Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
File: 9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa (raw, json)
Hash identifier: bM4UYrW7nUKcbG7XfXW3T935TNFYICC7SjYkpJ21/N4=
Subject key identifier: 99:B9:19:CB:A8:5C:A7:6D:E6:76:BB:98:62:13:95:A9:B3:16:CE:B8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3F2D213E71FF7FEFBA3DC90B1B2865DCB212FAD5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
Signing time: Fri 26 Sep 2025 19:21:42 +0000
ROA not before: Fri 26 Sep 2025 19:21:42 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:2d:21:3e:71:ff:7f:ef:ba:3d:c9:0b:1b:28:65:dc:b2:12:fa:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:21:42 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=e437f87d0ed98e3ca843b7b95f22b160373ab1087074804278a34de4b7e93a34, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:f1:84:56:de:6a:03:da:45:d8:4f:9f:a0:57:
cf:eb:2b:0f:6f:b0:10:e2:14:11:28:a0:8d:0f:58:
f5:a7:60:41:f2:eb:54:c5:57:f0:2a:ac:0a:65:be:
e7:c6:4b:ad:07:ec:1c:e7:4a:d2:f9:1e:66:79:c9:
49:74:c9:b4:99:78:b9:93:5e:85:10:aa:9a:98:48:
b5:54:87:3f:e6:7d:da:55:9a:23:26:e8:64:82:e1:
b0:3d:c9:c7:8a:6b:4b:99:38:87:e9:dc:01:3d:97:
51:cc:43:3a:c6:95:42:1a:26:a1:8c:82:a9:91:fa:
94:28:7e:a0:29:59:9f:df:6f:b8:d8:de:77:f1:26:
c6:34:6b:74:a4:cd:98:e1:ab:0d:d2:cd:a6:d2:9f:
d4:f4:55:33:b6:1b:c2:4c:62:5c:f1:10:46:c4:8b:
d5:0d:aa:a6:05:95:b7:ed:f3:6f:ca:55:ba:f3:20:
26:2f:7b:97:6d:4d:a7:50:ad:87:70:10:eb:17:cd:
bb:b0:21:1c:7d:c6:6f:43:31:9e:37:3d:85:6d:ca:
7b:e6:f0:db:4e:07:3b:5a:af:7c:aa:d1:9e:04:e7:
73:3c:7e:43:76:18:52:45:8a:64:a9:ff:86:1b:2d:
eb:8b:94:5f:f0:fa:5a:2a:0a:84:55:90:67:74:9b:
bb:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:B9:19:CB:A8:5C:A7:6D:E6:76:BB:98:62:13:95:A9:B3:16:CE:B8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:a000::/40
Signature Algorithm: sha256WithRSAEncryption
88:59:43:7b:4c:c9:97:78:8a:c9:3a:73:3a:47:8c:3f:35:9c:
f2:c1:b6:d8:84:6f:b4:1f:94:7c:17:94:0e:06:14:32:fc:39:
9c:11:46:c7:15:67:5c:7e:04:fa:19:8f:db:64:57:03:77:b1:
cc:04:ee:52:89:01:e9:fb:23:e8:7f:e1:31:50:60:98:30:9c:
dc:73:90:9f:03:89:78:fe:3e:d9:5c:cb:86:b4:b0:ec:15:42:
d7:b3:63:26:a6:0f:12:e4:8a:a6:59:18:b8:3e:84:bb:e3:29:
7a:f7:84:90:6c:4c:1f:bb:92:0f:68:f6:36:bf:ea:c0:86:97:
37:53:fb:32:39:6d:42:ec:f8:bd:47:f4:33:85:cb:16:c5:4c:
e1:a1:af:5f:cf:0b:af:74:cf:ee:4d:ff:ec:cf:43:1a:ea:4b:
b5:bf:27:a7:ae:37:60:d7:36:1f:d6:81:57:52:d0:7b:51:ea:
e1:4a:9a:61:ea:93:dc:57:6e:f0:65:ee:78:a4:ed:5a:2e:44:
ac:ab:81:75:ed:28:cd:87:82:60:62:f5:50:01:26:9d:76:30:
92:55:ee:88:b8:4f:07:4b:74:7a:80:ff:cb:30:4c:66:d1:25:
f4:ff:d2:68:10:da:db:67:f8:ef:f3:81:18:ea:24:0a:1b:03:
2c:ae:bf:22
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPy0hPnH/f++6PckLGyhl3LIS+tUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxNDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU0MzdmODdkMGVkOThlM2NhODQzYjdiOTVmMjJiMTYwMzczYWIxMDg3MDc0
ODA0Mjc4YTM0ZGU0YjdlOTNhMzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJPxhFbeagPaRdhPn6BXz+srD2+wEOIUESigjQ9Y9adgQfLrVMVX8CqsCmW+
58ZLrQfsHOdK0vkeZnnJSXTJtJl4uZNehRCqmphItVSHP+Z92lWaIyboZILhsD3J
x4prS5k4h+ncAT2XUcxDOsaVQhomoYyCqZH6lCh+oClZn99vuNjed/EmxjRrdKTN
mOGrDdLNptKf1PRVM7YbwkxiXPEQRsSL1Q2qpgWVt+3zb8pVuvMgJi97l21Np1Ct
h3AQ6xfNu7AhHH3Gb0Mxnjc9hW3Ke+bw204HO1qvfKrRngTnczx+Q3YYUkWKZKn/
hhst64uUX/D6WioKhFWQZ3SbuwkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSZuRnL
qFynbeZ2u5hiE5WpsxbOuDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWQyZWEyYWEtZDQwYS00OWE3LWFiMDAtNDRmZjVkYmY3MjliLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGg
MA0GCSqGSIb3DQEBCwUAA4IBAQCIWUN7TMmXeIrJOnM6R4w/NZzywbbYhG+0H5R8
F5QOBhQy/DmcEUbHFWdcfgT6GY/bZFcDd7HMBO5SiQHp+yPof+ExUGCYMJzcc5Cf
A4l4/j7ZXMuGtLDsFULXs2Mmpg8S5IqmWRi4PoS74yl694SQbEwfu5IPaPY2v+rA
hpc3U/syOW1C7Pi9R/QzhcsWxUzhoa9fzwuvdM/uTf/sz0Ma6ku1vyenrjdg1zYf
1oFXUtB7UerhSpph6pPcV27wZe54pO1aLkSsq4F17SjNh4JgYvVQASaddjCSVe6I
uE8HS3R6gP/LMExm0SX0/9JoENrbZ/jv84EY6iQKGwMsrr8i
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:37 2025 by rpki-client