Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
File: a72cbea9-100c-4974-8211-87debb0f6fbd.roa (raw, json)
Hash identifier: 6/0Pb5CwxTfI3VpvAomQDHyApw/h0/ZHC4NBr3xDuw4=
Subject key identifier: F6:D0:6F:30:31:DC:D3:0A:71:32:72:3E:6E:0C:CC:89:C4:86:FD:D7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 726391EC0CA7C57FE48C08387AB0189F6334A250
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
Signing time: Fri 26 Sep 2025 19:20:14 +0000
ROA not before: Fri 26 Sep 2025 19:20:14 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:63:91:ec:0c:a7:c5:7f:e4:8c:08:38:7a:b0:18:9f:63:34:a2:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:20:14 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=47bba8d370bf84799ef97a0957ef0865c6137922421d0690db9e05c89e61b39c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:43:1a:04:9b:ab:2f:50:16:92:e0:13:09:32:
cb:b4:68:28:35:12:ee:9b:44:80:1e:42:5c:19:12:
79:03:f2:c3:08:79:f9:a9:4f:56:81:93:7d:1a:87:
42:5e:47:16:f5:34:a9:db:5e:24:46:08:89:14:90:
6b:c9:fe:4d:b2:42:74:77:a7:94:c9:cc:9b:64:bd:
33:b7:66:5b:72:62:cc:e2:f3:0f:20:56:84:93:24:
33:e4:34:08:85:4a:6b:18:99:95:1b:fd:bc:4e:17:
7a:5f:88:b3:10:03:6b:5d:60:f6:97:13:f4:d9:77:
a7:53:74:65:0b:7b:27:3a:dc:00:01:72:72:4e:fd:
67:1c:3c:57:1e:5f:d0:cb:e3:60:62:18:33:85:e5:
1a:eb:9d:46:b7:4d:23:04:5f:96:8b:7d:76:20:7a:
81:58:39:8d:a7:01:43:f1:88:b5:ce:87:67:5a:b5:
8d:75:4d:88:f0:71:70:f2:a7:8e:14:0e:a1:19:54:
18:9c:e7:64:80:4f:a2:55:d3:ef:97:4b:11:5a:ca:
a5:b4:f5:42:61:02:5a:92:99:86:b4:fc:b6:9a:02:
68:d4:4c:a7:e0:f5:a8:b3:a6:e1:3f:4f:d9:31:19:
7c:cc:41:9c:c2:1c:6c:8c:76:11:e7:62:f6:93:bc:
2d:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:D0:6F:30:31:DC:D3:0A:71:32:72:3E:6E:0C:CC:89:C4:86:FD:D7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:8000::/40
Signature Algorithm: sha256WithRSAEncryption
60:a5:d6:6e:1f:44:b2:34:b9:59:bf:93:bc:58:b5:a7:d1:41:
59:5c:a1:ff:3a:7c:cc:c4:1a:b4:bd:1b:61:d4:5c:c0:c4:76:
59:9d:04:b6:2e:f8:2e:62:d8:08:5b:b3:6e:0f:0e:7e:22:14:
ec:23:1c:d5:9a:23:d3:29:e4:ac:e3:8b:38:36:f1:ed:1a:55:
b4:dd:de:fd:1a:29:6a:b1:45:16:2e:02:39:a3:a6:2f:46:3f:
ff:53:a6:c1:2b:1f:ed:c6:b9:0f:d7:45:e3:7c:ef:2a:91:d3:
6a:50:f1:ad:00:e4:d7:31:d4:1c:aa:b2:73:e7:bd:fe:c8:fd:
c3:8d:c9:31:75:65:33:de:12:78:2f:04:d7:50:8c:b0:9d:bb:
c5:5e:01:68:36:a8:d7:31:4d:4e:32:b5:e0:5e:54:ac:d6:a6:
98:fe:5e:37:c3:43:b9:bf:d6:71:4b:39:0c:9e:39:dd:10:ad:
84:4c:41:58:52:72:8a:b1:6c:1c:c5:cf:0c:8b:92:40:d8:ef:
ad:35:2e:89:62:d1:53:c2:3b:fc:90:89:44:d4:7b:26:5e:62:
0d:9d:21:00:fc:70:d7:6d:07:0b:7e:63:5f:c4:c6:5a:18:68:
56:0f:15:a4:b2:35:f4:e4:90:9b:53:e0:75:f6:59:c7:dc:e7:
1a:d7:54:5f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcmOR7AynxX/kjAg4erAYn2M0olAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIwMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3YmJhOGQzNzBiZjg0Nzk5ZWY5N2EwOTU3ZWYwODY1YzYxMzc5MjI0MjFk
MDY5MGRiOWUwNWM4OWU2MWIzOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPZDGgSbqy9QFpLgEwkyy7RoKDUS7ptEgB5CXBkSeQPywwh5+alPVoGTfRqH
Ql5HFvU0qdteJEYIiRSQa8n+TbJCdHenlMnMm2S9M7dmW3JizOLzDyBWhJMkM+Q0
CIVKaxiZlRv9vE4Xel+IsxADa11g9pcT9Nl3p1N0ZQt7JzrcAAFyck79Zxw8Vx5f
0MvjYGIYM4XlGuudRrdNIwRflot9diB6gVg5jacBQ/GItc6HZ1q1jXVNiPBxcPKn
jhQOoRlUGJznZIBPolXT75dLEVrKpbT1QmECWpKZhrT8tpoCaNRMp+D1qLOm4T9P
2TEZfMxBnMIcbIx2Eedi9pO8LfkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT20G8w
MdzTCnEycj5uDMyJxIb91zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTcyY2JlYTktMTAwYy00OTc0LTgyMTEtODdkZWJiMGY2ZmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FmA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgpdZuH0SyNLlZv5O8WLWn0UFZXKH/OnzMxBq0
vRth1FzAxHZZnQS2LvguYtgIW7NuDw5+IhTsIxzVmiPTKeSs44s4NvHtGlW03d79
GilqsUUWLgI5o6YvRj//U6bBKx/txrkP10XjfO8qkdNqUPGtAOTXMdQcqrJz573+
yP3DjckxdWUz3hJ4LwTXUIywnbvFXgFoNqjXMU1OMrXgXlSs1qaY/l43w0O5v9Zx
SzkMnjndEK2ETEFYUnKKsWwcxc8Mi5JA2O+tNS6JYtFTwjv8kIlE1HsmXmINnSEA
/HDXbQcLfmNfxMZaGGhWDxWksjX05JCbU+B19lnH3Oca11Rf
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:18:44 2025 by rpki-client