Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de6578a7-816f-468a-acf9-83781a3b3769.roa
File: de6578a7-816f-468a-acf9-83781a3b3769.roa (raw, json)
Hash identifier: boOU+d0XegVDJqiQKHLJfIcjd976aCfxof0VajU0Mqo=
Subject key identifier: 02:F0:66:6E:2C:AA:72:24:E6:13:E6:A1:B8:FF:31:E2:93:F8:BE:BA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 033DED39E345865B9B46B0B842286A94FCD1D92C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de6578a7-816f-468a-acf9-83781a3b3769.roa
Signing time: Fri 25 Apr 2025 19:00:14 +0000
ROA not before: Fri 25 Apr 2025 19:00:14 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:3d:ed:39:e3:45:86:5b:9b:46:b0:b8:42:28:6a:94:fc:d1:d9:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:00:14 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=ec6ae3c5cfd38e672edb7babd4eaaea667d969b25d42a64d891a35f820e47b6d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c2:df:9d:22:e1:97:8d:41:99:5a:17:9e:9c:
df:26:52:1d:c9:80:e5:69:cc:51:c9:65:86:5d:fb:
84:b3:9e:8d:78:0e:81:38:63:82:76:36:9c:2b:eb:
fe:0a:ac:17:45:58:d1:cd:60:81:ad:ed:95:6f:9d:
4e:34:89:59:91:5a:a6:63:6d:20:94:05:0b:fd:fb:
4c:e6:dd:b3:91:8d:13:e6:c1:3c:fa:15:8e:69:5f:
eb:20:d8:d8:5f:73:c3:9f:2f:cb:c3:7e:47:19:22:
da:25:9c:d5:ee:57:fe:39:38:f8:bd:1a:84:41:24:
40:79:73:69:d0:ab:0a:63:e2:74:a7:1c:83:b1:4f:
c7:82:64:72:94:89:22:6e:1d:8b:d9:8d:d7:41:6c:
ef:16:c0:9c:97:67:60:43:30:17:43:6e:94:55:ba:
d5:5e:e3:2b:ba:6a:fc:2a:a5:f8:49:e5:ad:f4:9e:
fa:e5:51:fb:55:32:a8:0a:1d:74:cc:3e:3b:a9:a2:
25:66:40:7c:97:ca:0c:d7:96:7a:e5:0f:4b:61:37:
5c:6e:b1:2a:f6:f5:db:4b:50:f9:65:33:c6:7e:19:
65:5a:d8:cb:87:9a:aa:70:d5:78:49:c4:3f:0c:79:
76:ea:43:45:9c:65:b4:07:8b:d0:a1:e4:de:d3:60:
3c:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:F0:66:6E:2C:AA:72:24:E6:13:E6:A1:B8:FF:31:E2:93:F8:BE:BA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de6578a7-816f-468a-acf9-83781a3b3769.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:8000::/40
Signature Algorithm: sha256WithRSAEncryption
1e:22:3c:3b:0e:0c:da:00:d6:53:93:5d:f1:b5:f1:b3:44:12:
87:55:c4:4b:9a:5a:55:b0:b3:70:20:a8:36:8e:d2:96:d8:96:
33:fb:6b:69:95:87:24:71:11:4c:0b:c8:1e:07:b0:9f:f6:e0:
3c:a7:92:fc:c8:76:95:1d:da:9f:28:b9:de:70:b5:23:68:a3:
f1:7c:50:26:d0:8a:72:2c:00:9c:ed:02:5d:66:10:40:51:81:
ae:00:59:d6:f8:66:ab:f5:7a:35:af:05:f2:a0:3c:54:44:51:
ff:fd:69:07:a1:a3:26:bd:c3:d6:80:9d:0f:95:4b:fa:7e:32:
d3:ee:df:43:9e:df:ac:cb:3b:c0:ec:18:42:74:fa:da:2c:e3:
9f:b6:5c:e3:de:aa:ef:a7:b1:28:b3:fe:f0:f8:58:90:05:03:
2d:93:66:06:78:7f:76:08:5a:2f:8c:72:aa:d6:f7:b4:8e:88:
4b:21:b5:18:22:49:d1:0c:3a:0b:e6:3e:90:24:35:08:35:af:
df:2a:a5:fb:a0:4d:a0:e4:eb:a8:21:42:93:2c:26:19:c8:73:
a1:ee:6f:46:fb:3b:a6:1c:5a:e7:81:63:41:a6:f3:49:01:ac:
6d:f6:eb:f4:23:3a:28:6e:68:8e:ee:70:29:e1:fd:fd:d0:aa:
0b:10:d4:11
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAz3tOeNFhlubRrC4QihqlPzR2SwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTAwMTRaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjNmFlM2M1Y2ZkMzhlNjcyZWRiN2JhYmQ0ZWFhZWE2NjdkOTY5YjI1ZDQy
YTY0ZDg5MWEzNWY4MjBlNDdiNmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJnC350i4ZeNQZlaF56c3yZSHcmA5WnMUcllhl37hLOejXgOgThjgnY2nCvr
/gqsF0VY0c1gga3tlW+dTjSJWZFapmNtIJQFC/37TObds5GNE+bBPPoVjmlf6yDY
2F9zw58vy8N+Rxki2iWc1e5X/jk4+L0ahEEkQHlzadCrCmPidKccg7FPx4JkcpSJ
Im4di9mN10Fs7xbAnJdnYEMwF0NulFW61V7jK7pq/Cql+EnlrfSe+uVR+1UyqAod
dMw+O6miJWZAfJfKDNeWeuUPS2E3XG6xKvb120tQ+WUzxn4ZZVrYy4eaqnDVeEnE
Pwx5dupDRZxltAeL0KHk3tNgPD0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQC8GZu
LKpyJOYT5qG4/zHik/i+ujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGU2NTc4YTctODE2Zi00NjhhLWFjZjktODM3ODFhM2IzNzY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGA
MA0GCSqGSIb3DQEBCwUAA4IBAQAeIjw7DgzaANZTk13xtfGzRBKHVcRLmlpVsLNw
IKg2jtKW2JYz+2tplYckcRFMC8geB7Cf9uA8p5L8yHaVHdqfKLnecLUjaKPxfFAm
0IpyLACc7QJdZhBAUYGuAFnW+Gar9Xo1rwXyoDxURFH//WkHoaMmvcPWgJ0PlUv6
fjLT7t9Dnt+syzvA7BhCdPraLOOftlzj3qrvp7Eos/7w+FiQBQMtk2YGeH92CFov
jHKq1ve0johLIbUYIknRDDoL5j6QJDUINa/fKqX7oE2g5OuoIUKTLCYZyHOh7m9G
+zumHFrngWNBpvNJAaxt9uv0IzoobmiO7nAp4f390KoLENQR
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:44:25 2025 by rpki-client