Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
File: 595250c3-e9f2-4e23-9779-87c47497f520.roa (raw, json)
Hash identifier: AKSRE60dSto1I3oSBsEZuh1ZYFpz76v0mRgwcY5oUu0=
Subject key identifier: 12:5F:32:9E:AC:27:57:AF:C5:1A:C7:75:C5:C6:1D:6A:FE:B2:2D:07
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0CF4A2DA43408C3851256A23E3E5CC971E15D3D9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
Signing time: Sat 15 Nov 2025 05:50:08 +0000
ROA not before: Sat 15 Nov 2025 05:50:08 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 00:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:f4:a2:da:43:40:8c:38:51:25:6a:23:e3:e5:cc:97:1e:15:d3:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 15 05:50:08 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=2b6d40b54081d9e438a886bc63f9ae9566d39739a8a1cc1539686048825b9897, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:a1:9e:56:1f:c2:98:35:7c:25:9c:21:62:cf:
d2:c3:b6:a8:e7:a0:a4:02:6f:1e:4c:8e:ef:ed:e4:
6d:79:d7:df:6d:82:b1:f4:3f:b6:2a:10:11:3d:df:
10:ba:0b:2a:b2:87:21:96:50:ec:44:73:5e:95:c9:
9e:3b:c6:f3:48:f8:9f:2e:49:6d:cc:63:85:98:0b:
0e:61:3e:9a:36:23:70:d6:9a:3b:37:d4:39:5b:eb:
16:88:27:69:d0:13:00:a4:a3:0a:94:01:e6:e8:97:
ef:47:55:0a:bf:04:c6:43:84:dc:38:ce:ee:6f:f4:
5a:3a:95:61:07:94:b1:52:33:dd:a5:7c:8b:97:66:
b1:49:46:91:34:a9:ee:f2:93:fc:85:a8:8d:56:03:
30:f4:68:d8:57:ee:99:35:1a:bc:64:13:41:f4:6f:
ad:3c:ee:38:45:53:44:ee:a6:cd:87:64:5e:6c:7a:
b1:3c:f7:21:55:25:55:a7:a0:81:32:35:1a:31:c9:
a5:cd:c8:e3:dc:3e:fe:3d:2d:e6:a8:d3:3a:68:9a:
e9:38:0a:3d:03:43:7f:0a:00:16:81:92:76:6c:b4:
0f:35:d8:61:c0:4f:95:7d:dd:c8:02:ed:83:80:f9:
42:cd:9c:c4:6a:16:dc:77:fa:31:51:6c:61:b2:96:
7a:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:5F:32:9E:AC:27:57:AF:C5:1A:C7:75:C5:C6:1D:6A:FE:B2:2D:07
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:5000::/40
Signature Algorithm: sha256WithRSAEncryption
02:85:69:ad:71:97:30:7c:6d:10:9a:3f:e0:b8:a6:6d:b0:25:
f4:2e:1d:9d:d5:d4:fc:45:ba:f0:7a:62:92:8b:77:98:f1:97:
33:21:5b:1b:37:0a:59:d1:54:50:77:24:5c:58:7c:ae:37:d6:
c1:49:25:1a:7b:da:d0:5f:d5:a0:d7:5a:63:84:19:f5:2f:14:
5d:2c:db:46:37:78:99:b2:3d:69:30:bb:52:fa:09:e9:6c:bd:
b2:c1:1f:3c:f1:a7:be:22:d3:0f:26:d2:99:0e:c9:89:32:c5:
46:2e:14:76:77:cf:f2:0c:f0:5d:38:7d:bf:37:0a:ce:28:07:
a4:ef:f6:54:5e:a2:29:14:1b:3c:1e:aa:5a:83:86:ff:f2:f8:
15:f5:e5:b2:f4:38:54:6a:46:54:51:7e:cd:dc:4c:e9:f7:ff:
39:fc:ca:82:81:85:39:82:ee:24:b2:5d:74:66:b9:a4:b7:bb:
aa:e6:a5:1f:ec:6f:20:8e:16:03:bf:37:d6:7c:02:36:6a:fe:
57:a2:3f:aa:ad:ba:f6:de:76:fa:e4:68:61:50:8d:eb:4d:03:
7d:36:3d:71:18:99:51:43:03:ef:fe:f5:c4:2a:67:cd:75:63:
cb:71:e5:53:0a:b6:a3:7f:a1:be:40:3b:96:15:50:ab:07:c8:
39:6b:1f:a3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDPSi2kNAjDhRJWoj4+XMlx4V09kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMTUwNTUwMDhaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiNmQ0MGI1NDA4MWQ5ZTQzOGE4ODZiYzYzZjlhZTk1NjZkMzk3MzlhOGEx
Y2MxNTM5Njg2MDQ4ODI1Yjk4OTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmhnlYfwpg1fCWcIWLP0sO2qOegpAJvHkyO7+3kbXnX322CsfQ/tioQET3f
ELoLKrKHIZZQ7ERzXpXJnjvG80j4ny5JbcxjhZgLDmE+mjYjcNaaOzfUOVvrFogn
adATAKSjCpQB5uiX70dVCr8ExkOE3DjO7m/0WjqVYQeUsVIz3aV8i5dmsUlGkTSp
7vKT/IWojVYDMPRo2FfumTUavGQTQfRvrTzuOEVTRO6mzYdkXmx6sTz3IVUlVaeg
gTI1GjHJpc3I49w+/j0t5qjTOmia6TgKPQNDfwoAFoGSdmy0DzXYYcBPlX3dyALt
g4D5Qs2cxGoW3Hf6MVFsYbKWen8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQSXzKe
rCdXr8Uax3XFxh1q/rItBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk1MjUwYzMtZTlmMi00ZTIzLTk3NzktODdjNDc0OTdmNTIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAChWmtcZcwfG0Qmj/guKZtsCX0Lh2d1dT8Rbrw
emKSi3eY8ZczIVsbNwpZ0VRQdyRcWHyuN9bBSSUae9rQX9Wg11pjhBn1LxRdLNtG
N3iZsj1pMLtS+gnpbL2ywR888ae+ItMPJtKZDsmJMsVGLhR2d8/yDPBdOH2/NwrO
KAek7/ZUXqIpFBs8Hqpag4b/8vgV9eWy9DhUakZUUX7N3Ezp9/85/MqCgYU5gu4k
sl10Zrmkt7uq5qUf7G8gjhYDvzfWfAI2av5Xoj+qrbr23nb65GhhUI3rTQN9Nj1x
GJlRQwPv/vXEKmfNdWPLceVTCrajf6G+QDuWFVCrB8g5ax+j
-----END CERTIFICATE-----
Generated at Mon Nov 17 03:26:57 2025 by rpki-client