Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7dbe70b9-8807-4382-b0db-753dfbe69012.roa
File: 7dbe70b9-8807-4382-b0db-753dfbe69012.roa (raw, json)
Hash identifier: fneJcsqt6XHGg/RKINaQGW0/IvERC9AIFaeXX0XPW6A=
Subject key identifier: C1:A4:22:AF:87:49:45:A8:F1:35:6F:64:4F:31:27:B3:4D:46:27:B8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 115C5C1287F8E5D9398C441939734F39796B3534
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7dbe70b9-8807-4382-b0db-753dfbe69012.roa
Signing time: Fri 25 Apr 2025 20:20:11 +0000
ROA not before: Fri 25 Apr 2025 20:20:11 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01b::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 08:37:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:5c:5c:12:87:f8:e5:d9:39:8c:44:19:39:73:4f:39:79:6b:35:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 25 20:20:11 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=c16f616b3dbc1d15b1b6021894774f615ff6f7b2e5685555a32f1842af92ea6c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:74:93:55:35:40:02:c5:46:4d:fd:93:fe:1e:
07:95:46:3d:cb:ea:0a:e8:6f:e5:ef:e0:01:aa:d0:
e4:d4:da:81:c3:f6:cb:a1:de:31:01:89:b4:d1:65:
97:74:fe:e6:b7:8a:de:b4:df:13:11:39:ed:70:a4:
85:2e:ae:0d:44:04:ed:7c:67:40:c7:d1:86:b9:dc:
47:91:d1:cb:2e:cc:88:ed:db:59:f3:fe:0a:31:ed:
35:5e:44:42:2b:a5:31:ff:28:6d:54:a6:93:94:0c:
ba:1d:76:fd:3f:ab:37:47:82:00:ea:2d:54:be:f8:
bf:4a:cd:3a:d0:d3:fe:58:94:aa:d1:a2:98:6a:8d:
6d:32:ef:16:41:25:4b:bf:e0:e9:70:1e:71:cc:c3:
f2:87:e1:b8:29:57:98:4d:ec:3f:35:7d:bd:5f:30:
26:ae:18:81:38:d9:0c:26:88:77:84:d4:f8:38:45:
f4:88:20:51:38:9c:8d:20:7e:7a:36:bd:f3:48:34:
c0:a9:5e:14:a3:70:f2:30:d4:0f:d9:b2:03:27:fc:
d7:08:22:93:35:25:7a:73:52:e5:e9:9d:58:ac:14:
62:78:9b:2a:ac:22:e8:9a:f6:17:aa:17:d6:d8:2a:
08:36:eb:8f:f8:12:69:10:44:a6:77:67:a3:61:32:
a4:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:A4:22:AF:87:49:45:A8:F1:35:6F:64:4F:31:27:B3:4D:46:27:B8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7dbe70b9-8807-4382-b0db-753dfbe69012.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01b::/37
Signature Algorithm: sha256WithRSAEncryption
31:e9:4b:3a:81:4a:31:7b:73:ea:ee:36:3b:67:73:08:50:ec:
f7:ad:f0:20:28:93:68:a9:9e:7a:5d:b3:2e:13:6c:cf:70:78:
cb:25:05:8d:fa:a1:2f:f8:f6:d5:b8:fb:8d:97:93:23:a1:79:
f3:65:ab:e7:b4:6f:d6:ec:70:09:ce:ab:a2:c8:52:ed:ea:0b:
d6:25:f1:32:63:73:a1:08:4e:24:8f:c3:c4:34:7d:c4:da:5d:
76:e3:a5:39:2f:c1:bb:5a:07:2f:30:4d:6d:26:12:2f:02:e6:
eb:4d:bc:ab:a7:13:72:fd:a5:d5:53:fc:fc:0b:17:8e:43:d7:
74:91:c5:ca:1a:5f:22:79:28:ee:12:f5:37:b9:9a:b1:9d:c7:
09:47:a3:5e:23:b2:b7:a8:94:51:5c:ca:c7:45:98:2b:fb:df:
59:58:90:4d:7e:ef:49:63:05:90:47:43:bd:4e:50:ed:dd:b5:
8a:b0:89:cb:48:a7:31:47:d2:44:23:43:65:f8:7d:82:7a:00:
6e:bf:75:35:39:f2:d3:55:06:e8:9f:e1:fb:3e:7b:66:48:1f:
6b:32:71:09:a2:44:50:90:33:2c:58:e7:2a:0f:71:8d:d1:02:
f8:37:07:41:78:70:fe:1c:f4:6d:7d:bd:04:6d:76:8e:0b:27:
bd:93:83:20
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEVxcEof45dk5jEQZOXNPOXlrNTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjUyMDIwMTFaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxNmY2MTZiM2RiYzFkMTViMWI2MDIxODk0Nzc0ZjYxNWZmNmY3YjJlNTY4
NTU1NWEzMmYxODQyYWY5MmVhNmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKh0k1U1QALFRk39k/4eB5VGPcvqCuhv5e/gAarQ5NTagcP2y6HeMQGJtNFl
l3T+5reK3rTfExE57XCkhS6uDUQE7XxnQMfRhrncR5HRyy7MiO3bWfP+CjHtNV5E
QiulMf8obVSmk5QMuh12/T+rN0eCAOotVL74v0rNOtDT/liUqtGimGqNbTLvFkEl
S7/g6XAecczD8ofhuClXmE3sPzV9vV8wJq4YgTjZDCaId4TU+DhF9IggUTicjSB+
eja980g0wKleFKNw8jDUD9myAyf81wgikzUlenNS5emdWKwUYnibKqwi6Jr2F6oX
1tgqCDbrj/gSaRBEpndno2EypMkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTBpCKv
h0lFqPE1b2RPMSezTUYnuDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2RiZTcwYjktODgwNy00MzgyLWIwZGItNzUzZGZiZTY5MDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0BsA
MA0GCSqGSIb3DQEBCwUAA4IBAQAx6Us6gUoxe3Pq7jY7Z3MIUOz3rfAgKJNoqZ56
XbMuE2zPcHjLJQWN+qEv+PbVuPuNl5MjoXnzZavntG/W7HAJzquiyFLt6gvWJfEy
Y3OhCE4kj8PENH3E2l1246U5L8G7WgcvME1tJhIvAubrTbyrpxNy/aXVU/z8CxeO
Q9d0kcXKGl8ieSjuEvU3uZqxnccJR6NeI7K3qJRRXMrHRZgr+99ZWJBNfu9JYwWQ
R0O9TlDt3bWKsInLSKcxR9JEI0Nl+H2CegBuv3U1OfLTVQbon+H7PntmSB9rMnEJ
okRQkDMsWOcqD3GN0QL4NwdBeHD+HPRtfb0EbXaOCye9k4Mg
-----END CERTIFICATE-----
Generated at Mon May 5 13:25:15 2025 by rpki-client