Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7fc026-d4bf-4785-a339-050c3fe5352d.roa
File: dd7fc026-d4bf-4785-a339-050c3fe5352d.roa (raw, json)
Hash identifier: dVMlx+J/hT3YpymZale/Q4Cblu38Ae/Ih1bFsR4D0Ak=
Subject key identifier: 25:01:1E:7F:63:AD:1D:7C:E9:3A:66:C2:0F:9B:38:96:11:71:79:19
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 644E5A4461AD4F2478AB6F550F8FF09637B041F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7fc026-d4bf-4785-a339-050c3fe5352d.roa
Signing time: Thu 17 Apr 2025 16:37:15 +0000
ROA not before: Thu 17 Apr 2025 16:37:15 +0000
ROA not after: Thu 22 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d05b:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:4e:5a:44:61:ad:4f:24:78:ab:6f:55:0f:8f:f0:96:37:b0:41:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 17 16:37:15 2025 GMT
Not After : May 22 23:59:59 2025 GMT
Subject: serialNumber=c063dbbcf65a0cc93aff0562d340cab292bb49c89ac1f7ef5f40a1273a0bdfc0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:4b:52:a1:9c:6d:ea:51:1d:6e:8f:69:74:7f:
69:8c:f7:ba:14:09:9d:e7:7d:5d:73:5b:b5:49:5f:
c3:c9:49:5c:6d:0f:12:35:48:c3:3c:34:8e:0f:94:
11:3e:cc:db:87:29:e5:5f:82:be:09:07:80:f5:06:
8e:29:8a:04:58:f5:15:0b:04:0c:ba:cc:10:91:86:
90:b2:df:a2:6a:af:56:41:23:4b:00:bd:e9:63:29:
71:01:ac:50:e8:09:9c:55:43:82:53:bd:00:b1:49:
5d:e2:75:c3:8d:21:61:18:32:3e:c9:78:3e:8b:87:
fd:08:84:96:99:be:8d:c9:05:38:dc:9e:e0:00:05:
4a:90:24:70:7e:39:ef:90:44:ef:c5:29:65:cb:f6:
7f:a1:b9:1c:4b:37:22:1c:f2:29:a1:c4:01:b7:50:
d3:34:2c:2b:60:6d:26:42:be:66:b3:64:8f:18:a1:
33:cf:38:39:f5:5c:22:08:f3:aa:33:6c:84:7f:6a:
0d:e0:97:01:8f:0d:5f:25:af:53:36:29:89:46:90:
63:e7:b0:94:5c:86:25:28:dc:0e:06:77:11:aa:a7:
b1:d9:c0:c2:c3:f9:cc:a9:17:60:ca:b0:ed:8d:e9:
92:7d:98:ab:03:75:89:96:18:34:f2:82:43:62:42:
3d:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:01:1E:7F:63:AD:1D:7C:E9:3A:66:C2:0F:9B:38:96:11:71:79:19
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7fc026-d4bf-4785-a339-050c3fe5352d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d05b:b000::/40
Signature Algorithm: sha256WithRSAEncryption
1e:b7:94:4d:fa:ef:84:fe:d1:e7:c2:c8:ed:69:89:4c:8c:10:
6f:98:1c:d9:0c:cd:03:ab:de:9c:72:7a:95:34:a6:79:cf:37:
7d:d1:1a:26:24:18:4c:84:74:36:63:ba:fc:64:f5:64:0c:00:
c2:72:cd:0a:2b:d2:f0:e5:5f:87:e2:e5:e6:ec:db:ab:de:43:
f5:ff:16:ed:e1:59:b5:35:b9:10:fe:46:6e:b8:9c:41:b3:59:
18:36:d4:61:0a:3a:dc:be:8f:56:c2:b9:11:dc:21:e4:26:8e:
ca:95:cf:d5:4d:d9:b3:57:88:e0:9c:00:9e:f8:be:9d:cb:9b:
b8:4c:55:1b:7c:49:a5:37:a3:47:fd:5c:86:23:5c:bb:a7:79:
b8:8f:de:65:fc:7d:98:22:27:12:30:5a:29:8d:58:52:f4:cd:
5f:5f:ba:7e:6f:a1:de:8d:e1:cf:47:c9:d6:20:6c:51:c9:20:
8f:c4:5b:7f:d2:cb:9b:02:50:08:d2:a6:23:44:33:3d:35:5a:
d1:71:eb:1c:37:70:ed:12:a6:ab:0f:16:1d:45:a7:19:84:dc:
c9:10:d0:73:93:fe:8e:00:49:8b:ce:01:53:8b:e1:70:75:19:
32:5f:a4:06:c8:46:86:f3:e0:e1:ec:25:a0:d5:9a:ff:0e:4c:
77:8a:3d:10
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZE5aRGGtTyR4q29VD4/wljewQfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MTcxNjM3MTVaFw0yNTA1MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwNjNkYmJjZjY1YTBjYzkzYWZmMDU2MmQzNDBjYWIyOTJiYjQ5Yzg5YWMx
ZjdlZjVmNDBhMTI3M2EwYmRmYzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVLUqGcbepRHW6PaXR/aYz3uhQJned9XXNbtUlfw8lJXG0PEjVIwzw0jg+U
ET7M24cp5V+CvgkHgPUGjimKBFj1FQsEDLrMEJGGkLLfomqvVkEjSwC96WMpcQGs
UOgJnFVDglO9ALFJXeJ1w40hYRgyPsl4PouH/QiElpm+jckFONye4AAFSpAkcH45
75BE78UpZcv2f6G5HEs3IhzyKaHEAbdQ0zQsK2BtJkK+ZrNkjxihM884OfVcIgjz
qjNshH9qDeCXAY8NXyWvUzYpiUaQY+ewlFyGJSjcDgZ3EaqnsdnAwsP5zKkXYMqw
7Y3pkn2YqwN1iZYYNPKCQ2JCPUkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQlAR5/
Y60dfOk6ZsIPmziWEXF5GTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGQ3ZmMwMjYtZDRiZi00Nzg1LWEzMzktMDUwYzNmZTUzNTJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fuw
MA0GCSqGSIb3DQEBCwUAA4IBAQAet5RN+u+E/tHnwsjtaYlMjBBvmBzZDM0Dq96c
cnqVNKZ5zzd90RomJBhMhHQ2Y7r8ZPVkDADCcs0KK9Lw5V+H4uXm7Nur3kP1/xbt
4Vm1NbkQ/kZuuJxBs1kYNtRhCjrcvo9WwrkR3CHkJo7Klc/VTdmzV4jgnACe+L6d
y5u4TFUbfEmlN6NH/VyGI1y7p3m4j95l/H2YIicSMFopjVhS9M1fX7p+b6HejeHP
R8nWIGxRySCPxFt/0subAlAI0qYjRDM9NVrRcescN3DtEqarDxYdRacZhNzJENBz
k/6OAEmLzgFTi+FwdRkyX6QGyEaG8+Dh7CWg1Zr/Dkx3ij0Q
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:46:01 2025 by rpki-client