Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cfa3133-8fd4-4816-ad14-c49146075f82.roa
File: 8cfa3133-8fd4-4816-ad14-c49146075f82.roa (raw, json)
Hash identifier: GQfTZn5/HOBSGeeQ5XY9V+xdNKw5WKfAOUAZ3qoRgM4=
Subject key identifier: BF:FC:96:8B:65:ED:90:48:51:CB:C2:B3:61:4D:1A:1B:45:29:E2:DC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1A0BF9405ABE0BCF1A93C1CEE83B11D3456823F8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cfa3133-8fd4-4816-ad14-c49146075f82.roa
Signing time: Tue 21 Oct 2025 13:20:54 +0000
ROA not before: Tue 21 Oct 2025 13:20:54 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:0b:f9:40:5a:be:0b:cf:1a:93:c1:ce:e8:3b:11:d3:45:68:23:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:54 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5df59507e19e249c4ff4c1a0d68d35066f50ed704cec6bd5590280bf02aded0e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:c2:23:e7:e1:62:c8:13:9a:d0:50:e3:8c:d2:
be:c1:e9:91:e7:68:be:81:7f:cf:68:8f:58:a3:99:
70:e6:24:15:b1:39:ab:f5:2f:a8:ac:31:49:9c:35:
2c:f0:55:8a:ff:fb:c7:e2:c2:9c:71:c1:8e:b9:ad:
fa:46:bd:75:11:ea:ff:72:28:1c:36:2b:31:b1:05:
36:c3:96:b5:3d:ee:03:60:88:03:56:60:48:01:b0:
df:4a:5f:be:13:90:7e:f9:8c:09:dc:9f:d8:f3:95:
66:d8:2d:bc:71:0d:91:5e:e4:2b:41:42:b6:7e:9c:
2c:ba:07:4a:38:ea:3e:6b:c3:54:3a:cc:87:d6:e4:
61:f7:46:40:a5:a4:5e:84:ec:1a:0a:76:e2:d3:fd:
2b:8e:47:f6:57:2a:f4:af:7c:00:c6:0b:ce:d9:4a:
78:4c:8e:74:ed:a1:65:5e:7a:e7:ed:8f:c5:57:32:
74:b3:54:a5:df:71:c9:2c:22:a9:68:ef:82:24:86:
fb:5b:f8:42:fd:b8:55:be:aa:12:27:60:86:f4:33:
96:db:b9:06:29:4b:05:15:a7:38:05:87:f4:2b:bf:
95:54:e1:f1:fb:fb:93:b9:f9:6d:2d:08:2c:f4:34:
ff:78:f5:fc:c8:fd:3d:5f:8e:2f:2b:b5:e7:9d:65:
fc:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:FC:96:8B:65:ED:90:48:51:CB:C2:B3:61:4D:1A:1B:45:29:E2:DC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cfa3133-8fd4-4816-ad14-c49146075f82.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:6000::/40
Signature Algorithm: sha256WithRSAEncryption
bc:f7:da:33:c2:ec:5a:f1:62:ce:27:5d:51:83:00:05:bf:20:
9c:62:16:e2:a1:23:ef:22:94:b8:25:62:5f:49:81:6e:d7:ff:
66:e7:50:d9:f7:04:80:2e:f0:5a:25:7d:a5:4a:ec:d3:ce:17:
ef:be:28:ff:25:c6:cb:d5:1c:ab:33:e9:fc:64:8c:c3:0c:6a:
5b:c6:00:35:47:1b:e3:72:66:7b:ab:10:e7:95:0e:3c:47:79:
f0:cb:a1:d1:de:23:f7:4f:54:0f:3c:b6:d9:a2:ab:cd:6c:f5:
17:e8:47:2d:37:5f:e0:e4:85:b8:24:c6:d7:cb:9a:fb:82:80:
9a:79:1a:88:5e:4b:09:94:5c:8b:6e:40:66:c9:cb:cd:e7:84:
3c:3a:04:5d:d5:22:06:77:96:af:ce:f9:1c:0d:c0:4a:e0:5e:
df:39:b5:f8:28:e1:bb:75:06:d7:22:84:f7:aa:98:7b:08:80:
0a:f1:17:24:24:38:76:f4:f3:a2:82:0e:b5:54:4a:00:f6:f8:
14:d4:f5:d6:34:88:54:e4:74:d4:51:84:ed:3f:c1:fa:4e:45:
b8:5f:c0:58:c3:73:11:ac:52:4c:74:74:45:f3:b3:9a:f9:54:
a5:df:95:f4:db:9d:ed:06:e0:d7:0b:d8:da:43:a4:0c:59:de:
95:a9:13:ef
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGgv5QFq+C88ak8HO6DsR00VoI/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwNTRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkZjU5NTA3ZTE5ZTI0OWM0ZmY0YzFhMGQ2OGQzNTA2NmY1MGVkNzA0Y2Vj
NmJkNTU5MDI4MGJmMDJhZGVkMGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPjCI+fhYsgTmtBQ44zSvsHpkedovoF/z2iPWKOZcOYkFbE5q/UvqKwxSZw1
LPBViv/7x+LCnHHBjrmt+ka9dRHq/3IoHDYrMbEFNsOWtT3uA2CIA1ZgSAGw30pf
vhOQfvmMCdyf2POVZtgtvHENkV7kK0FCtn6cLLoHSjjqPmvDVDrMh9bkYfdGQKWk
XoTsGgp24tP9K45H9lcq9K98AMYLztlKeEyOdO2hZV565+2PxVcydLNUpd9xySwi
qWjvgiSG+1v4Qv24Vb6qEidghvQzltu5BilLBRWnOAWH9Cu/lVTh8fv7k7n5bS0I
LPQ0/3j1/Mj9PV+OLyu1551l/K0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS//JaL
Ze2QSFHLwrNhTRobRSni3DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGNmYTMxMzMtOGZkNC00ODE2LWFkMTQtYzQ5MTQ2MDc1ZjgyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJg
MA0GCSqGSIb3DQEBCwUAA4IBAQC899ozwuxa8WLOJ11RgwAFvyCcYhbioSPvIpS4
JWJfSYFu1/9m51DZ9wSALvBaJX2lSuzTzhfvvij/JcbL1RyrM+n8ZIzDDGpbxgA1
RxvjcmZ7qxDnlQ48R3nwy6HR3iP3T1QPPLbZoqvNbPUX6EctN1/g5IW4JMbXy5r7
goCaeRqIXksJlFyLbkBmycvN54Q8OgRd1SIGd5avzvkcDcBK4F7fObX4KOG7dQbX
IoT3qph7CIAK8RckJDh29POigg61VEoA9vgU1PXWNIhU5HTUUYTtP8H6TkW4X8BY
w3MRrFJMdHRF87Oa+VSl35X0253tBuDXC9jaQ6QMWd6VqRPv
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:16 2025 by rpki-client