Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/91ee3655-dcb4-41c6-b4a4-270ca5cacf7a.roa
File: 91ee3655-dcb4-41c6-b4a4-270ca5cacf7a.roa (raw, json)
Hash identifier: nIOfc4LQ8M8qCvhlwhiDiS2jYuynVjvSlgrHm2cP8I8=
Subject key identifier: 8E:27:BA:58:8A:A9:E9:1F:9D:82:C6:53:58:31:02:09:94:04:7C:69
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0D2BC891E6AE2DFF212D5C0334CE67A648249B67
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/91ee3655-dcb4-41c6-b4a4-270ca5cacf7a.roa
Signing time: Fri 26 Sep 2025 18:40:41 +0000
ROA not before: Fri 26 Sep 2025 18:40:41 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:8080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:2b:c8:91:e6:ae:2d:ff:21:2d:5c:03:34:ce:67:a6:48:24:9b:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:40:41 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=cf2754069f83de337d0e6b054df6aca46ac24e46e35b1a9f573716b871e7d449, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:da:f8:d6:90:d0:86:a6:8d:51:68:8f:fb:9c:
9e:19:f7:7c:25:ca:fa:cf:0d:e4:d7:3e:4d:2e:de:
ca:57:01:db:78:21:0d:9e:72:63:d3:e5:f7:9e:3d:
f7:5b:a1:f8:f3:a8:97:00:21:40:73:15:5a:bf:1f:
10:48:74:ec:d7:96:41:f3:0a:36:6c:95:31:d4:91:
ad:94:f3:86:68:1a:ce:03:44:71:79:c2:b8:2f:7f:
fb:19:41:ab:c9:45:88:d9:75:fa:d2:51:e5:32:6c:
be:0f:d7:30:17:0b:11:a6:26:2a:18:f8:26:55:57:
72:2f:ca:a1:3f:05:de:46:59:f9:b3:3a:fd:65:ef:
eb:d7:34:30:e5:dd:34:bb:0b:b5:8c:d1:2d:aa:e9:
00:49:0b:a3:5f:80:cd:43:81:60:ca:bc:84:a8:6d:
c3:9a:ca:a3:e2:b4:c5:d6:5f:f0:96:20:da:f6:84:
87:b1:82:46:30:33:5c:33:f2:0b:7f:c8:bb:53:e9:
6d:44:8c:ce:8e:b0:73:44:e8:85:22:94:68:5f:cf:
0b:fd:2e:9c:4b:3c:14:23:e0:62:a2:a1:3f:c9:47:
7e:76:df:8f:43:41:03:1c:94:9a:5d:a0:4f:6c:d1:
f3:1a:ef:a3:87:3c:30:99:63:78:71:cc:de:2c:48:
0a:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:27:BA:58:8A:A9:E9:1F:9D:82:C6:53:58:31:02:09:94:04:7C:69
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/91ee3655-dcb4-41c6-b4a4-270ca5cacf7a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:8080::/48
Signature Algorithm: sha256WithRSAEncryption
27:3d:99:00:53:8e:91:17:26:c2:ab:7d:53:6e:a5:3c:b4:a7:
19:dd:64:e4:c6:25:c4:5d:37:5e:42:41:45:c7:6c:02:0f:36:
50:05:e3:10:e8:3b:b7:c1:e2:e6:81:00:4d:a4:9b:bc:f9:8a:
48:70:6e:ce:da:31:ec:66:d1:16:d0:35:2b:e0:43:d1:b9:09:
64:ef:fd:7f:06:1b:39:c3:fb:bf:2e:f6:97:9a:99:39:24:77:
e8:c9:c4:52:c9:c2:51:7c:12:1e:b4:29:7e:b7:9d:c7:44:17:
7a:05:43:d2:27:d2:72:d8:57:8f:2f:b3:07:5f:24:e3:ca:52:
07:01:19:f8:70:9d:cb:22:43:96:6f:04:3a:9c:9c:4c:4f:2d:
02:40:04:b4:64:2c:bd:8e:f1:4b:4f:aa:7e:91:3d:fb:2c:47:
cb:f5:de:a2:82:c1:b6:0e:b4:63:01:33:67:05:c7:50:90:01:
32:69:a1:39:39:9c:d5:7e:3d:3f:b3:bb:f9:90:5e:85:57:7b:
01:9b:85:11:35:94:e5:0b:ec:ce:3f:d8:85:ba:03:a2:56:9b:
ce:39:39:ba:41:ef:5d:5c:75:56:4a:67:ca:20:40:5d:7b:07:
a0:d8:85:eb:4a:2c:0a:da:55:63:4d:ab:cc:bc:f3:45:b9:cd:
24:19:2b:bc
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDSvIkeauLf8hLVwDNM5npkgkm2cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQwNDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNmMjc1NDA2OWY4M2RlMzM3ZDBlNmIwNTRkZjZhY2E0NmFjMjRlNDZlMzVi
MWE5ZjU3MzcxNmI4NzFlN2Q0NDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3a+NaQ0IamjVFoj/ucnhn3fCXK+s8N5Nc+TS7eylcB23ghDZ5yY9Pl9549
91uh+POolwAhQHMVWr8fEEh07NeWQfMKNmyVMdSRrZTzhmgazgNEcXnCuC9/+xlB
q8lFiNl1+tJR5TJsvg/XMBcLEaYmKhj4JlVXci/KoT8F3kZZ+bM6/WXv69c0MOXd
NLsLtYzRLarpAEkLo1+AzUOBYMq8hKhtw5rKo+K0xdZf8JYg2vaEh7GCRjAzXDPy
C3/Iu1PpbUSMzo6wc0TohSKUaF/PC/0unEs8FCPgYqKhP8lHfnbfj0NBAxyUml2g
T2zR8xrvo4c8MJljeHHM3ixICrsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSOJ7pY
iqnpH52CxlNYMQIJlAR8aTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTFlZTM2NTUtZGNiNC00MWM2LWI0YTQtMjcwY2E1Y2FjZjdhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DiA
gDANBgkqhkiG9w0BAQsFAAOCAQEAJz2ZAFOOkRcmwqt9U26lPLSnGd1k5MYlxF03
XkJBRcdsAg82UAXjEOg7t8Hi5oEATaSbvPmKSHBuztox7GbRFtA1K+BD0bkJZO/9
fwYbOcP7vy72l5qZOSR36MnEUsnCUXwSHrQpfredx0QXegVD0ifScthXjy+zB18k
48pSBwEZ+HCdyyJDlm8EOpycTE8tAkAEtGQsvY7xS0+qfpE9+yxHy/XeooLBtg60
YwEzZwXHUJABMmmhOTmc1X49P7O7+ZBehVd7AZuFETWU5Qvszj/YhboDolabzjk5
ukHvXVx1VkpnyiBAXXsHoNiF60osCtpVY02rzLzzRbnNJBkrvA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:34 2025 by rpki-client