Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6e4d9890-b4f4-4b9e-a734-b63f515360e2.roa
File: 6e4d9890-b4f4-4b9e-a734-b63f515360e2.roa (raw, json)
Hash identifier: GxFTGtXrK5Lxm99qgFkmm2TWELW43zGDE9UvUgJu/vQ=
Subject key identifier: 27:99:53:7E:70:A3:32:20:B6:DC:72:C8:05:B8:16:1D:63:67:46:59
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 42DA1A224669CE51415912223E4CBA02BF80C4AF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6e4d9890-b4f4-4b9e-a734-b63f515360e2.roa
Signing time: Tue 21 Oct 2025 13:40:51 +0000
ROA not before: Tue 21 Oct 2025 13:40:51 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:4040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:da:1a:22:46:69:ce:51:41:59:12:22:3e:4c:ba:02:bf:80:c4:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:51 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=61a3c9d63243624bec240b2c412088b1480000ef2ee1c3c4c8a2449bac3307a8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:6a:17:02:2b:34:85:4a:24:f3:09:0a:1a:41:
00:99:eb:ee:ac:d1:12:40:d2:7f:5b:77:b0:42:42:
0c:23:42:15:d9:51:f7:dc:12:f7:53:29:1a:eb:f3:
93:b7:2e:df:7b:9e:58:45:cf:1f:59:8d:2e:cb:db:
30:ad:10:8b:cd:d8:36:6f:5b:1b:51:2b:52:1f:c5:
37:e3:cf:4d:4f:4a:42:0a:69:98:24:f5:7e:08:b8:
4d:db:63:8e:e4:57:1c:06:2c:23:76:0a:a3:1e:bb:
36:ba:fc:68:06:ac:17:f3:af:0e:fd:b6:6d:e8:24:
a8:21:08:9b:59:82:c1:11:8c:27:50:70:80:45:26:
40:93:c8:b3:54:60:4b:d6:06:8e:4d:96:f0:2e:31:
f1:a8:f8:f2:79:18:fc:79:15:ec:bc:2b:1e:6d:12:
f7:d3:3a:56:fc:5b:72:db:db:5a:95:4e:1f:d6:b6:
f1:0c:3a:a8:46:b8:aa:aa:15:8d:b3:c0:bf:73:a0:
c8:02:0f:4e:73:de:15:67:3f:79:81:1c:31:17:05:
a3:a7:6e:d4:5f:64:54:db:2a:d9:c6:8d:11:68:c2:
61:13:87:f4:29:8c:30:58:68:ce:9d:88:06:4e:67:
9e:b5:98:91:37:7a:48:ac:7c:ef:34:97:d5:5c:88:
14:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:99:53:7E:70:A3:32:20:B6:DC:72:C8:05:B8:16:1D:63:67:46:59
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6e4d9890-b4f4-4b9e-a734-b63f515360e2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:4040::/48
Signature Algorithm: sha256WithRSAEncryption
8a:d6:ca:e8:d9:1a:5b:4c:21:40:32:38:72:f1:3e:fe:68:b5:
26:9a:66:be:ad:c2:76:d1:04:88:0f:a4:11:d3:37:bd:b5:bc:
e7:d4:da:db:82:47:fd:47:ac:6b:33:65:54:62:f8:6c:c5:ce:
01:89:bc:7b:6a:6a:e4:89:79:6f:90:ca:9f:03:a5:7e:b7:ea:
9d:c6:c6:23:ab:09:4d:9f:16:54:de:b9:0f:cb:3c:81:41:75:
d7:8c:26:94:e5:41:1b:55:c1:f3:5c:8f:9b:3c:cc:bf:95:a9:
c8:a2:84:72:25:74:dd:f3:b9:9e:da:cc:12:d5:d4:e5:f5:b6:
a3:1a:8d:10:e2:6c:6a:71:b2:31:55:a0:16:69:d9:f8:54:7e:
9d:fb:83:a4:2b:f0:32:96:31:09:5b:90:97:3a:f8:a9:20:1f:
fe:45:c2:d3:85:16:f7:7e:4c:f1:39:b5:91:6f:fa:c1:64:f1:
9c:fa:2f:28:aa:80:01:fb:5d:b9:6e:3c:df:b5:ad:0b:7a:fa:
1d:26:39:f1:95:14:db:63:ff:f3:14:82:12:fb:f7:06:b2:2c:
1f:9e:75:36:b3:b8:51:f8:bc:b6:a3:e9:4c:26:20:47:e9:31:
b0:83:94:5b:df:2a:70:3c:d5:63:b3:9b:7f:5d:2f:19:e9:9b:
4f:f9:a5:7f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQtoaIkZpzlFBWRIiPky6Ar+AxK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwNTFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxYTNjOWQ2MzI0MzYyNGJlYzI0MGIyYzQxMjA4OGIxNDgwMDAwZWYyZWUx
YzNjNGM4YTI0NDliYWMzMzA3YTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRqFwIrNIVKJPMJChpBAJnr7qzREkDSf1t3sEJCDCNCFdlR99wS91MpGuvz
k7cu33ueWEXPH1mNLsvbMK0Qi83YNm9bG1ErUh/FN+PPTU9KQgppmCT1fgi4Tdtj
juRXHAYsI3YKox67Nrr8aAasF/OvDv22begkqCEIm1mCwRGMJ1BwgEUmQJPIs1Rg
S9YGjk2W8C4x8aj48nkY/HkV7LwrHm0S99M6VvxbctvbWpVOH9a28Qw6qEa4qqoV
jbPAv3OgyAIPTnPeFWc/eYEcMRcFo6du1F9kVNsq2caNEWjCYROH9CmMMFhozp2I
Bk5nnrWYkTd6SKx87zSX1VyIFM0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQnmVN+
cKMyILbccsgFuBYdY2dGWTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmU0ZDk4OTAtYjRmNC00YjllLWE3MzQtYjYzZjUxNTM2MGUyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJA
QDANBgkqhkiG9w0BAQsFAAOCAQEAitbK6NkaW0whQDI4cvE+/mi1Jppmvq3CdtEE
iA+kEdM3vbW859Ta24JH/UesazNlVGL4bMXOAYm8e2pq5Il5b5DKnwOlfrfqncbG
I6sJTZ8WVN65D8s8gUF114wmlOVBG1XB81yPmzzMv5WpyKKEciV03fO5ntrMEtXU
5fW2oxqNEOJsanGyMVWgFmnZ+FR+nfuDpCvwMpYxCVuQlzr4qSAf/kXC04UW935M
8Tm1kW/6wWTxnPovKKqAAftduW4837WtC3r6HSY58ZUU22P/8xSCEvv3BrIsH551
NrO4Ufi8tqPpTCYgR+kxsIOUW98qcDzVY7Obf10vGembT/mlfw==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:54 2025 by rpki-client