Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216f72e9-3c9a-414e-a688-ee99e3f2e840.roa
File: 216f72e9-3c9a-414e-a688-ee99e3f2e840.roa (raw, json)
Hash identifier: DQKe6haE5ddEpS+Ii0e4Enw4xulCWcCT9QgNjwKVB64=
Subject key identifier: 3C:1F:BF:92:DF:93:DB:44:0A:F8:3D:7C:0F:85:4A:E8:71:F6:B4:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 136830A9B47933023473841E38F3E10A7E721889
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216f72e9-3c9a-414e-a688-ee99e3f2e840.roa
Signing time: Tue 04 Nov 2025 03:00:10 +0000
ROA not before: Tue 04 Nov 2025 03:00:10 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.220.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:68:30:a9:b4:79:33:02:34:73:84:1e:38:f3:e1:0a:7e:72:18:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 03:00:10 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=5b5e50867204d221ccc3524d991989e1d827db5c4669839e25ad2827e78277e4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:a9:c0:c3:ad:48:5a:55:28:01:08:20:46:6f:
e7:42:01:a5:42:cd:80:93:2b:08:58:e1:c4:c9:90:
a8:49:88:de:cf:91:4c:8b:3f:15:ff:aa:28:6d:09:
c8:31:64:a2:2a:96:80:1e:3d:f9:85:4a:29:60:dc:
4b:7f:08:3f:75:47:1f:d9:69:39:62:1d:f8:43:1f:
ec:d6:a1:8b:76:33:dc:9d:cc:ab:35:6e:21:96:bd:
84:d0:99:b6:2c:f9:c7:5c:19:7d:e4:83:41:37:5a:
e6:2f:30:72:1d:85:55:73:f6:71:b5:e2:92:8c:c9:
1f:df:a5:48:53:e9:46:42:54:ff:03:f9:ee:7b:d5:
f2:e9:0e:70:d6:db:2f:ec:7d:c3:a8:2e:32:2f:7b:
cc:c7:9d:54:95:76:a1:d6:00:e7:00:29:11:36:f6:
6b:c0:d1:55:ba:72:46:8c:9e:5e:d8:d8:42:3a:bc:
2b:8f:f0:e9:09:70:6b:82:90:c2:9a:2a:68:43:11:
17:be:ca:0c:13:01:b7:d2:4a:97:49:ae:02:9b:33:
2b:15:10:e3:cb:e7:2a:d6:61:98:06:04:20:f0:1c:
c7:92:1e:00:4e:a8:8f:ca:0a:18:be:51:df:79:f0:
19:33:1f:d8:24:5e:33:8e:0d:8d:7b:53:fa:9e:8d:
e2:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:1F:BF:92:DF:93:DB:44:0A:F8:3D:7C:0F:85:4A:E8:71:F6:B4:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216f72e9-3c9a-414e-a688-ee99e3f2e840.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.220.0/23
Signature Algorithm: sha256WithRSAEncryption
82:e1:aa:19:e7:25:29:33:55:12:ae:ec:f0:d3:87:f9:00:f1:
9e:2d:ca:c7:cc:9a:84:23:d2:e5:1c:eb:29:fc:43:39:5a:44:
2c:73:ea:4b:bb:56:1e:7f:ec:86:84:fb:86:a6:b0:ca:f9:ba:
1a:0d:fa:ac:a6:7d:18:16:19:5d:5b:4f:dd:89:a3:72:06:74:
30:bf:3e:fb:29:9b:23:26:3d:1d:f4:1e:0d:a5:17:22:f9:9e:
9b:99:c0:35:0e:82:50:5a:62:03:46:41:eb:16:c5:3e:8b:5e:
3f:d6:dc:56:0d:97:9d:af:db:99:8f:8d:21:b9:12:20:56:79:
e9:db:2f:31:ed:1a:41:55:c1:b0:46:cf:16:4c:24:5b:60:e0:
e6:17:31:26:46:5a:d6:65:e0:20:e7:d8:1f:b1:20:ae:b9:d9:
de:2e:e4:70:12:1d:3b:32:35:15:03:03:92:81:81:da:62:30:
c4:9e:33:9d:c7:3b:19:22:5b:ed:fc:b7:4c:b4:b7:54:1a:04:
1f:e9:8d:2f:14:a7:d5:44:2a:84:57:f6:b5:14:1f:3e:d1:ef:
04:e1:7f:57:56:5c:b2:59:08:25:37:1a:c9:5f:1b:b0:9c:86:
37:ef:2c:51:e5:09:0c:35:3a:34:6d:25:f7:d8:15:9a:0b:19:
28:cf:ec:26
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUE2gwqbR5MwI0c4QeOPPhCn5yGIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMzAwMTBaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDViNWU1MDg2NzIwNGQyMjFjY2MzNTI0ZDk5MTk4OWUxZDgyN2RiNWM0NjY5
ODM5ZTI1YWQyODI3ZTc4Mjc3ZTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSpwMOtSFpVKAEIIEZv50IBpULNgJMrCFjhxMmQqEmI3s+RTIs/Ff+qKG0J
yDFkoiqWgB49+YVKKWDcS38IP3VHH9lpOWId+EMf7Nahi3Yz3J3MqzVuIZa9hNCZ
tiz5x1wZfeSDQTda5i8wch2FVXP2cbXikozJH9+lSFPpRkJU/wP57nvV8ukOcNbb
L+x9w6guMi97zMedVJV2odYA5wApETb2a8DRVbpyRoyeXtjYQjq8K4/w6Qlwa4KQ
wpoqaEMRF77KDBMBt9JKl0muApszKxUQ48vnKtZhmAYEIPAcx5IeAE6oj8oKGL5R
33nwGTMf2CReM44NjXtT+p6N4r0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ8H7+S
35PbRAr4PXwPhUrocfa06jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjE2ZjcyZTktM2M5YS00MTRlLWE2ODgtZWU5OWUzZjJlODQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS6J3DAN
BgkqhkiG9w0BAQsFAAOCAQEAguGqGeclKTNVEq7s8NOH+QDxni3Kx8yahCPS5Rzr
KfxDOVpELHPqS7tWHn/shoT7hqawyvm6Gg36rKZ9GBYZXVtP3YmjcgZ0ML8++ymb
IyY9HfQeDaUXIvmem5nANQ6CUFpiA0ZB6xbFPoteP9bcVg2Xna/bmY+NIbkSIFZ5
6dsvMe0aQVXBsEbPFkwkW2Dg5hcxJkZa1mXgIOfYH7EgrrnZ3i7kcBIdOzI1FQMD
koGB2mIwxJ4zncc7GSJb7fy3TLS3VBoEH+mNLxSn1UQqhFf2tRQfPtHvBOF/V1Zc
slkIJTcayV8bsJyGN+8sUeUJDDU6NG0l99gVmgsZKM/sJg==
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:53:25 2025 by rpki-client