Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
File: 975dfb4d-ef39-4371-9678-ff7909080d1e.roa (raw, json)
Hash identifier: OTfeK6Svu2khmF4uGwccOWO7o5gzqeUz1h+m+K/QBhI=
Subject key identifier: F6:4C:C4:B6:F4:BD:93:E7:D1:EF:85:D4:D4:46:DC:AB:38:05:52:4A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 10D746997BBF591CFA462575028C416A2A522A54
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
Signing time: Tue 21 Oct 2025 13:40:09 +0000
ROA not before: Tue 21 Oct 2025 13:40:09 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:d7:46:99:7b:bf:59:1c:fa:46:25:75:02:8c:41:6a:2a:52:2a:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:09 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=bcd698aa678fc89551aeb218f370fbe4b0ea41893a6f6dc5c8ee56ec46bbf756, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:57:20:e6:cf:b6:9e:0a:61:06:a6:a3:58:fa:
21:98:85:26:f0:4d:68:a2:9a:96:55:58:b4:fb:6c:
0c:67:6a:2d:18:db:36:bc:0e:50:5c:01:9e:df:96:
5f:c7:d5:31:2c:9a:8b:8d:d6:a6:07:f8:f8:d9:ed:
e1:8d:bf:92:2e:c9:b6:f5:52:da:b3:e3:33:b7:3c:
39:28:a8:6f:ec:0f:56:b1:a0:20:ee:93:40:48:c0:
fb:f5:16:22:fd:3c:30:ce:7b:59:0c:59:f9:5e:39:
5c:5a:30:c7:34:5c:3f:c5:ae:f7:99:e6:29:98:61:
f1:ef:00:06:08:46:5c:52:de:af:91:f3:e9:4d:0d:
9e:6d:eb:c4:9b:b5:be:f3:cf:c7:61:6b:e4:bc:1e:
6b:26:bd:a4:7f:a3:04:5a:1f:b1:89:f6:bf:98:58:
d0:23:6f:2b:fe:9f:fb:bd:16:58:6d:05:c7:1e:1b:
7f:b1:8c:ec:8c:cd:16:8b:bc:89:64:60:d7:e0:98:
2d:76:41:34:67:7b:0c:ba:e6:45:fc:e7:e8:e8:93:
8b:6e:fe:3d:27:7d:da:e8:f6:15:54:f8:f3:9d:db:
0b:81:f9:d2:44:5c:ab:d7:49:e2:d7:b8:d3:97:b1:
c9:15:5c:f9:b0:09:d0:eb:fa:aa:3a:b0:5d:a6:59:
6f:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:4C:C4:B6:F4:BD:93:E7:D1:EF:85:D4:D4:46:DC:AB:38:05:52:4A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:b080::/48
Signature Algorithm: sha256WithRSAEncryption
05:fa:4b:e6:06:ee:a9:b1:d3:b4:05:0c:d3:ce:27:6b:38:9a:
96:0d:65:51:cb:35:d5:c7:4e:3a:ea:7f:c3:e7:00:7c:f2:e3:
7c:2e:44:41:bb:d8:ef:09:09:b6:e0:41:df:83:df:9e:c7:d1:
58:b8:e9:5b:8b:5f:66:56:e4:73:80:e6:7f:d6:c0:f7:7a:3f:
cd:ae:39:7e:8d:75:ea:22:77:3a:c1:24:11:98:30:99:a2:22:
a7:97:f3:21:35:82:17:5b:14:c5:14:46:e5:68:8c:7d:4d:1f:
16:9e:d8:9c:2b:8e:a3:9e:b5:cb:6b:5f:db:20:d0:68:6d:43:
82:1a:b9:14:cc:3d:a1:f7:81:e2:ed:88:de:92:b1:73:f6:68:
9a:5b:ee:72:0e:66:6a:3f:d3:8c:04:71:9b:2c:3a:84:eb:25:
25:f6:d8:92:0e:80:ee:6d:84:24:32:3d:16:cf:ce:8c:ed:86:
f0:72:43:af:a9:81:01:c8:4a:04:1f:aa:e7:80:ef:ef:d8:38:
f7:c2:a1:38:f2:d6:d8:85:42:ae:b5:f4:f9:42:22:80:d1:9b:
ea:16:69:f4:32:b9:f5:3f:b7:fa:65:6c:e0:b6:ca:54:ba:9e:
43:a7:37:95:f4:59:7d:48:ac:47:d3:28:6a:bb:65:e7:71:a7:
8a:8a:b9:0a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUENdGmXu/WRz6RiV1AoxBaipSKlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMDlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjZDY5OGFhNjc4ZmM4OTU1MWFlYjIxOGYzNzBmYmU0YjBlYTQxODkzYTZm
NmRjNWM4ZWU1NmVjNDZiYmY3NTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOJXIObPtp4KYQamo1j6IZiFJvBNaKKallVYtPtsDGdqLRjbNrwOUFwBnt+W
X8fVMSyai43Wpgf4+Nnt4Y2/ki7JtvVS2rPjM7c8OSiob+wPVrGgIO6TQEjA+/UW
Iv08MM57WQxZ+V45XFowxzRcP8Wu95nmKZhh8e8ABghGXFLer5Hz6U0Nnm3rxJu1
vvPPx2Fr5Lweaya9pH+jBFofsYn2v5hY0CNvK/6f+70WWG0Fxx4bf7GM7IzNFou8
iWRg1+CYLXZBNGd7DLrmRfzn6OiTi27+PSd92uj2FVT4853bC4H50kRcq9dJ4te4
05exyRVc+bAJ0Ov6qjqwXaZZbw8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT2TMS2
9L2T59HvhdTURtyrOAVSSjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc1ZGZiNGQtZWYzOS00MzcxLTk2NzgtZmY3OTA5MDgwZDFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKw
gDANBgkqhkiG9w0BAQsFAAOCAQEABfpL5gbuqbHTtAUM084nazialg1lUcs11cdO
Oup/w+cAfPLjfC5EQbvY7wkJtuBB34PfnsfRWLjpW4tfZlbkc4Dmf9bA93o/za45
fo116iJ3OsEkEZgwmaIip5fzITWCF1sUxRRG5WiMfU0fFp7YnCuOo561y2tf2yDQ
aG1Dghq5FMw9ofeB4u2I3pKxc/Zomlvucg5maj/TjARxmyw6hOslJfbYkg6A7m2E
JDI9Fs/OjO2G8HJDr6mBAchKBB+q54Dv79g498KhOPLW2IVCrrX0+UIigNGb6hZp
9DK59T+3+mVs4LbKVLqeQ6c3lfRZfUisR9Moartl53Gnioq5Cg==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:10 2025 by rpki-client