Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
File: 68f2af14-43e2-4447-a8a7-f8fe713e249e.roa (raw, json)
Hash identifier: Pf9NvNJQef5/T7cNAoSDKxYejH/MsIjhwZK2xVPtjSQ=
Subject key identifier: 4B:86:0F:D5:44:35:56:73:8A:30:1E:E3:F8:70:0B:01:6B:CC:70:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6D0A746B854DB5DA248D05B4D690ECB82752473B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
Signing time: Mon 29 Sep 2025 15:24:40 +0000
ROA not before: Mon 29 Sep 2025 15:24:40 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01f:800::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:0a:74:6b:85:4d:b5:da:24:8d:05:b4:d6:90:ec:b8:27:52:47:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 29 15:24:40 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=61e454ce26a133ee8f8578e77b47fa343dcf3fb72f503b2cd1f2232ca64ed828, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:89:56:56:35:fe:ad:7f:1a:fd:62:72:45:ab:
6f:ff:e7:20:7d:67:71:e6:d6:a9:6d:66:7f:4f:5b:
82:2c:4e:e5:e0:ac:65:64:bc:db:23:f3:9b:8f:7d:
43:5c:2a:7c:10:59:ae:57:3c:40:2f:72:58:9b:6b:
0e:52:52:fd:63:b0:43:9d:dd:e3:f1:46:04:13:11:
7c:7c:93:f6:72:4b:92:ff:63:6d:34:fc:6c:96:f4:
cc:14:8c:e8:46:8e:6e:f1:82:8c:ad:d4:c6:15:7a:
3f:ed:25:ee:87:49:94:81:b6:52:9e:14:ea:5c:71:
39:12:4c:7e:60:07:fb:aa:5a:81:6b:22:bf:5b:c5:
73:f4:63:a8:3c:db:ab:db:56:ea:bf:53:f9:49:bb:
bc:19:99:43:85:f3:05:2c:03:bc:9b:a2:44:11:73:
0a:54:42:49:fc:4e:c5:43:2e:ab:2c:ba:41:b4:aa:
49:45:f6:a1:d2:de:a3:c0:8f:22:5e:9f:91:19:92:
d3:3d:2d:b4:11:03:d0:d9:29:67:99:1c:f1:eb:a7:
09:63:02:04:1a:73:c4:e5:97:27:bd:0b:be:b6:3e:
0c:11:85:73:19:ca:00:f9:27:2b:10:f5:78:1f:36:
f3:6f:d9:ae:56:67:c4:47:c9:67:0a:ef:76:6a:92:
31:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:86:0F:D5:44:35:56:73:8A:30:1E:E3:F8:70:0B:01:6B:CC:70:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01f:800::/37
Signature Algorithm: sha256WithRSAEncryption
93:eb:d6:5f:19:25:e7:eb:ba:ac:0e:44:f7:e6:83:5f:38:82:
fc:6b:d0:76:74:0f:a2:b7:65:20:c7:c8:7b:5f:4b:88:5f:ef:
3c:16:17:e0:db:b2:a5:d8:c6:e9:27:97:19:f6:86:4f:04:e4:
a6:65:cf:a4:51:05:2c:31:cd:e5:0a:91:42:2f:ad:1a:8f:7f:
63:6b:99:7c:aa:6e:b9:19:54:22:4f:d8:ea:3d:79:78:61:1b:
9d:70:e2:09:c4:2f:93:43:90:f6:fd:ba:d2:70:cd:bb:d8:12:
0b:47:ca:3b:95:8d:4d:28:c9:39:d6:cd:f4:00:1a:bc:c1:82:
8a:36:9a:6f:a6:8f:ad:97:a3:15:83:e1:97:6e:f7:dc:87:04:
75:0f:2a:32:25:b4:47:85:bd:5f:62:b9:75:7c:f7:b8:5c:80:
12:53:25:97:67:85:f0:56:ec:fc:0a:6a:28:b2:61:48:c1:1a:
33:af:29:03:48:e3:d3:7a:dd:c6:df:e2:61:35:66:d4:c8:ec:
83:82:20:d3:8f:b1:30:a3:14:09:f4:a0:3f:ca:96:b2:7e:24:
42:30:be:16:57:90:83:7c:f3:74:db:bb:5a:01:29:8e:1d:09:
5e:20:33:da:a3:15:a6:91:55:1c:0f:97:66:6a:7b:9e:ae:3c:
89:a2:50:d2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbQp0a4VNtdokjQW01pDsuCdSRzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0NDBaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxZTQ1NGNlMjZhMTMzZWU4Zjg1NzhlNzdiNDdmYTM0M2RjZjNmYjcyZjUw
M2IyY2QxZjIyMzJjYTY0ZWQ4MjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSJVlY1/q1/Gv1ickWrb//nIH1ncebWqW1mf09bgixO5eCsZWS82yPzm499
Q1wqfBBZrlc8QC9yWJtrDlJS/WOwQ53d4/FGBBMRfHyT9nJLkv9jbTT8bJb0zBSM
6EaObvGCjK3UxhV6P+0l7odJlIG2Up4U6lxxORJMfmAH+6pagWsiv1vFc/RjqDzb
q9tW6r9T+Um7vBmZQ4XzBSwDvJuiRBFzClRCSfxOxUMuqyy6QbSqSUX2odLeo8CP
Il6fkRmS0z0ttBED0NkpZ5kc8eunCWMCBBpzxOWXJ70LvrY+DBGFcxnKAPknKxD1
eB8282/ZrlZnxEfJZwrvdmqSMZ8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRLhg/V
RDVWc4owHuP4cAsBa8xw6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhmMmFmMTQtNDNlMi00NDQ3LWE4YTctZjhmZTcxM2UyNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8I
MA0GCSqGSIb3DQEBCwUAA4IBAQCT69ZfGSXn67qsDkT35oNfOIL8a9B2dA+it2Ug
x8h7X0uIX+88Fhfg27Kl2MbpJ5cZ9oZPBOSmZc+kUQUsMc3lCpFCL60aj39ja5l8
qm65GVQiT9jqPXl4YRudcOIJxC+TQ5D2/brScM272BILR8o7lY1NKMk51s30ABq8
wYKKNppvpo+tl6MVg+GXbvfchwR1DyoyJbRHhb1fYrl1fPe4XIASUyWXZ4XwVuz8
CmoosmFIwRozrykDSOPTet3G3+JhNWbUyOyDgiDTj7EwoxQJ9KA/ypayfiRCML4W
V5CDfPN027taASmOHQleIDPaoxWmkVUcD5dmanuerjyJolDS
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:42 2025 by rpki-client