Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
File: c768f15e-576e-48c0-91d4-8446a6be70a8.roa (raw, json)
Hash identifier: YIIZcTwxr2h1sejOICYrVSZTvTu7ZdZqrYTyOKmV2vE=
Subject key identifier: BB:1A:A3:06:E6:5A:90:CE:05:BE:B1:DF:25:7A:18:09:DF:EA:FB:D8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 08CF89877B76327D21DC4751BDAD97E11E57166B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
Signing time: Tue 21 Oct 2025 14:10:25 +0000
ROA not before: Tue 21 Oct 2025 14:10:25 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:cf:89:87:7b:76:32:7d:21:dc:47:51:bd:ad:97:e1:1e:57:16:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:25 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=ed8773082a4d80aeb48f67980767cf502f70bc1948e2146fdc8f8f27cf54f954, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:52:34:24:9a:1d:6c:19:c9:64:7a:d5:be:d9:
90:f0:e7:67:10:bd:69:44:9d:3b:52:04:f0:7a:83:
2b:93:fd:64:a6:ea:ca:48:4a:a2:b8:2c:3f:47:7e:
c0:40:20:a7:1a:23:fc:a2:28:c1:a1:e9:64:6c:1c:
22:f9:c7:4a:10:f6:d0:0d:d4:f2:3f:8e:a2:85:3f:
96:26:8b:dd:dd:2a:88:5c:69:cc:b7:5a:56:53:a5:
7d:a5:06:a1:ce:ba:c5:5b:03:29:f2:bb:3b:cb:d3:
f5:cf:be:df:d4:05:c6:08:b9:5e:af:84:bb:aa:14:
4a:24:7b:45:a3:79:39:f1:ca:ce:80:18:4a:04:3f:
95:6d:e2:14:1b:19:ab:2d:33:9e:d5:34:7d:38:b0:
d3:22:64:8f:b6:12:99:cf:ed:28:67:8d:8c:18:b1:
ce:c5:d9:4e:13:7f:6e:08:d2:ad:14:f5:a9:77:ea:
12:64:10:82:6e:a5:43:aa:d0:e6:d4:bb:1d:b7:9d:
82:13:48:0a:94:b9:d8:7e:05:c6:45:2e:b3:ad:ed:
fd:ac:47:e2:8b:3b:88:9c:c1:e9:34:da:53:18:84:
a1:30:3e:0c:fa:0d:d4:2a:06:7e:00:3b:3e:d6:46:
7e:f8:64:5a:b8:69:05:25:ea:e5:0e:2f:f5:1b:37:
ac:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:1A:A3:06:E6:5A:90:CE:05:BE:B1:DF:25:7A:18:09:DF:EA:FB:D8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:e000::/40
Signature Algorithm: sha256WithRSAEncryption
45:81:d9:ef:eb:7c:53:18:e4:d3:d5:fc:83:29:1f:04:a4:f1:
1e:8a:c5:77:77:09:98:b3:5c:e0:9a:09:6b:c4:b5:f7:10:e2:
02:59:88:c7:43:4c:36:5e:64:af:ed:49:a0:eb:51:c4:a1:4a:
26:d0:12:94:19:35:45:47:0d:2a:bd:fe:6f:01:5d:ff:9d:86:
60:41:42:59:93:a3:83:91:3f:bf:67:e9:3e:d5:ae:f5:db:3d:
dd:27:ad:c0:98:0b:c9:f9:8b:0d:0a:a8:72:74:77:37:24:66:
17:49:af:19:13:af:3a:40:4f:f1:ad:7e:6f:57:83:a2:3b:c7:
1a:c3:a6:13:61:d5:8e:c9:5f:ea:95:f4:a1:a0:28:f3:bd:a5:
09:dd:10:12:af:40:59:6d:94:f1:86:60:76:c5:92:f7:62:e2:
78:63:3a:89:97:1e:91:37:3d:4d:04:3f:7f:16:19:3b:77:03:
c6:16:b0:aa:68:00:7b:cc:14:5c:66:cb:25:97:d8:d5:df:38:
64:77:8e:3d:c8:15:8b:02:53:30:5e:42:35:a7:6a:75:93:ba:
87:93:03:86:e3:3d:17:8f:89:51:34:68:e0:93:7e:da:60:0c:
12:41:7c:cc:1d:d3:eb:be:ce:eb:71:ea:4b:78:3f:58:79:b3:
41:7f:c9:68
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCM+Jh3t2Mn0h3EdRva2X4R5XFmswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkODc3MzA4MmE0ZDgwYWViNDhmNjc5ODA3NjdjZjUwMmY3MGJjMTk0OGUy
MTQ2ZmRjOGY4ZjI3Y2Y1NGY5NTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAORSNCSaHWwZyWR61b7ZkPDnZxC9aUSdO1IE8HqDK5P9ZKbqykhKorgsP0d+
wEAgpxoj/KIowaHpZGwcIvnHShD20A3U8j+OooU/liaL3d0qiFxpzLdaVlOlfaUG
oc66xVsDKfK7O8vT9c++39QFxgi5Xq+Eu6oUSiR7RaN5OfHKzoAYSgQ/lW3iFBsZ
qy0zntU0fTiw0yJkj7YSmc/tKGeNjBixzsXZThN/bgjSrRT1qXfqEmQQgm6lQ6rQ
5tS7HbedghNICpS52H4FxkUus63t/axH4os7iJzB6TTaUxiEoTA+DPoN1CoGfgA7
PtZGfvhkWrhpBSXq5Q4v9Rs3rLMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS7GqMG
5lqQzgW+sd8lehgJ3+r72DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc2OGYxNWUtNTc2ZS00OGMwLTkxZDQtODQ0NmE2YmU3MGE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DLg
MA0GCSqGSIb3DQEBCwUAA4IBAQBFgdnv63xTGOTT1fyDKR8EpPEeisV3dwmYs1zg
mglrxLX3EOICWYjHQ0w2XmSv7Umg61HEoUom0BKUGTVFRw0qvf5vAV3/nYZgQUJZ
k6ODkT+/Z+k+1a712z3dJ63AmAvJ+YsNCqhydHc3JGYXSa8ZE686QE/xrX5vV4Oi
O8caw6YTYdWOyV/qlfShoCjzvaUJ3RASr0BZbZTxhmB2xZL3YuJ4YzqJlx6RNz1N
BD9/Fhk7dwPGFrCqaAB7zBRcZssll9jV3zhkd449yBWLAlMwXkI1p2p1k7qHkwOG
4z0Xj4lRNGjgk37aYAwSQXzMHdPrvs7rcepLeD9YebNBf8lo
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:11 2025 by rpki-client