Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a57e982-c6b8-4aa7-b30a-38bed64dfc31.roa
File: 8a57e982-c6b8-4aa7-b30a-38bed64dfc31.roa (raw, json)
Hash identifier: pC/Zkrvu//XZg+gcwERclcDus82QQKv2nAyMs8y/M0E=
Subject key identifier: E7:FF:15:8B:58:3A:70:62:4B:FB:7C:06:9B:F9:64:85:B9:AE:4C:8C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3A51DC9737BC0B3EFE46931401DD72708D7E87E4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a57e982-c6b8-4aa7-b30a-38bed64dfc31.roa
Signing time: Tue 21 Oct 2025 14:20:08 +0000
ROA not before: Tue 21 Oct 2025 14:20:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:51:dc:97:37:bc:0b:3e:fe:46:93:14:01:dd:72:70:8d:7e:87:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=cdcf5182181e652624f4d627eb6919f564b315b5b6bf196515e86bdd6bde4b57, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:17:6e:0f:e0:a3:4f:c3:3f:d6:4f:ca:f4:31:
35:9a:f9:78:b5:ac:d2:48:8d:13:4a:f7:2b:f2:8e:
02:eb:95:65:a3:7a:46:cf:7d:d8:19:1b:a4:bb:3d:
2e:cd:19:35:12:4d:d6:ad:04:05:2d:88:58:f6:75:
71:23:b0:18:de:79:b2:5d:b6:3a:3e:04:99:50:0d:
33:90:59:98:2a:db:aa:9e:12:e8:90:70:bc:a0:38:
e8:d6:fa:ec:d2:ee:8b:88:85:64:ea:47:2b:03:7c:
f2:d1:55:e6:b4:cc:bc:8e:d4:78:49:08:f7:d1:34:
0f:e1:00:f8:59:e6:dc:45:ed:5d:39:1e:0a:f5:50:
94:d9:f6:95:e9:77:af:f9:46:8d:aa:c6:1f:46:98:
31:0f:ad:e9:a4:89:fd:3a:42:df:62:57:74:0f:52:
8d:70:ab:0c:1c:ff:55:df:c0:32:5c:f2:c1:4f:29:
8b:23:1b:e8:e4:97:88:05:6d:3f:15:5a:71:e0:df:
a5:39:f7:5b:1d:5c:c2:ee:ec:b9:f0:d4:82:53:a5:
c5:ef:12:f1:be:fe:e2:13:be:23:51:8e:de:c5:c5:
23:96:7c:4f:4a:2c:96:09:d0:9f:eb:d7:22:5a:e8:
e4:32:9e:19:61:f4:06:2f:62:f6:0f:66:57:7e:57:
7f:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:FF:15:8B:58:3A:70:62:4B:FB:7C:06:9B:F9:64:85:B9:AE:4C:8C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a57e982-c6b8-4aa7-b30a-38bed64dfc31.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:8000::/40
Signature Algorithm: sha256WithRSAEncryption
bc:dc:6b:04:31:86:05:41:07:f1:1c:e3:a4:db:bb:1f:f8:92:
39:18:9e:48:fa:7f:1c:6e:75:e1:85:e2:ba:ab:47:5a:fb:00:
8b:30:be:d3:b9:9d:23:e3:e6:a2:7d:f0:33:73:82:11:7e:74:
ab:cb:82:cc:a5:56:5c:11:70:82:a4:a1:a0:a5:03:73:b4:bc:
16:5d:12:04:68:11:df:e2:18:e2:bb:68:ce:e7:d0:ae:a1:e6:
21:1b:63:d9:39:1c:00:87:54:4b:48:ff:cd:dc:a5:04:d3:60:
d0:77:1b:10:a1:3f:e6:e5:04:55:51:cc:be:f3:40:b0:24:37:
21:8b:9a:c0:20:7f:30:e7:22:a9:35:ad:68:84:91:50:f5:08:
1a:c6:6e:e0:24:b1:e9:45:19:f1:cf:01:48:6f:cd:c7:10:bb:
06:f2:b0:e3:7c:b3:68:88:a5:a6:f2:59:dc:0d:90:82:81:09:
26:29:30:9f:cc:e4:77:94:4e:99:b2:87:e6:8c:61:14:4d:65:
19:f9:07:7c:af:4f:5f:fa:7d:38:02:04:02:ba:19:8e:b7:a5:
75:be:7c:6e:41:d9:e4:0d:59:e9:ef:20:ef:e4:68:0e:f2:0a:
35:e5:dc:bf:24:15:54:29:26:03:53:df:d2:fb:95:6c:4b:b8:
8f:2e:94:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOlHclze8Cz7+RpMUAd1ycI1+h+QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkY2Y1MTgyMTgxZTY1MjYyNGY0ZDYyN2ViNjkxOWY1NjRiMzE1YjViNmJm
MTk2NTE1ZTg2YmRkNmJkZTRiNTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJgXbg/go0/DP9ZPyvQxNZr5eLWs0kiNE0r3K/KOAuuVZaN6Rs992BkbpLs9
Ls0ZNRJN1q0EBS2IWPZ1cSOwGN55sl22Oj4EmVANM5BZmCrbqp4S6JBwvKA46Nb6
7NLui4iFZOpHKwN88tFV5rTMvI7UeEkI99E0D+EA+Fnm3EXtXTkeCvVQlNn2lel3
r/lGjarGH0aYMQ+t6aSJ/TpC32JXdA9SjXCrDBz/Vd/AMlzywU8piyMb6OSXiAVt
PxVaceDfpTn3Wx1cwu7sufDUglOlxe8S8b7+4hO+I1GO3sXFI5Z8T0oslgnQn+vX
Ilro5DKeGWH0Bi9i9g9mV35XfzUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTn/xWL
WDpwYkv7fAab+WSFua5MjDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGE1N2U5ODItYzZiOC00YWE3LWIzMGEtMzhiZWQ2NGRmYzMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+A
MA0GCSqGSIb3DQEBCwUAA4IBAQC83GsEMYYFQQfxHOOk27sf+JI5GJ5I+n8cbnXh
heK6q0da+wCLML7TuZ0j4+aiffAzc4IRfnSry4LMpVZcEXCCpKGgpQNztLwWXRIE
aBHf4hjiu2jO59CuoeYhG2PZORwAh1RLSP/N3KUE02DQdxsQoT/m5QRVUcy+80Cw
JDchi5rAIH8w5yKpNa1ohJFQ9Qgaxm7gJLHpRRnxzwFIb83HELsG8rDjfLNoiKWm
8lncDZCCgQkmKTCfzOR3lE6ZsofmjGEUTWUZ+Qd8r09f+n04AgQCuhmOt6V1vnxu
QdnkDVnp7yDv5GgO8go15dy/JBVUKSYDU9/S+5VsS7iPLpRq
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:19 2025 by rpki-client