Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
File: f97778b4-85b1-4580-ac38-a4872d19261b.roa (raw, json)
Hash identifier: UdveOBMscsCWtMBAH24wevPntH0XeH6UCIhXk1JjD74=
Subject key identifier: CD:33:AB:AB:4D:78:71:67:4F:37:E4:0A:91:90:36:26:C0:02:A1:6B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 52B9917A04A42C932ADA483F516BA46618002E0D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
Signing time: Tue 20 May 2025 20:21:28 +0000
ROA not before: Tue 20 May 2025 20:21:28 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 13:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:b9:91:7a:04:a4:2c:93:2a:da:48:3f:51:6b:a4:66:18:00:2e:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 20 20:21:28 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=c34466753e678984a0338d48dc4ffa6de5f7e7f9103c4ed07dfdbb64dcaaf9ba, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:e4:bb:46:ce:50:8a:8d:dd:ca:35:ce:13:ba:
63:19:9f:cb:46:76:06:69:f2:9f:31:b7:c7:a7:53:
d5:07:e3:ef:5c:59:b7:75:3f:88:ac:6f:0c:79:e7:
7e:07:36:ff:85:5b:c9:5d:57:08:e8:2a:f9:34:d0:
81:aa:1c:9e:ce:d0:50:08:ef:26:6b:bc:22:40:42:
e5:9e:7a:ab:c9:00:81:34:06:37:c3:c1:60:ad:ee:
ad:8f:5d:f4:02:19:e1:21:17:32:9d:28:8d:d1:90:
0d:7c:7b:56:94:45:a1:7f:f5:23:22:9c:1e:95:c0:
b6:2c:70:a4:57:bc:46:b0:02:d4:d8:59:2a:a0:78:
2d:ed:8b:dc:df:57:98:27:b5:ef:5d:ad:b1:24:27:
6c:13:fb:d0:68:1c:2c:32:f7:6c:f1:73:67:93:ca:
c3:14:4a:b1:74:ab:86:dc:3c:8f:e6:41:3e:7d:c3:
1d:69:be:f9:cb:44:30:db:93:32:3f:47:52:19:7a:
64:03:b7:a2:39:e3:ee:10:73:b6:1a:c1:92:34:9c:
82:aa:75:7e:7a:0f:4f:20:5a:29:fd:2a:ab:1d:19:
59:31:8f:cd:aa:43:e0:22:ad:c0:52:27:d0:a3:58:
a6:c2:d1:2d:cb:ce:b8:e0:a8:ed:9e:d8:62:5b:e3:
63:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:33:AB:AB:4D:78:71:67:4F:37:E4:0A:91:90:36:26:C0:02:A1:6B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:5000::/40
Signature Algorithm: sha256WithRSAEncryption
2d:28:3d:3b:51:28:5a:58:ce:70:3e:90:10:51:30:ba:41:fa:
25:e3:a5:f0:d3:d4:eb:7d:ad:46:c2:aa:61:e3:2d:f4:1f:52:
0f:87:4e:63:aa:ef:98:cf:c4:ec:aa:d1:5c:1a:b4:4b:e8:09:
57:dc:f1:9a:13:34:30:6d:ff:ea:df:b1:96:0a:78:24:26:ae:
a6:3f:bb:eb:07:17:e4:fb:86:55:28:cb:0b:21:06:5d:50:7a:
70:ea:ef:a7:2a:5d:d1:26:16:3c:c0:16:16:7e:bf:35:30:b7:
4d:7b:57:b1:53:b2:ed:87:df:09:4e:59:6f:e8:f4:c0:b2:7a:
9f:6e:e5:77:ee:d1:d0:70:df:03:df:d3:8b:72:fe:28:0c:fc:
f9:e0:bb:49:c5:41:6f:69:3c:bd:e3:3f:f7:a2:4e:6c:6d:d3:
c6:b2:89:8c:c3:3d:1c:f2:43:2e:8a:c6:fd:e9:81:fc:c6:88:
3e:1d:d4:8b:e9:ba:26:68:53:61:1b:e5:3f:ff:b6:dc:44:37:
21:ed:af:20:e7:7a:c3:50:68:89:7b:50:2b:42:b7:11:4e:08:
87:68:70:96:2e:47:27:dc:c6:dd:e7:72:0e:cb:a1:21:06:b4:
3a:2a:3d:2d:49:03:dd:cd:5c:4d:9d:a8:72:3a:cf:fa:3f:6f:
76:68:5b:c7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUrmRegSkLJMq2kg/UWukZhgALg0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDIxMjhaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzNDQ2Njc1M2U2Nzg5ODRhMDMzOGQ0OGRjNGZmYTZkZTVmN2U3ZjkxMDNj
NGVkMDdkZmRiYjY0ZGNhYWY5YmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJHku0bOUIqN3co1zhO6Yxmfy0Z2BmnynzG3x6dT1Qfj71xZt3U/iKxvDHnn
fgc2/4VbyV1XCOgq+TTQgaocns7QUAjvJmu8IkBC5Z56q8kAgTQGN8PBYK3urY9d
9AIZ4SEXMp0ojdGQDXx7VpRFoX/1IyKcHpXAtixwpFe8RrAC1NhZKqB4Le2L3N9X
mCe1712tsSQnbBP70GgcLDL3bPFzZ5PKwxRKsXSrhtw8j+ZBPn3DHWm++ctEMNuT
Mj9HUhl6ZAO3ojnj7hBzthrBkjScgqp1fnoPTyBaKf0qqx0ZWTGPzapD4CKtwFIn
0KNYpsLRLcvOuOCo7Z7YYlvjY2cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTNM6ur
TXhxZ0835AqRkDYmwAKhazAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3Nzc4YjQtODViMS00NTgwLWFjMzgtYTQ4NzJkMTkyNjFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAtKD07UShaWM5wPpAQUTC6Qfol46Xw09Trfa1G
wqph4y30H1IPh05jqu+Yz8TsqtFcGrRL6AlX3PGaEzQwbf/q37GWCngkJq6mP7vr
Bxfk+4ZVKMsLIQZdUHpw6u+nKl3RJhY8wBYWfr81MLdNe1exU7Lth98JTllv6PTA
snqfbuV37tHQcN8D39OLcv4oDPz54LtJxUFvaTy94z/3ok5sbdPGsomMwz0c8kMu
isb96YH8xog+HdSL6bomaFNhG+U//7bcRDch7a8g53rDUGiJe1ArQrcRTgiHaHCW
Lkcn3Mbd53IOy6EhBrQ6Kj0tSQPdzVxNnahyOs/6P292aFvH
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:25:08 2025 by rpki-client