Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df38c00b-a6b3-4e63-9f69-b8c3856ebdf6.roa
File: df38c00b-a6b3-4e63-9f69-b8c3856ebdf6.roa (raw, json)
Hash identifier: R1oC3pLKiI1r+KvasGG7VMW/YNJxwri3jyoFjP1vbRI=
Subject key identifier: AC:F1:9B:59:DF:9F:C8:C5:24:68:B6:DD:85:29:42:D6:69:33:6A:C8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4638FA42B545D2505808B5D71BC7611E66D87712
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df38c00b-a6b3-4e63-9f69-b8c3856ebdf6.roa
Signing time: Tue 21 Oct 2025 14:20:46 +0000
ROA not before: Tue 21 Oct 2025 14:20:46 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
46:38:fa:42:b5:45:d2:50:58:08:b5:d7:1b:c7:61:1e:66:d8:77:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:46 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2e68f16b686de96480c9c80986f2e1bbd8dcfcf4cc72131dfaed0737e31e9dba, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:38:82:b7:48:45:f4:94:ab:df:ef:5b:50:d8:
b1:86:de:83:c8:08:97:64:37:6a:49:9a:d3:a5:e9:
78:eb:77:24:ec:b4:88:c7:49:ad:f6:93:ff:c3:66:
bf:be:3c:65:02:c0:58:4b:6e:38:45:f6:19:b9:31:
5b:e8:b3:ae:ab:2c:16:83:b0:7a:49:db:df:59:a9:
b5:95:d5:ed:25:d0:21:c3:73:f4:3b:0c:a3:be:d4:
b4:fc:85:ba:2b:c8:78:b2:09:8e:2b:33:7a:86:48:
61:a8:c6:79:1d:ae:a2:8e:ba:39:6f:85:c9:61:9e:
56:db:dd:a6:ca:7b:91:cb:c1:10:65:b8:1c:f7:49:
9a:e4:62:b1:5d:1c:ff:36:98:20:d6:99:f5:65:73:
a0:b0:53:60:6f:13:5c:b6:22:95:1b:38:50:63:60:
f1:9d:1f:e9:9c:18:23:ef:45:ad:b3:4d:0e:e5:5f:
d0:fc:a7:3e:7f:27:13:36:31:fc:03:64:3b:f5:85:
35:d8:74:3d:5b:67:72:2e:d1:96:f3:d7:e0:86:bf:
5c:75:9e:5c:db:8b:ab:70:c4:7f:9d:f3:95:89:4e:
55:0d:a0:67:b1:dc:80:83:1b:45:ac:a5:52:a7:11:
0d:53:85:31:c3:91:12:b1:1e:21:69:ec:9b:35:f9:
f4:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:F1:9B:59:DF:9F:C8:C5:24:68:B6:DD:85:29:42:D6:69:33:6A:C8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df38c00b-a6b3-4e63-9f69-b8c3856ebdf6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:c000::/40
Signature Algorithm: sha256WithRSAEncryption
20:2d:93:d0:c8:af:cc:fe:69:b7:e2:22:88:8f:07:55:c5:06:
d0:8b:10:8c:63:10:66:e7:aa:28:85:4c:3d:5d:7a:0a:f4:f6:
8a:43:f7:a1:5f:bf:0f:b9:96:26:c2:5e:f2:3c:e3:81:e3:d2:
61:ac:be:f1:7c:78:10:63:82:ea:4b:8a:a7:03:d8:25:2d:72:
c0:65:06:1d:ec:4e:c2:5c:e6:ff:1d:f4:9b:83:ea:95:d9:24:
cd:a0:fc:e1:09:5f:e4:8d:fd:42:c6:a8:5d:a2:17:29:69:9e:
bf:47:14:09:44:c8:2f:5c:6c:fa:7d:0a:68:34:7a:a2:47:91:
c4:3c:d1:f3:f7:67:ff:ee:09:26:a9:80:5c:e2:64:f3:d0:9c:
6a:7c:01:e2:80:e9:d7:bb:d6:45:e4:e3:d1:4c:52:0f:aa:3f:
cd:27:0a:6a:12:4c:e9:2b:2a:5e:93:7b:d9:03:7c:77:64:5a:
8b:f8:fb:d6:69:1e:c6:d2:58:72:16:bb:f9:c7:69:cf:31:8a:
56:ad:ab:37:2d:e9:d1:f3:64:0e:68:0b:b8:6f:f1:ca:db:bd:
59:fb:75:be:47:70:0b:cd:56:8b:8b:1d:af:63:45:30:e5:d9:
2f:38:e3:81:ad:d8:da:5b:14:5b:b1:81:aa:4c:8b:d9:ff:d0:
7f:d1:03:90
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURjj6QrVF0lBYCLXXG8dhHmbYdxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwNDZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJlNjhmMTZiNjg2ZGU5NjQ4MGM5YzgwOTg2ZjJlMWJiZDhkY2ZjZjRjYzcy
MTMxZGZhZWQwNzM3ZTMxZTlkYmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ04grdIRfSUq9/vW1DYsYbeg8gIl2Q3akma06XpeOt3JOy0iMdJrfaT/8Nm
v748ZQLAWEtuOEX2GbkxW+izrqssFoOweknb31mptZXV7SXQIcNz9DsMo77UtPyF
uivIeLIJjiszeoZIYajGeR2uoo66OW+FyWGeVtvdpsp7kcvBEGW4HPdJmuRisV0c
/zaYINaZ9WVzoLBTYG8TXLYilRs4UGNg8Z0f6ZwYI+9FrbNNDuVf0PynPn8nEzYx
/ANkO/WFNdh0PVtnci7RlvPX4Ia/XHWeXNuLq3DEf53zlYlOVQ2gZ7HcgIMbRayl
UqcRDVOFMcORErEeIWnsmzX59BECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSs8ZtZ
35/IxSRott2FKULWaTNqyDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGYzOGMwMGItYTZiMy00ZTYzLTlmNjktYjhjMzg1NmViZGY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G3A
MA0GCSqGSIb3DQEBCwUAA4IBAQAgLZPQyK/M/mm34iKIjwdVxQbQixCMYxBm56oo
hUw9XXoK9PaKQ/ehX78PuZYmwl7yPOOB49JhrL7xfHgQY4LqS4qnA9glLXLAZQYd
7E7CXOb/HfSbg+qV2STNoPzhCV/kjf1CxqhdohcpaZ6/RxQJRMgvXGz6fQpoNHqi
R5HEPNHz92f/7gkmqYBc4mTz0JxqfAHigOnXu9ZF5OPRTFIPqj/NJwpqEkzpKype
k3vZA3x3ZFqL+PvWaR7G0lhyFrv5x2nPMYpWras3LenR82QOaAu4b/HK271Z+3W+
R3ALzVaLix2vY0Uw5dkvOOOBrdjaWxRbsYGqTIvZ/9B/0QOQ
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:14 2025 by rpki-client