Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
File: a039a10b-545b-441d-bef2-b67325de50a1.roa (raw, json)
Hash identifier: w7zNPtNCY9bVofPAeg+553bWb3hI9WFIKyAJSeU4tUw=
Subject key identifier: A7:93:F9:B1:0A:F4:BC:01:7C:0C:D7:8B:99:86:4E:25:13:BB:71:9C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 36593DB4C5F53CF6A82F559DFBB922FED628DE1E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
Signing time: Tue 21 Oct 2025 13:30:43 +0000
ROA not before: Tue 21 Oct 2025 13:30:43 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:59:3d:b4:c5:f5:3c:f6:a8:2f:55:9d:fb:b9:22:fe:d6:28:de:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:30:43 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=7de7b36752c9da021e199c0bb279661a58696ff7ba20452915cc7dc0b106d88f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:f8:59:a1:90:de:50:dd:86:3c:e4:29:ff:a3:
46:e5:57:71:bd:60:18:75:7f:2d:b6:81:a9:fd:ec:
14:63:74:c8:b7:7f:15:de:86:ff:84:f8:86:ed:d9:
60:9a:2d:4b:49:7c:e0:f9:42:ef:ca:12:2a:b6:03:
23:68:9f:cc:27:37:0c:ff:a3:0b:e8:d5:c4:04:54:
db:2d:41:23:56:e7:a1:71:5c:b1:44:59:bb:cb:27:
3e:27:98:80:b6:e1:c1:23:fc:d1:8a:b9:03:c8:6b:
25:6a:f5:73:5b:d5:ab:b7:f9:87:b0:07:e8:a3:12:
9b:7a:c7:5c:4e:ed:39:7f:20:c1:fd:7a:9e:38:88:
17:05:41:55:42:62:65:30:0a:f0:c4:87:4a:67:cb:
80:73:35:7f:ac:fb:da:1b:41:ff:4b:9a:10:97:7f:
ec:d1:2a:64:40:46:cf:d0:e4:48:7a:e6:66:c2:30:
e1:46:9f:57:47:a7:9b:89:e2:a4:d5:db:0b:eb:c4:
66:5a:4a:7d:73:71:a5:ec:e8:79:a7:ce:c0:66:3e:
d3:99:1d:aa:ec:16:8f:1e:fa:df:ca:2e:f0:d1:e3:
65:a2:0c:ed:91:6c:d0:10:67:ae:5a:60:d4:0c:34:
77:35:97:1a:96:df:1c:82:ed:96:cd:41:af:63:56:
3a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:93:F9:B1:0A:F4:BC:01:7C:0C:D7:8B:99:86:4E:25:13:BB:71:9C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:6000::/40
Signature Algorithm: sha256WithRSAEncryption
a0:9c:12:d3:7b:1e:02:a3:c7:b3:a0:b5:69:d0:6e:da:b0:00:
80:0c:e1:70:54:ae:3f:bf:88:55:90:cb:2a:2b:7d:74:40:8f:
a7:33:ec:ab:3b:6d:da:d6:63:73:f4:12:49:cc:24:4f:b6:d8:
b3:f8:94:94:31:8b:05:9c:61:61:09:59:9c:3f:6f:53:26:c1:
fd:5a:55:36:4b:fc:88:af:22:fd:5a:dd:68:4d:69:23:72:16:
0e:cd:12:c1:e6:dd:61:ee:a4:c0:ed:e1:7c:8b:b7:0b:e7:51:
1f:a3:99:4b:e2:ae:19:36:a2:3a:40:59:40:69:98:e4:3a:46:
06:5c:e0:11:45:bb:b0:f7:db:15:74:ff:e0:68:44:a8:e0:8a:
14:bf:fe:1a:58:9f:db:4e:d2:a3:25:00:e5:42:40:4e:2b:a3:
a6:18:94:07:6b:bf:2b:0d:61:8a:17:d1:fa:05:99:4c:f3:dc:
94:00:24:4a:d6:70:a0:d3:1d:97:be:da:f9:51:45:97:d2:32:
e8:f6:46:54:8f:e1:97:1f:84:d8:1e:bc:df:8f:83:72:57:e1:
e9:03:98:fa:ea:89:4b:83:18:b5:c5:19:c3:a4:7a:ca:db:0d:
61:73:a0:5b:b9:70:d5:ac:ed:dd:54:1a:14:61:20:fe:b8:b0:
ef:70:04:f8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNlk9tMX1PPaoL1Wd+7ki/tYo3h4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMwNDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdkZTdiMzY3NTJjOWRhMDIxZTE5OWMwYmIyNzk2NjFhNTg2OTZmZjdiYTIw
NDUyOTE1Y2M3ZGMwYjEwNmQ4OGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO34WaGQ3lDdhjzkKf+jRuVXcb1gGHV/LbaBqf3sFGN0yLd/Fd6G/4T4hu3Z
YJotS0l84PlC78oSKrYDI2ifzCc3DP+jC+jVxARU2y1BI1bnoXFcsURZu8snPieY
gLbhwSP80Yq5A8hrJWr1c1vVq7f5h7AH6KMSm3rHXE7tOX8gwf16njiIFwVBVUJi
ZTAK8MSHSmfLgHM1f6z72htB/0uaEJd/7NEqZEBGz9DkSHrmZsIw4UafV0enm4ni
pNXbC+vEZlpKfXNxpezoeafOwGY+05kdquwWjx7638ou8NHjZaIM7ZFs0BBnrlpg
1Aw0dzWXGpbfHILtls1Br2NWOtkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSnk/mx
CvS8AXwM14uZhk4lE7txnDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTAzOWExMGItNTQ1Yi00NDFkLWJlZjItYjY3MzI1ZGU1MGExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBg
MA0GCSqGSIb3DQEBCwUAA4IBAQCgnBLTex4Co8ezoLVp0G7asACADOFwVK4/v4hV
kMsqK310QI+nM+yrO23a1mNz9BJJzCRPttiz+JSUMYsFnGFhCVmcP29TJsH9WlU2
S/yIryL9Wt1oTWkjchYOzRLB5t1h7qTA7eF8i7cL51Efo5lL4q4ZNqI6QFlAaZjk
OkYGXOARRbuw99sVdP/gaESo4IoUv/4aWJ/bTtKjJQDlQkBOK6OmGJQHa78rDWGK
F9H6BZlM89yUACRK1nCg0x2Xvtr5UUWX0jLo9kZUj+GXH4TYHrzfj4NyV+HpA5j6
6olLgxi1xRnDpHrK2w1hc6BbuXDVrO3dVBoUYSD+uLDvcAT4
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:21 2025 by rpki-client