Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
File: 9963ca7c-f411-4aae-ac61-2c650f8269e0.roa (raw, json)
Hash identifier: xOH3F4CSZIbv3v7Id6wgbdABnLTe4gtHMDDXSuK9naI=
Subject key identifier: 0A:51:84:72:04:72:06:7D:73:7A:07:62:FA:24:30:89:03:C1:EE:FB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 645B805B730043FB49C0A542B5AA0F52CC38D67F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
Signing time: Fri 26 Sep 2025 19:50:13 +0000
ROA not before: Fri 26 Sep 2025 19:50:13 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d011:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:5b:80:5b:73:00:43:fb:49:c0:a5:42:b5:aa:0f:52:cc:38:d6:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:50:13 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=2fc5b8d369154013f4a24749df3b2934953b1521794d85b88996d866196de911, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:a2:38:46:1b:7b:d9:40:8e:87:56:fa:f0:f2:
37:b8:9f:08:1f:20:84:b5:b1:24:ba:21:a5:bc:18:
a0:d4:f8:d2:91:28:b5:9e:05:ef:f4:c4:32:61:8d:
1b:ad:53:c9:32:86:18:51:bb:6b:97:9e:0d:41:24:
51:1f:dc:11:80:bc:8e:a0:5f:45:c0:84:fd:1a:e9:
9f:21:4b:64:d3:4f:24:8c:a7:d4:cb:e9:9c:fe:91:
d3:f5:ca:a0:71:98:b3:19:77:30:cc:f0:a4:c0:f0:
a8:77:0b:7d:6f:c6:22:9f:d7:b5:bd:bb:d3:f2:b5:
73:4d:e6:a9:db:7c:ee:a7:63:c9:1f:14:52:8d:f3:
36:39:93:dd:9a:b0:21:ef:f8:f2:02:59:a1:46:cd:
7b:fe:9d:3b:0d:ea:eb:6c:23:db:cb:d0:90:4d:71:
13:e5:3e:78:ec:11:4e:dc:78:2b:01:b7:70:23:a2:
21:9b:39:0c:7a:dd:9d:7e:7a:31:3e:be:4d:9e:c6:
f5:0c:77:1e:a4:80:de:e8:2f:b9:7d:0c:e2:7e:e2:
01:7c:ee:c2:75:23:38:33:9d:f1:54:25:66:d1:14:
f7:37:d6:5b:0b:40:2e:2c:fa:3c:f4:65:2a:c7:e3:
49:4e:3c:15:55:6a:4d:91:8a:dc:f1:3e:f0:71:f6:
6f:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:51:84:72:04:72:06:7D:73:7A:07:62:FA:24:30:89:03:C1:EE:FB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d011:400::/38
Signature Algorithm: sha256WithRSAEncryption
5c:0a:c4:37:f9:88:39:93:0e:5b:4a:89:d0:13:eb:28:5d:8d:
82:07:dd:fa:fa:f7:51:f3:78:21:67:01:ac:86:dc:eb:2d:40:
7a:c2:f0:a0:67:6a:40:b7:4c:0a:26:c3:b7:b4:71:ad:d3:d0:
6d:da:db:f3:bf:d1:da:3f:19:2d:12:70:19:92:35:20:6e:a5:
9b:86:7f:b8:63:59:e2:43:77:93:c5:57:36:49:df:e4:a2:d6:
8a:85:13:cd:b5:a0:17:95:b6:a1:85:3b:cb:6d:a3:73:46:cd:
79:45:dc:af:3f:4d:d2:7e:77:82:e7:c7:e9:ac:9a:c0:c0:d8:
fa:eb:d0:90:01:6d:e1:ab:0e:67:17:b8:31:82:14:0a:0e:e9:
34:08:96:2f:98:39:15:78:c4:7c:72:76:b4:e9:e3:35:24:3d:
14:bb:c2:3d:fd:0d:e2:0f:b3:2e:0d:60:a7:5b:35:07:21:93:
fc:37:51:4d:ca:08:5e:40:c7:2d:ae:ad:00:56:4b:41:06:74:
aa:52:a2:eb:0f:e4:3e:eb:0d:d9:ed:7b:2e:7a:cc:b5:29:2d:
90:08:54:75:e7:de:12:57:06:5a:df:38:99:81:9c:03:66:9f:
f9:ca:1d:ca:60:bb:83:44:87:3d:e7:86:ab:be:d1:ae:ce:a3:
66:16:b4:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZFuAW3MAQ/tJwKVCtaoPUsw41n8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUwMTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmYzViOGQzNjkxNTQwMTNmNGEyNDc0OWRmM2IyOTM0OTUzYjE1MjE3OTRk
ODViODg5OTZkODY2MTk2ZGU5MTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSiOEYbe9lAjodW+vDyN7ifCB8ghLWxJLohpbwYoNT40pEotZ4F7/TEMmGN
G61TyTKGGFG7a5eeDUEkUR/cEYC8jqBfRcCE/RrpnyFLZNNPJIyn1MvpnP6R0/XK
oHGYsxl3MMzwpMDwqHcLfW/GIp/Xtb270/K1c03mqdt87qdjyR8UUo3zNjmT3Zqw
Ie/48gJZoUbNe/6dOw3q62wj28vQkE1xE+U+eOwRTtx4KwG3cCOiIZs5DHrdnX56
MT6+TZ7G9Qx3HqSA3ugvuX0M4n7iAXzuwnUjODOd8VQlZtEU9zfWWwtALiz6PPRl
KsfjSU48FVVqTZGK3PE+8HH2b3cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQKUYRy
BHIGfXN6B2L6JDCJA8Hu+zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTk2M2NhN2MtZjQxMS00YWFlLWFjNjEtMmM2NTBmODI2OWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BEE
MA0GCSqGSIb3DQEBCwUAA4IBAQBcCsQ3+Yg5kw5bSonQE+soXY2CB936+vdR83gh
ZwGshtzrLUB6wvCgZ2pAt0wKJsO3tHGt09Bt2tvzv9HaPxktEnAZkjUgbqWbhn+4
Y1niQ3eTxVc2Sd/kotaKhRPNtaAXlbahhTvLbaNzRs15RdyvP03SfneC58fprJrA
wNj669CQAW3hqw5nF7gxghQKDuk0CJYvmDkVeMR8cna06eM1JD0Uu8I9/Q3iD7Mu
DWCnWzUHIZP8N1FNygheQMctrq0AVktBBnSqUqLrD+Q+6w3Z7Xsuesy1KS2QCFR1
594SVwZa3ziZgZwDZp/5yh3KYLuDRIc954arvtGuzqNmFrT8
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:27 2025 by rpki-client