Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
File: d3564159-9d8d-43eb-bf55-66a4445d2727.roa (raw, json)
Hash identifier: fgsf+UeNNfWZV2hcyjQoXHON9S9cXojt97y1tVLtS8I=
Subject key identifier: 6A:05:C0:7B:0B:45:87:1F:D1:43:64:96:F8:81:1B:76:22:9C:C8:D9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 706D7ED077EC255A668BE659763DBC82CA72D6C9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
Signing time: Tue 20 May 2025 20:10:15 +0000
ROA not before: Tue 20 May 2025 20:10:15 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:6d:7e:d0:77:ec:25:5a:66:8b:e6:59:76:3d:bc:82:ca:72:d6:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:10:15 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=7da9b49a48a1724d34c9d3bec7c37632929a13156bcb7f87cfbbcc0f6485d37f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c5:dd:b5:aa:2b:31:63:32:22:3a:e2:2f:77:
79:2c:a6:3d:db:f7:40:67:e5:f8:6f:39:6c:82:7c:
cf:5a:44:ca:23:eb:cb:a4:cd:49:02:c0:36:5e:06:
70:fa:d3:10:65:30:0a:4d:10:f0:0d:79:c9:7d:1f:
7c:04:92:67:6c:76:1c:f7:17:53:83:07:6e:04:ff:
00:96:f1:7c:d5:5e:a3:5d:04:78:ee:bf:a5:1c:a4:
3f:9b:b4:3a:b6:31:31:76:b8:e1:28:ce:c6:9a:93:
e4:4b:81:cc:f4:94:44:0e:2e:a1:20:9c:42:eb:27:
61:a9:a9:81:b2:e6:1a:10:ef:df:17:d7:cc:56:31:
08:8c:dd:08:ac:4a:79:47:c1:e3:7a:c5:6e:e8:2b:
c2:21:2a:03:8d:25:46:c4:b8:4a:f9:d3:f6:6d:20:
2f:3b:64:e1:71:50:4e:69:4d:79:79:08:1e:3b:70:
eb:99:63:93:03:6e:9e:37:68:bc:5c:cf:27:61:ff:
8b:12:b7:39:7b:90:3d:6c:2a:f0:9f:e9:78:26:86:
3f:c1:c2:cb:62:b1:c5:0d:dd:1c:e2:3f:14:e6:02:
89:93:fd:78:2e:9b:2e:63:c0:dd:c2:e7:32:a4:47:
ad:9c:cf:92:7d:1c:8c:54:30:f2:68:46:09:c5:24:
1b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:05:C0:7B:0B:45:87:1F:D1:43:64:96:F8:81:1B:76:22:9C:C8:D9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:b000::/40
Signature Algorithm: sha256WithRSAEncryption
29:95:de:85:8f:7f:71:ee:c9:88:67:45:0b:7a:2b:60:1a:25:
71:a5:16:c2:86:ff:f6:58:5b:16:7b:71:88:c3:93:4b:35:c5:
aa:40:35:f8:93:97:35:be:24:21:2f:56:ff:69:f0:27:63:4b:
69:fe:6c:65:15:d1:05:ae:02:c7:e6:5b:cf:ef:7c:97:ea:c5:
dc:20:39:9c:91:a0:37:10:b2:b4:48:1d:b0:0c:be:89:1f:bd:
9a:e9:c8:79:58:43:08:20:2b:a2:e4:cc:4d:a8:aa:8d:57:94:
a8:54:c0:be:3f:9b:c2:b8:4d:3c:c8:84:cc:b9:10:ce:3d:43:
31:48:43:a8:49:7e:a7:84:f9:3c:ef:22:0f:37:82:f0:ed:9e:
38:0c:ab:7b:8e:fa:7b:f8:c8:4b:a6:e7:59:a2:1f:fc:71:48:
9f:03:19:48:0f:85:42:fd:7d:4b:d9:4a:6e:c3:16:cb:59:f6:
11:71:9d:98:74:a3:3c:e5:d2:8c:9e:d1:7d:11:7d:73:13:32:
75:28:50:46:34:5b:ed:a2:c7:50:0e:e9:f7:55:b3:3c:bd:db:
95:c9:29:4c:76:d5:82:4f:99:99:cc:df:d2:75:68:11:28:94:
ad:a6:ce:87:42:01:2e:e7:96:77:ce:b8:13:c1:25:c1:5f:92:
ef:09:91:20
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcG1+0HfsJVpmi+ZZdj28gspy1skwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDEwMTVaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDdkYTliNDlhNDhhMTcyNGQzNGM5ZDNiZWM3YzM3NjMyOTI5YTEzMTU2YmNi
N2Y4N2NmYmJjYzBmNjQ4NWQzN2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjF3bWqKzFjMiI64i93eSymPdv3QGfl+G85bIJ8z1pEyiPry6TNSQLANl4G
cPrTEGUwCk0Q8A15yX0ffASSZ2x2HPcXU4MHbgT/AJbxfNVeo10EeO6/pRykP5u0
OrYxMXa44SjOxpqT5EuBzPSURA4uoSCcQusnYampgbLmGhDv3xfXzFYxCIzdCKxK
eUfB43rFbugrwiEqA40lRsS4SvnT9m0gLztk4XFQTmlNeXkIHjtw65ljkwNunjdo
vFzPJ2H/ixK3OXuQPWwq8J/peCaGP8HCy2KxxQ3dHOI/FOYCiZP9eC6bLmPA3cLn
MqRHrZzPkn0cjFQw8mhGCcUkG78CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRqBcB7
C0WHH9FDZJb4gRt2IpzI2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDM1NjQxNTktOWQ4ZC00M2ViLWJmNTUtNjZhNDQ0NWQyNzI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Haw
MA0GCSqGSIb3DQEBCwUAA4IBAQApld6Fj39x7smIZ0ULeitgGiVxpRbChv/2WFsW
e3GIw5NLNcWqQDX4k5c1viQhL1b/afAnY0tp/mxlFdEFrgLH5lvP73yX6sXcIDmc
kaA3ELK0SB2wDL6JH72a6ch5WEMIICui5MxNqKqNV5SoVMC+P5vCuE08yITMuRDO
PUMxSEOoSX6nhPk87yIPN4Lw7Z44DKt7jvp7+MhLpudZoh/8cUifAxlID4VC/X1L
2UpuwxbLWfYRcZ2YdKM85dKMntF9EX1zEzJ1KFBGNFvtosdQDun3VbM8vduVySlM
dtWCT5mZzN/SdWgRKJStps6HQgEu55Z3zrgTwSXBX5LvCZEg
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:40:24 2025 by rpki-client