Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
File: 0b28278f-4fad-45f4-a194-c2e785f1c443.roa (raw, json)
Hash identifier: JGrxLjgM+t/A8yPmsKXrRqU3jA71zDvpUQTHbvU+XVM=
Subject key identifier: E3:09:F8:10:E8:E9:EC:84:F7:A8:99:05:5F:6F:BB:25:48:B8:14:D4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 769D589A64EAF870F310487FD8FFA28DE1B48600
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
Signing time: Fri 26 Sep 2025 19:51:33 +0000
ROA not before: Fri 26 Sep 2025 19:51:33 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:9d:58:9a:64:ea:f8:70:f3:10:48:7f:d8:ff:a2:8d:e1:b4:86:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:51:33 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=043fc2db9a23431ff00b5ce14e05e742d22d0ecc51ad44b3e4fe8b0f63e2c080, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:88:88:2f:a1:8e:cd:88:07:53:6a:7d:89:39:
c3:87:b9:bd:ef:9e:d3:23:d1:f6:e1:d3:51:c1:53:
75:71:8b:a1:cb:6f:6e:15:e6:b4:d6:05:bc:f1:4c:
09:c5:1c:fb:93:89:ee:b0:5b:45:24:f7:17:39:57:
20:f7:3a:23:68:0d:41:05:ba:c3:4e:3e:0a:f5:e4:
04:55:7f:6d:86:38:7b:d6:24:c3:f4:d2:3e:c7:59:
59:5e:18:47:48:81:7a:bc:d7:a8:de:d7:2a:c1:3f:
63:ea:a1:7f:58:ce:2d:7d:aa:70:84:5c:ba:aa:26:
d2:61:21:7d:4f:0d:c6:c8:a2:9e:cc:4e:f0:57:6c:
f9:55:43:b6:0f:01:e3:77:bb:89:55:37:a6:3e:df:
35:a4:ef:97:00:2c:f4:ac:58:aa:17:b7:96:a9:a4:
f5:f3:63:24:ce:85:0c:5a:08:be:aa:46:8a:d8:62:
1a:d9:3d:61:aa:ea:19:f3:49:c9:38:63:d9:68:dd:
94:ff:5d:56:00:b8:17:9b:1d:b4:35:cd:ad:fe:bc:
c1:db:0a:cb:7e:63:dc:10:3c:93:05:f6:86:c6:e3:
f9:7b:fa:ea:58:f0:20:0e:77:a5:b4:63:04:8b:82:
49:7d:b3:04:09:d3:db:be:18:31:c1:d5:ad:43:fe:
b2:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:09:F8:10:E8:E9:EC:84:F7:A8:99:05:5F:6F:BB:25:48:B8:14:D4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:800::/38
Signature Algorithm: sha256WithRSAEncryption
12:1d:da:67:f6:57:84:f5:6a:3d:98:62:76:40:b0:0e:1b:94:
ea:f7:c9:f2:48:db:ae:8c:6c:3b:09:83:e8:0d:ce:be:64:0f:
1f:fd:b6:ac:03:9f:e6:ba:9a:f2:20:fb:0c:60:d9:fa:eb:94:
ed:70:b4:02:ae:a2:db:29:1a:5b:67:87:d3:46:75:8d:77:50:
85:71:e0:05:c2:03:35:86:29:69:3e:70:fc:1c:4a:a0:71:58:
50:c4:d5:65:00:d4:d5:c9:21:7a:2f:c3:b1:a3:3a:17:68:be:
fc:77:5e:0b:b5:88:3b:e5:25:38:93:e4:ec:89:31:f6:3c:18:
87:2e:e2:29:8b:00:39:ee:fa:c7:83:e2:15:e6:3a:77:0e:92:
bf:b1:6c:b4:9b:bb:65:a3:bc:93:a1:b3:f2:65:11:a7:39:bc:
7f:85:c4:a9:57:c1:1d:bf:cb:6b:63:fb:8b:3e:6a:a7:38:ab:
ba:c2:42:6e:bc:a4:12:ef:31:09:eb:a6:78:bd:90:e7:3f:0f:
fd:40:52:a4:aa:18:dd:ed:ee:20:6a:bb:0c:28:80:93:d2:df:
6c:ec:89:c0:4e:a3:30:66:c9:71:cd:60:e9:0f:ef:9e:73:0d:
5d:6d:07:3e:c4:ca:a8:9b:88:b3:5a:c8:66:d1:6a:2c:0d:a0:
78:e0:f1:bb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdp1YmmTq+HDzEEh/2P+ijeG0hgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUxMzNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDA0M2ZjMmRiOWEyMzQzMWZmMDBiNWNlMTRlMDVlNzQyZDIyZDBlY2M1MWFk
NDRiM2U0ZmU4YjBmNjNlMmMwODAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqIiC+hjs2IB1NqfYk5w4e5ve+e0yPR9uHTUcFTdXGLoctvbhXmtNYFvPFM
CcUc+5OJ7rBbRST3FzlXIPc6I2gNQQW6w04+CvXkBFV/bYY4e9Ykw/TSPsdZWV4Y
R0iBerzXqN7XKsE/Y+qhf1jOLX2qcIRcuqom0mEhfU8NxsiinsxO8Fds+VVDtg8B
43e7iVU3pj7fNaTvlwAs9KxYqhe3lqmk9fNjJM6FDFoIvqpGithiGtk9YarqGfNJ
yThj2WjdlP9dVgC4F5sdtDXNrf68wdsKy35j3BA8kwX2hsbj+Xv66ljwIA53pbRj
BIuCSX2zBAnT274YMcHVrUP+sisCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTjCfgQ
6OnshPeomQVfb7slSLgU1DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIyODI3OGYtNGZhZC00NWY0LWExOTQtYzJlNzg1ZjFjNDQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkI
MA0GCSqGSIb3DQEBCwUAA4IBAQASHdpn9leE9Wo9mGJ2QLAOG5Tq98nySNuujGw7
CYPoDc6+ZA8f/basA5/mupryIPsMYNn665TtcLQCrqLbKRpbZ4fTRnWNd1CFceAF
wgM1hilpPnD8HEqgcVhQxNVlANTVySF6L8OxozoXaL78d14LtYg75SU4k+TsiTH2
PBiHLuIpiwA57vrHg+IV5jp3DpK/sWy0m7tlo7yTobPyZRGnObx/hcSpV8Edv8tr
Y/uLPmqnOKu6wkJuvKQS7zEJ66Z4vZDnPw/9QFKkqhjd7e4garsMKICT0t9s7InA
TqMwZslxzWDpD++ecw1dbQc+xMqom4izWshm0WosDaB44PG7
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:30 2025 by rpki-client