:26:3e:be:be:1e:db:4b:64:2d:82:26:57:e8:e3:da:
55:87:4e:2e:b0:2e:13:72:5d:4e:91:34:61:3c:41:81:de:ff:
f9:94:81:33:52:61:46:24:08:11:0f:ec:0e:9c:ea:fe:9f:e2:
1b:49:b1:09:91:1e:7a:0f:f6:2c:38:57:37:1f:40:bc:78:29:
fc:82:17:92:ed:53:8a:b3:67:c8:22:a0:87:aa:88:f8:a3:8f:
1d:19:30:b3:78:62:27:97:b0:38:fc:bb:89:3e:d2:1f:c5:fb:
e9:8b:c3:59:6a:5d:00:26:2a:16:12:e3:06:71:ea:8a:af:2a:
2b:13:2a:de
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBoggmAW6P2eovjxjBYyUR+Lv4NMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODQxMzVaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhZGRhOGU1MTA1NmI0MTE1ZjgxYzQwMTQwZjU0YTA4NGIyNzBlZmRiYmIw
MmE0ODJjOWNlMmQ1ZGVjNmU0YTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL04sfKNBzSofm+rE4dCsIYGEx/QyQ3iT82Nt1nFhvkjyyY7x1QFCwbWVScC
vD4uhTsWIlwLflCuh/HqRvKQlrMamqpHKxa34EIcd/r27HGoKnlsKXDdvDLtyutx
Mhd/gkUBhjwRvp94Wymb3c4rNmSBUDZ+kNy3VR+oCm4ocwbNfz4yUNku7Pe5XDMd
LDGpOWTV+XrVH98Fo/9GXhpzn1nHiDncVtRfx5FuUw9OCPCK3xU3snO1ASJlCEZL
71syqpDwpDqFu4awm//Op/OPYKvgtGRMZvvAiISRR0eOmGe1CUBKBUe1MMBgQBfX
m0TwEVsR15QIsCke9bqyfCrgpgMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTaBhI6
lQKbwO8awC2I5tkXFqWt2zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjlmMjY2OTYtNTUyMi00NzdkLWI4YmYtNzJkZTczNTBiMDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDFSzNyrmcKzYFZQTCk8JD/LSptlSw+jGJdkMov
64FFI6CxOREx9+F9+wBTNjgy0KcPNtfVxdLkhMXUKgfYciR2jSAP0ogBFsS/0WIb
oLzZTprq8s8OmehoYu3cjgXjGEARoUHof4MgN9U8S6LQi346TPOmkF6vhcsKoiGm
8dIYSusmPr6+HttLZC2CJlfo49pVh04usC4Tcl1OkTRhPEGB3v/5lIEzUmFGJAgR
D+wOnOr+n+IbSbEJkR56D/YsOFc3H0C8eCn8gheS7VOKs2fIIqCHqoj4o48dGTCz
eGInl7A4/LuJPtIfxfvpi8NZal0AJioWEuMGceqKryorEyre
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:47:14 2025 by rpki-client