Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa
File: 37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa (raw, json)
Hash identifier: yGClNTegn8uaBvOmt+a5FMg17RPpPWlSZM3hCL5qt4o=
Subject key identifier: 85:96:A4:E0:1A:56:2A:C6:8D:E3:03:94:A7:61:D6:8F:1A:9A:3D:2A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1DDB84077176D7B2C6CAAB2DCDF025AC852EC78D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa
Signing time: Fri 26 Sep 2025 18:20:54 +0000
ROA not before: Fri 26 Sep 2025 18:20:54 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 185.48.120.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:db:84:07:71:76:d7:b2:c6:ca:ab:2d:cd:f0:25:ac:85:2e:c7:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:20:54 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=71edd6573429d5b8215322a146662b8763f18e13e73d5cdae2bdb84699b1158e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:5a:62:0c:f1:bc:59:74:a5:29:29:91:56:fb:
e4:17:68:b9:45:aa:98:4a:33:cd:80:63:ea:6f:95:
72:66:90:53:9a:00:6b:7e:48:eb:4c:28:29:1b:dc:
d7:a7:68:1d:c1:a9:6f:e7:28:07:09:d6:94:e4:7c:
9e:7d:86:e3:52:d3:13:23:6f:aa:84:80:21:80:b2:
37:a9:bb:95:f6:c0:23:3b:60:a7:90:91:f1:2c:9c:
c5:11:8e:4e:8d:25:bb:33:79:44:ac:8a:e7:73:13:
cf:03:3c:67:e1:3e:13:49:cb:fa:17:e3:b4:a0:3f:
bc:0b:41:08:24:f3:ef:02:d0:9c:26:46:31:22:d4:
96:66:21:68:82:24:12:8d:48:7c:1f:bf:b0:79:97:
3c:bb:51:72:69:eb:2d:08:f6:c5:ce:dc:d4:f2:7c:
0b:d7:78:71:b0:e7:9b:fb:c0:39:98:27:a0:f8:aa:
c3:36:1f:95:8d:71:34:a0:40:25:09:9f:69:a3:04:
de:d3:f2:34:e8:eb:ee:e0:96:ff:eb:4f:80:22:b3:
ff:80:de:1d:4b:a5:48:bf:33:3a:04:1c:4f:50:e3:
b7:12:a1:69:a1:19:1b:4c:d2:a2:2e:ab:f6:2a:f5:
78:8a:99:32:5e:22:91:19:ae:bd:0e:32:83:b7:59:
ad:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:96:A4:E0:1A:56:2A:C6:8D:E3:03:94:A7:61:D6:8F:1A:9A:3D:2A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.48.120.0/22
Signature Algorithm: sha256WithRSAEncryption
2e:8b:ec:98:24:47:ff:3b:ef:5f:ac:5e:07:36:a3:80:cc:78:
bb:85:6a:b0:e7:b5:60:86:fe:2f:89:b4:c3:76:56:b5:70:5b:
9e:ae:77:25:20:18:21:29:01:ce:e0:5b:82:e0:8a:b4:05:c3:
09:b6:28:d2:b1:f8:81:9c:0b:33:40:98:b1:46:1c:ab:5b:43:
7a:b9:60:97:62:e9:c5:94:f8:78:6d:82:cd:54:fd:c0:e2:21:
23:a2:02:35:59:e2:41:d5:28:92:fe:e6:64:e2:b9:62:d6:45:
0d:7d:9f:e3:c1:c1:37:8a:2d:e6:d5:a8:a0:ab:0d:44:3e:ed:
ea:1f:28:5e:3f:22:c9:a9:5c:37:b1:bc:17:6b:b5:10:a3:68:
91:6c:5b:d8:84:39:55:da:94:f1:4d:8d:29:77:e0:77:1f:74:
29:6e:06:15:2c:43:5e:8a:64:5a:2d:84:91:fd:c2:5c:b8:d3:
47:93:f7:48:8d:d2:cf:d5:52:2e:3b:fc:30:b0:e5:5d:ba:c1:
f0:5e:db:64:4b:ad:57:2c:99:35:11:c7:9a:c1:68:42:71:85:
67:d3:4e:fe:5c:56:c3:4d:38:5b:38:3e:17:ed:40:d8:27:62:
9c:6d:c9:36:04:9a:39:70:f7:7f:08:56:f8:9f:35:3d:17:da:
08:ec:83:99
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHduEB3F217LGyqstzfAlrIUux40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwNTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDcxZWRkNjU3MzQyOWQ1YjgyMTUzMjJhMTQ2NjYyYjg3NjNmMThlMTNlNzNk
NWNkYWUyYmRiODQ2OTliMTE1OGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpaYgzxvFl0pSkpkVb75BdouUWqmEozzYBj6m+VcmaQU5oAa35I60woKRvc
16doHcGpb+coBwnWlOR8nn2G41LTEyNvqoSAIYCyN6m7lfbAIztgp5CR8SycxRGO
To0luzN5RKyK53MTzwM8Z+E+E0nL+hfjtKA/vAtBCCTz7wLQnCZGMSLUlmYhaIIk
Eo1IfB+/sHmXPLtRcmnrLQj2xc7c1PJ8C9d4cbDnm/vAOZgnoPiqwzYflY1xNKBA
JQmfaaME3tPyNOjr7uCW/+tPgCKz/4DeHUulSL8zOgQcT1DjtxKhaaEZG0zSoi6r
9ir1eIqZMl4ikRmuvQ4yg7dZrasCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSFlqTg
GlYqxo3jA5SnYdaPGpo9KjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzdiNTg0ZmEtZjY0OC00YTA3LTljYmQtNDBiZmVmNGEwYjJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkweDAN
BgkqhkiG9w0BAQsFAAOCAQEALovsmCRH/zvvX6xeBzajgMx4u4VqsOe1YIb+L4m0
w3ZWtXBbnq53JSAYISkBzuBbguCKtAXDCbYo0rH4gZwLM0CYsUYcq1tDerlgl2Lp
xZT4eG2CzVT9wOIhI6ICNVniQdUokv7mZOK5YtZFDX2f48HBN4ot5tWooKsNRD7t
6h8oXj8iyalcN7G8F2u1EKNokWxb2IQ5VdqU8U2NKXfgdx90KW4GFSxDXopkWi2E
kf3CXLjTR5P3SI3Sz9VSLjv8MLDlXbrB8F7bZEutVyyZNRHHmsFoQnGFZ9NO/lxW
w004Wzg+F+1A2CdinG3JNgSaOXD3fwhW+J81PRfaCOyDmQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:18 2025 by rpki-client