Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d322170-f0d4-4cd2-98f4-e2f1db786c6d.roa
File: 5d322170-f0d4-4cd2-98f4-e2f1db786c6d.roa (raw, json)
Hash identifier: dEEZQMQOthIMqiNEMWsoq1ya00HaP5lioNj4sCUfu0I=
Subject key identifier: 06:5D:E2:BE:F0:96:FF:DC:23:DA:59:6B:45:75:95:69:A9:2E:F6:13
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4BE821696DD5019239233F7D0A7808AB93791BC9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d322170-f0d4-4cd2-98f4-e2f1db786c6d.roa
Signing time: Fri 10 Oct 2025 17:05:01 +0000
ROA not before: Fri 10 Oct 2025 17:05:01 +0000
ROA not after: Fri 14 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:e8:21:69:6d:d5:01:92:39:23:3f:7d:0a:78:08:ab:93:79:1b:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 10 17:05:01 2025 GMT
Not After : Nov 14 23:59:59 2025 GMT
Subject: serialNumber=f414a508d94e2d2590f6ce05256f3e51120e3f1cdb369ca67e27dec20692420e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:30:1c:2b:ca:f2:aa:c8:27:6a:34:af:16:3a:
12:7e:97:a9:47:0c:d7:b6:b0:3d:1c:20:e6:52:1b:
6f:20:b6:8b:26:de:51:ea:67:4d:b1:b7:44:a7:55:
93:09:9d:a1:8b:14:39:7c:b8:0e:7a:7a:31:cd:78:
e5:1b:85:a0:c2:9e:9c:34:3c:97:aa:c5:d9:54:41:
9f:af:4e:2b:6c:c9:5b:30:32:a1:74:1d:f5:d2:c0:
c1:46:f5:a1:54:ca:d9:cb:a2:eb:e9:03:38:8e:65:
5a:dd:a7:f6:be:2f:92:a8:54:bd:a7:24:df:c1:bb:
7e:44:b4:d2:39:f1:4c:72:e6:49:82:c5:ea:2e:51:
80:21:b1:47:1d:33:e7:89:53:54:68:d2:69:ee:6c:
80:19:ea:f5:12:46:40:41:98:cc:7a:bf:80:41:ca:
86:70:e0:a9:00:04:1f:99:2b:bb:92:5f:aa:b2:99:
c4:31:f8:23:80:f1:bc:5b:e4:b0:0f:79:5b:58:c9:
dd:29:b3:37:fb:2c:33:ab:58:50:15:1f:50:d8:b6:
e2:c5:82:c3:10:b0:92:a1:76:5f:66:0a:6e:cd:3a:
7c:a3:69:d6:e0:f2:71:31:21:99:6b:8b:08:cc:cf:
e6:44:cd:bc:e1:f5:a9:d2:d5:0d:92:a6:b4:48:39:
b3:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:5D:E2:BE:F0:96:FF:DC:23:DA:59:6B:45:75:95:69:A9:2E:F6:13
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d322170-f0d4-4cd2-98f4-e2f1db786c6d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:1000::/40
Signature Algorithm: sha256WithRSAEncryption
00:d3:5a:17:f8:57:9b:ea:76:cc:f5:0a:ac:92:68:9d:ae:f9:
e2:7b:bf:84:30:8b:d7:d0:f6:73:fb:c4:10:c0:bc:d6:55:51:
e6:ca:82:2f:7e:12:f4:33:7e:77:e2:6a:72:e9:32:bb:68:83:
aa:43:31:c8:b2:a8:9d:ec:15:e6:7c:2e:f1:a9:08:8f:fb:db:
fb:a6:03:42:4f:98:3e:d5:65:34:c2:68:82:ae:6b:71:69:46:
8b:9a:64:23:db:86:e7:37:81:b6:89:55:3e:b9:8c:72:5f:9e:
17:ff:13:7d:4a:0d:85:61:6f:43:1e:1e:d0:9f:36:94:e5:ce:
d4:19:95:bc:eb:21:72:32:57:e0:e0:4e:7f:90:11:94:f5:e5:
09:c1:2b:4b:4f:5c:00:51:c5:ec:a0:15:61:64:ad:43:81:9d:
8c:d2:87:92:4b:4e:1d:fd:7b:e7:d3:eb:4c:78:d4:d4:46:01:
ad:a3:09:31:81:65:a4:44:24:fc:22:a4:31:6b:84:b3:32:8d:
61:72:35:93:d0:db:e7:3a:25:1e:5b:47:1b:d6:2f:24:1b:3f:
aa:18:35:2f:4d:67:26:99:5a:48:da:dc:dc:a5:05:cc:8c:02:
f6:3a:79:df:96:91:ce:77:1f:fd:60:c3:ed:0f:9b:af:bb:63:
25:7e:6d:70
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS+ghaW3VAZI5Iz99CngIq5N5G8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA1MDFaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0MTRhNTA4ZDk0ZTJkMjU5MGY2Y2UwNTI1NmYzZTUxMTIwZTNmMWNkYjM2
OWNhNjdlMjdkZWMyMDY5MjQyMGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ4wHCvK8qrIJ2o0rxY6En6XqUcM17awPRwg5lIbbyC2iybeUepnTbG3RKdV
kwmdoYsUOXy4Dnp6Mc145RuFoMKenDQ8l6rF2VRBn69OK2zJWzAyoXQd9dLAwUb1
oVTK2cui6+kDOI5lWt2n9r4vkqhUvack38G7fkS00jnxTHLmSYLF6i5RgCGxRx0z
54lTVGjSae5sgBnq9RJGQEGYzHq/gEHKhnDgqQAEH5kru5JfqrKZxDH4I4DxvFvk
sA95W1jJ3SmzN/ssM6tYUBUfUNi24sWCwxCwkqF2X2YKbs06fKNp1uDycTEhmWuL
CMzP5kTNvOH1qdLVDZKmtEg5s8sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQGXeK+
8Jb/3CPaWWtFdZVpqS72EzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWQzMjIxNzAtZjBkNC00Y2QyLTk4ZjQtZTJmMWRiNzg2YzZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAA01oX+Feb6nbM9Qqskmidrvnie7+EMIvX0PZz
+8QQwLzWVVHmyoIvfhL0M3534mpy6TK7aIOqQzHIsqid7BXmfC7xqQiP+9v7pgNC
T5g+1WU0wmiCrmtxaUaLmmQj24bnN4G2iVU+uYxyX54X/xN9Sg2FYW9DHh7QnzaU
5c7UGZW86yFyMlfg4E5/kBGU9eUJwStLT1wAUcXsoBVhZK1DgZ2M0oeSS04d/Xvn
0+tMeNTURgGtowkxgWWkRCT8IqQxa4SzMo1hcjWT0NvnOiUeW0cb1i8kGz+qGDUv
TWcmmVpI2tzcpQXMjAL2OnnflpHOdx/9YMPtD5uvu2Mlfm1w
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:46:58 2025 by rpki-client