Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
File: 868cbba8-4804-4fbd-b9b8-7e9402c44956.roa (raw, json)
Hash identifier: 1tFSn9su7KWUJI9Vtq6unqw0ha6jpBSuSiDDIq9WXJQ=
Subject key identifier: CF:51:BC:D1:20:E0:3D:45:5A:8B:7D:4B:9A:BB:E6:A8:DE:63:60:29
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7FA6020208AC2D9C48A25C7D3662E6AA810297CD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
Signing time: Fri 26 Sep 2025 19:39:30 +0000
ROA not before: Fri 26 Sep 2025 19:39:30 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:a6:02:02:08:ac:2d:9c:48:a2:5c:7d:36:62:e6:aa:81:02:97:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:39:30 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=1de44be20466262ba437b696b75ef6493d6cabba2bec3faf491c8902c3c7fdea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:8e:42:dc:93:59:59:b4:54:01:47:56:bf:66:
3f:b3:66:7e:db:cb:3c:14:36:b0:71:28:41:a6:e5:
c0:de:c3:95:ba:60:37:3b:70:b8:c0:8c:1b:77:dd:
a7:6c:7d:8a:23:ed:ed:6d:17:4b:6b:b0:2b:4f:14:
11:10:d4:45:48:ca:ef:b3:d3:b9:08:99:99:fb:62:
63:09:a2:e9:e4:17:08:f7:16:cf:64:d3:4a:0b:88:
ca:0b:20:16:7c:31:c6:fd:6e:1b:f7:d1:b4:92:ef:
aa:7e:16:e4:a2:cd:4e:e4:5e:bc:d2:4f:0e:fa:39:
8e:4a:60:df:c0:9e:dd:7f:4c:5a:5f:be:8b:87:32:
db:97:cb:a4:03:72:ae:3f:2e:bc:bb:44:0f:02:18:
7a:e4:e6:f8:ce:cc:c4:90:e5:dc:ee:8b:6d:45:68:
55:4d:11:c0:36:fa:f7:ba:88:9c:04:ec:5b:a7:e7:
d0:0f:5f:5b:66:fb:4f:45:2c:5b:99:f9:4f:55:2c:
db:d8:38:ba:3c:b4:0b:38:7f:e6:47:d6:53:be:63:
24:9f:c3:4e:89:ad:16:52:7c:49:22:af:ce:ef:24:
58:95:e9:ab:8e:42:d8:1b:d2:6f:3f:28:bc:93:6c:
63:4d:b0:30:6d:ab:25:6c:59:9c:d0:b2:40:2e:c3:
47:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:51:BC:D1:20:E0:3D:45:5A:8B:7D:4B:9A:BB:E6:A8:DE:63:60:29
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:9000::/40
Signature Algorithm: sha256WithRSAEncryption
0d:72:a9:87:96:fb:54:b5:c0:0d:63:18:85:b4:a7:20:bb:b6:
ea:d1:76:cd:1a:4a:1b:1f:97:d1:f9:1d:88:37:60:9b:a6:df:
da:76:af:d5:6b:4f:01:8d:4a:a8:9c:10:23:e1:ef:ea:58:cd:
4c:80:4e:db:ea:b5:a0:ee:b8:64:b2:eb:6c:2b:db:dd:78:b3:
c4:cb:e3:a5:e8:8d:9e:7c:6d:9e:52:92:bf:18:13:34:ae:ae:
65:0a:c8:70:9a:cc:8f:e6:b4:b9:3a:c5:10:bc:e8:08:60:99:
9e:f1:91:f0:f0:97:71:fb:52:e7:0d:37:82:4b:bf:ef:a8:7a:
05:12:81:51:7f:49:b3:53:89:82:8e:66:fc:ae:f5:4c:44:3a:
7f:08:df:53:0c:8d:f1:98:bf:0a:cd:75:50:05:f9:69:0b:49:
15:c2:f7:f9:12:d0:b6:15:91:a7:54:df:39:0c:f3:88:17:e1:
67:41:42:15:d7:4d:e7:f1:db:ee:a5:2f:59:a5:90:8e:f4:08:
af:a1:1b:9c:b7:16:f6:f1:b6:be:24:9b:b9:0e:a4:bb:c8:7a:
a3:ab:17:78:3b:eb:14:75:74:82:a3:0a:2b:02:92:26:1d:de:
09:36:fd:7a:32:ec:2b:1e:d2:81:9c:9b:64:c3:23:3f:47:1e:
50:25:d6:e5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf6YCAgisLZxIolx9NmLmqoECl80wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5MzBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkZTQ0YmUyMDQ2NjI2MmJhNDM3YjY5NmI3NWVmNjQ5M2Q2Y2FiYmEyYmVj
M2ZhZjQ5MWM4OTAyYzNjN2ZkZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKeOQtyTWVm0VAFHVr9mP7NmftvLPBQ2sHEoQablwN7DlbpgNztwuMCMG3fd
p2x9iiPt7W0XS2uwK08UERDURUjK77PTuQiZmftiYwmi6eQXCPcWz2TTSguIygsg
Fnwxxv1uG/fRtJLvqn4W5KLNTuRevNJPDvo5jkpg38Ce3X9MWl++i4cy25fLpANy
rj8uvLtEDwIYeuTm+M7MxJDl3O6LbUVoVU0RwDb697qInATsW6fn0A9fW2b7T0Us
W5n5T1Us29g4ujy0Czh/5kfWU75jJJ/DTomtFlJ8SSKvzu8kWJXpq45C2BvSbz8o
vJNsY02wMG2rJWxZnNCyQC7DR6cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTPUbzR
IOA9RVqLfUuau+ao3mNgKTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODY4Y2JiYTgtNDgwNC00ZmJkLWI5YjgtN2U5NDAyYzQ0OTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQANcqmHlvtUtcANYxiFtKcgu7bq0XbNGkobH5fR
+R2IN2Cbpt/adq/Va08BjUqonBAj4e/qWM1MgE7b6rWg7rhksutsK9vdeLPEy+Ol
6I2efG2eUpK/GBM0rq5lCshwmsyP5rS5OsUQvOgIYJme8ZHw8Jdx+1LnDTeCS7/v
qHoFEoFRf0mzU4mCjmb8rvVMRDp/CN9TDI3xmL8KzXVQBflpC0kVwvf5EtC2FZGn
VN85DPOIF+FnQUIV103n8dvupS9ZpZCO9AivoRuctxb28ba+JJu5DqS7yHqjqxd4
O+sUdXSCoworApImHd4JNv16MuwrHtKBnJtkwyM/Rx5QJdbl
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:31 2025 by rpki-client