Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a5c899e-1564-4329-8939-7004d7b754c8.roa
File: 7a5c899e-1564-4329-8939-7004d7b754c8.roa (raw, json)
Hash identifier: kdTeCD8hvXXHErmcT7qjdMM7kUqSQeF7M6bDQWFT5cA=
Subject key identifier: 61:3F:D0:F3:3B:8A:72:80:C7:CE:3E:5B:31:D7:BF:5B:84:6D:5D:DA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6597BCC8EA0CC86E1DFDF62DFAF8E3D71AF56983
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a5c899e-1564-4329-8939-7004d7b754c8.roa
Signing time: Tue 21 Oct 2025 14:31:15 +0000
ROA not before: Tue 21 Oct 2025 14:31:15 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:97:bc:c8:ea:0c:c8:6e:1d:fd:f6:2d:fa:f8:e3:d7:1a:f5:69:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:31:15 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4753878918f27ba96ac552c079cd88a088d01128fefb80ce7f540a7619297219, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:4d:d5:3f:bf:89:f0:5e:fa:cc:6e:e1:bd:f2:
9f:51:6e:bc:4e:26:1d:a4:d5:8a:24:08:aa:8c:86:
ca:31:65:84:40:6b:f5:d8:e4:87:e1:88:68:d0:e0:
ca:14:ed:dd:9c:27:fe:c6:14:12:b5:d7:ed:89:8c:
72:c7:c1:80:58:0c:31:3a:73:8a:0f:72:72:d3:e8:
23:69:b5:9e:f0:2b:7e:96:dc:59:04:6d:07:90:16:
3e:60:97:52:ff:27:50:c1:35:46:e3:ea:07:68:bd:
83:61:4f:8f:27:62:32:cf:d6:20:08:e2:dd:d5:09:
fc:b2:0c:24:ad:99:4f:da:07:55:e6:d9:5e:03:07:
2b:a1:f7:ca:97:f7:00:5d:4a:e6:cd:88:07:02:b8:
bf:6e:e4:64:2b:b0:0a:2f:27:1d:20:48:cf:11:95:
77:48:2a:29:8a:21:5e:e9:86:b6:a9:b0:82:4c:aa:
2b:33:eb:42:51:ca:d4:d8:9c:62:6b:ab:92:5d:b0:
67:d4:eb:25:4c:d3:b9:c9:72:10:ae:6f:c5:8a:69:
ad:3a:4a:76:78:72:cb:fc:b2:cf:57:b9:b9:49:b2:
2e:7d:2e:7f:16:f6:78:dd:6f:62:bd:4d:2b:f6:37:
a9:95:f5:ae:e0:87:f2:4a:41:d7:36:fa:f0:84:52:
3c:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:3F:D0:F3:3B:8A:72:80:C7:CE:3E:5B:31:D7:BF:5B:84:6D:5D:DA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a5c899e-1564-4329-8939-7004d7b754c8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:9000::/40
Signature Algorithm: sha256WithRSAEncryption
20:3d:68:78:8e:6a:92:27:9d:c1:17:16:9e:2e:15:9a:14:91:
35:80:a4:45:91:a8:9a:e3:0a:1a:bd:26:99:6c:10:27:e3:34:
17:a8:fa:a0:18:da:7b:25:a6:68:9c:69:f4:0d:31:f9:61:cb:
92:26:d1:8c:ff:34:ef:f3:3e:e6:18:0f:df:7a:1f:ef:da:a7:
6d:39:ff:9a:90:71:fa:7a:12:8d:96:26:d4:59:d4:e5:84:fd:
4a:c5:ba:1d:fc:53:5a:6d:0a:38:3f:ba:ed:85:9a:3c:a8:b5:
32:84:9b:3c:05:af:9b:e1:e6:e4:de:50:62:95:49:6c:c2:81:
b0:70:23:c0:e7:26:eb:57:8e:68:83:90:46:2e:21:f8:37:f4:
6b:6c:03:e1:8e:0f:5c:7d:58:50:0e:1e:8d:99:6b:61:cd:78:
c0:5c:6f:ae:c6:9b:9d:c1:78:2c:1e:13:b2:5a:40:c2:04:fd:
06:38:63:d4:81:44:90:a2:d3:5e:81:5e:76:21:87:86:f8:dd:
dc:3f:f2:e6:88:2e:de:97:dd:c9:e8:18:5b:a3:1b:5e:03:88:
e0:be:6c:5b:4f:90:28:ca:2b:1d:db:6b:f8:be:3a:48:41:15:
1e:95:61:92:73:33:77:02:98:95:1e:ec:44:e8:fd:82:e7:da:
50:c6:e1:31
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZZe8yOoMyG4d/fYt+vjj1xr1aYMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMxMTVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3NTM4Nzg5MThmMjdiYTk2YWM1NTJjMDc5Y2Q4OGEwODhkMDExMjhmZWZi
ODBjZTdmNTQwYTc2MTkyOTcyMTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZN1T+/ifBe+sxu4b3yn1FuvE4mHaTViiQIqoyGyjFlhEBr9djkh+GIaNDg
yhTt3Zwn/sYUErXX7YmMcsfBgFgMMTpzig9yctPoI2m1nvArfpbcWQRtB5AWPmCX
Uv8nUME1RuPqB2i9g2FPjydiMs/WIAji3dUJ/LIMJK2ZT9oHVebZXgMHK6H3ypf3
AF1K5s2IBwK4v27kZCuwCi8nHSBIzxGVd0gqKYohXumGtqmwgkyqKzPrQlHK1Nic
Ymurkl2wZ9TrJUzTuclyEK5vxYpprTpKdnhyy/yyz1e5uUmyLn0ufxb2eN1vYr1N
K/Y3qZX1ruCH8kpB1zb68IRSPKkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRhP9Dz
O4pygMfOPlsx179bhG1d2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2E1Yzg5OWUtMTU2NC00MzI5LTg5MzktNzAwNGQ3Yjc1NGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAgPWh4jmqSJ53BFxaeLhWaFJE1gKRFkaia4woa
vSaZbBAn4zQXqPqgGNp7JaZonGn0DTH5YcuSJtGM/zTv8z7mGA/feh/v2qdtOf+a
kHH6ehKNlibUWdTlhP1Kxbod/FNabQo4P7rthZo8qLUyhJs8Ba+b4ebk3lBilUls
woGwcCPA5ybrV45og5BGLiH4N/RrbAPhjg9cfVhQDh6NmWthzXjAXG+uxpudwXgs
HhOyWkDCBP0GOGPUgUSQotNegV52IYeG+N3cP/LmiC7el93J6BhboxteA4jgvmxb
T5Aoyisd22v4vjpIQRUelWGSczN3ApiVHuxE6P2C59pQxuEx
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:08 2025 by rpki-client