Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
File: fa3b401f-ea91-45a9-8182-d567cfac077a.roa (raw, json)
Hash identifier: 2Vr+CScmmw9Nd93IhdBbEAr/cKm3fv9rD5jtnbcufoY=
Subject key identifier: 46:D9:3C:0B:3D:31:C5:DD:18:96:0D:42:AA:73:9B:EC:22:C8:C0:5E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3FB3F4489FB07AB1062DB51B4396EC6488465305
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
Signing time: Fri 25 Apr 2025 18:20:04 +0000
ROA not before: Fri 25 Apr 2025 18:20:04 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:b3:f4:48:9f:b0:7a:b1:06:2d:b5:1b:43:96:ec:64:88:46:53:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 18:20:04 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=07f599864b13769183570d5ffdb520d650a0dc7c8aedead013a7e8165e55a5b3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ce:69:2c:89:90:c0:a1:23:9a:52:65:9e:5e:
86:5a:11:16:c0:94:59:7f:fb:51:18:ae:96:62:1b:
7e:bf:3b:da:7d:ce:81:a3:90:7e:22:be:45:17:cb:
e9:5a:7e:af:a9:f6:ec:4c:d0:de:bf:7b:3e:53:a9:
5e:cb:76:7c:24:2c:98:4a:c0:71:a2:bb:8c:b5:ac:
33:30:a5:71:87:5c:3f:65:25:58:13:93:9c:43:69:
56:42:e3:7f:f4:60:67:9a:1c:29:9f:10:1e:24:19:
bf:e5:cc:a7:a3:6e:fb:ed:70:1c:48:33:26:87:3f:
9b:1c:c2:8e:26:27:fe:fd:ce:5f:70:a2:5a:03:2e:
71:08:0a:c9:cc:54:16:f1:73:a3:2b:1e:0e:f7:81:
1d:0a:2f:27:12:ce:5c:9d:8a:7d:64:3d:96:eb:92:
22:b2:63:c6:f8:13:02:3f:65:9c:37:c5:6b:1b:37:
1e:7d:f7:67:fc:36:39:31:00:cb:eb:a0:d1:f1:13:
c5:ef:42:f0:4d:ec:72:a8:20:ae:99:7b:78:f8:3d:
41:07:54:7e:c2:fb:ff:a5:93:ce:59:21:72:28:53:
e9:1c:99:13:3b:10:38:d9:43:13:42:41:5c:5c:5c:
0b:18:c1:c4:38:5d:ed:3d:d5:fe:de:53:ae:f5:11:
fc:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:D9:3C:0B:3D:31:C5:DD:18:96:0D:42:AA:73:9B:EC:22:C8:C0:5E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:b080::/48
Signature Algorithm: sha256WithRSAEncryption
3e:6a:73:51:47:26:5a:1f:a1:3b:99:50:9d:b8:d3:dc:bc:56:
48:9f:53:bf:f2:84:97:b0:a6:ea:fa:e8:e5:a5:75:79:e1:eb:
4e:b6:b6:6b:f7:aa:a0:bb:25:3c:f4:79:d2:05:68:03:83:18:
20:19:48:26:25:fa:5b:9d:53:23:13:29:1c:ad:fe:20:f6:c1:
79:80:f5:9f:2e:04:2f:4d:3e:e8:17:08:38:b2:34:0d:d2:4f:
e2:aa:ce:6b:18:90:32:4d:b6:ae:88:85:21:5d:bf:5a:58:0a:
8b:ba:0d:8d:9b:9e:28:7d:a6:10:07:56:36:48:f8:25:37:c9:
96:5f:1d:0e:17:a1:46:50:7a:64:bc:b4:d2:03:d9:59:f9:6d:
0f:33:b9:b0:88:59:e2:61:45:1b:a6:4b:26:80:a2:5b:df:c0:
7f:59:be:3e:f8:93:5c:31:59:05:a5:66:64:39:95:d1:ba:d4:
b4:3f:c8:77:74:73:c5:4f:b7:bc:53:c1:6a:da:1c:02:4e:c1:
d2:f9:18:ec:fb:71:62:00:47:3f:2b:1e:44:ce:bd:8f:af:3a:
6e:a8:c1:4a:e1:04:65:a1:28:f1:df:87:26:ba:87:97:38:29:
f4:8c:71:14:a9:30:4c:32:68:8f:43:67:27:de:b6:e7:ef:ef:
d2:06:8d:61
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUP7P0SJ+werEGLbUbQ5bsZIhGUwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUxODIwMDRaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3ZjU5OTg2NGIxMzc2OTE4MzU3MGQ1ZmZkYjUyMGQ2NTBhMGRjN2M4YWVk
ZWFkMDEzYTdlODE2NWU1NWE1YjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXOaSyJkMChI5pSZZ5ehloRFsCUWX/7URiulmIbfr872n3OgaOQfiK+RRfL
6Vp+r6n27EzQ3r97PlOpXst2fCQsmErAcaK7jLWsMzClcYdcP2UlWBOTnENpVkLj
f/RgZ5ocKZ8QHiQZv+XMp6Nu++1wHEgzJoc/mxzCjiYn/v3OX3CiWgMucQgKycxU
FvFzoyseDveBHQovJxLOXJ2KfWQ9luuSIrJjxvgTAj9lnDfFaxs3Hn33Z/w2OTEA
y+ug0fETxe9C8E3scqggrpl7ePg9QQdUfsL7/6WTzlkhcihT6RyZEzsQONlDE0JB
XFxcCxjBxDhd7T3V/t5TrvUR/K0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRG2TwL
PTHF3RiWDUKqc5vsIsjAXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmEzYjQwMWYtZWE5MS00NWE5LTgxODItZDU2N2NmYWMwNzdhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGw
gDANBgkqhkiG9w0BAQsFAAOCAQEAPmpzUUcmWh+hO5lQnbjT3LxWSJ9Tv/KEl7Cm
6vro5aV1eeHrTra2a/eqoLslPPR50gVoA4MYIBlIJiX6W51TIxMpHK3+IPbBeYD1
ny4EL00+6BcIOLI0DdJP4qrOaxiQMk22roiFIV2/WlgKi7oNjZueKH2mEAdWNkj4
JTfJll8dDhehRlB6ZLy00gPZWfltDzO5sIhZ4mFFG6ZLJoCiW9/Af1m+PviTXDFZ
BaVmZDmV0brUtD/Id3RzxU+3vFPBatocAk7B0vkY7PtxYgBHPyseRM69j686bqjB
SuEEZaEo8d+HJrqHlzgp9IxxFKkwTDJoj0NnJ9625+/v0gaNYQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:49:34 2025 by rpki-client