Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/db2d9177-e3d4-459e-980d-b68f027facc9.roa
File: db2d9177-e3d4-459e-980d-b68f027facc9.roa (raw, json)
Hash identifier: yF6stj19kkuj8diiqeVbegmj+ZdpCQucqUY+ONuyiDM=
Subject key identifier: 7F:9C:E6:AD:31:BE:7B:58:D9:7C:F8:43:40:A6:57:AD:6B:B3:CA:5C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3BF8A052B5849BFBEB37D46E2112F45DB7041E83
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/db2d9177-e3d4-459e-980d-b68f027facc9.roa
Signing time: Tue 20 May 2025 18:20:06 +0000
ROA not before: Tue 20 May 2025 18:20:06 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 14618
IP address blocks: 176.32.96.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:f8:a0:52:b5:84:9b:fb:eb:37:d4:6e:21:12:f4:5d:b7:04:1e:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:20:06 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=576dbadb103140cf4382a7f41365a83fde7534639659b59b4aa1aeacf194b730, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:34:27:13:02:77:98:eb:31:f7:7e:8b:7c:40:
e9:1c:62:76:cf:ea:62:c0:7d:ab:5d:ff:bf:a9:c6:
bd:38:bb:b5:70:b0:1d:2d:05:ec:73:fe:0b:c8:6a:
29:11:8f:4c:c5:a9:11:d2:4e:fe:a8:ce:97:c3:13:
81:fb:df:35:17:fd:a2:be:e9:c8:9b:0d:62:56:7f:
23:36:e7:19:39:3f:3a:62:6c:ed:f1:1d:5f:e1:5b:
66:4e:c5:56:ef:f5:28:ba:a8:9b:ac:c9:85:f0:e2:
35:a9:e2:ec:eb:d4:b7:af:cc:b6:98:4f:af:a9:b3:
34:47:cb:f5:c3:1f:23:b2:86:db:46:e2:a8:ae:15:
86:47:b1:27:a7:ab:a6:81:4c:53:ab:4f:5b:33:ae:
24:9b:4d:78:c3:8d:7a:30:ef:b4:fa:88:c8:3f:44:
61:04:27:8a:4a:c8:ad:8a:10:1f:76:d2:36:ac:7e:
fb:0b:33:78:5e:dc:11:fa:96:d2:68:0f:bc:f3:1a:
c3:89:e9:e3:5b:72:94:05:22:63:a5:92:e2:7f:b2:
3a:cd:2e:97:e7:8e:ca:cd:dc:e0:be:a2:63:41:8f:
63:37:d6:bf:dc:7f:ba:c8:b2:73:be:e3:d5:84:0c:
c8:ee:1f:89:6d:ea:7e:6d:58:26:c3:7f:2d:fc:f9:
2f:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:9C:E6:AD:31:BE:7B:58:D9:7C:F8:43:40:A6:57:AD:6B:B3:CA:5C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/db2d9177-e3d4-459e-980d-b68f027facc9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.32.96.0/21
Signature Algorithm: sha256WithRSAEncryption
90:01:6f:e2:0f:11:98:88:bc:d5:a5:67:5b:5b:a5:0f:ec:e9:
d8:d0:81:db:ed:33:cb:7e:6f:75:f2:6f:8f:c2:1a:f1:bd:2e:
eb:7e:88:8f:66:bd:63:58:40:63:32:2a:99:eb:3e:ff:cb:d0:
25:7d:6e:5a:69:6c:8f:51:b6:f3:a3:79:a8:48:e3:e4:9f:ce:
6a:6a:e1:d9:ad:96:36:a9:02:5b:f9:4f:77:e8:88:a2:1c:71:
d7:f0:53:76:02:eb:01:71:40:94:a1:0e:84:88:a9:3a:eb:64:
c9:7f:82:97:88:0a:c8:7a:7b:03:11:ce:43:21:2e:e6:18:7f:
0b:9d:29:0d:ff:31:7b:19:fd:c4:7b:9c:5a:c4:2c:03:aa:42:
2c:e0:a3:37:fe:84:a6:75:a1:24:d6:02:dc:5e:19:9e:c9:4c:
f5:70:3d:b5:95:55:69:cd:7b:f2:c2:8e:23:f8:e5:11:90:6d:
e4:3f:2c:53:3f:f4:31:6d:80:a9:dc:8d:b1:57:81:59:9f:b0:
25:e1:7f:32:68:24:a5:47:c1:e6:51:7b:3b:c4:bd:f8:79:85:
57:e7:0b:0a:7f:a5:d4:06:4f:39:0e:6c:fa:2e:0f:bc:71:6c:
57:8b:54:84:fb:6e:f9:ad:cc:30:8d:ec:4f:d1:7a:28:2a:77:
3e:57:63:2b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUO/igUrWEm/vrN9RuIRL0XbcEHoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODIwMDZaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDU3NmRiYWRiMTAzMTQwY2Y0MzgyYTdmNDEzNjVhODNmZGU3NTM0NjM5NjU5
YjU5YjRhYTFhZWFjZjE5NGI3MzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL40JxMCd5jrMfd+i3xA6Rxids/qYsB9q13/v6nGvTi7tXCwHS0F7HP+C8hq
KRGPTMWpEdJO/qjOl8MTgfvfNRf9or7pyJsNYlZ/IzbnGTk/OmJs7fEdX+FbZk7F
Vu/1KLqom6zJhfDiNani7OvUt6/MtphPr6mzNEfL9cMfI7KG20biqK4VhkexJ6er
poFMU6tPWzOuJJtNeMONejDvtPqIyD9EYQQnikrIrYoQH3bSNqx++wszeF7cEfqW
0mgPvPMaw4np41tylAUiY6WS4n+yOs0ul+eOys3c4L6iY0GPYzfWv9x/usiyc77j
1YQMyO4fiW3qfm1YJsN/Lfz5L+ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBR/nOat
Mb57WNl8+ENApleta7PKXDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGIyZDkxNzctZTNkNC00NTllLTk4MGQtYjY4ZjAyN2ZhY2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AgYDAN
BgkqhkiG9w0BAQsFAAOCAQEAkAFv4g8RmIi81aVnW1ulD+zp2NCB2+0zy35vdfJv
j8Ia8b0u636Ij2a9Y1hAYzIqmes+/8vQJX1uWmlsj1G286N5qEjj5J/Oamrh2a2W
NqkCW/lPd+iIohxx1/BTdgLrAXFAlKEOhIipOutkyX+Cl4gKyHp7AxHOQyEu5hh/
C50pDf8xexn9xHucWsQsA6pCLOCjN/6EpnWhJNYC3F4ZnslM9XA9tZVVac178sKO
I/jlEZBt5D8sUz/0MW2AqdyNsVeBWZ+wJeF/MmgkpUfB5lF7O8S9+HmFV+cLCn+l
1AZPOQ5s+i4PvHFsV4tUhPtu+a3MMI3sT9F6KCp3PldjKw==
-----END CERTIFICATE-----
Generated at Sat Jun 14 10:57:44 2025 by rpki-client