Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c65e11fa-ec6d-4214-88c5-464a024d8957.roa
File: c65e11fa-ec6d-4214-88c5-464a024d8957.roa (raw, json)
Hash identifier: JKFsbzQcm1aN27dMLi3Q3fYNpLM6LrECG/RJa7n/Sqs=
Subject key identifier: 71:25:F7:99:03:F9:D2:83:9D:5B:20:69:2B:EB:26:EC:0C:3F:AC:A2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3CC41809B508275A281AB410A38BFAF477565B03
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c65e11fa-ec6d-4214-88c5-464a024d8957.roa
Signing time: Mon 06 Oct 2025 17:40:07 +0000
ROA not before: Mon 06 Oct 2025 17:40:07 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:c4:18:09:b5:08:27:5a:28:1a:b4:10:a3:8b:fa:f4:77:56:5b:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 17:40:07 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=fe692d93cf7c56015b867a22cb3df8961d6c4be95f95a2d37d6bed246a123773, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:8d:34:d3:78:91:fb:72:09:38:29:53:23:f5:
fe:e4:6e:14:cb:6b:f9:d2:f6:df:b9:11:01:8e:fc:
fe:02:4a:b8:b4:2e:6b:cc:59:c1:59:44:7e:e6:a3:
14:1a:f6:5d:71:99:75:38:44:ab:19:ed:f4:70:c8:
b6:d1:26:27:5e:d0:c3:43:c5:00:d8:bd:ff:6a:e1:
27:15:fc:4e:33:f9:f9:55:ec:9c:76:7c:07:9c:0b:
b9:0e:95:be:ab:0d:06:29:ff:c0:a7:5d:38:db:09:
ac:ca:df:af:1f:af:b8:c9:61:76:bc:d3:8c:71:3e:
56:0a:29:2b:7e:54:ee:3e:67:9c:e5:ce:4a:87:ff:
16:34:ea:9b:cd:82:04:69:9d:bc:92:7e:83:66:2b:
0d:bf:d6:2e:09:7a:a6:df:31:08:ce:0b:02:7d:27:
bb:d1:36:01:92:2c:13:ed:48:ed:f2:58:91:67:19:
b6:ba:b5:c7:a5:30:1d:84:f3:d1:9c:40:c0:d5:6f:
bf:1c:13:39:5d:37:9b:4e:cc:68:d0:bf:5e:7d:78:
05:fd:c4:24:b7:ca:99:a2:a3:d0:b2:1d:1d:03:c7:
77:af:9b:3e:62:d4:05:e1:8c:c2:e3:9f:03:d2:62:
a8:ad:15:94:9e:3e:e8:28:75:e0:35:b2:3d:90:62:
84:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:25:F7:99:03:F9:D2:83:9D:5B:20:69:2B:EB:26:EC:0C:3F:AC:A2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c65e11fa-ec6d-4214-88c5-464a024d8957.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:4000::/40
Signature Algorithm: sha256WithRSAEncryption
38:0c:10:61:7d:21:ba:36:4f:38:6f:af:14:3c:31:29:45:0f:
1c:1d:b1:84:6f:0e:c5:55:57:29:1d:63:b6:b2:81:eb:b3:14:
50:cf:bb:64:cc:80:39:7d:5c:56:a0:bb:9c:d0:e8:4c:f1:3c:
9e:63:e3:87:99:4f:72:28:68:a8:5f:5e:b4:71:5b:87:6e:a1:
cd:b1:5f:a4:6d:a7:69:bf:89:94:2c:e5:f7:0a:15:fa:af:7c:
d2:cc:56:e2:16:3b:e5:8a:0b:d0:7e:31:b2:8b:90:e8:6a:99:
ed:53:b7:51:c8:d8:6e:a1:04:67:cf:1d:d0:e4:79:e5:9b:3c:
77:33:3d:6c:bb:91:5e:64:2a:32:42:60:54:f2:9e:ff:2e:e1:
d5:90:4a:98:97:76:52:82:94:33:d2:2a:1e:2e:8d:be:33:2b:
d9:0b:0d:05:b3:08:03:80:e5:db:d6:e8:86:07:3e:17:9a:8c:
7d:b5:a1:7b:c8:68:f3:e5:57:97:18:f7:9a:59:4e:94:92:ba:
9a:f6:63:5f:9a:be:12:f2:66:f1:7e:6d:2b:1f:e5:b0:3d:59:
4e:b8:d1:04:a2:5d:30:17:98:07:69:40:1a:12:02:63:35:2e:
a1:7a:af:e5:c1:22:c3:ab:aa:bf:54:d8:eb:54:06:22:5f:8b:
32:e9:c2:1f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPMQYCbUIJ1ooGrQQo4v69HdWWwMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxNzQwMDdaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlNjkyZDkzY2Y3YzU2MDE1Yjg2N2EyMmNiM2RmODk2MWQ2YzRiZTk1Zjk1
YTJkMzdkNmJlZDI0NmExMjM3NzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANONNNN4kftyCTgpUyP1/uRuFMtr+dL237kRAY78/gJKuLQua8xZwVlEfuaj
FBr2XXGZdThEqxnt9HDIttEmJ17Qw0PFANi9/2rhJxX8TjP5+VXsnHZ8B5wLuQ6V
vqsNBin/wKddONsJrMrfrx+vuMlhdrzTjHE+VgopK35U7j5nnOXOSof/FjTqm82C
BGmdvJJ+g2YrDb/WLgl6pt8xCM4LAn0nu9E2AZIsE+1I7fJYkWcZtrq1x6UwHYTz
0ZxAwNVvvxwTOV03m07MaNC/Xn14Bf3EJLfKmaKj0LIdHQPHd6+bPmLUBeGMwuOf
A9JiqK0VlJ4+6Ch14DWyPZBihF0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRxJfeZ
A/nSg51bIGkr6ybsDD+sojAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzY1ZTExZmEtZWM2ZC00MjE0LTg4YzUtNDY0YTAyNGQ4OTU3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DFA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4DBBhfSG6Nk84b68UPDEpRQ8cHbGEbw7FVVcp
HWO2soHrsxRQz7tkzIA5fVxWoLuc0OhM8TyeY+OHmU9yKGioX160cVuHbqHNsV+k
badpv4mULOX3ChX6r3zSzFbiFjvligvQfjGyi5DoapntU7dRyNhuoQRnzx3Q5Hnl
mzx3Mz1su5FeZCoyQmBU8p7/LuHVkEqYl3ZSgpQz0ioeLo2+MyvZCw0FswgDgOXb
1uiGBz4Xmox9taF7yGjz5VeXGPeaWU6Ukrqa9mNfmr4S8mbxfm0rH+WwPVlOuNEE
ol0wF5gHaUAaEgJjNS6heq/lwSLDq6q/VNjrVAYiX4sy6cIf
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:13 2025 by rpki-client