Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
File: 968c7897-1d8d-4c3a-b38e-6602ae947f34.roa (raw, json)
Hash identifier: kkjjfhJBbdo1LEEIpbHGJNSll+3zDMYab5olhLHqdlo=
Subject key identifier: 87:76:11:9C:F0:F9:E6:A9:6B:24:89:F3:D8:15:88:2B:7E:5D:D5:8D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 57B4C8336F56B61B1C8AE30F2B2C7ACB95D802F8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
Signing time: Fri 10 Oct 2025 17:10:21 +0000
ROA not before: Fri 10 Oct 2025 17:10:21 +0000
ROA not after: Fri 14 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.208.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:b4:c8:33:6f:56:b6:1b:1c:8a:e3:0f:2b:2c:7a:cb:95:d8:02:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 10 17:10:21 2025 GMT
Not After : Nov 14 23:59:59 2025 GMT
Subject: serialNumber=1c1d719b051e8a1c6371c38ac3cbc40184240cedf1b0bab2bb93a38999a0c23e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:6f:83:3c:02:e8:f3:2d:8f:39:03:37:ae:02:
ef:f1:3e:a7:6e:e6:76:1c:1f:26:22:74:22:4d:70:
29:4e:59:9e:97:61:b1:ae:73:2b:41:96:6e:f9:09:
11:63:c6:e7:12:1f:f0:12:cb:66:99:95:2b:e8:fe:
6d:58:e2:d9:00:37:54:d4:4c:5d:37:da:c5:ff:00:
b7:2b:4d:b6:e3:17:e3:bc:d1:a8:03:51:66:e9:33:
d5:80:0f:9b:24:18:20:be:cc:43:ca:09:07:11:31:
d6:d2:17:95:1e:86:ba:3c:a9:45:d6:48:5a:25:57:
46:81:90:eb:58:1d:09:9c:9d:d9:c1:94:21:e3:6f:
95:0b:0c:5b:62:3c:1f:d8:1a:7d:f0:d0:d3:3f:d1:
1d:c3:04:b1:e1:d2:a4:f8:09:13:c2:9b:3d:3f:09:
ec:f5:f3:bb:40:05:98:0b:2e:c2:70:91:65:9a:be:
fc:2b:28:6d:24:25:ee:fb:b2:e0:2d:be:4e:73:ae:
56:b1:24:a5:cc:4a:33:c9:67:2e:4a:89:be:ee:54:
58:80:a2:11:c5:c4:09:04:87:33:c2:31:e1:67:66:
49:62:d8:cd:32:ab:5f:96:fd:29:7b:01:19:15:db:
f0:f6:fa:fe:b0:dc:65:31:c0:b1:14:b4:9f:07:1a:
ee:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:76:11:9C:F0:F9:E6:A9:6B:24:89:F3:D8:15:88:2B:7E:5D:D5:8D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.208.0/21
Signature Algorithm: sha256WithRSAEncryption
89:3a:77:df:f9:7b:70:b8:09:cb:22:06:90:2d:40:69:9d:88:
12:b7:da:eb:78:59:e6:19:5c:fc:39:28:81:cd:7f:bf:10:30:
01:90:42:2a:bb:00:a6:27:be:cf:f6:13:c4:25:a9:52:a6:e3:
9c:87:96:09:e5:5e:53:1a:4f:67:2b:27:e7:9b:9f:94:88:4b:
94:48:1f:28:35:4f:02:7c:90:1f:ec:8f:dc:ac:98:73:67:7e:
3a:b7:2e:d2:76:6c:31:11:ab:5c:0b:2f:2a:ce:d6:c0:71:70:
05:13:9f:90:63:97:3c:f7:f1:85:e7:50:2c:77:2f:e8:66:c6:
9a:74:34:d2:ed:d7:dd:ee:fe:3e:1e:f6:f1:0c:b5:29:64:98:
57:5f:9c:f5:5a:c1:fe:97:e6:c0:2b:ad:23:3f:80:a4:c1:41:
42:7b:93:06:12:d7:8f:9c:d0:36:47:a8:c2:7d:fb:a8:c4:6e:
b5:d2:de:bf:bf:99:db:1d:7d:90:6e:65:51:15:8b:b0:1d:d0:
cf:80:d2:f2:b2:fd:d1:b6:39:69:c2:9e:41:39:99:bf:ab:33:
a0:42:a8:6f:fb:62:f1:15:7d:60:34:a7:62:ae:0f:18:64:a2:
36:99:b6:92:64:c2:b3:d1:ef:f6:56:84:47:78:c3:fb:e6:0e:
5b:3f:59:6c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUV7TIM29WthsciuMPKyx6y5XYAvgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMjFaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjMWQ3MTliMDUxZThhMWM2MzcxYzM4YWMzY2JjNDAxODQyNDBjZWRmMWIw
YmFiMmJiOTNhMzg5OTlhMGMyM2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpvgzwC6PMtjzkDN64C7/E+p27mdhwfJiJ0Ik1wKU5Znpdhsa5zK0GWbvkJ
EWPG5xIf8BLLZpmVK+j+bVji2QA3VNRMXTfaxf8AtytNtuMX47zRqANRZukz1YAP
myQYIL7MQ8oJBxEx1tIXlR6GujypRdZIWiVXRoGQ61gdCZyd2cGUIeNvlQsMW2I8
H9gaffDQ0z/RHcMEseHSpPgJE8KbPT8J7PXzu0AFmAsuwnCRZZq+/CsobSQl7vuy
4C2+TnOuVrEkpcxKM8lnLkqJvu5UWICiEcXECQSHM8Ix4WdmSWLYzTKrX5b9KXsB
GRXb8Pb6/rDcZTHAsRS0nwca7lkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSHdhGc
8PnmqWskifPYFYgrfl3VjTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTY4Yzc4OTctMWQ4ZC00YzNhLWIzOGUtNjYwMmFlOTQ3ZjM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6J0DAN
BgkqhkiG9w0BAQsFAAOCAQEAiTp33/l7cLgJyyIGkC1AaZ2IErfa63hZ5hlc/Dko
gc1/vxAwAZBCKrsApie+z/YTxCWpUqbjnIeWCeVeUxpPZysn55uflIhLlEgfKDVP
AnyQH+yP3KyYc2d+Orcu0nZsMRGrXAsvKs7WwHFwBROfkGOXPPfxhedQLHcv6GbG
mnQ00u3X3e7+Ph728Qy1KWSYV1+c9VrB/pfmwCutIz+ApMFBQnuTBhLXj5zQNkeo
wn37qMRutdLev7+Z2x19kG5lURWLsB3Qz4DS8rL90bY5acKeQTmZv6szoEKob/ti
8RV9YDSnYq4PGGSiNpm2kmTCs9Hv9laER3jD++YOWz9ZbA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:24 2025 by rpki-client