Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b8a24699-2493-4e45-8227-bd2ec32f88ab.roa
File: b8a24699-2493-4e45-8227-bd2ec32f88ab.roa (raw, json)
Hash identifier: 4SjQzcwqFPGtMlF0wJEW3cyqKzROsOEhiqPt4NPmuR4=
Subject key identifier: DF:F3:0E:8B:97:7C:B8:AB:65:29:B1:46:A9:C4:28:80:91:B6:E1:C7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1D623E22722B3919790788C6A17834D0F29DB1DD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b8a24699-2493-4e45-8227-bd2ec32f88ab.roa
Signing time: Tue 21 Oct 2025 14:31:00 +0000
ROA not before: Tue 21 Oct 2025 14:31:00 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:10c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:62:3e:22:72:2b:39:19:79:07:88:c6:a1:78:34:d0:f2:9d:b1:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:31:00 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=d27b72a9a28efa56e1d0fb95ba6bac7f0f97cb5dd370f2c2b9b46d34407ff4c9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:b0:64:08:72:20:d2:83:da:e7:ea:85:4e:97:
fb:77:1b:e9:42:e6:49:5d:a5:e2:45:23:2d:f3:33:
b3:09:6e:d1:d6:c0:87:b0:af:a6:8d:d5:7b:94:79:
5a:7f:1c:fe:9c:1f:94:0a:4d:a5:b6:87:58:da:aa:
f6:41:7b:21:11:9c:ca:af:b0:e6:83:23:61:89:37:
91:ff:44:1f:f2:7f:28:fd:28:fc:46:99:69:b6:7c:
ef:f0:0d:35:2f:12:e9:c3:c0:c6:2e:7b:9e:33:f6:
1c:56:a5:1d:93:10:39:84:4c:50:9f:60:5b:d7:92:
78:32:e0:ee:69:dd:a3:3b:72:c4:21:9b:2b:07:b9:
1a:2c:43:0d:28:fa:75:b7:6a:5c:2c:f7:44:35:ff:
5d:48:0f:f3:de:96:a6:8d:bd:fc:6c:ab:68:4f:f9:
8b:3f:db:c3:86:98:5a:af:ba:94:87:02:4e:de:3d:
ed:3b:d1:d5:89:f1:5f:06:86:57:d3:94:ed:66:fa:
a1:05:5b:8d:87:9c:4c:03:73:46:e9:4b:c2:3e:d4:
29:2c:47:68:e9:f2:b2:6a:eb:f5:20:34:2d:fb:81:
b2:6a:d7:c9:a3:b5:77:da:fd:c0:45:18:d0:23:ec:
65:9f:fb:7d:03:94:b6:9e:63:42:cd:86:7d:1b:b4:
a7:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:F3:0E:8B:97:7C:B8:AB:65:29:B1:46:A9:C4:28:80:91:B6:E1:C7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b8a24699-2493-4e45-8227-bd2ec32f88ab.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:10c0::/48
Signature Algorithm: sha256WithRSAEncryption
2e:7c:5d:2e:5d:2e:3e:7b:aa:7b:cd:f0:e3:4d:f1:16:df:f0:
ef:1e:ac:ff:a8:ce:d5:c3:3c:1b:4c:bb:71:b4:6a:0b:c5:e9:
4e:35:47:1c:c3:db:5f:93:16:35:e9:9a:79:2b:99:3a:ad:1c:
2d:96:5a:26:e4:3a:64:4f:43:26:7a:a5:1b:df:5a:46:9e:98:
6e:c4:75:72:ca:6f:38:63:c7:b0:b5:a4:14:af:cb:23:98:1d:
aa:9a:78:85:11:8f:9e:09:94:51:df:1d:02:f2:56:0f:c1:09:
da:48:d8:82:42:51:d7:4d:c9:ba:49:e0:2e:dd:80:ce:d8:58:
1e:1b:52:6b:c0:d2:84:c5:f8:a1:31:82:51:aa:3c:d9:52:58:
bd:73:7f:b6:af:fe:fa:24:4c:b4:e4:94:2d:d3:af:2e:a8:18:
b4:2c:32:6e:8e:1d:85:17:2e:93:8a:b9:8f:f3:18:7d:46:de:
54:94:d3:90:7d:62:a7:f4:58:75:e0:06:4f:b9:2d:65:68:2e:
86:4e:6a:05:61:05:d5:12:3b:bc:11:83:89:14:fc:d1:7d:6a:
f5:05:bd:5c:91:70:34:17:76:29:10:f7:8a:cc:54:4a:86:39:
99:eb:40:6f:b1:04:8e:06:63:d9:e6:db:bc:20:7b:8d:55:cb:
f3:b2:49:e3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHWI+InIrORl5B4jGoXg00PKdsd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMxMDBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQyN2I3MmE5YTI4ZWZhNTZlMWQwZmI5NWJhNmJhYzdmMGY5N2NiNWRkMzcw
ZjJjMmI5YjQ2ZDM0NDA3ZmY0YzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqwZAhyINKD2ufqhU6X+3cb6ULmSV2l4kUjLfMzswlu0dbAh7Cvpo3Ve5R5
Wn8c/pwflApNpbaHWNqq9kF7IRGcyq+w5oMjYYk3kf9EH/J/KP0o/EaZabZ87/AN
NS8S6cPAxi57njP2HFalHZMQOYRMUJ9gW9eSeDLg7mndoztyxCGbKwe5GixDDSj6
dbdqXCz3RDX/XUgP896Wpo29/GyraE/5iz/bw4aYWq+6lIcCTt497TvR1YnxXwaG
V9OU7Wb6oQVbjYecTANzRulLwj7UKSxHaOnysmrr9SA0LfuBsmrXyaO1d9r9wEUY
0CPsZZ/7fQOUtp5jQs2GfRu0p7kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTf8w6L
l3y4q2UpsUapxCiAkbbhxzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjhhMjQ2OTktMjQ5My00ZTQ1LTgyMjctYmQyZWMzMmY4OGFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8Q
wDANBgkqhkiG9w0BAQsFAAOCAQEALnxdLl0uPnuqe83w403xFt/w7x6s/6jO1cM8
G0y7cbRqC8XpTjVHHMPbX5MWNemaeSuZOq0cLZZaJuQ6ZE9DJnqlG99aRp6YbsR1
cspvOGPHsLWkFK/LI5gdqpp4hRGPngmUUd8dAvJWD8EJ2kjYgkJR103JukngLt2A
zthYHhtSa8DShMX4oTGCUao82VJYvXN/tq/++iRMtOSULdOvLqgYtCwybo4dhRcu
k4q5j/MYfUbeVJTTkH1ip/RYdeAGT7ktZWguhk5qBWEF1RI7vBGDiRT80X1q9QW9
XJFwNBd2KRD3isxUSoY5metAb7EEjgZj2ebbvCB7jVXL87JJ4w==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:25 2025 by rpki-client