Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ad4b1d5-173e-4c13-8032-ab2dd1fafee4.roa
File: 4ad4b1d5-173e-4c13-8032-ab2dd1fafee4.roa (raw, json)
Hash identifier: 97h/QV2R2cqfJ1pnqWs/kVlIdsLCM3yWOKDUJ73AOls=
Subject key identifier: 8B:2F:21:AD:4D:D7:8E:60:3A:BF:BE:64:72:8E:7E:07:BF:F1:7D:1F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1A05EEBACCA5F3D97A4785EE13390565B5A39D32
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ad4b1d5-173e-4c13-8032-ab2dd1fafee4.roa
Signing time: Fri 26 Sep 2025 19:40:44 +0000
ROA not before: Fri 26 Sep 2025 19:40:44 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:05:ee:ba:cc:a5:f3:d9:7a:47:85:ee:13:39:05:65:b5:a3:9d:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:44 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=913927c1a4d87f87f404899e478707689e678c09001027761d3f9918591f448f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:4d:14:60:b3:5f:2c:82:8f:bb:c0:a2:77:1a:
99:1a:de:82:09:87:de:9a:f2:21:e7:97:c8:bd:25:
0b:8d:df:61:28:35:33:0f:52:a4:0b:ba:75:bb:76:
c2:48:d7:5b:5a:15:49:78:e8:74:d7:eb:b2:8b:fe:
01:4a:58:9b:74:61:43:36:b0:98:ee:db:11:17:b9:
31:4a:13:3f:2a:02:66:5d:98:af:43:55:54:b6:c8:
d3:09:33:00:7c:a4:c6:3a:f2:9d:18:15:52:be:08:
48:6b:9d:a5:a9:77:98:e6:46:81:0a:f5:c7:78:1f:
fe:b9:32:31:9b:be:ef:39:1f:ee:69:9a:12:4c:fb:
4a:77:fa:61:a3:ed:87:0a:c8:b0:36:65:44:ed:f5:
19:40:f2:18:80:0d:1a:41:2e:e3:b8:bc:7c:8f:a2:
0e:b6:18:db:24:c6:a2:11:df:a9:db:92:11:2d:d7:
f7:c3:98:32:21:0d:b1:09:89:c7:a2:15:cd:57:b1:
3d:09:ff:ea:65:44:ed:f2:1b:35:37:12:92:f8:9f:
af:08:8b:4c:8a:bc:db:0b:90:80:c1:06:e5:40:07:
c9:54:6a:b5:80:c9:ca:59:6d:6b:3f:e0:a0:76:1d:
3a:d2:f4:8d:47:34:f0:9c:fd:74:95:f8:6e:17:74:
b9:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:2F:21:AD:4D:D7:8E:60:3A:BF:BE:64:72:8E:7E:07:BF:F1:7D:1F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ad4b1d5-173e-4c13-8032-ab2dd1fafee4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:c000::/40
Signature Algorithm: sha256WithRSAEncryption
5a:9b:db:7a:f4:13:05:20:0d:b9:a9:8d:46:17:53:8f:6b:8b:
a6:eb:d0:6d:25:a3:ed:86:f2:bf:8f:04:63:52:ca:0b:2f:dc:
38:95:30:4d:ad:95:1c:83:cf:e9:ca:7a:54:f4:1e:99:dd:c7:
0d:eb:d9:43:aa:2f:03:ca:08:a2:47:97:09:2e:5f:0c:c4:df:
59:d7:16:3b:25:a0:00:f7:15:43:5d:25:37:bf:96:0f:bd:5d:
77:d5:63:a7:df:7b:3a:f7:6d:74:3e:14:8b:f0:b4:ff:8c:76:
4d:5a:c5:a5:bd:48:dc:c8:c0:22:9f:3b:ae:05:61:03:1c:95:
1d:bb:af:08:25:2a:20:c7:b8:79:b5:69:79:2a:18:71:8a:3a:
57:be:94:99:7f:8c:8c:c4:5f:15:a8:ae:78:50:d0:8f:b6:54:
7c:bb:41:80:b7:48:01:a1:0b:b1:b7:94:30:be:8a:9f:de:dc:
3b:af:13:3e:94:70:19:d5:1f:6c:a5:77:45:dd:03:0a:99:92:
0d:9a:fd:87:cf:3f:61:20:ae:b2:79:5f:1d:70:18:9e:87:62:
ca:49:c2:b1:bc:15:9b:08:c7:4f:e7:10:6b:f5:14:4d:4e:3b:
02:cd:98:c1:e8:64:7e:d3:c3:f8:2e:62:88:c7:8a:d9:97:c4:
9c:10:9c:9d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGgXuusyl89l6R4XuEzkFZbWjnTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxMzkyN2MxYTRkODdmODdmNDA0ODk5ZTQ3ODcwNzY4OWU2NzhjMDkwMDEw
Mjc3NjFkM2Y5OTE4NTkxZjQ0OGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpNFGCzXyyCj7vAoncamRreggmH3pryIeeXyL0lC43fYSg1Mw9SpAu6dbt2
wkjXW1oVSXjodNfrsov+AUpYm3RhQzawmO7bERe5MUoTPyoCZl2Yr0NVVLbI0wkz
AHykxjrynRgVUr4ISGudpal3mOZGgQr1x3gf/rkyMZu+7zkf7mmaEkz7Snf6YaPt
hwrIsDZlRO31GUDyGIANGkEu47i8fI+iDrYY2yTGohHfqduSES3X98OYMiENsQmJ
x6IVzVexPQn/6mVE7fIbNTcSkvifrwiLTIq82wuQgMEG5UAHyVRqtYDJylltaz/g
oHYdOtL0jUc08Jz9dJX4bhd0ua8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSLLyGt
TdeOYDq/vmRyjn4Hv/F9HzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGFkNGIxZDUtMTczZS00YzEzLTgwMzItYWIyZGQxZmFmZWU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FDA
MA0GCSqGSIb3DQEBCwUAA4IBAQBam9t69BMFIA25qY1GF1OPa4um69BtJaPthvK/
jwRjUsoLL9w4lTBNrZUcg8/pynpU9B6Z3ccN69lDqi8DygiiR5cJLl8MxN9Z1xY7
JaAA9xVDXSU3v5YPvV131WOn33s69210PhSL8LT/jHZNWsWlvUjcyMAinzuuBWED
HJUdu68IJSogx7h5tWl5KhhxijpXvpSZf4yMxF8VqK54UNCPtlR8u0GAt0gBoQux
t5Qwvoqf3tw7rxM+lHAZ1R9spXdF3QMKmZINmv2Hzz9hIK6yeV8dcBieh2LKScKx
vBWbCMdP5xBr9RRNTjsCzZjB6GR+08P4LmKIx4rZl8ScEJyd
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:39 2025 by rpki-client