Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa
File: 9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa (raw, json)
Hash identifier: zy6N7drdUZB14A107JtX9rnzuDYQxnHU62FlL2mHE28=
Subject key identifier: F7:4A:16:6F:CB:1D:86:69:AB:5C:CF:CD:0C:47:E5:9C:65:3D:00:8D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2A97B1135AEA3E1BDF197CB32BF22229F5AEC87E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa
Signing time: Fri 10 Oct 2025 17:10:20 +0000
ROA not before: Fri 10 Oct 2025 17:10:20 +0000
ROA not after: Fri 14 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.192.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:97:b1:13:5a:ea:3e:1b:df:19:7c:b3:2b:f2:22:29:f5:ae:c8:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 10 17:10:20 2025 GMT
Not After : Nov 14 23:59:59 2025 GMT
Subject: serialNumber=acb9cf44b95e83fd76ece510aecc60cb8f5139bd05f54cc48e8c30f6549508c1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:d7:4e:0b:3f:d2:23:cf:ad:ad:c3:84:3e:6f:
60:ab:4d:32:0b:70:dd:8c:0e:06:9c:f7:7e:86:84:
38:f4:5b:b9:89:52:0e:dc:b3:2c:08:9e:ac:9a:35:
f8:24:bf:5e:ed:ff:fc:08:74:2e:c4:07:ab:62:3b:
9f:c2:00:a3:cd:85:d2:e7:64:51:b9:20:01:42:8a:
cc:94:79:8f:c8:e4:65:a5:36:09:f0:c7:65:24:a3:
ba:16:3f:4f:68:73:2b:e6:b5:fa:e9:64:5e:e5:0c:
0c:2e:36:52:90:e3:6e:ea:91:dc:f3:c0:e8:fd:a3:
e5:f3:69:52:4b:4f:4e:80:cc:6f:f4:c6:7a:96:2a:
95:e5:64:72:f5:27:7a:be:ba:8a:c4:b4:49:24:33:
9f:ce:ba:8c:78:9e:00:3b:6e:1c:29:84:b8:43:d2:
e1:46:14:16:6b:fd:42:06:e0:46:da:f9:41:d4:03:
5d:05:66:64:52:c7:a4:df:7b:01:8b:45:1b:b6:89:
54:80:61:06:9a:03:c4:de:29:f6:b1:86:70:76:24:
5d:8a:4b:2e:56:42:11:01:b2:71:b8:05:3a:03:bd:
7a:bf:07:49:17:60:3a:e6:17:e1:7d:19:b8:66:8d:
4e:ca:9b:aa:fb:b6:4a:9d:ae:9f:1d:c0:a1:4c:7d:
ad:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:4A:16:6F:CB:1D:86:69:AB:5C:CF:CD:0C:47:E5:9C:65:3D:00:8D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.192.0/21
Signature Algorithm: sha256WithRSAEncryption
74:74:d6:29:14:48:ee:1b:00:53:d0:48:70:6e:8a:75:ac:4c:
ff:5e:c1:26:ae:9f:a4:84:35:9f:c9:99:cb:52:4f:45:d4:51:
5b:76:73:46:92:7e:15:59:32:ee:9a:2d:5a:55:82:a3:2d:28:
06:fa:d7:93:cd:f7:c3:c0:c1:f2:9d:bc:27:68:75:96:a0:9d:
15:0f:db:ad:43:2c:ca:0f:b8:b8:d5:2d:19:34:47:86:7f:63:
97:64:a5:23:5b:cf:ab:a6:1f:cd:0e:cb:d6:d2:bd:ab:e5:f5:
ea:52:77:78:31:97:23:30:c3:4a:83:6c:f3:db:29:9f:52:8f:
cf:59:ba:96:6d:cb:89:cf:f5:e9:98:a6:67:f9:f8:7e:9f:00:
5a:f8:e7:35:f2:a5:ec:f3:94:c5:cd:ef:15:b0:46:0a:23:e7:
0a:7c:93:00:7c:36:b0:12:a3:76:e0:bb:4f:f9:ee:97:d5:89:
8b:f1:bf:54:cc:89:e7:d8:b6:7c:fc:6b:e0:af:ca:4a:b1:52:
ff:df:86:58:cf:7f:60:96:90:49:d6:e6:37:26:9b:13:ce:a7:
ae:36:fe:2a:a4:d1:c9:53:3c:23:30:14:7c:a8:5b:bf:b8:3f:
c6:21:c7:aa:bc:f5:a7:e6:66:d3:34:d2:d5:83:35:b6:0c:41:
9b:4e:6b:c5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKpexE1rqPhvfGXyzK/IiKfWuyH4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMjBaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjYjljZjQ0Yjk1ZTgzZmQ3NmVjZTUxMGFlY2M2MGNiOGY1MTM5YmQwNWY1
NGNjNDhlOGMzMGY2NTQ5NTA4YzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK3XTgs/0iPPra3DhD5vYKtNMgtw3YwOBpz3foaEOPRbuYlSDtyzLAierJo1
+CS/Xu3//Ah0LsQHq2I7n8IAo82F0udkUbkgAUKKzJR5j8jkZaU2CfDHZSSjuhY/
T2hzK+a1+ulkXuUMDC42UpDjbuqR3PPA6P2j5fNpUktPToDMb/TGepYqleVkcvUn
er66isS0SSQzn866jHieADtuHCmEuEPS4UYUFmv9QgbgRtr5QdQDXQVmZFLHpN97
AYtFG7aJVIBhBpoDxN4p9rGGcHYkXYpLLlZCEQGycbgFOgO9er8HSRdgOuYX4X0Z
uGaNTsqbqvu2Sp2unx3AoUx9rUcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT3ShZv
yx2Gaatcz80MR+WcZT0AjTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTgzNGExMmEtYTVkOS00Y2FhLWFlMDktYjFlMzMyMzU5NmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6JwDAN
BgkqhkiG9w0BAQsFAAOCAQEAdHTWKRRI7hsAU9BIcG6KdaxM/17BJq6fpIQ1n8mZ
y1JPRdRRW3ZzRpJ+FVky7potWlWCoy0oBvrXk833w8DB8p28J2h1lqCdFQ/brUMs
yg+4uNUtGTRHhn9jl2SlI1vPq6YfzQ7L1tK9q+X16lJ3eDGXIzDDSoNs89spn1KP
z1m6lm3Lic/16ZimZ/n4fp8AWvjnNfKl7POUxc3vFbBGCiPnCnyTAHw2sBKjduC7
T/nul9WJi/G/VMyJ59i2fPxr4K/KSrFS/9+GWM9/YJaQSdbmNyabE86nrjb+KqTR
yVM8IzAUfKhbv7g/xiHHqrz1p+Zm0zTS1YM1tgxBm05rxQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:30 2025 by rpki-client