Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a6c61029-f559-411c-89fd-a1970cac6bc1.roa
File: a6c61029-f559-411c-89fd-a1970cac6bc1.roa (raw, json)
Hash identifier: mKjyfVch3TOzgYXsftl8ioa8KPm2GmJ9Pz19nmgH1HU=
Subject key identifier: C4:AA:C5:CC:11:EF:42:68:02:E6:33:1C:ED:EB:EC:85:77:CA:10:F7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4418E69ADE4A46BB53E602AD85C61A263479A835
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a6c61029-f559-411c-89fd-a1970cac6bc1.roa
Signing time: Tue 21 Oct 2025 14:30:57 +0000
ROA not before: Tue 21 Oct 2025 14:30:57 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:18:e6:9a:de:4a:46:bb:53:e6:02:ad:85:c6:1a:26:34:79:a8:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:57 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a5618bfaf3076cb7e88bd69dfb93365314820666b892da36717aab9e39f36bb8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:66:a3:2b:66:e4:24:4d:07:92:5e:06:0a:4b:
d3:98:c6:90:34:ab:d2:4f:f4:37:db:8d:c5:e8:06:
bb:99:6b:c5:c1:16:6c:dd:ed:c5:9a:87:de:5e:26:
a5:f4:57:e7:5f:90:51:e9:4d:2f:e7:cc:04:e4:36:
64:42:0a:ee:e9:72:4d:bd:70:08:14:56:36:f1:d7:
54:24:44:3d:26:9d:7c:73:63:1b:ce:84:67:87:20:
86:0c:b3:20:fc:4c:5d:7b:9c:3b:e8:d9:b9:a8:d5:
1d:f1:4d:66:7e:70:79:22:fb:0e:94:e8:11:5a:1f:
82:c6:60:0f:1a:1a:24:c1:fa:e5:7b:12:20:20:e6:
a9:9c:b4:73:af:39:8a:3a:7a:81:0e:58:3e:e2:14:
7f:53:88:4f:b3:a3:ed:56:68:61:9f:be:47:6d:99:
87:91:43:53:0a:ba:20:04:f9:10:be:cd:de:e4:11:
7b:40:7d:5c:0d:ff:46:86:5c:ed:47:e2:82:88:d7:
e5:6b:59:a1:df:63:7e:cd:e6:08:e3:1a:35:9b:1f:
5b:b4:32:9a:66:40:e0:dc:84:3d:12:d3:a1:73:d0:
03:ba:be:5d:b8:7d:c7:e1:51:fc:54:70:a5:47:5d:
e6:8c:39:10:21:e5:ea:39:7b:19:70:a7:f3:db:5e:
ed:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:AA:C5:CC:11:EF:42:68:02:E6:33:1C:ED:EB:EC:85:77:CA:10:F7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a6c61029-f559-411c-89fd-a1970cac6bc1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:9000::/40
Signature Algorithm: sha256WithRSAEncryption
79:3f:3f:31:0f:f3:7e:81:13:e6:6d:7b:c7:fb:86:f6:6e:12:
78:45:69:6b:46:b8:94:9a:22:1e:fd:8b:d4:e6:24:05:1d:2a:
05:3c:20:a4:57:8c:17:3a:31:89:7c:73:27:eb:9f:6a:f1:67:
4d:7d:9a:43:ec:ba:c7:dd:51:3f:54:e7:0a:d2:19:45:c6:60:
b8:c6:fa:e1:27:42:53:ad:ae:fa:12:ef:d0:0b:fd:33:99:f8:
6c:14:23:f5:f7:6f:f8:a4:ba:3c:63:ce:c5:0b:f2:b4:c7:59:
a6:4a:60:f8:9f:5e:a8:d4:6a:ac:75:49:a0:f7:1a:73:d0:0a:
e5:29:07:95:b2:d9:c0:cc:e9:1b:60:0c:03:b7:b8:99:1b:fd:
cb:e2:5a:53:23:a3:4c:f8:6e:13:ed:e6:7b:0d:11:a9:20:55:
7e:0b:b9:95:5f:51:c1:89:e6:a8:a2:dc:50:66:6a:09:9d:a4:
6b:53:4f:fc:a4:8d:43:fb:b9:d9:cc:63:5e:a1:0b:9c:cf:cc:
b6:81:c0:5f:11:22:da:94:03:14:04:6d:61:0b:a6:1a:5d:5a:
c2:80:a3:81:33:75:ce:39:90:55:6c:04:b9:4d:ea:48:6e:36:
75:7a:83:97:d3:ff:55:9e:f5:14:76:8e:06:f0:66:3f:59:46:
80:8a:fc:3c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURBjmmt5KRrtT5gKthcYaJjR5qDUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwNTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE1NjE4YmZhZjMwNzZjYjdlODhiZDY5ZGZiOTMzNjUzMTQ4MjA2NjZiODky
ZGEzNjcxN2FhYjllMzlmMzZiYjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIxmoytm5CRNB5JeBgpL05jGkDSr0k/0N9uNxegGu5lrxcEWbN3txZqH3l4m
pfRX51+QUelNL+fMBOQ2ZEIK7ulyTb1wCBRWNvHXVCREPSadfHNjG86EZ4cghgyz
IPxMXXucO+jZuajVHfFNZn5weSL7DpToEVofgsZgDxoaJMH65XsSICDmqZy0c685
ijp6gQ5YPuIUf1OIT7Oj7VZoYZ++R22Zh5FDUwq6IAT5EL7N3uQRe0B9XA3/RoZc
7UfigojX5WtZod9jfs3mCOMaNZsfW7QymmZA4NyEPRLToXPQA7q+Xbh9x+FR/FRw
pUdd5ow5ECHl6jl7GXCn89te7UcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTEqsXM
Ee9CaALmMxzt6+yFd8oQ9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTZjNjEwMjktZjU1OS00MTFjLTg5ZmQtYTE5NzBjYWM2YmMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DaQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB5Pz8xD/N+gRPmbXvH+4b2bhJ4RWlrRriUmiIe
/YvU5iQFHSoFPCCkV4wXOjGJfHMn659q8WdNfZpD7LrH3VE/VOcK0hlFxmC4xvrh
J0JTra76Eu/QC/0zmfhsFCP192/4pLo8Y87FC/K0x1mmSmD4n16o1GqsdUmg9xpz
0ArlKQeVstnAzOkbYAwDt7iZG/3L4lpTI6NM+G4T7eZ7DRGpIFV+C7mVX1HBieao
otxQZmoJnaRrU0/8pI1D+7nZzGNeoQucz8y2gcBfESLalAMUBG1hC6YaXVrCgKOB
M3XOOZBVbAS5TepIbjZ1eoOX0/9VnvUUdo4G8GY/WUaAivw8
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:17 2025 by rpki-client