Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
File: df59e31f-1e32-4e7a-a595-74adb3f93176.roa (raw, json)
Hash identifier: UalD5Q7x12UrfMqxRiI55ffGpGiftY7Y+cxt6PY58m0=
Subject key identifier: D2:E1:14:04:08:12:D7:76:B5:EA:03:49:39:8F:25:97:BE:5E:88:25
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5832A273C79FD3D4758AED791ABB24AE996A9C88
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
Signing time: Fri 26 Sep 2025 19:01:38 +0000
ROA not before: Fri 26 Sep 2025 19:01:38 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
58:32:a2:73:c7:9f:d3:d4:75:8a:ed:79:1a:bb:24:ae:99:6a:9c:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:01:38 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=599b4c7aa48d069806517461e00b8799fe2f02879c5441586955304ec14f3956, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:79:f2:75:af:8f:bf:9f:04:94:99:b8:49:b7:
53:0c:04:c2:79:97:88:b8:71:ca:39:61:2c:74:a6:
81:d2:46:40:eb:2d:e7:72:1c:84:9a:5d:a4:05:02:
c0:8a:6f:6e:5a:b5:1e:83:69:2a:0b:5d:54:76:59:
71:e4:03:4d:62:80:da:13:f6:b1:9f:8a:7e:4b:c0:
2d:d6:18:78:f1:1e:5f:71:9c:9c:1a:cf:90:de:94:
93:0a:99:ff:c1:58:cc:ae:03:8d:db:1c:14:4a:ec:
a3:38:35:95:d1:a0:aa:9d:8b:d7:b8:a7:05:e4:f2:
1a:df:e4:84:8d:f6:1b:1b:cf:41:e7:21:be:01:ad:
39:a0:c7:a5:27:81:ca:b4:97:18:1e:79:1c:e9:42:
a7:70:89:0f:31:81:f3:ff:f2:4f:cb:30:3f:6c:48:
f9:5f:75:ad:2a:48:0c:70:87:f2:e2:4c:04:ed:73:
39:bb:09:60:a1:83:f4:96:cd:51:d3:cc:99:4e:28:
16:a0:07:4a:fa:aa:d8:3b:8d:eb:b3:51:d6:fa:a9:
3b:87:6f:f5:8e:dc:2e:f3:ec:d1:08:1e:4c:3a:5c:
34:d1:2e:ee:01:3e:c4:00:96:df:09:ef:2a:30:47:
02:97:04:5d:62:39:36:9e:55:20:bf:65:e7:a7:85:
59:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:E1:14:04:08:12:D7:76:B5:EA:03:49:39:8F:25:97:BE:5E:88:25
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:e000::/40
Signature Algorithm: sha256WithRSAEncryption
7d:91:da:00:96:e0:6a:13:65:5f:be:4b:9b:31:29:01:8d:3e:
ab:73:5c:9f:44:70:38:db:b5:97:38:35:06:8d:94:42:8e:2c:
22:d5:cd:11:76:d1:df:88:c4:49:32:21:0c:f6:fb:66:56:38:
11:5e:90:41:11:85:0f:13:49:32:e0:01:74:4a:c2:0d:4c:e0:
b6:ba:ef:ef:21:e0:fc:ba:09:a2:c4:96:76:25:54:29:27:5d:
92:ee:f7:d6:cc:ad:a3:bc:03:35:9e:28:cd:bb:c6:d6:50:63:
31:c0:49:03:bc:95:bc:f4:ac:f7:e9:2e:81:ea:5e:a5:18:ad:
fc:f8:35:2e:7f:0c:73:79:8c:57:d6:c9:33:a5:47:ed:f7:e6:
75:a8:91:cf:5a:48:45:bd:4b:0b:ea:4f:ef:09:9f:f1:b5:64:
38:8c:b7:a8:87:c3:e0:48:c7:8d:f8:53:36:f9:07:8a:2f:30:
2f:15:90:0d:06:d1:45:69:58:ac:33:78:70:0a:1d:55:f1:6c:
a9:c8:ef:03:ee:49:52:e0:d5:0e:6a:e8:31:59:c5:6e:1c:d5:
3c:cb:b8:cc:d2:81:32:b9:c0:c1:e4:26:d5:f0:fb:4c:b0:bb:
87:ec:53:65:5c:d8:e5:11:42:0f:a0:4b:fe:c5:8b:a8:f1:6e:
dc:32:68:97
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWDKic8ef09R1iu15GrskrplqnIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMzhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5OWI0YzdhYTQ4ZDA2OTgwNjUxNzQ2MWUwMGI4Nzk5ZmUyZjAyODc5YzU0
NDE1ODY5NTUzMDRlYzE0ZjM5NTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMF58nWvj7+fBJSZuEm3UwwEwnmXiLhxyjlhLHSmgdJGQOst53IchJpdpAUC
wIpvblq1HoNpKgtdVHZZceQDTWKA2hP2sZ+KfkvALdYYePEeX3GcnBrPkN6UkwqZ
/8FYzK4DjdscFErsozg1ldGgqp2L17inBeTyGt/khI32GxvPQechvgGtOaDHpSeB
yrSXGB55HOlCp3CJDzGB8//yT8swP2xI+V91rSpIDHCH8uJMBO1zObsJYKGD9JbN
UdPMmU4oFqAHSvqq2DuN67NR1vqpO4dv9Y7cLvPs0QgeTDpcNNEu7gE+xACW3wnv
KjBHApcEXWI5Np5VIL9l56eFWUsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTS4RQE
CBLXdrXqA0k5jyWXvl6IJTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGY1OWUzMWYtMWUzMi00ZTdhLWE1OTUtNzRhZGIzZjkzMTc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHg
MA0GCSqGSIb3DQEBCwUAA4IBAQB9kdoAluBqE2VfvkubMSkBjT6rc1yfRHA427WX
ODUGjZRCjiwi1c0RdtHfiMRJMiEM9vtmVjgRXpBBEYUPE0ky4AF0SsINTOC2uu/v
IeD8ugmixJZ2JVQpJ12S7vfWzK2jvAM1nijNu8bWUGMxwEkDvJW89Kz36S6B6l6l
GK38+DUufwxzeYxX1skzpUft9+Z1qJHPWkhFvUsL6k/vCZ/xtWQ4jLeoh8PgSMeN
+FM2+QeKLzAvFZANBtFFaVisM3hwCh1V8WypyO8D7klS4NUOaugxWcVuHNU8y7jM
0oEyucDB5CbV8PtMsLuH7FNlXNjlEUIPoEv+xYuo8W7cMmiX
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:16 2025 by rpki-client