Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
File: 4e84f0a8-9d20-4219-b641-9a6905a033d9.roa (raw, json)
Hash identifier: 9qZki/hBu8h/ez2pcg9EE+D74FQN2H7sjNjEUGnPKAs=
Subject key identifier: EE:E8:C6:57:D7:D5:25:CD:85:76:E8:F5:47:EB:07:E6:73:F1:C3:52
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5A0BA729F973A475C641A184A1416C6CE3C796D2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
Signing time: Mon 01 Sep 2025 19:41:14 +0000
ROA not before: Mon 01 Sep 2025 19:41:14 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:a040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:0b:a7:29:f9:73:a4:75:c6:41:a1:84:a1:41:6c:6c:e3:c7:96:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 19:41:14 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=5bf7698d07db96669b371da66c45fde1c1c98e08cd86bb3b463a062f83e66783, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:68:0c:7c:c0:91:7d:b7:94:ad:79:4e:09:10:
5a:aa:7e:e3:3b:37:b8:ef:8c:ae:6d:8d:67:3f:ca:
fb:fb:f1:4c:6b:df:1f:36:bb:c7:5c:22:67:60:99:
b0:81:fb:9d:40:6b:75:8d:25:d7:2f:be:2f:4b:39:
dc:2f:1a:50:4e:46:5b:6f:a1:9a:47:c9:f7:fe:9b:
8b:38:f1:ba:73:db:27:d7:02:34:e3:31:2a:9c:eb:
28:b1:e2:38:de:3e:70:45:47:24:61:a3:aa:ea:00:
70:d6:88:1e:29:c7:ed:0b:6f:f9:d9:21:0e:3e:f6:
1f:ae:66:ab:13:bf:76:41:35:69:3f:ca:04:e9:53:
50:a4:5f:86:db:62:37:45:65:ae:09:06:60:4c:94:
21:76:f0:75:f3:6a:8c:b2:5b:a4:ab:4b:fa:6e:3b:
b4:1a:3a:07:4f:84:69:b3:e0:eb:c7:ce:09:2c:81:
b0:05:47:23:5d:97:07:e9:d7:c3:31:48:f8:bd:58:
52:c6:3d:2e:a9:f2:8c:8e:69:cc:5a:a5:60:42:50:
b2:f6:71:66:94:3b:df:78:1e:22:54:f1:ef:64:cd:
39:68:cc:ae:6c:96:4f:a4:95:28:f9:8d:0d:b7:17:
81:45:28:ee:ea:6b:b7:d4:34:d9:8c:ef:61:41:76:
95:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:E8:C6:57:D7:D5:25:CD:85:76:E8:F5:47:EB:07:E6:73:F1:C3:52
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:a040::/48
Signature Algorithm: sha256WithRSAEncryption
06:7a:75:b5:14:92:dc:e4:de:72:99:04:73:b0:22:27:fb:ab:
dd:fb:18:f2:95:4b:d3:58:7b:85:48:fd:28:c3:00:d7:1f:27:
90:6c:b2:fe:f4:c2:e6:2a:39:9a:da:e0:2f:f1:ad:6a:ca:0f:
6e:b0:8e:c2:61:6d:52:0a:33:3a:ed:fd:55:db:ad:22:e6:4d:
0e:0f:fc:85:59:f6:01:81:a9:43:b4:21:d1:1d:93:bf:71:15:
cf:fa:23:c4:0e:8e:6f:06:ef:cc:f6:2f:07:23:67:d3:5f:c3:
46:ec:e9:b4:87:99:a9:ee:30:cf:7c:26:f9:2c:d0:6e:2f:cb:
ec:ac:0d:ea:b9:d8:0a:27:af:29:79:e2:8f:a0:4c:85:97:c7:
0c:95:e7:2d:e6:9d:17:9c:df:d3:65:95:4c:8b:90:0e:7a:d1:
42:35:57:5e:5e:3f:f0:7d:db:5a:40:e9:fd:56:14:88:93:2d:
4e:bd:aa:77:af:6d:49:c7:06:0d:f1:dd:7a:c2:95:44:70:53:
6e:5f:79:5a:82:f3:83:c1:dc:09:ed:7b:a0:ea:3d:28:3e:cc:
af:9d:d6:09:a9:84:f2:cc:8e:c5:5c:21:92:cb:df:a1:15:2b:
a3:af:7d:24:4a:3d:9a:32:7e:10:5b:d8:49:60:97:2d:ea:f6:
6e:71:70:06
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWgunKflzpHXGQaGEoUFsbOPHltIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDExOTQxMTRaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDViZjc2OThkMDdkYjk2NjY5YjM3MWRhNjZjNDVmZGUxYzFjOThlMDhjZDg2
YmIzYjQ2M2EwNjJmODNlNjY3ODMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAONoDHzAkX23lK15TgkQWqp+4zs3uO+Mrm2NZz/K+/vxTGvfHza7x1wiZ2CZ
sIH7nUBrdY0l1y++L0s53C8aUE5GW2+hmkfJ9/6bizjxunPbJ9cCNOMxKpzrKLHi
ON4+cEVHJGGjquoAcNaIHinH7Qtv+dkhDj72H65mqxO/dkE1aT/KBOlTUKRfhtti
N0VlrgkGYEyUIXbwdfNqjLJbpKtL+m47tBo6B0+EabPg68fOCSyBsAVHI12XB+nX
wzFI+L1YUsY9LqnyjI5pzFqlYEJQsvZxZpQ733geIlTx72TNOWjMrmyWT6SVKPmN
DbcXgUUo7uprt9Q02YzvYUF2lQMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTu6MZX
19UlzYV26PVH6wfmc/HDUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGU4NGYwYTgtOWQyMC00MjE5LWI2NDEtOWE2OTA1YTAzM2Q5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKg
QDANBgkqhkiG9w0BAQsFAAOCAQEABnp1tRSS3OTecpkEc7AiJ/ur3fsY8pVL01h7
hUj9KMMA1x8nkGyy/vTC5io5mtrgL/GtasoPbrCOwmFtUgozOu39VdutIuZNDg/8
hVn2AYGpQ7Qh0R2Tv3EVz/ojxA6ObwbvzPYvByNn01/DRuzptIeZqe4wz3wm+SzQ
bi/L7KwN6rnYCievKXnij6BMhZfHDJXnLeadF5zf02WVTIuQDnrRQjVXXl4/8H3b
WkDp/VYUiJMtTr2qd69tSccGDfHdesKVRHBTbl95WoLzg8HcCe17oOo9KD7Mr53W
CamE8syOxVwhksvfoRUro699JEo9mjJ+EFvYSWCXLer2bnFwBg==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:08:20 2025 by rpki-client