Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
File: f067aa52-ee52-4fb2-867c-8dc79786d43d.roa (raw, json)
Hash identifier: gzlYW65/rjZYrcr+3YsuzUz77bCyyK6XizJbb5qmYW4=
Subject key identifier: DC:56:36:D0:67:E5:57:A1:F4:E3:EC:7A:4A:20:C9:15:01:29:0C:5E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7EC59AC00C1BAE6429D4894BB35DB363D0BF7005
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
Signing time: Tue 21 Oct 2025 13:31:05 +0000
ROA not before: Tue 21 Oct 2025 13:31:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:2080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:c5:9a:c0:0c:1b:ae:64:29:d4:89:4b:b3:5d:b3:63:d0:bf:70:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:31:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=11f0617fd23b6d5be64a6bf77ede7118a18c29d0b87954ad3fda9b45fc243fa7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:ad:48:e2:81:da:72:a4:ff:73:97:72:99:66:
d0:ed:2c:8e:37:45:33:15:0a:d5:48:3a:26:2e:b0:
12:8e:2e:7e:15:87:09:6f:5c:f8:17:71:dd:36:c1:
b9:df:ae:c1:13:79:40:1d:3a:68:9a:90:af:5b:cb:
12:25:74:31:f8:4d:c7:f8:3f:e1:c0:cf:fd:4b:f7:
d7:cc:26:75:44:ec:c6:fa:0e:46:2f:70:87:aa:ba:
58:ba:52:fc:cc:be:fc:79:c8:bb:cf:f3:2e:c4:5b:
4e:7f:cd:44:ba:d4:91:b0:39:b0:68:fb:46:a6:16:
67:02:8c:0a:3d:9d:f9:8d:16:b2:2e:d7:d9:12:02:
ba:d1:bf:1b:be:29:59:3f:6b:71:92:6d:9d:3e:6e:
5f:c6:8e:ec:6f:df:36:d2:af:c3:6a:05:0e:38:7b:
d9:2b:89:75:43:67:f0:01:1a:8b:e3:8f:45:14:c2:
3d:b5:03:24:53:8f:75:63:e5:a2:e0:74:c1:ce:6f:
fd:97:58:03:fb:d4:fd:d7:66:66:38:78:da:2b:17:
60:a2:c5:28:78:09:66:31:64:fb:0f:85:96:56:3d:
46:fa:8f:37:a6:fd:81:36:f3:c4:39:4c:a2:c7:32:
3b:54:3f:29:d4:09:c1:05:69:6b:44:36:e8:34:5b:
94:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:56:36:D0:67:E5:57:A1:F4:E3:EC:7A:4A:20:C9:15:01:29:0C:5E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:2080::/48
Signature Algorithm: sha256WithRSAEncryption
09:40:d6:e3:24:7a:12:82:b7:36:6f:f5:95:12:13:8b:92:52:
b9:31:37:32:1a:a3:79:f1:d4:36:80:b0:d5:d0:40:0d:e8:ac:
73:7d:65:b8:ff:63:eb:83:c3:8b:83:d9:03:55:a3:34:b2:42:
6a:4e:fe:72:f5:44:66:94:ba:f4:8c:a3:17:3e:3b:8a:e3:71:
7e:d4:9c:37:bc:a0:73:ae:49:b0:5b:99:7e:e4:d4:a9:21:8d:
0c:76:94:9d:d8:ac:9d:d6:fa:bd:aa:ce:ac:32:a4:c5:bf:66:
65:0c:a5:3a:57:b4:9b:0f:44:54:9e:e9:b1:3f:96:2e:d5:8f:
1b:b1:a1:c8:ff:65:05:db:e3:82:bd:3b:eb:52:cd:80:99:e1:
b9:fb:e7:b8:6b:57:93:fe:66:a4:7b:fc:5d:47:13:da:fe:71:
bb:72:7e:95:7b:6e:b9:ac:e8:30:f9:73:b7:d9:7c:6b:80:b6:
98:bf:7f:4a:96:a1:ed:82:a5:5b:9b:b5:29:a7:41:d8:12:ce:
2c:b2:18:29:97:3a:83:71:95:74:4a:0b:ac:95:83:b4:22:04:
34:43:27:02:ec:f5:04:14:2f:9f:2a:96:cb:93:eb:ed:15:2f:
0b:09:59:12:43:65:e9:84:32:b9:c3:6a:bd:35:85:7f:ef:6f:
99:76:70:5a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfsWawAwbrmQp1IlLs12zY9C/cAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMxMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDExZjA2MTdmZDIzYjZkNWJlNjRhNmJmNzdlZGU3MTE4YTE4YzI5ZDBiODc5
NTRhZDNmZGE5YjQ1ZmMyNDNmYTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+tSOKB2nKk/3OXcplm0O0sjjdFMxUK1Ug6Ji6wEo4ufhWHCW9c+Bdx3TbB
ud+uwRN5QB06aJqQr1vLEiV0MfhNx/g/4cDP/Uv318wmdUTsxvoORi9wh6q6WLpS
/My+/HnIu8/zLsRbTn/NRLrUkbA5sGj7RqYWZwKMCj2d+Y0Wsi7X2RICutG/G74p
WT9rcZJtnT5uX8aO7G/fNtKvw2oFDjh72SuJdUNn8AEai+OPRRTCPbUDJFOPdWPl
ouB0wc5v/ZdYA/vU/ddmZjh42isXYKLFKHgJZjFk+w+FllY9RvqPN6b9gTbzxDlM
oscyO1Q/KdQJwQVpa0Q26DRblKkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTcVjbQ
Z+VXofTj7HpKIMkVASkMXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjA2N2FhNTItZWU1Mi00ZmIyLTg2N2MtOGRjNzk3ODZkNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
gDANBgkqhkiG9w0BAQsFAAOCAQEACUDW4yR6EoK3Nm/1lRITi5JSuTE3MhqjefHU
NoCw1dBADeisc31luP9j64PDi4PZA1WjNLJCak7+cvVEZpS69IyjFz47iuNxftSc
N7ygc65JsFuZfuTUqSGNDHaUndisndb6varOrDKkxb9mZQylOle0mw9EVJ7psT+W
LtWPG7GhyP9lBdvjgr0761LNgJnhufvnuGtXk/5mpHv8XUcT2v5xu3J+lXtuuazo
MPlzt9l8a4C2mL9/Spah7YKlW5u1KadB2BLOLLIYKZc6g3GVdEoLrJWDtCIENEMn
Auz1BBQvnyqWy5Pr7RUvCwlZEkNl6YQyucNqvTWFf+9vmXZwWg==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:16 2025 by rpki-client