Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: RQeM3qdU+TTcpveTigcwds1g1mph2jdPDH61MzA59HI=
Subject key identifier: B5:AD:02:78:B7:50:54:70:D7:9B:37:82:25:BE:E1:F5:A9:A8:BF:9C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7DE2E0AAFBDE6AA25BD19C2DF6948478027FD45D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Mon 28 Apr 2025 15:40:41 +0000
ROA not before: Mon 28 Apr 2025 15:40:41 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 01:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:e2:e0:aa:fb:de:6a:a2:5b:d1:9c:2d:f6:94:84:78:02:7f:d4:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 28 15:40:41 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=7827e25fee214398c8bcea3ff52fde4d04e5665614780a2cf10626e0d28ce11e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:9c:44:b5:5e:d1:81:1b:21:0e:54:e8:a0:13:
ae:d1:c0:b8:a1:e3:dc:2e:cf:cb:ed:9a:f3:55:69:
ce:b8:8e:d4:02:5a:42:f7:f9:40:57:a3:5a:79:3a:
9e:68:c3:19:cf:d1:17:66:73:b7:4b:05:f7:73:04:
fe:b6:b8:72:09:70:fe:b6:d9:d9:74:8e:5f:92:71:
79:e3:50:32:b3:76:0b:f7:89:0c:97:d0:03:e9:2a:
f4:4c:71:df:4e:3f:aa:b5:e6:50:aa:80:1f:dc:a2:
f5:89:39:51:0c:9e:0d:fe:0b:c5:bf:a3:1e:55:a4:
35:96:4b:31:c0:70:3f:0e:5c:bf:e8:64:8f:c6:ba:
76:51:44:9e:f1:69:38:8c:32:4e:5d:a5:ac:c1:11:
7c:5f:70:f1:66:76:48:2c:b3:b1:2d:c7:e0:c9:58:
7b:b4:5d:22:20:5c:60:66:39:81:cb:ba:21:2c:17:
1c:e0:72:c0:69:4e:b3:49:fe:d8:ee:a6:4a:75:dd:
8e:bb:1d:a3:a9:90:33:e9:e7:f4:3b:70:28:0d:70:
7f:e6:2b:9f:55:40:12:02:51:b8:63:ed:1e:4c:f6:
99:34:84:a1:67:fc:b1:09:53:df:78:6a:d6:65:c0:
fe:14:9e:8d:76:23:02:d0:b4:03:71:64:5b:21:41:
4a:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:AD:02:78:B7:50:54:70:D7:9B:37:82:25:BE:E1:F5:A9:A8:BF:9C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
16:9b:71:cc:88:cf:a7:7b:3c:15:ff:01:f1:0e:fd:36:c9:73:
d7:ba:77:d2:64:d7:ae:50:e9:81:8b:81:d8:4f:90:b1:55:ea:
59:10:df:b7:0c:1d:77:22:2d:2f:d2:82:55:d3:4e:cb:7d:45:
15:39:07:80:36:a2:27:a8:10:7e:99:d1:c4:ac:92:ee:c1:30:
d2:00:d0:79:88:30:8b:81:87:7d:ae:18:3a:fa:4d:7c:67:f6:
55:71:aa:55:ba:72:78:ab:de:2c:d2:c1:09:99:f0:32:d9:85:
e8:b3:7f:d9:9b:6d:20:e5:23:e7:c1:18:c1:bd:b7:08:0f:ef:
fd:24:5c:7e:0f:bf:fa:4f:46:9b:6b:21:67:46:1e:7f:fa:94:
73:93:29:9e:83:63:74:12:77:9d:a6:df:94:57:95:09:04:2c:
5c:a9:c6:52:a6:93:10:44:ef:ce:35:e3:fc:24:46:3d:9f:36:
4f:77:12:02:26:41:ef:b5:22:9a:66:5c:cc:36:aa:d5:7a:cb:
f7:46:19:4e:48:7b:86:05:e5:42:75:0e:81:df:0a:d8:23:06:
43:b9:cb:de:c3:c7:8c:3d:71:57:38:60:31:b8:05:53:c9:a8:
90:a4:31:76:8d:66:89:57:ff:a6:22:72:24:f6:a9:ec:d8:02:
0a:42:8e:f6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfeLgqvveaqJb0Zwt9pSEeAJ/1F0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MjgxNTQwNDFaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4MjdlMjVmZWUyMTQzOThjOGJjZWEzZmY1MmZkZTRkMDRlNTY2NTYxNDc4
MGEyY2YxMDYyNmUwZDI4Y2UxMWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWcRLVe0YEbIQ5U6KATrtHAuKHj3C7Py+2a81VpzriO1AJaQvf5QFejWnk6
nmjDGc/RF2Zzt0sF93ME/ra4cglw/rbZ2XSOX5JxeeNQMrN2C/eJDJfQA+kq9Exx
304/qrXmUKqAH9yi9Yk5UQyeDf4Lxb+jHlWkNZZLMcBwPw5cv+hkj8a6dlFEnvFp
OIwyTl2lrMERfF9w8WZ2SCyzsS3H4MlYe7RdIiBcYGY5gcu6ISwXHOBywGlOs0n+
2O6mSnXdjrsdo6mQM+nn9DtwKA1wf+Yrn1VAEgJRuGPtHkz2mTSEoWf8sQlT33hq
1mXA/hSejXYjAtC0A3FkWyFBSjcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS1rQJ4
t1BUcNebN4IlvuH1qai/nDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAWm3HMiM+nezwV/wHxDv02yXPXunfSZNeuUOmB
i4HYT5CxVepZEN+3DB13Ii0v0oJV007LfUUVOQeANqInqBB+mdHErJLuwTDSANB5
iDCLgYd9rhg6+k18Z/ZVcapVunJ4q94s0sEJmfAy2YXos3/Zm20g5SPnwRjBvbcI
D+/9JFx+D7/6T0abayFnRh5/+pRzkymeg2N0Enedpt+UV5UJBCxcqcZSppMQRO/O
NeP8JEY9nzZPdxICJkHvtSKaZlzMNqrVesv3RhlOSHuGBeVCdQ6B3wrYIwZDucve
w8eMPXFXOGAxuAVTyaiQpDF2jWaJV/+mInIk9qns2AIKQo72
-----END CERTIFICATE-----
Generated at Mon May 5 10:33:09 2025 by rpki-client