Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f5df7952-9afa-44d3-8d00-72b89f047d7c.roa
File: f5df7952-9afa-44d3-8d00-72b89f047d7c.roa (raw, json)
Hash identifier: SSenLE2VdsQXNJ0UbylUjqSxrcgUk5l1ExjXIB9yQow=
Subject key identifier: F7:CD:51:41:D0:1E:19:AE:F4:F6:77:C9:7C:77:DA:F8:FF:FB:58:DD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 24A0241C2381936C634365EBCA8C9435AECA9BB3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f5df7952-9afa-44d3-8d00-72b89f047d7c.roa
Signing time: Fri 25 Apr 2025 19:30:08 +0000
ROA not before: Fri 25 Apr 2025 19:30:08 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07b:60c0::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:a0:24:1c:23:81:93:6c:63:43:65:eb:ca:8c:94:35:ae:ca:9b:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 19:30:08 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=af03b98076b27ffb78b3ebce52ff6bd36f0c790c76a5e6649d6e7d9cb2656161, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:d4:36:61:dd:e0:a0:c8:00:0d:1a:13:4c:fc:
60:dd:4e:a1:68:a2:4d:27:ec:9e:04:63:31:10:7f:
3f:31:fb:aa:90:53:ff:89:b9:c4:92:13:ea:8c:14:
61:fd:0a:03:c3:94:a9:f2:e4:d5:d6:a2:5d:3b:93:
40:52:cb:fc:a4:52:3c:db:b4:a2:16:d9:6d:77:f0:
67:a1:7c:14:70:e8:51:89:84:72:b1:46:36:e5:f7:
c3:f9:e0:e4:5a:8a:4f:f9:3d:13:d4:47:7c:48:c9:
08:a7:28:8f:d5:2e:39:c6:fa:28:d3:15:26:16:e5:
84:7d:57:15:a3:be:d8:4d:77:13:d6:91:ec:f2:dc:
3d:75:e6:a0:8d:63:15:ce:85:2e:c0:47:2f:d9:63:
cb:b5:ab:f1:43:78:86:2d:4f:21:d0:81:13:70:6b:
8a:c5:14:78:0c:0a:5e:2d:e9:f2:42:3a:98:de:51:
53:82:31:f0:0d:9f:24:e6:22:49:a8:bc:61:ab:32:
a5:ef:ee:04:e0:1d:39:41:63:5c:fc:ce:c5:65:12:
01:11:e8:7a:9b:0d:0e:0a:20:41:aa:bb:31:c9:2b:
fa:cb:a4:83:f9:02:e7:fc:1b:ea:cf:e2:79:6f:4c:
8b:30:bc:a9:90:fa:8d:f7:86:e1:71:71:85:6f:e9:
8c:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:CD:51:41:D0:1E:19:AE:F4:F6:77:C9:7C:77:DA:F8:FF:FB:58:DD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f5df7952-9afa-44d3-8d00-72b89f047d7c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07b:60c0::/46
Signature Algorithm: sha256WithRSAEncryption
b0:55:b0:ae:7e:9b:26:69:5e:d3:5b:fe:01:6b:e1:5c:b8:af:
43:da:f8:53:03:6f:6c:4e:c5:90:b5:7e:60:63:7e:92:a1:ef:
1e:da:f8:22:d3:f7:39:39:fe:b3:12:cf:53:de:4d:ad:ba:57:
2d:e5:78:11:09:00:b7:c5:53:97:1b:96:8f:56:64:78:d6:51:
0b:04:11:dc:71:b9:d5:c3:fb:12:0c:ae:1d:d4:52:87:c6:03:
d1:5e:f9:83:9d:cd:c0:60:9f:ae:a0:f6:af:42:bd:aa:52:11:
87:3f:86:4f:2a:0f:ee:7e:d7:ff:00:16:03:d7:61:fb:ca:a5:
c5:eb:da:f4:f9:a8:d9:d8:9f:7a:ac:8b:86:6f:2d:20:cc:bc:
59:6b:1f:55:ca:d2:6b:d6:b7:53:5e:82:15:1b:75:85:af:b2:
d5:06:b4:8e:e7:fd:2b:c1:72:fd:4c:d1:2c:09:7a:50:be:bf:
d7:f6:10:e6:f0:76:fd:b9:78:d6:e8:5b:87:9e:51:19:da:11:
e4:d4:56:c7:22:dc:3d:38:f6:dc:0a:52:0f:ea:f0:f7:97:49:
90:e2:7d:1d:40:df:8f:a2:21:9e:92:a7:8d:8d:6b:c0:59:25:
76:dc:e8:9b:a7:a7:72:2f:4e:bd:64:10:82:0f:f7:3b:4a:49:
0b:00:be:22
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJKAkHCOBk2xjQ2XryoyUNa7Km7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxOTMwMDhaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGFmMDNiOTgwNzZiMjdmZmI3OGIzZWJjZTUyZmY2YmQzNmYwYzc5MGM3NmE1
ZTY2NDlkNmU3ZDljYjI2NTYxNjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDUNmHd4KDIAA0aE0z8YN1OoWiiTSfsngRjMRB/PzH7qpBT/4m5xJIT6owU
Yf0KA8OUqfLk1daiXTuTQFLL/KRSPNu0ohbZbXfwZ6F8FHDoUYmEcrFGNuX3w/ng
5FqKT/k9E9RHfEjJCKcoj9UuOcb6KNMVJhblhH1XFaO+2E13E9aR7PLcPXXmoI1j
Fc6FLsBHL9ljy7Wr8UN4hi1PIdCBE3BrisUUeAwKXi3p8kI6mN5RU4Ix8A2fJOYi
Sai8Yasype/uBOAdOUFjXPzOxWUSARHoepsNDgogQaq7Mckr+sukg/kC5/wb6s/i
eW9MizC8qZD6jfeG4XFxhW/pjCUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT3zVFB
0B4ZrvT2d8l8d9r4//tY3TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjVkZjc5NTItOWFmYS00NGQzLThkMDAtNzJiODlmMDQ3ZDdjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Htg
wDANBgkqhkiG9w0BAQsFAAOCAQEAsFWwrn6bJmle01v+AWvhXLivQ9r4UwNvbE7F
kLV+YGN+kqHvHtr4ItP3OTn+sxLPU95NrbpXLeV4EQkAt8VTlxuWj1ZkeNZRCwQR
3HG51cP7EgyuHdRSh8YD0V75g53NwGCfrqD2r0K9qlIRhz+GTyoP7n7X/wAWA9dh
+8qlxeva9Pmo2difeqyLhm8tIMy8WWsfVcrSa9a3U16CFRt1ha+y1Qa0juf9K8Fy
/UzRLAl6UL6/1/YQ5vB2/bl41uhbh55RGdoR5NRWxyLcPTj23ApSD+rw95dJkOJ9
HUDfj6IhnpKnjY1rwFkldtzom6enci9OvWQQgg/3O0pJCwC+Ig==
-----END CERTIFICATE-----
Generated at Sat Apr 26 17:35:26 2025 by rpki-client