Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e91b62a9-2885-4504-84a4-ba2cc2f2ac80.roa
File: e91b62a9-2885-4504-84a4-ba2cc2f2ac80.roa (raw, json)
Hash identifier: P6qYlWyPFhGSwOTxCYhCXXyhXPsAydJMXEPgE5pSJsc=
Subject key identifier: 29:13:C0:B7:A1:E2:D8:F0:7F:B4:C3:7B:8E:02:0A:B0:49:20:24:05
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 14E710741099E5A4265637CF18D61D648B5E3599
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e91b62a9-2885-4504-84a4-ba2cc2f2ac80.roa
Signing time: Tue 04 Nov 2025 02:50:05 +0000
ROA not before: Tue 04 Nov 2025 02:50:05 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.160.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:e7:10:74:10:99:e5:a4:26:56:37:cf:18:d6:1d:64:8b:5e:35:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 02:50:05 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=c3be6953c9d6ce5132e3933e9857a101b84fd687cfe39131b2f895f7f0875cab, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:17:00:a0:32:33:31:ee:f9:ba:5d:b7:ad:f0:
f7:22:42:70:0c:e3:dd:6e:a0:10:8e:42:53:7c:fe:
3e:cc:ba:2a:3e:b8:3c:8f:ca:88:09:df:78:8b:cb:
c9:bf:45:ce:4e:d6:d0:bd:17:3a:36:48:0a:e8:cc:
9b:80:b5:eb:dd:fa:11:83:1f:67:b2:8d:90:98:30:
3e:65:81:e3:69:82:60:f0:33:ea:ac:f4:af:0b:a6:
ba:59:2e:98:d8:40:7e:1f:2b:78:53:ac:56:f6:9c:
0b:d4:63:c5:f1:95:b5:97:04:a1:13:aa:e8:0f:93:
ba:05:ae:38:94:56:10:5d:74:f8:22:da:f2:4f:5f:
9e:44:61:fa:4c:40:6d:c1:36:5c:f8:73:2e:87:9d:
22:3c:a2:bc:df:8b:ab:17:d8:6d:1a:e2:15:96:ff:
f7:7f:f2:3c:bf:0d:6f:d9:dc:ee:81:f5:3e:17:d0:
85:61:b0:df:fa:fe:73:fb:36:25:c3:97:30:4d:53:
94:5b:4f:94:3d:f7:af:e2:e1:4c:70:a8:5f:ac:b9:
ea:14:ff:22:b0:6b:94:7b:7a:7f:91:6f:b7:1f:4b:
b7:bc:7a:34:14:7a:c8:1d:f5:66:70:1a:dd:3b:df:
e3:34:86:cd:8b:ed:5e:f0:8a:d3:3f:f9:6a:2d:e8:
f4:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:13:C0:B7:A1:E2:D8:F0:7F:B4:C3:7B:8E:02:0A:B0:49:20:24:05
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e91b62a9-2885-4504-84a4-ba2cc2f2ac80.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.160.0/21
Signature Algorithm: sha256WithRSAEncryption
b0:3c:35:ed:43:6b:8e:01:21:0d:8c:bd:52:40:8e:0e:90:35:
45:29:3c:0d:06:f6:12:0d:7d:f8:94:1c:d7:25:b7:71:b6:e8:
f5:86:c2:a1:01:56:bb:cb:29:a6:70:71:3e:0b:c6:4e:e1:23:
b4:be:f4:1f:32:a9:54:f6:74:bc:a4:20:f8:24:74:4e:dc:83:
65:1a:21:be:63:9f:27:11:86:d4:9e:2d:62:8a:1f:b6:48:29:
f4:5a:1d:c8:d0:b7:e4:d5:41:ce:dd:75:4b:70:cd:f5:9d:08:
e5:5a:08:f2:f2:33:f6:ab:4c:a4:a6:54:c5:51:59:79:26:57:
45:8a:70:49:f8:fa:92:cd:51:2c:4a:56:ac:80:67:bd:48:4b:
eb:c4:09:35:e4:75:70:87:06:b2:87:5e:64:5d:95:1b:e7:5a:
8e:7b:b2:cf:cc:06:ce:9d:c8:9e:61:20:5b:df:39:04:8f:88:
f1:8d:0e:5a:4a:09:d6:08:3f:6a:c1:99:be:24:77:f9:95:ae:
7a:18:f0:9f:bb:8a:9f:1e:6c:24:1e:44:b2:0d:8f:d2:aa:51:
28:bc:f2:89:d1:61:6d:44:57:70:cf:f6:c6:75:12:c6:11:1d:
6c:8f:29:9c:01:26:3f:21:df:be:ac:8c:f7:85:71:01:95:35:
22:cf:2a:4f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUFOcQdBCZ5aQmVjfPGNYdZIteNZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMjUwMDVaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzYmU2OTUzYzlkNmNlNTEzMmUzOTMzZTk4NTdhMTAxYjg0ZmQ2ODdjZmUz
OTEzMWIyZjg5NWY3ZjA4NzVjYWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0XAKAyMzHu+bpdt63w9yJCcAzj3W6gEI5CU3z+Psy6Kj64PI/KiAnfeIvL
yb9Fzk7W0L0XOjZICujMm4C16936EYMfZ7KNkJgwPmWB42mCYPAz6qz0rwumulku
mNhAfh8reFOsVvacC9RjxfGVtZcEoROq6A+TugWuOJRWEF10+CLa8k9fnkRh+kxA
bcE2XPhzLoedIjyivN+LqxfYbRriFZb/93/yPL8Nb9nc7oH1PhfQhWGw3/r+c/s2
JcOXME1TlFtPlD33r+LhTHCoX6y56hT/IrBrlHt6f5Fvtx9Lt7x6NBR6yB31ZnAa
3Tvf4zSGzYvtXvCK0z/5ai3o9IMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQpE8C3
oeLY8H+0w3uOAgqwSSAkBTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTkxYjYyYTktMjg4NS00NTA0LTg0YTQtYmEyY2MyZjJhYzgwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6JoDAN
BgkqhkiG9w0BAQsFAAOCAQEAsDw17UNrjgEhDYy9UkCODpA1RSk8DQb2Eg19+JQc
1yW3cbbo9YbCoQFWu8sppnBxPgvGTuEjtL70HzKpVPZ0vKQg+CR0TtyDZRohvmOf
JxGG1J4tYooftkgp9FodyNC35NVBzt11S3DN9Z0I5VoI8vIz9qtMpKZUxVFZeSZX
RYpwSfj6ks1RLEpWrIBnvUhL68QJNeR1cIcGsodeZF2VG+dajnuyz8wGzp3InmEg
W985BI+I8Y0OWkoJ1gg/asGZviR3+ZWuehjwn7uKnx5sJB5Esg2P0qpRKLzyidFh
bURXcM/2xnUSxhEdbI8pnAEmPyHfvqyM94VxAZU1Is8qTw==
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:14:38 2025 by rpki-client