Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
File: 4e84f0a8-9d20-4219-b641-9a6905a033d9.roa (raw, json)
Hash identifier: 58qO8XGk1R6pDKR6ZqyPo7xwDXwXZW42LG23MGaVpNQ=
Subject key identifier: EF:B7:ED:3E:A0:EC:11:77:20:A9:44:21:B8:18:45:02:9D:C9:84:7D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 041337567C6114B61F41403C953A54938263A8DC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
Signing time: Tue 20 May 2025 18:31:29 +0000
ROA not before: Tue 20 May 2025 18:31:29 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:a040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 13:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:13:37:56:7c:61:14:b6:1f:41:40:3c:95:3a:54:93:82:63:a8:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:31:29 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=4843e02edb3e2834929bc02d5d3a1c354bde99b70d2e921f164ff3e1bd0d8336, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:71:0d:48:7f:7c:b8:b3:97:9f:5b:34:ee:45:
8d:70:74:65:99:cc:80:ee:e9:07:41:4f:93:2a:8c:
28:f6:63:ab:13:bc:bb:13:3b:4c:a4:7d:44:e6:90:
90:e2:35:35:c0:41:d2:8a:ee:1a:59:54:be:25:7e:
6b:44:19:1b:39:43:bd:91:f0:7f:ef:8d:6f:fd:46:
f4:62:82:b3:88:4a:07:69:33:0a:fb:34:9d:ca:2f:
1c:14:64:07:05:6e:f3:2a:d4:e0:2d:62:b4:96:1e:
6a:91:d5:aa:e1:01:94:d8:9e:a1:fc:13:2d:fe:5c:
c9:5b:54:e8:7a:27:74:83:28:78:28:cf:19:00:9b:
bb:11:0e:e1:48:ad:df:80:0a:5b:f5:62:3c:ce:df:
52:8f:c7:a4:03:6c:97:5e:a4:b8:de:c8:66:10:da:
cb:ac:be:7e:6d:34:78:8f:43:16:dd:ee:53:43:3a:
0f:3c:68:49:9f:c0:9b:5a:1b:0f:0b:a3:e5:d7:62:
cc:4c:65:92:da:38:17:89:d0:7d:28:36:32:ee:d1:
5a:75:eb:5c:81:61:73:1b:2a:6c:34:82:f2:ff:94:
e5:73:0a:de:f3:ed:e2:f5:88:d5:2c:04:e5:94:2a:
2c:fe:11:5e:a7:9b:48:36:52:18:01:d2:b1:28:c1:
04:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:B7:ED:3E:A0:EC:11:77:20:A9:44:21:B8:18:45:02:9D:C9:84:7D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:a040::/48
Signature Algorithm: sha256WithRSAEncryption
ae:8c:1d:09:28:b2:54:a7:a8:30:35:65:10:3a:e6:05:fc:a2:
61:90:3d:b0:f6:d3:3e:09:71:6e:a7:53:fb:45:4a:b9:ff:dd:
08:0e:69:b8:a0:45:38:96:44:c3:78:e2:ef:fd:79:56:44:92:
79:5d:ae:47:77:c8:9a:86:a2:11:88:b2:51:09:16:17:1f:9d:
3e:eb:cb:6a:6c:f5:9d:98:6d:49:bf:05:db:6e:c7:3d:e7:2e:
71:05:a3:eb:6b:38:f7:cb:84:fa:98:d7:1c:5b:e8:87:80:11:
42:58:81:b4:12:62:3c:69:0d:06:ac:d6:84:11:db:82:47:55:
5d:50:ba:63:5c:98:3d:1b:f5:e1:f6:54:64:15:91:51:9f:d2:
9c:17:5e:5e:be:49:d6:75:aa:fe:1c:23:a7:42:d2:6f:ea:6b:
18:29:c9:a9:e6:56:ac:4e:07:d4:e1:de:7a:b7:da:5e:a5:f0:
d2:e3:54:fa:93:00:a0:5b:16:7f:7d:e0:07:47:1e:2c:70:29:
62:4f:65:c6:c0:f6:f9:2e:52:04:19:47:a0:ba:78:f3:b5:aa:
e6:47:6d:db:8c:2c:01:5d:ad:11:ad:72:6e:46:44:08:c7:3b:
64:24:3f:58:36:1c:91:6f:2f:f4:dc:6f:3c:44:69:c1:e6:08:
4b:03:6e:9d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBBM3VnxhFLYfQUA8lTpUk4JjqNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODMxMjlaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ4NDNlMDJlZGIzZTI4MzQ5MjliYzAyZDVkM2ExYzM1NGJkZTk5YjcwZDJl
OTIxZjE2NGZmM2UxYmQwZDgzMzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBxDUh/fLizl59bNO5FjXB0ZZnMgO7pB0FPkyqMKPZjqxO8uxM7TKR9ROaQ
kOI1NcBB0oruGllUviV+a0QZGzlDvZHwf++Nb/1G9GKCs4hKB2kzCvs0ncovHBRk
BwVu8yrU4C1itJYeapHVquEBlNieofwTLf5cyVtU6HondIMoeCjPGQCbuxEO4Uit
34AKW/ViPM7fUo/HpANsl16kuN7IZhDay6y+fm00eI9DFt3uU0M6DzxoSZ/Am1ob
Dwuj5ddizExlkto4F4nQfSg2Mu7RWnXrXIFhcxsqbDSC8v+U5XMK3vPt4vWI1SwE
5ZQqLP4RXqebSDZSGAHSsSjBBPsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTvt+0+
oOwRdyCpRCG4GEUCncmEfTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGU4NGYwYTgtOWQyMC00MjE5LWI2NDEtOWE2OTA1YTAzM2Q5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKg
QDANBgkqhkiG9w0BAQsFAAOCAQEArowdCSiyVKeoMDVlEDrmBfyiYZA9sPbTPglx
bqdT+0VKuf/dCA5puKBFOJZEw3ji7/15VkSSeV2uR3fImoaiEYiyUQkWFx+dPuvL
amz1nZhtSb8F227HPecucQWj62s498uE+pjXHFvoh4ARQliBtBJiPGkNBqzWhBHb
gkdVXVC6Y1yYPRv14fZUZBWRUZ/SnBdeXr5J1nWq/hwjp0LSb+prGCnJqeZWrE4H
1OHeerfaXqXw0uNU+pMAoFsWf33gB0ceLHApYk9lxsD2+S5SBBlHoLp487Wq5kdt
24wsAV2tEa1ybkZECMc7ZCQ/WDYckW8v9NxvPERpweYISwNunQ==
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:27:03 2025 by rpki-client