Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f13f5444-377a-4e51-a1c7-10c2a3a3d6ea.roa
File: f13f5444-377a-4e51-a1c7-10c2a3a3d6ea.roa (raw, json)
Hash identifier: O2aE+X6kFSCsIDBTNd7/LKXdf02ALNg4KGzdV3rW4cE=
Subject key identifier: B6:51:36:C6:31:09:75:6F:61:CC:14:1E:51:B5:8E:54:97:B4:79:BA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2C8414395CB0B84A8CD7FACE87A702D0D4FAF91C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f13f5444-377a-4e51-a1c7-10c2a3a3d6ea.roa
Signing time: Mon 06 Oct 2025 18:10:07 +0000
ROA not before: Mon 06 Oct 2025 18:10:07 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d040::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:84:14:39:5c:b0:b8:4a:8c:d7:fa:ce:87:a7:02:d0:d4:fa:f9:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:10:07 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=86347c4388287ae141787344b18c3663b795f712fce87ca1f6e4222e2ce767b4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:8b:98:bb:81:4e:55:6c:9d:63:94:0d:34:d7:
8f:24:32:f3:65:a2:70:af:cb:e2:25:c8:77:19:48:
c4:34:90:cf:8a:14:42:7f:51:e1:a5:33:81:b7:56:
b6:03:c4:01:0a:a3:d0:a4:bf:fb:51:c8:cb:27:f8:
95:97:8c:70:9b:80:89:29:96:e6:7f:cb:b0:ed:94:
9d:d3:a9:7b:2d:d9:de:94:28:94:48:5c:d1:0d:79:
8f:c3:e6:d3:53:8d:57:5b:67:be:37:47:d6:3a:91:
ee:74:90:9c:b8:f8:37:81:ba:06:a3:6b:b2:63:21:
0e:7b:e8:4d:db:8f:81:dc:ca:10:6d:ee:65:a6:7d:
2b:21:53:4c:41:f6:ad:0b:8c:ad:ae:a3:56:5b:f0:
9b:ff:bd:12:aa:9a:1c:90:3d:fd:25:33:1b:34:da:
25:9e:50:db:6b:53:0b:49:e1:a2:6f:e3:57:57:9b:
75:ce:c0:70:22:88:54:fb:64:6e:e0:bc:31:f1:04:
8f:ba:4a:2f:b8:e0:fb:18:37:79:b9:31:64:f1:49:
f9:5c:28:54:56:33:e9:1f:95:40:25:65:d0:49:f3:
69:61:08:9d:bd:5e:d7:a0:2a:0a:8c:16:ca:1d:26:
eb:3c:96:ca:80:b2:5b:f3:be:a6:92:84:5e:34:79:
67:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:51:36:C6:31:09:75:6F:61:CC:14:1E:51:B5:8E:54:97:B4:79:BA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f13f5444-377a-4e51-a1c7-10c2a3a3d6ea.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d040::/32
Signature Algorithm: sha256WithRSAEncryption
a2:0c:2a:19:86:05:41:c1:81:a4:f3:8f:0d:19:7c:c7:ef:0d:
12:04:8a:df:c4:b8:35:70:ea:63:39:1f:e6:12:cb:d8:1e:97:
58:0d:ae:e3:c2:67:14:bb:e2:a2:43:ca:67:50:e1:04:bf:7e:
ff:79:c1:fc:9c:34:13:7e:97:bd:79:66:79:dc:5f:7f:d7:d9:
45:3d:b9:dd:64:fb:b7:da:80:2b:24:39:e5:3a:0f:c0:9b:4c:
41:8c:d0:ed:65:43:f0:df:e7:ae:bb:eb:39:8a:ec:20:ee:bd:
2c:fe:c6:d5:e5:42:3d:2e:60:88:18:cf:87:83:87:49:4f:72:
d6:ae:88:63:d2:bc:1a:d8:c1:ca:b4:dd:a2:88:0b:ee:82:19:
50:90:c9:a7:25:48:c9:66:b3:a5:41:33:65:03:db:e3:c6:5a:
c2:62:d2:91:d8:fb:d7:6d:24:2b:38:f6:ce:b2:be:75:07:fa:
c5:ea:79:69:04:af:8a:b2:8d:b6:a4:6d:5a:75:67:34:ad:03:
7a:f0:d9:24:93:10:5f:ec:cd:39:4c:6e:95:12:dc:56:1e:08:
81:2e:f1:9c:b8:95:30:a0:41:30:09:02:ce:76:40:51:ac:b2:
3c:5e:8b:d9:26:85:46:8d:2f:09:63:81:78:e6:77:50:05:eb:
fc:69:cb:64
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIULIQUOVywuEqM1/rOh6cC0NT6+RwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDdaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDg2MzQ3YzQzODgyODdhZTE0MTc4NzM0NGIxOGMzNjYzYjc5NWY3MTJmY2U4
N2NhMWY2ZTQyMjJlMmNlNzY3YjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCLmLuBTlVsnWOUDTTXjyQy82WicK/L4iXIdxlIxDSQz4oUQn9R4aUzgbdW
tgPEAQqj0KS/+1HIyyf4lZeMcJuAiSmW5n/LsO2UndOpey3Z3pQolEhc0Q15j8Pm
01ONV1tnvjdH1jqR7nSQnLj4N4G6BqNrsmMhDnvoTduPgdzKEG3uZaZ9KyFTTEH2
rQuMra6jVlvwm/+9EqqaHJA9/SUzGzTaJZ5Q22tTC0nhom/jV1ebdc7AcCKIVPtk
buC8MfEEj7pKL7jg+xg3ebkxZPFJ+VwoVFYz6R+VQCVl0EnzaWEInb1e16AqCowW
yh0m6zyWyoCyW/O+ppKEXjR5Z7sCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBS2UTbG
MQl1b2HMFB5RtY5Ul7R5ujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjEzZjU0NDQtMzc3YS00ZTUxLWExYzctMTBjMmEzYTNkNmVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0EAw
DQYJKoZIhvcNAQELBQADggEBAKIMKhmGBUHBgaTzjw0ZfMfvDRIEit/EuDVw6mM5
H+YSy9gel1gNruPCZxS74qJDymdQ4QS/fv95wfycNBN+l715ZnncX3/X2UU9ud1k
+7fagCskOeU6D8CbTEGM0O1lQ/Df56676zmK7CDuvSz+xtXlQj0uYIgYz4eDh0lP
ctauiGPSvBrYwcq03aKIC+6CGVCQyaclSMlms6VBM2UD2+PGWsJi0pHY+9dtJCs4
9s6yvnUH+sXqeWkEr4qyjbakbVp1ZzStA3rw2SSTEF/szTlMbpUS3FYeCIEu8Zy4
lTCgQTAJAs52QFGssjxei9kmhUaNLwljgXjmd1AF6/xpy2Q=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:29:39 2025 by rpki-client