Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
File: 98ae6903-6674-49ca-b677-ce1e731619a3.roa (raw, json)
Hash identifier: eq37gmES14AcH3voK08kKNWjP+X/oNcuQYeOgXT7LgA=
Subject key identifier: AA:5E:DC:83:6C:4F:61:08:84:DD:A3:AD:E8:FC:B5:7A:E6:E6:CC:C1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5E731B7CA4DCFFB1FF3668A7DE59538C5386EC8E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
Signing time: Fri 08 Aug 2025 00:30:58 +0000
ROA not before: Fri 08 Aug 2025 00:30:58 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:73:1b:7c:a4:dc:ff:b1:ff:36:68:a7:de:59:53:8c:53:86:ec:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 8 00:30:58 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=358f1f4137d3ebac3f26b50c644ec84d23f97aa2bf955b54da09458c372135fd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:8b:ed:77:d8:14:b8:20:dd:5d:97:76:a5:1f:
29:8f:63:dd:a5:12:99:ad:a8:cd:39:c3:23:7e:9f:
1b:c3:e9:75:4d:8c:79:10:60:2d:f7:60:7b:9c:ce:
3a:79:e5:fa:ef:d2:5e:fa:b6:73:4e:63:9c:28:88:
62:9d:67:56:f6:1a:13:b8:4e:82:46:d1:fd:a4:6b:
8f:96:ed:12:93:de:46:74:5b:26:b5:db:3e:04:12:
cf:99:95:b6:6e:2f:3e:4e:b5:62:d9:20:db:b0:54:
56:ea:a4:f6:10:aa:22:45:69:bb:44:98:c8:90:0c:
45:f4:03:3b:6b:52:27:ea:02:4f:30:46:a6:da:0c:
80:e1:0c:56:29:3f:c6:25:08:53:75:6b:b4:17:ce:
5f:7e:ec:19:68:d4:01:d8:5c:21:5d:80:21:30:80:
57:bb:5d:fb:5b:df:8b:a7:c6:48:b4:69:d4:86:1d:
8b:6b:c7:9d:35:04:31:46:d5:84:67:7d:92:2d:66:
a7:e2:f2:ec:f1:03:7b:4b:41:22:26:27:d4:da:17:
21:1d:bf:1a:8f:7a:9f:75:e1:5f:cf:a6:d5:ad:09:
b5:8a:df:5c:2b:be:8f:ad:ed:6d:7c:c0:9b:8e:f7:
09:85:7f:14:b7:96:4a:16:48:88:ab:85:a9:b6:88:
e4:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:5E:DC:83:6C:4F:61:08:84:DD:A3:AD:E8:FC:B5:7A:E6:E6:CC:C1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1c00::/38
Signature Algorithm: sha256WithRSAEncryption
4f:5b:e5:8b:72:aa:d0:f9:c0:10:65:b5:d5:58:3f:b0:6f:16:
99:3d:c2:0b:3b:9e:24:da:56:c0:94:d4:b5:65:b1:05:c1:63:
50:ac:86:fa:41:cc:a7:8d:aa:a5:da:94:7e:6b:49:47:7a:dd:
66:72:45:e1:c0:ce:f8:1a:6b:82:fa:3b:4d:5c:41:3a:80:13:
ee:f7:b9:22:3d:14:14:75:e0:a6:8f:fc:d6:08:a4:eb:b9:52:
46:ca:14:00:82:44:ff:5f:23:b2:65:10:f5:ef:cb:dd:39:4f:
ff:74:af:d5:28:96:29:0e:f6:d6:ba:dc:fe:d4:f4:5f:df:56:
b3:55:41:ed:54:32:f3:2b:09:36:83:6f:ad:5d:ae:ee:90:da:
e5:0f:86:b0:78:53:8f:0e:a7:0b:a4:47:52:a0:05:57:50:bb:
a2:e2:6d:41:08:bb:3f:5c:09:23:8b:4c:79:0e:69:25:c5:a5:
1a:9b:d5:9e:37:96:53:b6:6d:b1:86:dc:7a:d7:7f:46:a7:94:
e8:20:4d:99:29:7a:5b:e7:b3:9f:ed:72:ec:ac:4d:32:eb:b0:
df:56:a1:52:97:7e:38:4f:4a:a8:ba:08:a3:65:32:b7:90:a9:
9a:0a:8a:98:e1:e8:cb:d6:2d:1c:8a:c2:ce:00:f4:99:fb:8f:
bc:e6:f4:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXnMbfKTc/7H/Nmin3llTjFOG7I4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDgwMDMwNThaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1OGYxZjQxMzdkM2ViYWMzZjI2YjUwYzY0NGVjODRkMjNmOTdhYTJiZjk1
NWI1NGRhMDk0NThjMzcyMTM1ZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI6L7XfYFLgg3V2XdqUfKY9j3aUSma2ozTnDI36fG8PpdU2MeRBgLfdge5zO
Onnl+u/SXvq2c05jnCiIYp1nVvYaE7hOgkbR/aRrj5btEpPeRnRbJrXbPgQSz5mV
tm4vPk61Ytkg27BUVuqk9hCqIkVpu0SYyJAMRfQDO2tSJ+oCTzBGptoMgOEMVik/
xiUIU3VrtBfOX37sGWjUAdhcIV2AITCAV7td+1vfi6fGSLRp1IYdi2vHnTUEMUbV
hGd9ki1mp+Ly7PEDe0tBIiYn1NoXIR2/Go96n3XhX8+m1a0JtYrfXCu+j63tbXzA
m473CYV/FLeWShZIiKuFqbaI5AsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSqXtyD
bE9hCITdo63o/LV65ubMwTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OThhZTY5MDMtNjY3NC00OWNhLWI2NzctY2UxZTczMTYxOWEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQc
MA0GCSqGSIb3DQEBCwUAA4IBAQBPW+WLcqrQ+cAQZbXVWD+wbxaZPcILO54k2lbA
lNS1ZbEFwWNQrIb6Qcynjaql2pR+a0lHet1mckXhwM74GmuC+jtNXEE6gBPu97ki
PRQUdeCmj/zWCKTruVJGyhQAgkT/XyOyZRD178vdOU//dK/VKJYpDvbWutz+1PRf
31azVUHtVDLzKwk2g2+tXa7ukNrlD4aweFOPDqcLpEdSoAVXULui4m1BCLs/XAkj
i0x5DmklxaUam9WeN5ZTtm2xhtx6139Gp5ToIE2ZKXpb57Of7XLsrE0y67DfVqFS
l344T0qougijZTK3kKmaCoqY4ejL1i0cisLOAPSZ+4+85vQU
-----END CERTIFICATE-----
Generated at Sat Aug 23 06:44:37 2025 by rpki-client