Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
File: e584cad3-b485-48b5-a920-636e55268d8b.roa (raw, json)
Hash identifier: qHyLXsfRKRKlEYjrB5x0gU8sMwMEBiW6rUjapJn5TDQ=
Subject key identifier: 4D:48:88:2B:94:95:99:3A:02:43:25:2C:79:63:B5:6A:14:62:E2:D8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 342AEA425EDB124C8EBA2A823DD74C24109DF8EC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
Signing time: Fri 25 Apr 2025 18:51:13 +0000
ROA not before: Fri 25 Apr 2025 18:51:13 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:20c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:2a:ea:42:5e:db:12:4c:8e:ba:2a:82:3d:d7:4c:24:10:9d:f8:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:51:13 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=e9a0df6448e00d7f94ee820e0ec39c37a530f408070c7c22305bc92f63693dd5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:1f:24:9e:aa:85:96:39:b4:78:38:59:95:ef:
90:fb:1c:10:7a:27:29:e8:31:f9:2b:a3:0f:c1:2a:
c1:e5:4f:c8:00:78:57:02:e2:1c:79:7e:f7:63:75:
80:2e:aa:2c:ca:b5:4c:fe:3f:6c:48:7d:c7:43:70:
29:c0:a7:20:ff:4f:38:20:28:f3:f1:34:76:47:3f:
2e:f2:d6:c6:2e:fa:c0:be:0d:96:ae:c4:69:d8:e1:
77:df:75:e0:fe:ea:d1:bf:3a:26:47:02:c3:88:16:
a5:fe:0d:65:94:77:a2:8e:67:5a:79:2a:10:e1:c7:
73:7d:2d:76:bb:ce:e6:0d:22:a0:85:63:f5:e7:d3:
50:44:82:12:3a:c9:5a:73:f0:2e:0f:29:6a:7d:f6:
74:62:9d:f0:9c:d5:d1:6c:77:03:ec:34:38:ec:20:
d6:02:2c:65:5b:ad:65:2f:05:26:da:a6:86:92:f0:
a8:e0:cc:48:46:98:28:61:d1:51:02:ea:69:f9:72:
b7:c7:8a:c1:7f:b2:cb:18:d4:d7:cb:11:08:77:b6:
36:42:46:e6:ca:39:ce:3e:e7:3e:44:e0:a4:57:b6:
c9:76:30:4c:ff:63:31:16:3d:0d:1c:33:e8:77:80:
e1:f3:8c:9b:f8:25:3b:d3:19:54:a9:5e:09:ba:52:
93:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:48:88:2B:94:95:99:3A:02:43:25:2C:79:63:B5:6A:14:62:E2:D8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:20c0::/48
Signature Algorithm: sha256WithRSAEncryption
3e:76:3a:74:f4:b0:3d:08:a5:6c:f6:b4:4e:48:45:22:28:b0:
98:98:1e:ef:ae:14:b0:0a:6c:f5:49:f3:e1:87:f6:65:2f:8a:
84:22:b4:95:c7:5b:6e:b0:0c:6f:85:d1:1d:04:eb:95:99:02:
cc:0f:e1:5a:07:18:07:38:61:d9:f6:f4:ec:17:8a:6b:7a:bd:
5d:ca:a9:e4:08:ec:12:90:de:4c:5d:2e:4e:81:de:ad:ad:87:
c6:75:26:41:39:6a:b7:4a:44:f8:a1:53:b9:c1:7e:b7:83:ed:
4c:0c:bf:0c:d3:0f:1f:de:21:6d:12:57:73:4a:5c:b8:c7:d9:
16:76:7d:37:dd:34:92:e1:91:21:22:a2:43:71:11:70:01:ff:
1f:5e:3a:86:6d:5e:e9:7f:7d:ee:14:40:f0:a9:2b:ea:57:ad:
e5:84:a3:00:53:19:bc:71:92:1d:ef:b2:28:a0:4d:4c:3b:b5:
a7:d4:61:c3:40:95:fd:ec:61:bc:82:03:b3:cc:0e:fa:24:36:
3e:84:fe:69:57:64:d9:06:5c:bd:c1:bd:2b:31:9f:44:fd:c3:
13:a1:ed:4a:ea:ca:3d:d0:3e:ff:8a:26:b0:d5:64:76:6e:3a:
a6:7c:78:24:cf:b8:88:05:63:6c:4b:e0:ae:b7:6b:13:a7:a5:
bc:d5:98:fe
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNCrqQl7bEkyOuiqCPddMJBCd+OwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODUxMTNaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5YTBkZjY0NDhlMDBkN2Y5NGVlODIwZTBlYzM5YzM3YTUzMGY0MDgwNzBj
N2MyMjMwNWJjOTJmNjM2OTNkZDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKIfJJ6qhZY5tHg4WZXvkPscEHonKegx+SujD8EqweVPyAB4VwLiHHl+92N1
gC6qLMq1TP4/bEh9x0NwKcCnIP9POCAo8/E0dkc/LvLWxi76wL4Nlq7Eadjhd991
4P7q0b86JkcCw4gWpf4NZZR3oo5nWnkqEOHHc30tdrvO5g0ioIVj9efTUESCEjrJ
WnPwLg8pan32dGKd8JzV0Wx3A+w0OOwg1gIsZVutZS8FJtqmhpLwqODMSEaYKGHR
UQLqaflyt8eKwX+yyxjU18sRCHe2NkJG5so5zj7nPkTgpFe2yXYwTP9jMRY9DRwz
6HeA4fOMm/glO9MZVKleCbpSk8cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRNSIgr
lJWZOgJDJSx5Y7VqFGLi2DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU4NGNhZDMtYjQ4NS00OGI1LWE5MjAtNjM2ZTU1MjY4ZDhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8g
wDANBgkqhkiG9w0BAQsFAAOCAQEAPnY6dPSwPQilbPa0TkhFIiiwmJge764UsAps
9Unz4Yf2ZS+KhCK0lcdbbrAMb4XRHQTrlZkCzA/hWgcYBzhh2fb07BeKa3q9Xcqp
5AjsEpDeTF0uToHera2HxnUmQTlqt0pE+KFTucF+t4PtTAy/DNMPH94hbRJXc0pc
uMfZFnZ9N900kuGRISKiQ3ERcAH/H146hm1e6X997hRA8Kkr6let5YSjAFMZvHGS
He+yKKBNTDu1p9Rhw0CV/exhvIIDs8wO+iQ2PoT+aVdk2QZcvcG9KzGfRP3DE6Ht
SurKPdA+/4omsNVkdm46pnx4JM+4iAVjbEvgrrdrE6elvNWY/g==
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:49:36 2025 by rpki-client