Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e234d9fb-5639-4264-99c1-35b39c1e56b5.roa
File: e234d9fb-5639-4264-99c1-35b39c1e56b5.roa (raw, json)
Hash identifier: iuN88iL021Q4+621XUVfPUkkkx4ZCFBoSljzZIUuGLQ=
Subject key identifier: DC:C0:5B:89:95:14:E6:16:AE:9F:64:75:AA:F2:21:33:96:E6:53:2A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 06147BD4D95006BC54CAD8EA4CC62DFE1A721A7B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e234d9fb-5639-4264-99c1-35b39c1e56b5.roa
Signing time: Fri 26 Sep 2025 19:39:27 +0000
ROA not before: Fri 26 Sep 2025 19:39:27 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:14:7b:d4:d9:50:06:bc:54:ca:d8:ea:4c:c6:2d:fe:1a:72:1a:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:39:27 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=8ad01c919fe0a4931a720dd0e4d01fc132a459265aa3ade87e2ba624e65f5655, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:06:bd:fe:46:07:9c:18:a9:81:36:b7:97:54:
57:6c:52:db:98:c6:70:90:f7:98:94:67:78:eb:16:
97:1f:ce:92:b3:a4:70:5d:1e:d7:e3:c6:4c:3e:fb:
ab:0e:b3:3c:56:2e:33:84:a7:35:5f:6c:a5:e4:a5:
fc:8f:8d:fe:4d:47:9e:ca:de:ce:fc:5b:36:71:38:
a7:c9:c5:8b:bb:da:f0:e9:c5:22:d7:9e:a5:fa:37:
14:a9:f3:ab:96:16:23:c6:eb:31:78:97:a9:7e:9c:
70:bf:da:4a:75:34:00:33:44:00:bf:50:82:b5:f1:
5e:8a:83:9b:53:16:7f:9f:76:d2:30:7c:fa:a8:12:
96:3c:b0:3f:1c:24:7f:10:f4:34:e7:82:41:68:17:
00:53:5f:a7:2d:51:63:e4:07:b3:25:74:9a:14:c2:
84:3f:9d:61:a7:84:41:70:0e:e9:65:fa:c8:ef:09:
94:9b:b6:69:25:ef:ab:3d:24:15:49:05:cf:20:8a:
82:c8:61:ab:3a:b1:0c:4b:72:09:c6:2b:6d:d3:f5:
bf:66:35:dc:02:66:93:17:5a:c3:ea:62:d0:9a:4f:
ee:ba:7c:98:c2:10:b7:78:40:1b:72:df:ad:95:aa:
b0:18:c4:d0:71:a7:9f:43:fe:6b:9d:8c:cd:e7:10:
40:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:C0:5B:89:95:14:E6:16:AE:9F:64:75:AA:F2:21:33:96:E6:53:2A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e234d9fb-5639-4264-99c1-35b39c1e56b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:2000::/40
Signature Algorithm: sha256WithRSAEncryption
0d:d2:b1:b0:0b:f4:6f:d8:6a:e2:62:85:f7:c3:bd:82:73:53:
bc:9e:93:70:8b:0c:dd:2d:55:25:ec:ca:92:44:7d:55:59:dc:
f8:a5:8b:3f:ab:70:d8:a6:3c:ba:2d:c1:55:95:c5:43:27:a0:
bf:5c:7b:ea:7b:29:26:e0:6a:e5:8a:cf:bd:96:26:6d:e1:e9:
55:f4:b4:ac:eb:70:4e:ff:ea:05:7e:4b:d9:7d:3b:1a:4b:76:
b3:d4:57:ba:0b:2c:70:31:ca:e8:10:d6:95:d7:58:94:83:72:
7a:63:ac:af:70:60:7d:2f:fb:2d:74:43:d4:8c:54:0e:23:99:
26:87:f9:90:62:88:40:8f:b4:17:d7:59:8c:38:81:74:be:72:
5f:da:88:33:8a:af:f1:24:74:74:56:14:4e:c9:86:e8:fa:9e:
9a:8a:10:80:cc:82:02:1b:4d:f3:61:74:71:a4:bc:00:10:90:
19:29:e6:52:fe:8f:41:e8:fc:95:87:3f:d2:76:d8:6d:8a:e0:
f6:24:8d:78:61:06:00:d1:f4:4d:05:05:d2:5b:90:29:69:b3:
5a:14:ea:51:12:eb:18:31:c7:27:11:27:3f:b9:df:65:bd:b3:
83:b3:a5:58:66:3c:3c:d8:99:6c:60:79:2a:8c:4d:a5:33:69:
89:d9:d9:a1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBhR71NlQBrxUytjqTMYt/hpyGnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5MjdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhhZDAxYzkxOWZlMGE0OTMxYTcyMGRkMGU0ZDAxZmMxMzJhNDU5MjY1YWEz
YWRlODdlMmJhNjI0ZTY1ZjU2NTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMGvf5GB5wYqYE2t5dUV2xS25jGcJD3mJRneOsWlx/OkrOkcF0e1+PGTD77
qw6zPFYuM4SnNV9speSl/I+N/k1HnsrezvxbNnE4p8nFi7va8OnFIteepfo3FKnz
q5YWI8brMXiXqX6ccL/aSnU0ADNEAL9QgrXxXoqDm1MWf5920jB8+qgSljywPxwk
fxD0NOeCQWgXAFNfpy1RY+QHsyV0mhTChD+dYaeEQXAO6WX6yO8JlJu2aSXvqz0k
FUkFzyCKgshhqzqxDEtyCcYrbdP1v2Y13AJmkxdaw+pi0JpP7rp8mMIQt3hAG3Lf
rZWqsBjE0HGnn0P+a52MzecQQNECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTcwFuJ
lRTmFq6fZHWq8iEzluZTKjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTIzNGQ5ZmItNTYzOS00MjY0LTk5YzEtMzViMzljMWU1NmI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G8g
MA0GCSqGSIb3DQEBCwUAA4IBAQAN0rGwC/Rv2GriYoX3w72Cc1O8npNwiwzdLVUl
7MqSRH1VWdz4pYs/q3DYpjy6LcFVlcVDJ6C/XHvqeykm4Grlis+9liZt4elV9LSs
63BO/+oFfkvZfTsaS3az1Fe6CyxwMcroENaV11iUg3J6Y6yvcGB9L/stdEPUjFQO
I5kmh/mQYohAj7QX11mMOIF0vnJf2ogziq/xJHR0VhROyYbo+p6aihCAzIICG03z
YXRxpLwAEJAZKeZS/o9B6PyVhz/SdthtiuD2JI14YQYA0fRNBQXSW5ApabNaFOpR
EusYMccnESc/ud9lvbODs6VYZjw82JlsYHkqjE2lM2mJ2dmh
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:15:58 2025 by rpki-client