Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a9a4f3cd-603a-4fdc-bd65-8d9488d4fd09.roa
File: a9a4f3cd-603a-4fdc-bd65-8d9488d4fd09.roa (raw, json)
Hash identifier: kO4lh+cW4UHw+sZmbciBWecpIK74lOdTX7ilaMnc5sc=
Subject key identifier: 94:71:F9:3E:BC:41:DC:CD:D5:1B:D0:C3:40:2C:02:9D:05:CB:FA:4C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 751714BEF51845EA3D4B390757D212897CD2DE11
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a9a4f3cd-603a-4fdc-bd65-8d9488d4fd09.roa
Signing time: Fri 26 Sep 2025 20:00:14 +0000
ROA not before: Fri 26 Sep 2025 20:00:14 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d010:8c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:17:14:be:f5:18:45:ea:3d:4b:39:07:57:d2:12:89:7c:d2:de:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:00:14 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=a9d5a5e7078c3568f8e8b3d93a0be156a38119a34a46531e5234d1b9a2cc7a88, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:af:ee:4c:a0:5e:b1:94:6e:08:10:c5:3b:75:
0a:b6:52:be:1a:1b:1b:87:3e:50:fe:e1:5f:21:64:
a2:1e:b0:91:dc:36:27:f1:f8:65:dc:28:a8:0b:64:
d2:a9:bb:5e:1d:37:82:bf:c1:e5:f2:2d:db:23:2f:
64:35:32:9b:53:4e:f4:4c:57:06:59:35:57:a8:5b:
b8:12:80:f1:a7:79:e7:9d:38:43:6f:96:af:fa:c2:
bb:dc:1b:ce:55:9d:02:96:b7:74:6d:c9:e7:06:62:
f6:b3:e9:10:db:f2:8b:40:7d:a9:5b:b4:44:3d:50:
c9:bf:c7:26:a5:9b:c1:12:d8:cb:73:4e:b4:85:b1:
40:78:18:b3:88:d9:73:5d:d5:20:c6:46:37:14:a6:
4f:2c:0e:e6:f3:d6:b9:50:04:7c:cf:24:f4:d4:39:
73:c2:cb:35:a2:cf:1d:ca:82:56:2f:92:e6:7a:2f:
5b:c7:86:32:af:77:02:7f:17:f0:c4:7e:04:34:32:
89:35:eb:bd:bd:37:d5:8e:e7:73:8c:8a:71:bb:86:
8a:6b:8f:18:15:3e:31:2e:4a:23:ab:d7:ef:de:9a:
a1:ed:b1:00:d7:db:c8:93:d2:e1:46:28:fd:80:9b:
37:b6:29:99:a8:9a:be:9e:96:cf:fc:c2:76:ec:f7:
4f:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:71:F9:3E:BC:41:DC:CD:D5:1B:D0:C3:40:2C:02:9D:05:CB:FA:4C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a9a4f3cd-603a-4fdc-bd65-8d9488d4fd09.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d010:8c00::/38
Signature Algorithm: sha256WithRSAEncryption
65:6f:d1:73:82:5f:28:ad:93:e6:c0:fb:e1:ed:f2:d8:fd:cc:
4b:77:f8:61:52:ee:a2:a4:72:17:d0:c9:c6:39:91:8f:d6:37:
4e:a4:e7:db:f4:3d:f8:6a:85:52:32:a8:61:c9:a8:e6:33:8c:
74:20:e0:e1:ae:aa:06:2f:6e:6d:aa:8d:9a:85:fc:36:1b:aa:
0a:16:d6:10:4f:d2:0b:48:00:f8:d3:92:59:58:75:a6:82:68:
8e:26:ba:90:7d:70:2e:97:0a:9f:3e:e1:cd:87:38:e6:54:b1:
53:19:d9:7a:2b:cd:a4:f6:1b:bf:f5:b7:3a:2f:ef:20:73:2f:
30:7e:88:1b:a4:54:47:50:bc:cc:b4:2a:3e:c4:0b:a7:34:ba:
41:3e:73:f8:a7:03:d2:d4:7a:9f:1c:60:7c:9b:79:4f:bb:af:
f5:28:51:bf:35:a0:2a:5d:4c:cc:e2:70:da:46:e0:3c:80:f3:
77:5d:72:4d:d7:db:2a:a4:d3:e8:73:b0:e7:86:bd:f9:eb:b0:
dd:eb:de:cc:ac:33:68:8f:9a:82:57:99:7b:6a:45:78:4a:f7:
b0:22:f2:f7:cf:38:1a:02:16:9e:0a:c7:c2:18:60:ab:eb:14:
a7:e3:e0:dd:92:19:2b:b6:eb:99:c7:c9:5d:92:99:e6:9d:5f:
c9:ad:2f:28
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdRcUvvUYReo9SzkHV9ISiXzS3hEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAwMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5ZDVhNWU3MDc4YzM1NjhmOGU4YjNkOTNhMGJlMTU2YTM4MTE5YTM0YTQ2
NTMxZTUyMzRkMWI5YTJjYzdhODgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALev7kygXrGUbggQxTt1CrZSvhobG4c+UP7hXyFkoh6wkdw2J/H4ZdwoqAtk
0qm7Xh03gr/B5fIt2yMvZDUym1NO9ExXBlk1V6hbuBKA8ad55504Q2+Wr/rCu9wb
zlWdApa3dG3J5wZi9rPpENvyi0B9qVu0RD1Qyb/HJqWbwRLYy3NOtIWxQHgYs4jZ
c13VIMZGNxSmTywO5vPWuVAEfM8k9NQ5c8LLNaLPHcqCVi+S5novW8eGMq93An8X
8MR+BDQyiTXrvb031Y7nc4yKcbuGimuPGBU+MS5KI6vX796aoe2xANfbyJPS4UYo
/YCbN7Ypmaiavp6Wz/zCduz3T5sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSUcfk+
vEHczdUb0MNALAKdBcv6TDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTlhNGYzY2QtNjAzYS00ZmRjLWJkNjUtOGQ5NDg4ZDRmZDA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BCM
MA0GCSqGSIb3DQEBCwUAA4IBAQBlb9Fzgl8orZPmwPvh7fLY/cxLd/hhUu6ipHIX
0MnGOZGP1jdOpOfb9D34aoVSMqhhyajmM4x0IODhrqoGL25tqo2ahfw2G6oKFtYQ
T9ILSAD405JZWHWmgmiOJrqQfXAulwqfPuHNhzjmVLFTGdl6K82k9hu/9bc6L+8g
cy8wfogbpFRHULzMtCo+xAunNLpBPnP4pwPS1HqfHGB8m3lPu6/1KFG/NaAqXUzM
4nDaRuA8gPN3XXJN19sqpNPoc7Dnhr3567Dd697MrDNoj5qCV5l7akV4SvewIvL3
zzgaAhaeCsfCGGCr6xSn4+DdkhkrtuuZx8ldkpnmnV/JrS8o
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:44 2025 by rpki-client