Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1d8b868-c959-421c-83d1-d5235f6ed47e.roa
File: f1d8b868-c959-421c-83d1-d5235f6ed47e.roa (raw, json)
Hash identifier: 2zDdK74fDZCbLNBImR2xPKYucFnHfEies2DwT4BobaM=
Subject key identifier: A3:C8:2A:B1:FB:41:8B:AC:1D:61:8D:FF:4C:38:01:B9:12:EE:28:E6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 111837B60ABD1E03DBB97C18CCB93E6DC7888490
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1d8b868-c959-421c-83d1-d5235f6ed47e.roa
Signing time: Thu 04 Sep 2025 19:52:11 +0000
ROA not before: Thu 04 Sep 2025 19:52:11 +0000
ROA not after: Thu 09 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06d:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:18:37:b6:0a:bd:1e:03:db:b9:7c:18:cc:b9:3e:6d:c7:88:84:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 4 19:52:11 2025 GMT
Not After : Oct 9 23:59:59 2025 GMT
Subject: serialNumber=e079f8c4a3c2a1f09a6ffaa76bef3e8aa37454407a7e957e5bc48d155b64b439, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:16:67:7d:44:7d:99:f3:67:7b:d5:26:70:5b:
c3:1d:9a:e6:69:66:b6:e4:06:9f:cd:bd:37:42:e5:
cb:63:dd:96:f7:e0:25:d5:30:ab:ca:86:5f:c8:6a:
04:07:bb:a8:f3:33:2a:38:a1:f7:21:44:2b:ef:ac:
12:43:a8:61:69:84:dc:4a:3f:4c:29:cd:58:b6:ed:
c8:55:e3:6c:0d:8f:c3:5d:13:cd:15:8c:93:f6:8a:
d7:7b:00:59:70:f1:3e:b3:f7:18:d3:67:a7:96:c7:
29:27:1b:18:20:d0:8a:86:04:de:ab:03:47:22:99:
a2:03:c6:26:f2:f3:ef:ea:aa:76:a2:d1:e3:14:22:
87:b3:0d:a9:c5:3f:b0:eb:e5:49:bc:55:5c:3c:3c:
78:ab:c7:a2:e4:ca:1e:44:6e:a6:53:c4:0e:4b:48:
6c:96:db:a1:db:cc:0f:9c:17:45:6f:5d:ae:ca:71:
26:67:51:56:e1:64:29:f9:f1:26:9b:c8:22:71:48:
96:52:01:34:55:a4:1f:a9:0c:46:4d:26:a4:c1:27:
2e:6d:cb:e8:43:07:fe:ae:ac:be:1b:c0:b9:26:ac:
5f:36:fb:ea:b5:f9:7e:bb:51:92:3a:82:04:63:47:
b8:d3:db:f8:17:be:d1:d7:57:c8:35:d5:58:5b:9e:
4f:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:C8:2A:B1:FB:41:8B:AC:1D:61:8D:FF:4C:38:01:B9:12:EE:28:E6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1d8b868-c959-421c-83d1-d5235f6ed47e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
7f:cc:2e:05:65:84:76:c1:8e:d5:28:40:83:fd:7c:fa:0d:46:
67:28:a2:17:c5:cf:b8:74:43:fd:d5:0f:27:c5:a2:53:a8:54:
89:28:26:75:f1:f3:85:47:28:0e:e2:1a:a2:3a:7e:01:41:d0:
26:bb:10:4a:f2:4c:d7:e6:0a:a2:84:7c:78:8e:5a:42:9a:c1:
fc:b5:7c:06:0d:b3:2f:36:ed:d1:01:81:4a:57:37:66:ab:35:
cf:bf:7c:5c:32:80:0e:70:7d:30:f4:52:f8:4f:80:b8:5b:aa:
6a:8f:96:e3:75:c9:eb:6e:91:ad:c1:de:59:3a:ac:0b:d9:d6:
0d:e2:6a:13:3f:65:15:45:75:6f:93:00:40:ca:cd:bf:cc:a3:
f7:c5:6c:b9:83:77:7e:87:e1:ff:31:b0:da:c1:d7:53:d1:51:
c5:69:5a:fc:0e:d8:92:c1:81:0a:ac:64:93:8f:b6:f1:e0:fd:
a8:37:04:6c:c4:92:62:8a:60:d6:b7:3b:47:e1:02:b9:46:ed:
29:2c:e3:ca:ae:16:4e:0c:59:8a:49:61:d6:75:ba:77:3c:26:
10:12:74:49:a7:15:89:42:b0:19:52:bd:df:cf:7c:06:14:bb:
1e:d2:52:0e:1e:c9:11:63:c6:16:9e:57:4b:ed:f8:08:23:73:
6e:23:10:ba
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUERg3tgq9HgPbuXwYzLk+bceIhJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDQxOTUyMTFaFw0yNTEwMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwNzlmOGM0YTNjMmExZjA5YTZmZmFhNzZiZWYzZThhYTM3NDU0NDA3YTdl
OTU3ZTViYzQ4ZDE1NWI2NGI0MzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALoWZ31EfZnzZ3vVJnBbwx2a5mlmtuQGn829N0Lly2PdlvfgJdUwq8qGX8hq
BAe7qPMzKjih9yFEK++sEkOoYWmE3Eo/TCnNWLbtyFXjbA2Pw10TzRWMk/aK13sA
WXDxPrP3GNNnp5bHKScbGCDQioYE3qsDRyKZogPGJvLz7+qqdqLR4xQih7MNqcU/
sOvlSbxVXDw8eKvHouTKHkRuplPEDktIbJbbodvMD5wXRW9drspxJmdRVuFkKfnx
JpvIInFIllIBNFWkH6kMRk0mpMEnLm3L6EMH/q6svhvAuSasXzb76rX5frtRkjqC
BGNHuNPb+Be+0ddXyDXVWFueT2MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSjyCqx
+0GLrB1hjf9MOAG5Eu4o5jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjFkOGI4NjgtYzk1OS00MjFjLTgzZDEtZDUyMzVmNmVkNDdlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0G1g
wDANBgkqhkiG9w0BAQsFAAOCAQEAf8wuBWWEdsGO1ShAg/18+g1GZyiiF8XPuHRD
/dUPJ8WiU6hUiSgmdfHzhUcoDuIaojp+AUHQJrsQSvJM1+YKooR8eI5aQprB/LV8
Bg2zLzbt0QGBSlc3Zqs1z798XDKADnB9MPRS+E+AuFuqao+W43XJ626RrcHeWTqs
C9nWDeJqEz9lFUV1b5MAQMrNv8yj98VsuYN3fofh/zGw2sHXU9FRxWla/A7YksGB
Cqxkk4+28eD9qDcEbMSSYopg1rc7R+ECuUbtKSzjyq4WTgxZiklh1nW6dzwmEBJ0
SacViUKwGVK93898BhS7HtJSDh7JEWPGFp5XS+34CCNzbiMQug==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:12:46 2025 by rpki-client