Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44bb2f76-7c1e-411a-85f6-b9cd1c77d60c.roa
File: 44bb2f76-7c1e-411a-85f6-b9cd1c77d60c.roa (raw, json)
Hash identifier: GHo+krkLZbrs1twV8ffUcIb82fBYEnphvSHSR/e/FWg=
Subject key identifier: 71:93:66:E4:22:CB:C4:C4:C7:BE:43:59:28:A9:0A:02:0B:3D:54:87
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4A240C35490184DA02C935BCD2315DBF3D01CC87
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44bb2f76-7c1e-411a-85f6-b9cd1c77d60c.roa
Signing time: Tue 21 Oct 2025 13:20:05 +0000
ROA not before: Tue 21 Oct 2025 13:20:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:5040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:24:0c:35:49:01:84:da:02:c9:35:bc:d2:31:5d:bf:3d:01:cc:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=adef387908145e068e3d48cd3bfd62a3ba0930876e28190a30c85edebb6c49a6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:69:c0:3e:b2:fe:ad:25:96:9c:b9:65:eb:70:
57:ed:4a:62:fd:44:fe:9c:9c:c8:f7:4d:77:36:7f:
00:03:e7:09:21:3c:70:54:f2:c0:64:f1:54:2e:3b:
52:f3:6d:21:66:88:23:8f:3d:75:a2:a8:60:82:d1:
97:6a:8a:75:b1:87:e9:77:da:97:ad:1f:c0:65:5c:
03:26:0c:e1:50:ee:45:93:10:7e:eb:99:23:b9:92:
3f:f6:69:e7:b6:f3:c0:58:58:75:d5:77:f9:34:77:
13:db:91:f7:b0:77:0e:a3:a1:59:ba:ad:fa:88:1b:
37:90:00:7f:0d:a5:fa:d2:f6:cf:35:48:33:5e:dc:
2f:73:78:7b:9e:73:6a:ac:f0:5c:0a:0d:25:a6:41:
e4:db:63:64:c8:eb:cb:da:c1:71:1f:86:b7:93:fe:
5b:94:65:a5:08:73:67:78:3b:dd:c8:22:3d:91:4e:
97:89:e9:24:56:c0:9c:1e:5b:f7:3e:2f:1c:bb:ce:
26:2c:69:78:86:b7:11:ed:da:4d:f7:35:41:da:87:
40:b7:93:b7:1a:d9:12:2c:d0:b3:d2:8d:e7:9c:7e:
c6:31:43:69:2c:43:20:b8:d2:4d:c8:8e:2d:64:de:
da:05:85:7a:a7:e8:ef:99:5a:ae:3d:c3:31:92:a9:
f6:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:93:66:E4:22:CB:C4:C4:C7:BE:43:59:28:A9:0A:02:0B:3D:54:87
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44bb2f76-7c1e-411a-85f6-b9cd1c77d60c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:5040::/48
Signature Algorithm: sha256WithRSAEncryption
c0:02:53:9a:ad:16:27:cf:46:c8:29:59:02:7d:a8:d1:98:9b:
0f:08:d4:20:55:53:4e:c0:63:4b:13:a4:7c:99:37:8e:eb:79:
95:c4:f7:25:7a:5b:72:fe:fe:82:9e:40:8f:6f:4c:10:3f:a1:
f7:c0:f3:96:37:81:9e:e8:fa:09:80:9d:a6:13:30:c2:16:a9:
ca:23:9d:77:14:dc:d8:0a:f7:52:62:79:96:be:6d:5c:fa:79:
db:ea:aa:78:ca:99:24:43:32:c1:60:21:66:95:18:8c:29:c5:
9e:73:a5:92:79:24:5a:a5:ab:33:46:56:40:48:64:18:63:12:
1e:44:7d:69:05:93:14:c1:7f:63:24:56:18:47:ca:fe:a6:64:
4e:48:58:f6:b7:b0:38:f0:ee:50:be:0a:3f:a4:e2:89:4e:96:
5d:d2:fa:a5:c1:46:28:1f:96:95:eb:4e:29:92:1c:26:ac:e1:
32:f5:7a:70:47:ac:b6:e6:89:3d:b4:d7:b6:ff:d1:16:6b:12:
09:99:35:76:97:4b:bd:5a:00:f5:9d:d1:1f:63:83:bc:a3:3a:
4d:34:8c:28:fa:2b:83:d8:1e:6f:2c:46:af:60:d3:38:65:25:
bc:82:cc:7f:7b:4a:71:2a:f5:4d:4a:72:f5:9c:f5:bc:0a:2c:
78:6a:ed:85
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUSiQMNUkBhNoCyTW80jFdvz0BzIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkZWYzODc5MDgxNDVlMDY4ZTNkNDhjZDNiZmQ2MmEzYmEwOTMwODc2ZTI4
MTkwYTMwYzg1ZWRlYmI2YzQ5YTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBpwD6y/q0llpy5ZetwV+1KYv1E/pycyPdNdzZ/AAPnCSE8cFTywGTxVC47
UvNtIWaII489daKoYILRl2qKdbGH6Xfal60fwGVcAyYM4VDuRZMQfuuZI7mSP/Zp
57bzwFhYddV3+TR3E9uR97B3DqOhWbqt+ogbN5AAfw2l+tL2zzVIM17cL3N4e55z
aqzwXAoNJaZB5NtjZMjry9rBcR+Gt5P+W5RlpQhzZ3g73cgiPZFOl4npJFbAnB5b
9z4vHLvOJixpeIa3Ee3aTfc1QdqHQLeTtxrZEizQs9KN55x+xjFDaSxDILjSTciO
LWTe2gWFeqfo75larj3DMZKp9h0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRxk2bk
IsvExMe+Q1koqQoCCz1UhzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDRiYjJmNzYtN2MxZS00MTFhLTg1ZjYtYjljZDFjNzdkNjBjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAwAJTmq0WJ89GyClZAn2o0ZibDwjUIFVTTsBj
SxOkfJk3jut5lcT3JXpbcv7+gp5Aj29MED+h98DzljeBnuj6CYCdphMwwhapyiOd
dxTc2Ar3UmJ5lr5tXPp52+qqeMqZJEMywWAhZpUYjCnFnnOlknkkWqWrM0ZWQEhk
GGMSHkR9aQWTFMF/YyRWGEfK/qZkTkhY9rewOPDuUL4KP6TiiU6WXdL6pcFGKB+W
letOKZIcJqzhMvV6cEestuaJPbTXtv/RFmsSCZk1dpdLvVoA9Z3RH2ODvKM6TTSM
KPorg9gebyxGr2DTOGUlvILMf3tKcSr1TUpy9Zz1vAoseGrthQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:12 2025 by rpki-client