Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
File: 74c7eb62-ad02-4aa2-9be5-024692c6239f.roa (raw, json)
Hash identifier: wQKEThVTdWUB1FBvUgC+KMkZHlgWbSJRFNzRjJC6o7A=
Subject key identifier: 31:98:FB:9B:EA:14:AC:30:CE:BF:8B:3A:96:03:EA:60:C4:80:1F:B5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 720E3A097559183DFDE57382FC033B38AB1E1BBB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
Signing time: Tue 20 May 2025 18:51:16 +0000
ROA not before: Tue 20 May 2025 18:51:16 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 13:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:0e:3a:09:75:59:18:3d:fd:e5:73:82:fc:03:3b:38:ab:1e:1b:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 18:51:16 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=cda68964a46f45c1c4ccd36be012c983814b20861f83cb1a7f94f6fb2ab8831c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:9c:30:70:1d:4d:b5:1b:d0:07:61:ab:97:1f:
de:36:84:41:1f:f0:67:96:8a:1a:7b:d4:0e:aa:25:
04:f2:d0:ea:de:5b:cb:33:3f:15:ed:63:c2:61:dd:
08:9d:0f:7e:b2:d7:b5:61:dc:aa:24:42:6c:50:a5:
bc:05:77:2a:af:1b:f5:d4:37:c3:8a:4d:48:b9:85:
b2:92:c9:ea:96:15:dd:f3:0b:1b:74:6f:40:a6:5a:
c8:24:07:8b:1a:98:bb:e8:4a:74:c3:c7:a7:47:9d:
a1:ef:b1:ca:ed:93:14:ac:b5:2c:dd:01:f6:74:b5:
ba:6d:f2:85:33:6f:03:6f:bb:0e:fd:08:d2:7c:7b:
d8:63:3c:81:68:ff:e6:7c:4b:cc:ac:73:e1:fc:ab:
7d:88:b8:56:29:ab:d8:4f:a8:f2:3d:d7:eb:b8:ba:
0e:70:1d:e4:60:8b:f1:7a:2a:cb:39:d5:70:77:e4:
4b:c3:44:87:d2:04:b3:50:2a:e2:11:3d:48:87:de:
2f:f4:3c:4e:99:7c:4a:ae:20:1b:a7:16:8e:3a:37:
13:ef:f3:1f:d0:f1:0a:dc:8e:df:87:a6:2d:d6:29:
a7:be:a0:50:71:6d:cd:38:25:25:df:96:c3:e9:70:
ec:dc:b5:8b:01:b2:64:59:85:fc:93:28:4d:18:56:
75:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:98:FB:9B:EA:14:AC:30:CE:BF:8B:3A:96:03:EA:60:C4:80:1F:B5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:2000::/40
Signature Algorithm: sha256WithRSAEncryption
70:80:60:27:5c:4c:54:68:f7:b7:75:f5:a4:18:e5:00:d5:9c:
e0:22:71:b1:c8:ae:c9:af:9e:68:c4:48:6a:6b:3e:81:51:fd:
ea:8f:45:41:10:03:fa:b5:8f:87:83:c5:d6:81:2f:2c:5b:cb:
66:a8:3a:16:64:d6:31:f5:94:ae:7b:aa:03:67:55:dc:cb:cd:
6a:43:f2:74:aa:85:68:91:8c:a5:88:b3:a1:75:4d:b6:8d:3d:
71:55:36:c8:1f:36:b1:01:2f:c8:68:32:09:05:9e:61:0f:ef:
75:40:5f:45:1e:d3:cb:f3:39:cb:77:f3:a4:91:09:ed:29:c5:
8e:09:10:c0:f8:54:9a:cd:fe:12:fb:c4:81:64:f1:59:ce:1e:
48:2b:3f:80:08:97:7d:f3:54:42:7c:1d:c9:95:bd:71:bf:21:
86:03:08:c4:02:98:51:1c:d6:6b:79:7b:ab:4a:09:b1:27:2a:
87:11:7d:a7:7d:db:d6:72:48:b2:4b:61:83:54:fe:9c:6e:6e:
c2:b5:de:4a:96:e1:c8:54:77:c2:2a:62:a0:9c:67:af:f7:83:
16:6d:25:ca:09:cf:c4:e7:55:45:81:1d:90:b4:ee:ab:08:74:
30:48:67:1c:cd:26:16:b7:c5:e3:4a:a1:bb:96:57:4d:46:78:
fc:9d:2b:ec
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcg46CXVZGD395XOC/AM7OKseG7swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAxODUxMTZaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkYTY4OTY0YTQ2ZjQ1YzFjNGNjZDM2YmUwMTJjOTgzODE0YjIwODYxZjgz
Y2IxYTdmOTRmNmZiMmFiODgzMWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKScMHAdTbUb0Adhq5cf3jaEQR/wZ5aKGnvUDqolBPLQ6t5byzM/Fe1jwmHd
CJ0PfrLXtWHcqiRCbFClvAV3Kq8b9dQ3w4pNSLmFspLJ6pYV3fMLG3RvQKZayCQH
ixqYu+hKdMPHp0edoe+xyu2TFKy1LN0B9nS1um3yhTNvA2+7Dv0I0nx72GM8gWj/
5nxLzKxz4fyrfYi4Vimr2E+o8j3X67i6DnAd5GCL8XoqyznVcHfkS8NEh9IEs1Aq
4hE9SIfeL/Q8Tpl8Sq4gG6cWjjo3E+/zH9DxCtyO34emLdYpp76gUHFtzTglJd+W
w+lw7Ny1iwGyZFmF/JMoTRhWddkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQxmPub
6hSsMM6/izqWA+pgxIAftTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzRjN2ViNjItYWQwMi00YWEyLTliZTUtMDI0NjkyYzYyMzlmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0AAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBwgGAnXExUaPe3dfWkGOUA1ZzgInGxyK7Jr55o
xEhqaz6BUf3qj0VBEAP6tY+Hg8XWgS8sW8tmqDoWZNYx9ZSue6oDZ1Xcy81qQ/J0
qoVokYyliLOhdU22jT1xVTbIHzaxAS/IaDIJBZ5hD+91QF9FHtPL8znLd/OkkQnt
KcWOCRDA+FSazf4S+8SBZPFZzh5IKz+ACJd981RCfB3Jlb1xvyGGAwjEAphRHNZr
eXurSgmxJyqHEX2nfdvWckiyS2GDVP6cbm7Ctd5KluHIVHfCKmKgnGev94MWbSXK
Cc/E51VFgR2QtO6rCHQwSGcczSYWt8XjSqG7lldNRnj8nSvs
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:26:08 2025 by rpki-client