Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4bc5ce4-db80-4527-b720-60a744036322.roa
File: b4bc5ce4-db80-4527-b720-60a744036322.roa (raw, json)
Hash identifier: dzCm0bg4L32UaAgC7+a0KtOdB6MRAVC6t96RDIAMcdA=
Subject key identifier: 47:BF:A1:0D:73:C5:D4:F7:CC:C7:EC:3C:52:12:06:C4:27:73:0B:1B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0B12C731D7C536202C9830F0BB66A6DC80366E13
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4bc5ce4-db80-4527-b720-60a744036322.roa
Signing time: Tue 21 Oct 2025 13:30:19 +0000
ROA not before: Tue 21 Oct 2025 13:30:19 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07e:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:12:c7:31:d7:c5:36:20:2c:98:30:f0:bb:66:a6:dc:80:36:6e:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:30:19 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=6b95d4111d2bc6b93c1015bda92fd16247523e6cf36c7a6d9e0b8dda182f21e1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:34:33:51:95:ef:2b:d3:59:e3:99:22:99:df:
92:38:76:91:51:98:39:f7:1c:8b:e9:46:04:69:09:
92:6d:53:c3:39:b7:45:d6:21:2f:82:eb:9e:08:2c:
5d:2c:a3:1a:03:a5:a8:ff:42:56:90:e6:3d:7e:50:
18:1d:47:4a:75:0e:78:d9:50:bf:c3:d0:84:fa:69:
2f:7b:3b:5e:54:28:2a:d7:88:d5:3c:42:fe:33:09:
96:3c:42:0c:ca:68:eb:7b:49:4a:d9:98:61:54:98:
2f:00:90:66:39:5c:c8:66:54:6f:c5:e2:7d:98:6d:
8b:b0:69:47:b7:5a:08:e7:18:be:b3:ba:d2:ca:c0:
1a:f3:cf:6a:e5:a2:ce:63:73:57:f7:69:0e:16:c2:
ef:d3:33:0d:26:42:0c:e7:27:e5:14:fe:36:23:c3:
d2:2d:4b:f1:24:ca:ae:a8:65:f4:5a:35:08:85:0f:
11:94:7e:53:a5:43:c3:51:70:d7:b3:7d:56:18:9e:
77:fa:7a:25:1d:10:40:c8:3a:a8:13:50:09:41:5e:
5e:59:60:96:ad:5e:fe:f6:60:87:0b:28:7f:02:a2:
62:06:af:62:88:9b:47:65:39:8f:6e:47:5c:d6:44:
be:89:fc:19:ad:fe:98:7c:54:a7:54:3a:eb:f3:7b:
13:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:BF:A1:0D:73:C5:D4:F7:CC:C7:EC:3C:52:12:06:C4:27:73:0B:1B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4bc5ce4-db80-4527-b720-60a744036322.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07e:b000::/40
Signature Algorithm: sha256WithRSAEncryption
4b:25:e9:52:f7:a7:38:cb:66:30:7e:d1:92:5a:e4:b9:15:2a:
a6:91:0a:23:91:e6:b5:56:24:e6:bb:9c:9b:4e:d7:cb:d7:13:
6b:ba:6d:2c:eb:18:e7:b7:bc:c4:76:7c:04:a7:26:18:d4:43:
53:f6:c9:54:51:e5:d4:03:a0:13:82:25:95:d1:78:ae:b2:0a:
ac:a2:b2:75:29:dd:3f:f2:de:e8:a8:a2:09:25:fc:ea:86:a5:
1e:70:51:17:dd:c7:32:44:2d:ba:19:56:b1:c2:f5:f2:6c:da:
2e:16:7a:1a:d7:03:99:ae:19:fc:21:8f:d6:f4:ef:48:f3:9d:
f3:29:41:37:56:97:7a:93:76:cf:dd:67:28:7d:6f:80:4f:9a:
eb:84:5b:e5:22:1a:dd:98:b6:4b:45:90:f2:a8:06:ed:cc:19:
b8:3c:cb:ac:15:b6:55:17:22:28:fc:25:e2:ce:30:70:d1:04:
43:85:dd:c9:f2:b6:9d:a3:ec:a1:45:b9:8a:5b:a0:6f:bd:5b:
e8:58:de:50:12:59:31:e1:67:7d:f4:6e:f0:76:48:cd:e9:47:
27:ad:2e:df:6a:da:07:98:6d:fd:8b:b7:79:c2:2b:84:78:11:
08:00:72:ba:4f:58:b8:d3:6d:fc:00:e2:51:17:07:a8:ea:c1:
c6:49:ea:b3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCxLHMdfFNiAsmDDwu2am3IA2bhMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMwMTlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiOTVkNDExMWQyYmM2YjkzYzEwMTViZGE5MmZkMTYyNDc1MjNlNmNmMzZj
N2E2ZDllMGI4ZGRhMTgyZjIxZTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALY0M1GV7yvTWeOZIpnfkjh2kVGYOfcci+lGBGkJkm1Twzm3RdYhL4Lrnggs
XSyjGgOlqP9CVpDmPX5QGB1HSnUOeNlQv8PQhPppL3s7XlQoKteI1TxC/jMJljxC
DMpo63tJStmYYVSYLwCQZjlcyGZUb8XifZhti7BpR7daCOcYvrO60srAGvPPauWi
zmNzV/dpDhbC79MzDSZCDOcn5RT+NiPD0i1L8STKrqhl9Fo1CIUPEZR+U6VDw1Fw
17N9Vhied/p6JR0QQMg6qBNQCUFeXllglq1e/vZghwsofwKiYgavYoibR2U5j25H
XNZEvon8Ga3+mHxUp1Q66/N7E50CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRHv6EN
c8XU98zH7DxSEgbEJ3MLGzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjRiYzVjZTQtZGI4MC00NTI3LWI3MjAtNjBhNzQ0MDM2MzIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6w
MA0GCSqGSIb3DQEBCwUAA4IBAQBLJelS96c4y2YwftGSWuS5FSqmkQojkea1ViTm
u5ybTtfL1xNrum0s6xjnt7zEdnwEpyYY1ENT9slUUeXUA6ATgiWV0XiusgqsorJ1
Kd0/8t7oqKIJJfzqhqUecFEX3ccyRC26GVaxwvXybNouFnoa1wOZrhn8IY/W9O9I
853zKUE3Vpd6k3bP3WcofW+AT5rrhFvlIhrdmLZLRZDyqAbtzBm4PMusFbZVFyIo
/CXizjBw0QRDhd3J8rado+yhRbmKW6BvvVvoWN5QElkx4Wd99G7wdkjN6UcnrS7f
atoHmG39i7d5wiuEeBEIAHK6T1i40238AOJRFweo6sHGSeqz
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:58 2025 by rpki-client