Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
File: 968c7897-1d8d-4c3a-b38e-6602ae947f34.roa (raw, json)
Hash identifier: ue/NuRCaocUPEqk1tobMIIFYeHMmBMPtOA5FjrxSNEs=
Subject key identifier: 2F:5B:38:37:5B:5D:76:7D:F4:6E:B5:1E:F5:F3:C2:7C:50:BE:21:C7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 21E3716CD8878761B6AB74466D91486F84C7CD3E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
Signing time: Tue 04 Nov 2025 03:00:09 +0000
ROA not before: Tue 04 Nov 2025 03:00:09 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.208.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:e3:71:6c:d8:87:87:61:b6:ab:74:46:6d:91:48:6f:84:c7:cd:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 03:00:09 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=1e8eda9def25bd44e671acad590b19fbbbe50c9a1426952c08745d22810a3da0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:bf:be:59:bb:2f:d5:5c:1e:00:d8:00:b7:1f:
58:ec:3a:ff:8d:7a:33:ac:24:4a:2b:58:fb:5c:6a:
d4:73:ab:96:7b:5a:d1:c0:27:1c:4e:93:03:f1:4c:
47:24:49:e5:b2:63:95:0d:1d:90:a1:99:e8:a0:87:
88:3c:56:12:51:85:0e:63:7a:26:a3:56:05:96:69:
a2:8e:11:a9:52:a2:5d:c8:4b:18:bf:af:9f:40:8b:
2d:e7:53:56:c5:3e:aa:39:e6:8c:9f:71:71:bc:fe:
e0:80:78:5b:5e:14:1a:47:8b:3d:d8:f3:a5:af:2e:
b1:77:08:be:b0:71:2e:63:15:57:18:9f:42:a2:86:
36:4e:32:61:cd:a8:67:27:f1:68:e5:03:a9:61:98:
85:90:7c:71:c6:54:64:42:00:12:55:dc:0b:26:25:
41:3d:2a:5d:d8:7b:9e:f6:2e:84:fc:b7:22:4d:86:
6d:e5:a6:73:10:bb:b2:c0:fb:4b:4f:78:e4:92:05:
82:61:9a:d2:96:43:21:cf:f7:fe:e4:d0:ae:c2:71:
d7:95:4f:db:21:a4:a7:89:85:41:6f:6d:a6:24:ff:
79:3c:d3:c2:8e:50:7e:d5:70:eb:55:0c:2a:6c:5b:
40:33:2e:48:9c:9d:10:a9:0c:3b:05:17:eb:49:0b:
68:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:5B:38:37:5B:5D:76:7D:F4:6E:B5:1E:F5:F3:C2:7C:50:BE:21:C7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.208.0/21
Signature Algorithm: sha256WithRSAEncryption
11:60:ca:c4:ef:7d:51:5f:1c:47:a1:2a:cf:53:94:51:68:28:
9f:d0:d1:c5:c5:f1:23:ed:8c:78:36:45:6e:66:4e:bb:9d:94:
ab:b5:f7:ef:c6:f4:7b:8d:42:07:0f:f3:04:5d:f1:ca:08:c8:
65:04:fc:7b:4a:ab:b5:06:83:0b:24:8a:2a:18:f4:6b:f6:e1:
f1:a1:6f:2f:61:3b:5d:9f:e7:94:25:ef:98:32:73:de:28:40:
25:6e:42:88:c7:65:98:dd:b6:2c:6e:86:c9:4c:20:42:6f:8f:
a4:a5:e4:b9:a2:54:36:52:37:67:5c:20:07:17:ce:e5:a9:48:
d0:47:40:a1:fd:84:4f:21:58:11:6e:c2:31:de:a6:0a:b1:cf:
04:db:6d:03:ff:85:0f:f2:ed:41:26:29:57:af:c5:d8:fa:7a:
fa:d6:9a:43:6c:4e:99:14:59:2b:c0:40:6a:fe:3e:97:41:d7:
3a:80:9f:06:2d:34:88:e3:12:e3:a5:1b:69:04:85:cf:11:73:
2c:15:c2:74:43:a3:5f:9c:78:5e:89:c6:2c:1b:6f:0e:a7:15:
a6:a0:06:11:f9:b1:92:b2:9e:9a:17:85:4f:60:01:4c:fe:ac:
26:c6:68:d1:a6:0a:3c:9e:07:31:45:f0:48:84:a0:c3:1a:17:
3a:1c:db:78
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIeNxbNiHh2G2q3RGbZFIb4THzT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMzAwMDlaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlOGVkYTlkZWYyNWJkNDRlNjcxYWNhZDU5MGIxOWZiYmJlNTBjOWExNDI2
OTUyYzA4NzQ1ZDIyODEwYTNkYTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOa/vlm7L9VcHgDYALcfWOw6/416M6wkSitY+1xq1HOrlnta0cAnHE6TA/FM
RyRJ5bJjlQ0dkKGZ6KCHiDxWElGFDmN6JqNWBZZpoo4RqVKiXchLGL+vn0CLLedT
VsU+qjnmjJ9xcbz+4IB4W14UGkeLPdjzpa8usXcIvrBxLmMVVxifQqKGNk4yYc2o
ZyfxaOUDqWGYhZB8ccZUZEIAElXcCyYlQT0qXdh7nvYuhPy3Ik2GbeWmcxC7ssD7
S0945JIFgmGa0pZDIc/3/uTQrsJx15VP2yGkp4mFQW9tpiT/eTzTwo5QftVw61UM
KmxbQDMuSJydEKkMOwUX60kLaDcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQvWzg3
W112ffRutR7188J8UL4hxzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTY4Yzc4OTctMWQ4ZC00YzNhLWIzOGUtNjYwMmFlOTQ3ZjM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6J0DAN
BgkqhkiG9w0BAQsFAAOCAQEAEWDKxO99UV8cR6Eqz1OUUWgon9DRxcXxI+2MeDZF
bmZOu52Uq7X378b0e41CBw/zBF3xygjIZQT8e0qrtQaDCySKKhj0a/bh8aFvL2E7
XZ/nlCXvmDJz3ihAJW5CiMdlmN22LG6GyUwgQm+PpKXkuaJUNlI3Z1wgBxfO5alI
0EdAof2ETyFYEW7CMd6mCrHPBNttA/+FD/LtQSYpV6/F2Pp6+taaQ2xOmRRZK8BA
av4+l0HXOoCfBi00iOMS46UbaQSFzxFzLBXCdEOjX5x4XonGLBtvDqcVpqAGEfmx
krKemheFT2ABTP6sJsZo0aYKPJ4HMUXwSISgwxoXOhzbeA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:53:31 2025 by rpki-client