Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
File: 63af811a-6e40-455f-b7a8-223951036a11.roa (raw, json)
Hash identifier: ar8KqrBqZvAZ6wzaVeCo+gWKeYEJmmHFDcqZ6+v2n+o=
Subject key identifier: FF:B6:5C:1E:7A:0A:2F:15:36:43:D0:F3:B8:FE:F7:9B:C8:80:55:BC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 027EAAD921E620D3C69B65AB1A7E55F03553D191
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
Signing time: Tue 21 Oct 2025 14:10:27 +0000
ROA not before: Tue 21 Oct 2025 14:10:27 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:7e:aa:d9:21:e6:20:d3:c6:9b:65:ab:1a:7e:55:f0:35:53:d1:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:27 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=896776b061399ea197ab25468e61fe10b0f4daa605de94c4b1bf1c82a4b7db69, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:da:d0:87:46:46:d6:76:99:7c:af:7a:c2:13:
53:b9:da:b0:11:6e:5b:87:3f:34:e0:8a:c1:a3:dc:
d6:ae:8e:af:0c:6c:e0:12:57:3d:7a:21:6d:63:6f:
c7:a4:bf:3a:48:11:80:42:ca:c6:53:41:71:c0:c3:
55:e7:40:0d:fa:ba:88:27:7e:8d:b3:41:49:85:92:
ca:55:04:2b:5d:f4:12:b7:e5:d6:df:83:0b:d9:0a:
35:f6:f5:0c:0e:00:47:db:4c:23:9b:9d:45:0b:ef:
67:7b:ff:80:89:7b:7b:02:1f:f3:a9:e6:e2:99:79:
38:4c:c2:8c:21:ce:91:ed:e6:c1:9d:c2:2f:b9:0c:
04:9f:8b:b5:1d:75:38:fa:78:ea:17:28:f2:d4:50:
a7:b3:82:9c:3a:67:79:13:ca:d7:a1:28:62:ab:f2:
66:78:d7:b5:0a:8f:85:e5:da:a5:bb:5b:5f:4a:c9:
13:41:62:22:4d:bd:f8:77:2e:2e:95:b8:08:53:b4:
e9:8d:45:55:ce:fe:dd:16:b9:8f:c8:85:22:f0:c3:
36:1b:4d:43:a7:c2:ef:9b:4c:95:53:3b:54:b9:2e:
c4:34:90:02:55:72:84:72:14:84:8a:cb:ae:fd:cc:
18:d7:51:c3:7c:08:bf:8c:67:96:bf:ba:9f:6b:38:
ce:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:B6:5C:1E:7A:0A:2F:15:36:43:D0:F3:B8:FE:F7:9B:C8:80:55:BC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:9000::/40
Signature Algorithm: sha256WithRSAEncryption
bb:b8:76:6a:56:9c:9e:d0:6f:b2:2d:52:f7:e6:4b:16:08:c9:
70:4c:11:64:ac:d7:d9:ef:82:38:4c:a2:34:74:47:3b:9a:44:
2a:68:57:22:67:16:37:b5:16:18:8f:69:30:53:61:e8:78:ae:
28:00:98:f1:55:ad:29:5d:8c:8d:fa:e6:76:39:81:53:df:a7:
73:6c:b5:43:22:4d:6c:72:1d:98:68:a0:a5:26:01:df:37:c8:
a2:42:1e:48:85:33:13:64:4b:23:c0:50:ff:ae:8a:04:3a:42:
da:14:11:b6:7a:40:65:6c:66:19:59:77:50:ee:e4:95:8a:e3:
cb:e6:80:d3:a0:3f:69:56:b5:89:d4:f9:6a:50:8c:65:be:b8:
c2:44:b2:06:a3:ce:95:0f:60:98:3f:2d:7a:e6:db:e3:ef:29:
e2:ca:30:09:fb:cd:90:fa:7a:e4:cc:8c:5c:28:b8:82:2e:52:
35:9a:4b:72:e1:28:ed:fb:a4:cb:3d:49:62:9c:44:2d:ed:46:
26:e1:69:0e:02:5e:c9:b3:56:39:35:70:1d:a6:27:2d:23:c8:
fa:94:9e:f9:5f:ca:5a:61:43:eb:5e:55:74:72:f6:7e:56:b2:
d0:88:ef:09:2b:49:bc:c6:aa:53:9c:bc:44:0e:48:61:67:3a:
6b:b6:d0:73
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAn6q2SHmINPGm2WrGn5V8DVT0ZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5Njc3NmIwNjEzOTllYTE5N2FiMjU0NjhlNjFmZTEwYjBmNGRhYTYwNWRl
OTRjNGIxYmYxYzgyYTRiN2RiNjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALza0IdGRtZ2mXyvesITU7nasBFuW4c/NOCKwaPc1q6Orwxs4BJXPXohbWNv
x6S/OkgRgELKxlNBccDDVedADfq6iCd+jbNBSYWSylUEK130Erfl1t+DC9kKNfb1
DA4AR9tMI5udRQvvZ3v/gIl7ewIf86nm4pl5OEzCjCHOke3mwZ3CL7kMBJ+LtR11
OPp46hco8tRQp7OCnDpneRPK16EoYqvyZnjXtQqPheXapbtbX0rJE0FiIk29+Hcu
LpW4CFO06Y1FVc7+3Ra5j8iFIvDDNhtNQ6fC75tMlVM7VLkuxDSQAlVyhHIUhIrL
rv3MGNdRw3wIv4xnlr+6n2s4zisCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT/tlwe
egovFTZD0PO4/vebyIBVvDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjNhZjgxMWEtNmU0MC00NTVmLWI3YTgtMjIzOTUxMDM2YTExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC7uHZqVpye0G+yLVL35ksWCMlwTBFkrNfZ74I4
TKI0dEc7mkQqaFciZxY3tRYYj2kwU2HoeK4oAJjxVa0pXYyN+uZ2OYFT36dzbLVD
Ik1sch2YaKClJgHfN8iiQh5IhTMTZEsjwFD/rooEOkLaFBG2ekBlbGYZWXdQ7uSV
iuPL5oDToD9pVrWJ1PlqUIxlvrjCRLIGo86VD2CYPy165tvj7yniyjAJ+82Q+nrk
zIxcKLiCLlI1mkty4Sjt+6TLPUlinEQt7UYm4WkOAl7Js1Y5NXAdpictI8j6lJ75
X8paYUPrXlV0cvZ+VrLQiO8JK0m8xqpTnLxEDkhhZzprttBz
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:14 2025 by rpki-client