Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42fc7c20-224c-4e3b-8c6c-851926d0e396.roa
File: 42fc7c20-224c-4e3b-8c6c-851926d0e396.roa (raw, json)
Hash identifier: 9llHRCU+sVm9Es6+repyIGXtrwl5iyYNL3b1yy9tLFA=
Subject key identifier: 63:C6:D9:48:32:31:45:02:81:61:DB:3C:38:D5:EF:53:E2:50:E2:FE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5330230CD1F4CFE0E1968E0B294DCC76CFB606BF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42fc7c20-224c-4e3b-8c6c-851926d0e396.roa
Signing time: Mon 06 Oct 2025 18:10:05 +0000
ROA not before: Mon 06 Oct 2025 18:10:05 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:30:23:0c:d1:f4:cf:e0:e1:96:8e:0b:29:4d:cc:76:cf:b6:06:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:10:05 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=9da30c125e2bf1f3dc8411e24830e781bb420cb47fe006fba7eba0b5c4406f07, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ce:25:39:cf:82:8a:77:c8:4f:b8:19:c7:cb:
40:36:ef:ac:a2:1f:e2:30:8b:07:04:fc:c0:8a:6e:
8a:1a:02:5f:64:da:90:ba:4c:7b:8f:0e:e1:e3:a2:
a6:04:68:b4:68:a3:72:fe:13:ca:ec:c8:09:bc:dd:
3b:29:4f:31:e2:89:0a:e5:39:b2:42:fc:59:ba:71:
0d:21:64:d3:26:eb:21:63:77:25:ba:f0:5e:3a:c8:
78:42:a6:eb:bd:7a:9c:8a:82:54:05:af:99:7d:11:
80:af:0f:52:42:ef:7c:ac:a3:d8:12:a3:4e:38:0c:
d1:9c:e3:ea:79:93:dd:b0:f7:66:0f:7d:1c:ae:80:
ee:35:21:48:89:eb:d5:24:96:ef:fc:b6:38:52:2c:
2c:05:ad:7d:45:7b:8f:c9:a2:fd:32:30:c3:3d:f2:
5f:ac:94:64:a3:d3:6b:70:7c:9c:d7:95:86:82:a6:
26:47:db:b5:78:2d:21:25:4d:34:64:d3:6b:6c:6b:
eb:55:65:1a:41:35:95:3f:42:24:e3:ae:40:aa:b4:
c9:3f:fe:f0:9a:9a:91:40:3c:9d:93:65:80:a9:1b:
da:20:94:8d:fe:77:7f:71:65:a4:16:72:f6:cf:94:
ce:a9:2d:86:4e:ca:4f:e1:02:7e:5e:41:93:88:43:
6f:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:C6:D9:48:32:31:45:02:81:61:DB:3C:38:D5:EF:53:E2:50:E2:FE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42fc7c20-224c-4e3b-8c6c-851926d0e396.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:c000::/40
Signature Algorithm: sha256WithRSAEncryption
43:8f:0a:c9:39:6d:6e:50:3e:df:51:fe:40:ba:b6:9c:30:69:
3d:b6:1b:46:9e:46:8e:86:58:d0:08:5d:ad:5d:db:c6:7d:87:
67:e4:2d:29:c2:ab:92:64:4b:b3:1e:4b:68:98:2a:81:26:f6:
69:45:e7:22:3c:2d:7f:50:bd:48:89:60:18:54:05:40:b1:66:
2a:d6:f7:68:5c:ea:62:8d:93:a0:a8:a3:3f:25:c2:8b:59:ea:
7c:b4:2e:18:33:cd:49:4d:35:4d:44:99:0c:19:93:64:71:bf:
46:a2:98:f6:1e:40:27:3c:02:57:90:cd:a9:a5:87:84:d6:94:
f6:26:8f:fa:e9:2b:cf:02:53:d3:32:0b:c4:49:e8:15:8c:ea:
d7:ec:c3:a7:ac:75:7c:a4:80:98:53:9b:11:50:b4:da:60:54:
9d:50:79:78:8d:1c:46:3f:74:1a:9f:20:e3:db:60:9c:1f:b2:
c5:7f:00:bb:53:dd:0d:a8:ea:e4:ee:47:fc:94:2e:f8:b4:26:
63:c3:ce:1c:f2:c5:3d:ff:aa:7f:0d:c2:f1:22:d0:35:c9:05:
2b:fc:89:6c:ee:07:30:30:f4:4c:21:81:af:7e:1a:1f:24:93:
13:13:3a:a6:a3:cf:d4:fb:71:e9:ec:0e:3a:3b:11:ce:6e:0f:
8f:d2:4c:07
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUzAjDNH0z+Dhlo4LKU3Mds+2Br8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDVaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkYTMwYzEyNWUyYmYxZjNkYzg0MTFlMjQ4MzBlNzgxYmI0MjBjYjQ3ZmUw
MDZmYmE3ZWJhMGI1YzQ0MDZmMDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALfOJTnPgop3yE+4GcfLQDbvrKIf4jCLBwT8wIpuihoCX2TakLpMe48O4eOi
pgRotGijcv4TyuzICbzdOylPMeKJCuU5skL8WbpxDSFk0ybrIWN3JbrwXjrIeEKm
6716nIqCVAWvmX0RgK8PUkLvfKyj2BKjTjgM0Zzj6nmT3bD3Zg99HK6A7jUhSInr
1SSW7/y2OFIsLAWtfUV7j8mi/TIwwz3yX6yUZKPTa3B8nNeVhoKmJkfbtXgtISVN
NGTTa2xr61VlGkE1lT9CJOOuQKq0yT/+8JqakUA8nZNlgKkb2iCUjf53f3FlpBZy
9s+Uzqkthk7KT+ECfl5Bk4hDb7MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRjxtlI
MjFFAoFh2zw41e9T4lDi/jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDJmYzdjMjAtMjI0Yy00ZTNiLThjNmMtODUxOTI2ZDBlMzk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DLA
MA0GCSqGSIb3DQEBCwUAA4IBAQBDjwrJOW1uUD7fUf5AuracMGk9thtGnkaOhljQ
CF2tXdvGfYdn5C0pwquSZEuzHktomCqBJvZpReciPC1/UL1IiWAYVAVAsWYq1vdo
XOpijZOgqKM/JcKLWep8tC4YM81JTTVNRJkMGZNkcb9Gopj2HkAnPAJXkM2ppYeE
1pT2Jo/66SvPAlPTMgvESegVjOrX7MOnrHV8pICYU5sRULTaYFSdUHl4jRxGP3Qa
nyDj22CcH7LFfwC7U90NqOrk7kf8lC74tCZjw84c8sU9/6p/DcLxItA1yQUr/Ils
7gcwMPRMIYGvfhofJJMTEzqmo8/U+3Hp7A46OxHObg+P0kwH
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:21 2025 by rpki-client