Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
File: f067aa52-ee52-4fb2-867c-8dc79786d43d.roa (raw, json)
Hash identifier: ICQ+SE0+UX1JyUvfbNCHwHUSOdrgnqYLoS090pjhPxk=
Subject key identifier: F4:05:1C:4A:4C:59:74:FE:35:36:2D:81:60:EE:4A:77:F2:33:BE:9A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6484DCCAB8BEC6C4A30B642E20280FC6C07C81E3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
Signing time: Fri 25 Apr 2025 18:20:20 +0000
ROA not before: Fri 25 Apr 2025 18:20:20 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:2080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:84:dc:ca:b8:be:c6:c4:a3:0b:64:2e:20:28:0f:c6:c0:7c:81:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:20:20 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=6d95c5c7201f758a0ad024dc400beaa31e5628517e86f89fb7c319d240ba092b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c8:dc:a6:28:a1:5e:14:95:bd:6f:5a:12:cb:
2e:66:5f:94:7b:b1:cb:99:c3:b2:6d:d9:ba:cb:f9:
34:95:97:97:a9:01:3f:7c:08:94:01:c8:76:05:03:
bc:6c:aa:65:6a:a1:e4:81:06:d7:4c:bb:72:35:89:
95:a6:c0:3d:90:39:3d:9f:45:ea:3e:02:d1:14:9b:
f7:8e:bb:e6:8e:cb:75:1b:2c:63:de:5d:49:70:ff:
e3:8e:90:7b:bc:d9:81:9e:a7:39:f7:6e:ce:89:56:
45:a0:9c:f8:b7:68:0e:5b:10:b0:43:c4:96:bc:70:
3d:91:ed:36:61:86:2d:f3:99:64:e7:33:3d:fc:5d:
5f:02:a5:a6:9b:8a:e4:ca:57:e6:16:07:de:e6:45:
56:0a:61:cc:90:f2:b9:c8:f1:af:58:28:07:73:7d:
06:a4:09:9f:3f:4e:9d:a6:85:5d:47:df:50:d5:3a:
4c:ee:56:33:4c:1b:c6:1d:1a:48:bc:95:59:d7:2a:
23:bb:4f:9c:67:ad:f6:33:2e:9b:24:35:96:80:42:
b7:1e:d3:97:c2:ec:88:f3:3b:8f:42:a7:7b:0e:25:
fa:3b:ff:c7:20:3d:ed:28:cb:69:85:f6:4e:01:1e:
54:bc:6d:69:f2:a6:d6:28:32:68:5f:91:ea:e7:2a:
46:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:05:1C:4A:4C:59:74:FE:35:36:2D:81:60:EE:4A:77:F2:33:BE:9A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:2080::/48
Signature Algorithm: sha256WithRSAEncryption
0b:22:48:d7:4c:1d:ac:38:ab:57:fd:c3:82:09:53:34:e1:de:
09:b8:8c:09:77:d6:4e:7d:2e:cd:a4:4a:df:1c:aa:40:87:d5:
e1:d7:42:46:2f:72:e7:a8:85:0d:2c:0a:f5:1a:a7:12:a9:4e:
63:86:2c:5d:6a:fc:d1:1a:23:2d:27:e4:89:4d:1d:ea:43:cb:
e5:6a:47:f1:63:af:a9:40:17:67:35:46:b7:8b:25:f6:2b:85:
d3:83:e1:f6:97:78:8a:aa:9b:f5:17:11:4f:1d:1f:a9:d4:16:
bd:7c:94:80:61:61:a4:22:0c:33:51:39:7e:05:3c:0f:05:5a:
6e:b0:41:d3:51:5d:fc:df:0b:f6:df:06:14:cb:40:02:2f:33:
fe:43:70:22:24:91:bf:14:e8:65:e8:68:57:da:4a:45:90:78:
2c:c3:a9:b4:7c:3b:1a:80:56:06:2f:09:e3:5b:13:1a:32:8e:
fd:37:fe:16:45:c2:c0:10:8a:ca:88:6b:39:71:d0:c8:39:5e:
75:be:32:4d:a2:52:c2:72:31:6c:50:60:69:ff:21:b8:78:7c:
fc:6e:34:3e:f7:cc:09:3a:ff:39:1e:ee:59:1e:c4:15:22:21:
2b:d1:21:bb:11:63:32:31:4d:83:78:a9:8f:9f:d5:36:84:1d:
7d:bc:31:e0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZITcyri+xsSjC2QuICgPxsB8geMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODIwMjBaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDZkOTVjNWM3MjAxZjc1OGEwYWQwMjRkYzQwMGJlYWEzMWU1NjI4NTE3ZTg2
Zjg5ZmI3YzMxOWQyNDBiYTA5MmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7I3KYooV4Ulb1vWhLLLmZflHuxy5nDsm3Zusv5NJWXl6kBP3wIlAHIdgUD
vGyqZWqh5IEG10y7cjWJlabAPZA5PZ9F6j4C0RSb94675o7LdRssY95dSXD/446Q
e7zZgZ6nOfduzolWRaCc+LdoDlsQsEPElrxwPZHtNmGGLfOZZOczPfxdXwKlppuK
5MpX5hYH3uZFVgphzJDyucjxr1goB3N9BqQJnz9OnaaFXUffUNU6TO5WM0wbxh0a
SLyVWdcqI7tPnGet9jMumyQ1loBCtx7Tl8LsiPM7j0Knew4l+jv/xyA97SjLaYX2
TgEeVLxtafKm1igyaF+R6ucqRiUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT0BRxK
TFl0/jU2LYFg7kp38jO+mjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjA2N2FhNTItZWU1Mi00ZmIyLTg2N2MtOGRjNzk3ODZkNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
gDANBgkqhkiG9w0BAQsFAAOCAQEACyJI10wdrDirV/3DgglTNOHeCbiMCXfWTn0u
zaRK3xyqQIfV4ddCRi9y56iFDSwK9RqnEqlOY4YsXWr80RojLSfkiU0d6kPL5WpH
8WOvqUAXZzVGt4sl9iuF04Ph9pd4iqqb9RcRTx0fqdQWvXyUgGFhpCIMM1E5fgU8
DwVabrBB01Fd/N8L9t8GFMtAAi8z/kNwIiSRvxToZehoV9pKRZB4LMOptHw7GoBW
Bi8J41sTGjKO/Tf+FkXCwBCKyohrOXHQyDledb4yTaJSwnIxbFBgaf8huHh8/G40
PvfMCTr/OR7uWR7EFSIhK9EhuxFjMjFNg3ipj5/VNoQdfbwx4A==
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:50:19 2025 by rpki-client