Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa
File: cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa (raw, json)
Hash identifier: aCZbT8FTVV7YUiDf25WzW1jLdK7mpzBNr855flMEceQ=
Subject key identifier: 9C:C3:C5:2D:6C:42:51:EE:E2:9F:92:17:82:4C:AC:63:EB:38:67:A0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0729B44FF32C8DD07CDD6D4A5521057BE44CA8A6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa
Signing time: Tue 21 Oct 2025 13:20:07 +0000
ROA not before: Tue 21 Oct 2025 13:20:07 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:8020::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:29:b4:4f:f3:2c:8d:d0:7c:dd:6d:4a:55:21:05:7b:e4:4c:a8:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:07 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=18dccef016508088b714fbf245f4339158bf34458c41ecf42cdd5c1a8fbd3555, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:eb:6c:c2:e5:6b:c7:53:07:b1:f2:a3:d6:d7:
4b:74:0b:4b:9b:25:a0:13:16:f8:f2:fc:b6:fb:2b:
b2:34:6b:45:6d:11:ef:6c:5b:8c:04:22:33:34:81:
06:85:80:2d:d5:d9:db:ee:d0:1c:9d:33:1c:fe:64:
f3:94:ec:7f:ab:cd:24:04:a5:4e:75:23:9b:9e:20:
a8:a3:72:63:e9:67:c8:6f:fe:ed:5d:95:3f:b8:ac:
29:f7:3a:bb:77:ec:a2:bd:5f:2d:eb:71:f7:14:7f:
ac:d1:7f:8b:d3:6b:a0:59:ea:2b:d6:79:94:58:99:
fe:21:3d:48:aa:f3:3b:fd:a2:07:3c:36:a6:19:df:
e8:b2:5d:76:36:29:89:c8:2d:c4:3f:5c:d0:cd:e7:
d0:45:69:c8:ae:ff:2d:f3:d7:53:2d:91:28:41:72:
95:e8:8e:67:c3:a6:27:a9:b4:22:71:d1:2d:19:74:
bf:1b:36:32:c8:cd:2c:f5:87:90:06:4f:6d:c0:c3:
ef:07:da:22:10:fc:83:86:0b:7a:9e:3f:b5:7d:aa:
e9:0f:83:07:80:02:c4:49:87:aa:0c:b8:ac:df:56:
d1:53:fe:96:73:7f:de:0f:d6:bc:9e:3a:52:0f:01:
aa:1b:0e:44:da:37:cb:00:63:9c:90:04:2b:8b:05:
ed:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:C3:C5:2D:6C:42:51:EE:E2:9F:92:17:82:4C:AC:63:EB:38:67:A0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:8020::/48
Signature Algorithm: sha256WithRSAEncryption
b8:7c:39:07:7d:13:9b:79:d3:82:24:de:40:fa:9d:03:9e:1d:
6d:c4:15:8b:4a:bc:59:8c:9a:71:76:5b:2b:d3:dc:55:05:1d:
99:7c:92:cb:2e:da:01:c5:55:11:0c:93:19:3b:27:53:60:79:
b2:d6:d1:df:b3:2e:68:d0:6c:18:42:6e:d4:b9:80:b3:f5:84:
d4:e2:0d:bf:e3:35:1e:46:16:f4:82:ec:b4:54:50:1f:17:a9:
61:5a:ba:c1:cd:cc:75:ed:c5:53:80:1f:bc:97:c8:e8:23:56:
dc:d3:2c:10:66:ac:35:eb:ca:b2:e1:b5:34:f7:74:37:7d:de:
44:a0:a0:2f:99:b4:eb:a3:1e:85:23:d7:8d:fa:83:63:1a:72:
b9:62:66:06:ca:61:54:e8:46:74:a3:85:6d:0b:63:0c:fb:e1:
98:7d:28:2d:ab:49:a6:f7:e7:59:ba:cd:75:d7:e4:44:e1:05:
d9:42:5a:46:9f:ce:da:3a:92:f9:95:fc:40:e2:87:e7:1e:95:
48:cd:9d:da:56:f5:7e:a4:9e:ee:af:26:03:ff:69:d5:f0:3a:
2f:1c:99:eb:0a:c2:15:d3:f8:cc:e6:2f:d8:59:c0:7e:44:42:
b9:ba:b5:6e:ad:86:5e:9d:b0:3b:2a:c0:d4:b8:f4:f5:a7:af:
13:79:22:2d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBym0T/MsjdB83W1KVSEFe+RMqKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMDdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE4ZGNjZWYwMTY1MDgwODhiNzE0ZmJmMjQ1ZjQzMzkxNThiZjM0NDU4YzQx
ZWNmNDJjZGQ1YzFhOGZiZDM1NTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMvrbMLla8dTB7Hyo9bXS3QLS5sloBMW+PL8tvsrsjRrRW0R72xbjAQiMzSB
BoWALdXZ2+7QHJ0zHP5k85Tsf6vNJASlTnUjm54gqKNyY+lnyG/+7V2VP7isKfc6
u3fsor1fLetx9xR/rNF/i9NroFnqK9Z5lFiZ/iE9SKrzO/2iBzw2phnf6LJddjYp
icgtxD9c0M3n0EVpyK7/LfPXUy2RKEFyleiOZ8OmJ6m0InHRLRl0vxs2MsjNLPWH
kAZPbcDD7wfaIhD8g4YLep4/tX2q6Q+DB4ACxEmHqgy4rN9W0VP+lnN/3g/WvJ46
Ug8BqhsORNo3ywBjnJAEK4sF7csCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBScw8Ut
bEJR7uKfkheCTKxj6zhnoDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2ZlMzE1ZTYtYzYzMC00OGJkLThkZTUtMjNlZWUwYWQ0MGNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGA
IDANBgkqhkiG9w0BAQsFAAOCAQEAuHw5B30Tm3nTgiTeQPqdA54dbcQVi0q8WYya
cXZbK9PcVQUdmXySyy7aAcVVEQyTGTsnU2B5stbR37MuaNBsGEJu1LmAs/WE1OIN
v+M1HkYW9ILstFRQHxepYVq6wc3Mde3FU4AfvJfI6CNW3NMsEGasNevKsuG1NPd0
N33eRKCgL5m066MehSPXjfqDYxpyuWJmBsphVOhGdKOFbQtjDPvhmH0oLatJpvfn
WbrNddfkROEF2UJaRp/O2jqS+ZX8QOKH5x6VSM2d2lb1fqSe7q8mA/9p1fA6LxyZ
6wrCFdP4zOYv2FnAfkRCubq1bq2GXp2wOyrA1Lj09aevE3kiLQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:09 2025 by rpki-client