Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/01bbf67c-f7ae-457c-80b3-728a951b236a.roa
File: 01bbf67c-f7ae-457c-80b3-728a951b236a.roa (raw, json)
Hash identifier: KXg8Im50625N9ZnOCzZvrdBW1OYL09+G+pBUUQygIDg=
Subject key identifier: 2B:92:AC:F6:24:BE:C3:AB:F3:92:A7:C5:82:C5:3F:62:27:A0:32:E8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 60AEF4A677119C5230555D2EA3F57ABE120FE379
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/01bbf67c-f7ae-457c-80b3-728a951b236a.roa
Signing time: Tue 04 Nov 2025 02:50:45 +0000
ROA not before: Tue 04 Nov 2025 02:50:45 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.128.0/18 maxlen: 18
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:ae:f4:a6:77:11:9c:52:30:55:5d:2e:a3:f5:7a:be:12:0f:e3:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 02:50:45 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=bfe0d29a3ffc64a20cce97f996932f5a84243ac9766f1d4f29e220209f18bfaf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:81:ed:8d:ad:85:48:01:ea:2d:95:20:e3:6f:
7d:9a:6a:40:00:db:78:fb:71:7a:22:ad:29:1d:cc:
05:27:08:25:d6:37:e1:06:a9:c7:22:5e:93:bb:7b:
3a:88:b2:23:1a:1b:61:88:f7:66:10:49:c3:f7:65:
c1:1e:42:42:f7:d2:f1:0b:d4:5b:32:9c:54:7b:dc:
74:75:e6:e8:3f:75:4c:8a:0c:34:08:f6:7c:0a:33:
fb:f7:28:98:77:06:ed:f4:a0:0f:41:50:cc:ff:25:
1f:52:03:49:d5:cc:1b:e1:2b:ab:da:f5:d7:12:0b:
78:8c:6a:63:69:f5:9a:ee:c9:cf:06:bb:e9:a9:7c:
69:8d:b9:ed:21:06:a7:44:b6:e6:9c:3c:63:3f:ca:
79:14:c2:4d:30:52:f7:da:8f:03:1d:72:4b:39:52:
46:d6:32:85:93:ae:3c:22:cb:cf:26:58:a8:f5:b2:
de:ed:f3:c2:fc:41:b6:19:e3:c6:f4:fa:a6:d5:0b:
00:a4:05:d5:c5:df:3b:32:a9:b7:a4:0e:00:82:de:
3e:42:97:a7:34:2d:74:f7:98:83:c1:fa:6c:52:d0:
10:1b:a3:b5:90:ca:e9:8c:7a:5a:20:42:e1:3a:e9:
e5:da:50:c0:7c:5a:7d:b6:47:84:6c:d9:78:62:d4:
52:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:92:AC:F6:24:BE:C3:AB:F3:92:A7:C5:82:C5:3F:62:27:A0:32:E8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/01bbf67c-f7ae-457c-80b3-728a951b236a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.128.0/18
Signature Algorithm: sha256WithRSAEncryption
2c:f4:73:37:68:a6:1f:16:15:1b:86:e5:a1:5e:69:d4:92:6b:
47:32:46:08:57:b4:5c:58:69:58:1d:91:97:48:47:fb:d7:fd:
a3:93:ee:ee:f1:01:1f:4e:2b:6d:33:bb:ce:c8:64:69:eb:42:
ad:41:09:16:d8:13:31:7c:2f:be:46:68:5c:a1:91:1a:d0:5b:
05:83:5a:75:49:a4:27:d8:8c:05:09:f4:3c:90:54:92:a2:4c:
97:6f:0f:78:48:66:af:19:35:89:2d:f0:76:eb:77:12:d3:66:
c1:35:58:f2:1e:14:db:53:c6:79:91:04:69:60:09:12:99:7f:
69:87:a2:20:72:75:c3:80:89:90:13:b6:95:44:29:62:65:ea:
0e:d0:61:49:6f:78:7a:89:52:6d:f2:33:73:de:34:44:9e:d5:
f3:55:92:07:20:02:67:bd:44:26:4f:31:29:48:06:21:2e:df:
cd:74:42:f0:ed:f5:57:d4:bb:02:49:77:b4:c8:91:55:b8:6f:
a8:90:eb:a1:d7:ca:f6:e4:d1:d5:9d:55:de:86:81:b7:fb:65:
1d:60:f1:62:e2:62:e8:df:00:34:be:c2:de:60:f4:0e:3f:fb:
59:64:c9:cf:79:e2:8c:e4:11:c7:fa:4c:c5:c6:4e:4d:c4:77:
97:af:75:aa
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUYK70pncRnFIwVV0uo/V6vhIP43kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMjUwNDVaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGJmZTBkMjlhM2ZmYzY0YTIwY2NlOTdmOTk2OTMyZjVhODQyNDNhYzk3NjZm
MWQ0ZjI5ZTIyMDIwOWYxOGJmYWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMeB7Y2thUgB6i2VIONvfZpqQADbePtxeiKtKR3MBScIJdY34QapxyJek7t7
OoiyIxobYYj3ZhBJw/dlwR5CQvfS8QvUWzKcVHvcdHXm6D91TIoMNAj2fAoz+/co
mHcG7fSgD0FQzP8lH1IDSdXMG+Erq9r11xILeIxqY2n1mu7Jzwa76al8aY257SEG
p0S25pw8Yz/KeRTCTTBS99qPAx1ySzlSRtYyhZOuPCLLzyZYqPWy3u3zwvxBthnj
xvT6ptULAKQF1cXfOzKpt6QOAILePkKXpzQtdPeYg8H6bFLQEBujtZDK6Yx6WiBC
4Trp5dpQwHxafbZHhGzZeGLUUoMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQrkqz2
JL7Dq/OSp8WCxT9iJ6Ay6DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDFiYmY2N2MtZjdhZS00NTdjLTgwYjMtNzI4YTk1MWIyMzZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBi6JgDAN
BgkqhkiG9w0BAQsFAAOCAQEALPRzN2imHxYVG4bloV5p1JJrRzJGCFe0XFhpWB2R
l0hH+9f9o5Pu7vEBH04rbTO7zshkaetCrUEJFtgTMXwvvkZoXKGRGtBbBYNadUmk
J9iMBQn0PJBUkqJMl28PeEhmrxk1iS3wdut3EtNmwTVY8h4U21PGeZEEaWAJEpl/
aYeiIHJ1w4CJkBO2lUQpYmXqDtBhSW94eolSbfIzc940RJ7V81WSByACZ71EJk8x
KUgGIS7fzXRC8O31V9S7Akl3tMiRVbhvqJDrodfK9uTR1Z1V3oaBt/tlHWDxYuJi
6N8ANL7C3mD0Dj/7WWTJz3nijOQRx/pMxcZOTcR3l691qg==
-----END CERTIFICATE-----
Generated at Wed Nov 5 20:29:46 2025 by rpki-client