Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
File: 4a3909fa-da3d-4cd8-918f-7755304d49d1.roa (raw, json)
Hash identifier: yy1v4PuoZl3nWyJVMIAb51GcBS8wf2g3uwnBwM0hhgE=
Subject key identifier: E9:F1:A5:AE:85:EB:CA:3F:1A:20:7D:D2:CC:09:60:5B:AD:72:06:78
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 46F785133B6161C36DC016053D1BE26B528AB4B5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
Signing time: Mon 28 Apr 2025 15:41:04 +0000
ROA not before: Mon 28 Apr 2025 15:41:04 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 08:37:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
46:f7:85:13:3b:61:61:c3:6d:c0:16:05:3d:1b:e2:6b:52:8a:b4:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 28 15:41:04 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=ed234ec17977c0312e973d67dd53fb895458cc7adf1936f6ed8999603f722ba5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:d5:e5:82:b1:c7:96:54:ed:ae:1f:74:e9:85:
e7:c2:8b:80:f7:68:1d:e5:df:b3:eb:0a:7b:2e:cc:
a8:c4:6b:c8:77:f5:da:5c:45:8b:4e:e1:d2:87:d1:
f6:fb:e8:dd:b8:b3:33:9d:4a:d7:25:c8:15:56:3c:
a5:99:27:60:d2:d7:92:9d:78:b6:f3:f5:ab:bd:2d:
7d:43:b6:84:9c:ba:f0:2b:93:9e:35:41:b7:5d:06:
f4:96:4f:36:51:8a:d1:4e:97:21:7f:4e:e0:65:2c:
08:32:93:6c:3c:ad:af:3a:54:71:fb:3b:dc:d5:47:
52:b3:b5:05:19:b3:93:68:84:db:00:a3:d1:ef:4d:
77:96:4a:fd:cc:4b:6a:84:70:c3:8f:38:24:d5:f7:
97:96:29:0c:54:9d:ee:b9:02:00:f3:de:30:9a:53:
19:67:c9:5e:96:72:8e:bb:be:63:d7:ae:43:0a:e1:
ec:a4:4c:8c:5e:dc:06:48:7f:f4:df:ba:45:a4:13:
bd:10:5b:fe:e6:67:cd:01:d3:80:a7:f0:ef:45:54:
d0:2d:3d:20:99:df:00:dc:0c:c6:54:ab:c8:1e:9a:
b7:7e:e6:95:36:49:be:67:be:26:7b:ef:79:ce:5b:
22:5b:1a:ae:f5:f1:97:43:3a:7b:8e:0c:70:22:5f:
8d:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:F1:A5:AE:85:EB:CA:3F:1A:20:7D:D2:CC:09:60:5B:AD:72:06:78
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:a000::/40
Signature Algorithm: sha256WithRSAEncryption
35:3f:cd:a7:e7:bc:7c:fe:b9:da:83:a2:f1:b6:75:0f:ae:ea:
0e:67:e9:0a:b9:ab:f3:4e:4a:6a:d5:f7:1b:95:14:95:e2:7c:
26:d1:ce:c9:88:31:f6:b3:09:92:36:8a:44:31:0e:6a:fd:63:
5e:56:00:8c:47:f8:98:21:bc:b8:10:a5:22:f0:a9:1d:8f:4b:
3a:2e:c9:79:fe:74:bc:00:81:cd:cd:85:82:47:fa:79:cd:ba:
e6:70:7b:83:cf:06:f7:6a:86:06:13:17:36:c4:15:79:ec:f7:
04:89:d7:4a:c9:c7:fb:7f:0c:11:11:61:37:9d:23:f2:2b:9d:
25:ba:6f:1a:0f:ff:8a:97:b0:2f:cb:3d:43:be:06:41:0e:6b:
44:21:08:96:ef:b4:7a:28:6c:d2:90:1a:fe:88:41:a0:18:d6:
b4:0a:b2:32:b7:c2:6f:1e:3e:5e:09:b1:17:0a:5c:9a:a2:a9:
57:0a:98:57:e4:3d:79:66:6f:22:cf:8a:e8:98:d6:90:44:38:
b9:f4:ac:4f:2a:46:40:87:f2:7c:bb:df:a0:ae:fd:ff:30:c7:
f9:25:03:22:68:18:0b:78:ec:9f:8d:bd:08:33:52:35:50:6c:
c3:eb:64:a3:bb:07:c0:d8:d6:b1:cd:02:8e:29:dd:ff:33:20:
52:4f:6f:3e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURveFEzthYcNtwBYFPRvia1KKtLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjgxNTQxMDRaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkMjM0ZWMxNzk3N2MwMzEyZTk3M2Q2N2RkNTNmYjg5NTQ1OGNjN2FkZjE5
MzZmNmVkODk5OTYwM2Y3MjJiYTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJrV5YKxx5ZU7a4fdOmF58KLgPdoHeXfs+sKey7MqMRryHf12lxFi07h0ofR
9vvo3bizM51K1yXIFVY8pZknYNLXkp14tvP1q70tfUO2hJy68CuTnjVBt10G9JZP
NlGK0U6XIX9O4GUsCDKTbDytrzpUcfs73NVHUrO1BRmzk2iE2wCj0e9Nd5ZK/cxL
aoRww484JNX3l5YpDFSd7rkCAPPeMJpTGWfJXpZyjru+Y9euQwrh7KRMjF7cBkh/
9N+6RaQTvRBb/uZnzQHTgKfw70VU0C09IJnfANwMxlSryB6at37mlTZJvme+Jnvv
ec5bIlsarvXxl0M6e44McCJfjaMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTp8aWu
hevKPxogfdLMCWBbrXIGeDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGEzOTA5ZmEtZGEzZC00Y2Q4LTkxOGYtNzc1NTMwNGQ0OWQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+g
MA0GCSqGSIb3DQEBCwUAA4IBAQA1P82n57x8/rnag6LxtnUPruoOZ+kKuavzTkpq
1fcblRSV4nwm0c7JiDH2swmSNopEMQ5q/WNeVgCMR/iYIby4EKUi8Kkdj0s6Lsl5
/nS8AIHNzYWCR/p5zbrmcHuDzwb3aoYGExc2xBV57PcEiddKycf7fwwREWE3nSPy
K50lum8aD/+Kl7Avyz1DvgZBDmtEIQiW77R6KGzSkBr+iEGgGNa0CrIyt8JvHj5e
CbEXClyaoqlXCphX5D15Zm8iz4romNaQRDi59KxPKkZAh/J8u9+grv3/MMf5JQMi
aBgLeOyfjb0IM1I1UGzD62SjuwfA2NaxzQKOKd3/MyBST28+
-----END CERTIFICATE-----
Generated at Mon May 5 13:29:02 2025 by rpki-client