Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa
File: 9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa (raw, json)
Hash identifier: Zdc3dxkxh/USZK8djOJiJ0+X34mQWTJxl2GN1Nx/254=
Subject key identifier: 5A:86:69:4A:02:6C:8D:80:E6:B7:95:FB:3E:00:4B:3B:75:08:6A:2E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7452A2C60C237F16F4552D2EB2BCAEF1CEAE092A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa
Signing time: Tue 04 Nov 2025 02:50:08 +0000
ROA not before: Tue 04 Nov 2025 02:50:08 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.192.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:52:a2:c6:0c:23:7f:16:f4:55:2d:2e:b2:bc:ae:f1:ce:ae:09:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 02:50:08 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=514e92ba18ebeeb6a7773c1732e6048d3470652a905db0ed3c3b34d4b1cdef0f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:c0:61:21:70:ba:bc:9e:05:cd:33:96:28:5d:
c3:a9:ec:c3:f5:f0:8b:a3:22:1a:24:fb:32:33:97:
4e:4c:93:94:43:e7:27:91:bd:d4:97:b5:e4:ba:a4:
c0:63:28:fd:bc:a1:ef:cc:a8:d4:c6:e4:47:9e:f6:
74:a4:79:a8:99:6c:91:52:1d:14:bc:e7:6d:e2:a3:
19:d2:3a:b4:55:c9:70:08:24:d4:1d:b2:d4:de:55:
28:b2:fa:8e:04:f5:b4:24:76:da:81:ce:99:cc:34:
52:44:8a:4a:fe:9d:8a:df:e4:0a:a1:28:e3:20:96:
56:a4:4b:df:db:1f:36:71:37:7f:ba:3d:35:4b:c6:
d7:e4:88:09:0f:e4:0c:a8:16:1c:ea:8b:cb:2f:1d:
97:5a:98:e2:ad:1a:8f:89:c0:44:60:b1:e8:f7:a6:
28:eb:b9:54:c3:1f:65:55:1c:26:1d:ee:aa:b2:1d:
c1:94:6f:e4:ca:03:16:18:f9:f8:10:33:4b:d1:85:
2b:d1:28:c1:21:a2:c9:97:24:35:54:86:1b:5f:9e:
19:48:5d:63:6a:1a:66:3f:ed:d5:a3:a6:a5:8d:d5:
13:6a:67:ec:2d:9a:95:35:0c:62:76:5e:6b:3a:86:
a8:60:ee:70:cc:c4:90:68:01:2f:18:75:bd:79:c8:
a5:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:86:69:4A:02:6C:8D:80:E6:B7:95:FB:3E:00:4B:3B:75:08:6A:2E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9834a12a-a5d9-4caa-ae09-b1e3323596bd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.192.0/21
Signature Algorithm: sha256WithRSAEncryption
ac:ba:d9:a2:f7:c0:6d:4d:c0:8b:98:22:7c:b0:8e:0a:a3:92:
72:02:d2:17:f6:6b:f5:5f:36:24:b0:1f:5f:e0:78:c9:4d:0d:
6b:5a:5c:95:69:39:f0:0d:64:cb:e2:69:88:b7:a0:71:91:70:
ba:2c:77:0a:d6:66:10:02:ff:f5:c3:6e:9c:66:5f:ad:e5:56:
b0:d2:ac:bb:0a:15:bc:25:f8:87:0d:e7:32:88:93:d9:8c:86:
fc:e1:10:e8:4b:5c:f2:76:cd:75:cb:85:57:b6:28:31:2a:9e:
39:09:e9:7d:21:2f:df:74:f1:fb:bc:9e:3c:b0:d5:90:4f:ca:
8e:11:d1:be:1e:1b:52:00:fd:d7:c8:29:4d:7f:ea:48:f4:86:
a2:94:be:b7:f5:34:11:30:a0:83:64:51:2c:de:5b:1c:81:1d:
10:98:6d:4c:6c:de:96:94:71:1c:a4:f8:b9:5e:42:90:d8:ba:
e3:7d:c4:6f:fb:e4:1c:da:22:c4:f9:63:34:3b:85:42:02:89:
6f:5e:2a:6f:9d:7c:e5:70:b1:f4:a2:3c:b5:6d:ac:9b:cb:06:
8f:94:4e:c7:d1:72:7d:48:87:71:6d:c5:92:53:0a:a6:25:66:
bb:52:9e:da:4f:d7:b9:c7:4f:01:7b:fc:63:ad:89:4f:ee:66:
4d:fb:8c:b7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUdFKixgwjfxb0VS0usryu8c6uCSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMjUwMDhaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxNGU5MmJhMThlYmVlYjZhNzc3M2MxNzMyZTYwNDhkMzQ3MDY1MmE5MDVk
YjBlZDNjM2IzNGQ0YjFjZGVmMGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7AYSFwuryeBc0zlihdw6nsw/Xwi6MiGiT7MjOXTkyTlEPnJ5G91Je15Lqk
wGMo/byh78yo1MbkR572dKR5qJlskVIdFLznbeKjGdI6tFXJcAgk1B2y1N5VKLL6
jgT1tCR22oHOmcw0UkSKSv6dit/kCqEo4yCWVqRL39sfNnE3f7o9NUvG1+SICQ/k
DKgWHOqLyy8dl1qY4q0aj4nARGCx6PemKOu5VMMfZVUcJh3uqrIdwZRv5MoDFhj5
+BAzS9GFK9EowSGiyZckNVSGG1+eGUhdY2oaZj/t1aOmpY3VE2pn7C2alTUMYnZe
azqGqGDucMzEkGgBLxh1vXnIpcECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRahmlK
AmyNgOa3lfs+AEs7dQhqLjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTgzNGExMmEtYTVkOS00Y2FhLWFlMDktYjFlMzMyMzU5NmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6JwDAN
BgkqhkiG9w0BAQsFAAOCAQEArLrZovfAbU3Ai5gifLCOCqOScgLSF/Zr9V82JLAf
X+B4yU0Na1pclWk58A1ky+JpiLegcZFwuix3CtZmEAL/9cNunGZfreVWsNKsuwoV
vCX4hw3nMoiT2YyG/OEQ6Etc8nbNdcuFV7YoMSqeOQnpfSEv33Tx+7yePLDVkE/K
jhHRvh4bUgD918gpTX/qSPSGopS+t/U0ETCgg2RRLN5bHIEdEJhtTGzelpRxHKT4
uV5CkNi6433Eb/vkHNoixPljNDuFQgKJb14qb5185XCx9KI8tW2sm8sGj5ROx9Fy
fUiHcW3FklMKpiVmu1Ke2k/XucdPAXv8Y62JT+5mTfuMtw==
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:10:57 2025 by rpki-client