Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
File: 9a732efb-e23f-49a4-ad51-1a43431e07c9.roa (raw, json)
Hash identifier: wNWWRHN5MgcJNHCXQbCDcoRlarvpgVi2TuOck8zJ/3A=
Subject key identifier: 6A:1C:FE:2D:25:3A:D6:A9:61:B9:7D:D4:22:C5:44:FD:55:79:0B:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2EC537C05CD4A2C9EE8F4DCCF0EC242CF8310504
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
Signing time: Fri 26 Sep 2025 19:51:10 +0000
ROA not before: Fri 26 Sep 2025 19:51:10 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:c5:37:c0:5c:d4:a2:c9:ee:8f:4d:cc:f0:ec:24:2c:f8:31:05:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:51:10 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=1611cda1da31da735b102f9dcc335dfdfbe9071a19fbaf69400aa996858975d9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:8e:25:0a:fe:10:cb:50:5c:6c:d0:50:a9:0d:
68:2a:4d:91:b0:24:ad:5b:1d:02:bc:29:2e:9b:e6:
f1:7b:ad:bf:3e:d0:74:94:05:da:1e:97:2f:c2:4c:
27:bc:eb:e4:b8:14:3d:3d:c8:ba:5d:d8:8e:27:f4:
d4:c7:ed:4f:e1:01:09:29:4a:5d:48:8f:ce:9b:f9:
2f:55:56:a3:3c:ab:76:0c:10:fa:6b:29:ff:f0:30:
c8:ae:3e:74:1f:53:3e:44:9e:ac:50:63:aa:38:93:
ed:09:52:81:90:5e:68:c8:80:eb:54:e8:05:45:eb:
65:3a:43:41:26:7c:40:22:83:aa:62:5e:50:66:52:
b9:05:7a:1d:1e:dd:8d:68:bf:47:b8:30:25:d1:71:
57:e7:38:77:54:54:bd:18:a3:c0:43:f9:ea:1a:92:
fa:ac:09:b7:7a:08:34:40:25:02:a1:c6:0f:20:b7:
42:c6:31:53:a4:41:c3:30:14:dc:03:ab:8f:39:79:
5d:f2:cd:be:e1:c5:02:cb:5e:76:00:3f:33:a9:82:
90:65:ff:97:a7:8b:f0:8c:d9:d6:74:3f:be:e7:b1:
69:47:c3:7b:6b:c2:2e:20:ba:2b:02:d7:1c:04:f0:
13:4c:c3:b9:4a:9b:be:d2:94:8b:b0:a6:ba:1c:62:
56:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:1C:FE:2D:25:3A:D6:A9:61:B9:7D:D4:22:C5:44:FD:55:79:0B:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:9000::/40
Signature Algorithm: sha256WithRSAEncryption
34:f9:77:c4:07:8e:2e:91:1a:d4:ee:7c:62:66:32:81:e8:72:
75:2c:3d:6b:05:c1:cb:c0:fa:35:8c:42:a8:10:78:21:b4:5c:
92:56:c8:e6:f8:d6:74:7f:aa:50:1c:5e:d0:71:a0:ab:d8:c5:
19:ca:e8:b9:d5:7f:55:bd:12:7c:9e:4c:01:92:d1:d3:37:ad:
46:87:22:ad:f5:ae:41:0b:24:ed:6e:23:2b:24:21:2d:6a:2b:
a9:ba:93:46:07:12:43:17:d6:86:9f:58:44:72:a1:9e:4e:4b:
47:7f:46:2a:36:18:d9:d7:d2:88:4d:a4:03:7a:b1:ec:55:3e:
30:06:5f:02:61:51:72:0a:38:88:24:20:1d:fc:bc:11:cd:79:
ac:75:e3:40:3c:df:8d:1f:bd:73:70:dc:44:e1:1a:f1:91:73:
e4:4f:4c:80:6a:af:ab:cc:7b:10:cd:34:cf:20:1c:98:ae:1e:
bb:46:1b:a8:cf:c3:2a:db:88:b2:db:4a:aa:2b:33:29:f0:c0:
a2:31:b4:a0:60:51:cc:f3:5d:8b:9e:59:53:df:a6:35:0d:02:
8e:47:c6:60:5b:e7:95:cf:2e:19:3a:fb:1c:2a:12:c8:66:8f:
5e:8c:e2:ea:b1:95:92:e9:06:d4:65:56:bc:7f:6c:28:76:e5:
d5:bd:9a:25
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULsU3wFzUosnuj03M8OwkLPgxBQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUxMTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2MTFjZGExZGEzMWRhNzM1YjEwMmY5ZGNjMzM1ZGZkZmJlOTA3MWExOWZi
YWY2OTQwMGFhOTk2ODU4OTc1ZDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuOJQr+EMtQXGzQUKkNaCpNkbAkrVsdArwpLpvm8Xutvz7QdJQF2h6XL8JM
J7zr5LgUPT3Iul3Yjif01MftT+EBCSlKXUiPzpv5L1VWozyrdgwQ+msp//AwyK4+
dB9TPkSerFBjqjiT7QlSgZBeaMiA61ToBUXrZTpDQSZ8QCKDqmJeUGZSuQV6HR7d
jWi/R7gwJdFxV+c4d1RUvRijwEP56hqS+qwJt3oINEAlAqHGDyC3QsYxU6RBwzAU
3AOrjzl5XfLNvuHFAstedgA/M6mCkGX/l6eL8IzZ1nQ/vuexaUfDe2vCLiC6KwLX
HATwE0zDuUqbvtKUi7CmuhxiVnkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRqHP4t
JTrWqWG5fdQixUT9VXkL6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE3MzJlZmItZTIzZi00OWE0LWFkNTEtMWE0MzQzMWUwN2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA0+XfEB44ukRrU7nxiZjKB6HJ1LD1rBcHLwPo1
jEKoEHghtFySVsjm+NZ0f6pQHF7QcaCr2MUZyui51X9VvRJ8nkwBktHTN61GhyKt
9a5BCyTtbiMrJCEtaiupupNGBxJDF9aGn1hEcqGeTktHf0YqNhjZ19KITaQDerHs
VT4wBl8CYVFyCjiIJCAd/LwRzXmsdeNAPN+NH71zcNxE4RrxkXPkT0yAaq+rzHsQ
zTTPIByYrh67Rhuoz8Mq24iy20qqKzMp8MCiMbSgYFHM812LnllT36Y1DQKOR8Zg
W+eVzy4ZOvscKhLIZo9ejOLqsZWS6QbUZVa8f2woduXVvZol
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:19:01 2025 by rpki-client