Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a96d9971-6d4e-47a3-9408-d633699b643b.roa
File: a96d9971-6d4e-47a3-9408-d633699b643b.roa (raw, json)
Hash identifier: XomehARhVIKZEllqVKuTD1sxqdFjGqi+qLGFa896EBM=
Subject key identifier: 19:13:DD:A0:79:62:AC:8D:95:BA:2C:A6:BE:55:D2:13:97:60:05:90
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 35F00830932912D9CC51181436C80700B908B432
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a96d9971-6d4e-47a3-9408-d633699b643b.roa
Signing time: Tue 21 Oct 2025 13:20:57 +0000
ROA not before: Tue 21 Oct 2025 13:20:57 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07e:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:f0:08:30:93:29:12:d9:cc:51:18:14:36:c8:07:00:b9:08:b4:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:57 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=6a2cae1ce672ebf17f6dbecf0409efaba1c54ba2ed3f9765545c3a32661c65c7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:34:2f:13:03:b5:20:3e:69:06:fb:1b:83:bf:
70:aa:84:e0:02:5b:cd:62:0f:bb:48:db:d8:04:10:
c1:a8:13:58:7b:59:b8:bd:be:80:9e:19:ea:d1:b9:
6c:48:3a:a2:72:8b:59:24:ba:f0:b5:ec:44:22:3c:
17:ca:67:61:e8:e2:aa:82:2d:be:58:f8:82:08:5b:
12:ef:53:91:ee:91:cd:e4:a6:54:ef:d5:1a:df:92:
49:6c:5d:4e:28:c0:17:c9:c7:f4:7b:c8:e4:cf:7e:
a4:ab:a7:85:91:f1:70:19:f1:a6:ad:0e:49:f7:d9:
62:80:16:6a:e7:49:fa:79:9f:e9:db:df:92:84:94:
17:f2:86:69:aa:21:a7:44:90:ea:1e:f0:e6:d3:eb:
b9:1b:54:d2:8c:59:6e:63:31:ea:65:7f:b6:1a:5d:
1d:37:1d:f3:dc:d4:dc:20:fa:d3:c8:1a:34:f6:06:
c6:87:79:c4:c5:a7:27:16:51:1a:e2:0f:5b:2e:f5:
89:23:24:c5:46:d3:5f:d5:9a:40:fb:fb:10:03:e1:
31:51:14:cd:99:aa:e8:b5:44:f2:66:69:b8:e2:2a:
26:9f:c5:dc:e5:de:b5:32:51:76:18:5d:d7:13:b0:
70:68:11:c4:8f:58:58:04:9b:af:7b:2b:e7:39:df:
ce:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:13:DD:A0:79:62:AC:8D:95:BA:2C:A6:BE:55:D2:13:97:60:05:90
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a96d9971-6d4e-47a3-9408-d633699b643b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07e:2000::/40
Signature Algorithm: sha256WithRSAEncryption
8c:99:f3:7e:10:ca:ff:1f:f2:74:fe:0c:50:87:cb:28:68:a9:
57:bf:85:1a:ce:ce:d7:a5:9d:93:4f:76:6e:35:21:4c:ad:2e:
17:bd:9f:b3:17:60:44:49:61:6c:15:be:b6:84:20:62:ee:f2:
3a:f5:9e:fc:82:a7:44:8a:67:3a:72:2c:e4:7e:d2:5f:23:95:
d6:2f:a8:20:17:64:46:93:81:e8:8f:db:6f:8a:de:79:a2:f9:
47:57:b5:b5:85:86:fc:f6:d4:15:21:ac:0a:c4:9d:0f:02:27:
9a:d8:49:14:1a:10:58:e0:2a:b1:76:82:43:91:dd:1c:6b:1c:
a8:80:be:59:21:ee:d3:98:2c:ce:39:6c:07:9d:5b:58:3f:b8:
50:a7:2f:d0:c8:75:52:80:ff:53:73:75:c6:af:1b:d3:c1:0f:
24:21:c5:cf:fa:3b:99:20:20:61:48:ff:07:3d:a5:7d:7c:86:
34:84:a7:c4:f1:b4:57:35:3b:b9:f8:d2:ad:ae:75:2f:29:cb:
a7:48:26:ce:9f:d8:aa:67:d1:96:a3:5c:10:80:2d:0f:ad:48:
4f:1d:86:ce:57:2d:3c:f2:09:11:cf:9a:2d:6b:ee:d9:20:f7:
83:25:40:89:9f:73:3f:8a:2e:06:3b:90:a9:6d:c4:1e:5f:88:
94:52:3b:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNfAIMJMpEtnMURgUNsgHALkItDIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwNTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhMmNhZTFjZTY3MmViZjE3ZjZkYmVjZjA0MDllZmFiYTFjNTRiYTJlZDNm
OTc2NTU0NWMzYTMyNjYxYzY1YzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOQ0LxMDtSA+aQb7G4O/cKqE4AJbzWIPu0jb2AQQwagTWHtZuL2+gJ4Z6tG5
bEg6onKLWSS68LXsRCI8F8pnYejiqoItvlj4gghbEu9Tke6RzeSmVO/VGt+SSWxd
TijAF8nH9HvI5M9+pKunhZHxcBnxpq0OSffZYoAWaudJ+nmf6dvfkoSUF/KGaaoh
p0SQ6h7w5tPruRtU0oxZbmMx6mV/thpdHTcd89zU3CD608gaNPYGxod5xMWnJxZR
GuIPWy71iSMkxUbTX9WaQPv7EAPhMVEUzZmq6LVE8mZpuOIqJp/F3OXetTJRdhhd
1xOwcGgRxI9YWASbr3sr5znfzuUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZE92g
eWKsjZW6LKa+VdITl2AFkDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTk2ZDk5NzEtNmQ0ZS00N2EzLTk0MDgtZDYzMzY5OWI2NDNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H4g
MA0GCSqGSIb3DQEBCwUAA4IBAQCMmfN+EMr/H/J0/gxQh8soaKlXv4Uazs7XpZ2T
T3ZuNSFMrS4XvZ+zF2BESWFsFb62hCBi7vI69Z78gqdEimc6cizkftJfI5XWL6gg
F2RGk4Hoj9tvit55ovlHV7W1hYb89tQVIawKxJ0PAiea2EkUGhBY4CqxdoJDkd0c
axyogL5ZIe7TmCzOOWwHnVtYP7hQpy/QyHVSgP9Tc3XGrxvTwQ8kIcXP+juZICBh
SP8HPaV9fIY0hKfE8bRXNTu5+NKtrnUvKcunSCbOn9iqZ9GWo1wQgC0PrUhPHYbO
Vy088gkRz5ota+7ZIPeDJUCJn3M/ii4GO5CpbcQeX4iUUjv8
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:43:44 2025 by rpki-client