Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
File: 968c7897-1d8d-4c3a-b38e-6602ae947f34.roa (raw, json)
Hash identifier: CrtpglhV+jJ+noA4QkH7utpUpvafc3hS0Z0qjS5Eu2E=
Subject key identifier: 4A:31:9A:34:07:B1:2D:E3:3A:C4:B0:C2:28:63:32:8D:8A:CF:35:CD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 35834FB7C24F17A9DECC3386D5C2D9E7144E7380
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
Signing time: Mon 30 Jun 2025 18:00:02 +0000
ROA not before: Mon 30 Jun 2025 18:00:02 +0000
ROA not after: Mon 04 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.208.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:83:4f:b7:c2:4f:17:a9:de:cc:33:86:d5:c2:d9:e7:14:4e:73:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jun 30 18:00:02 2025 GMT
Not After : Aug 4 23:59:59 2025 GMT
Subject: serialNumber=d5409aab6ad5c00e8205ebebc85b295b8c09d34ced8e50a51aa4558328530c7b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:77:ac:92:e5:f5:38:46:7d:74:fa:0d:b5:29:
a1:d3:d0:97:fb:dc:32:fb:b5:62:fe:46:31:eb:7f:
bc:33:31:5d:7d:2b:3c:b8:35:92:4c:db:59:e0:70:
c7:c7:80:27:e1:d5:85:36:46:24:47:b3:d9:8f:c9:
b6:4f:b4:bc:47:8a:7e:d4:a3:00:42:92:3f:ac:23:
9a:79:06:e2:39:07:d5:38:35:c3:39:f2:93:39:49:
d7:7c:f3:96:27:54:f8:31:80:c9:52:26:90:d7:22:
b0:2e:af:4d:47:a3:b2:e2:16:a9:11:01:19:c8:1d:
97:e3:62:e7:4a:10:fa:37:a9:33:67:b2:96:ce:b5:
7a:2e:11:70:c2:f2:8f:40:4b:48:f2:94:b6:6e:4c:
70:0a:4b:a1:be:58:8c:54:3e:30:6d:59:13:5b:2b:
2f:5c:84:0e:7a:60:ba:a9:4e:0d:76:58:f0:69:0e:
5a:b8:bc:88:ef:b0:94:26:79:71:b9:71:56:3d:c6:
64:81:90:f9:c1:77:ff:b6:14:fa:08:3c:b9:1c:79:
6c:1e:be:fe:dd:e4:f8:1b:40:a2:ca:35:d2:ab:64:
47:d8:db:e3:97:d6:59:b4:c1:41:ca:ef:39:c5:de:
a0:c7:47:f7:d4:06:ad:30:8f:44:d0:92:5e:70:cf:
14:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:31:9A:34:07:B1:2D:E3:3A:C4:B0:C2:28:63:32:8D:8A:CF:35:CD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.208.0/21
Signature Algorithm: sha256WithRSAEncryption
10:68:94:9f:7d:33:17:7f:b3:ba:8c:65:0a:33:98:f3:b9:d3:
ee:a3:f5:4d:07:e3:09:23:13:9b:dc:e5:12:51:79:21:9d:95:
3a:37:93:53:51:cc:b4:0c:f8:37:8c:70:03:3a:77:80:6a:8c:
b2:13:4f:e8:09:cd:cd:01:19:df:81:5f:8f:85:3f:aa:8b:ed:
6a:99:9d:5c:70:9c:66:7f:85:75:ac:23:fd:79:4a:7b:81:26:
29:eb:b2:17:02:d7:8a:04:de:70:a5:44:2c:7c:76:93:5a:dc:
c3:6e:a9:b6:87:90:01:13:79:e6:d7:e1:1b:6c:82:7e:65:9d:
09:a2:f5:92:f8:9f:b5:e5:95:44:dd:4d:92:2a:35:74:9c:9b:
e1:b2:43:fb:d6:5a:5f:af:fc:e7:64:09:08:bf:e9:38:4e:bf:
20:18:76:d5:70:fe:a2:a4:b4:23:4a:b9:b5:0e:ca:0a:06:61:
7e:16:a2:1a:ae:2a:6e:2b:0e:e9:cc:4b:6c:e8:14:0b:f4:d3:
75:65:42:bf:9c:d7:57:db:0c:46:6e:3f:cc:65:35:c6:48:f0:
ac:0e:6c:d4:0f:ad:ea:cb:11:6b:88:bf:8f:32:11:4e:60:82:
8b:19:f9:ee:30:d5:ab:94:80:1c:36:eb:ad:c5:77:bf:90:52:
1f:e9:c3:89
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNYNPt8JPF6nezDOG1cLZ5xROc4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MzAxODAwMDJaFw0yNTA4MDQyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1NDA5YWFiNmFkNWMwMGU4MjA1ZWJlYmM4NWIyOTViOGMwOWQzNGNlZDhl
NTBhNTFhYTQ1NTgzMjg1MzBjN2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIp3rJLl9ThGfXT6DbUpodPQl/vcMvu1Yv5GMet/vDMxXX0rPLg1kkzbWeBw
x8eAJ+HVhTZGJEez2Y/Jtk+0vEeKftSjAEKSP6wjmnkG4jkH1Tg1wznykzlJ13zz
lidU+DGAyVImkNcisC6vTUejsuIWqREBGcgdl+Ni50oQ+jepM2eyls61ei4RcMLy
j0BLSPKUtm5McApLob5YjFQ+MG1ZE1srL1yEDnpguqlODXZY8GkOWri8iO+wlCZ5
cblxVj3GZIGQ+cF3/7YU+gg8uRx5bB6+/t3k+BtAoso10qtkR9jb45fWWbTBQcrv
OcXeoMdH99QGrTCPRNCSXnDPFIUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRKMZo0
B7Et4zrEsMIoYzKNis81zTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTY4Yzc4OTctMWQ4ZC00YzNhLWIzOGUtNjYwMmFlOTQ3ZjM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6J0DAN
BgkqhkiG9w0BAQsFAAOCAQEAEGiUn30zF3+zuoxlCjOY87nT7qP1TQfjCSMTm9zl
ElF5IZ2VOjeTU1HMtAz4N4xwAzp3gGqMshNP6AnNzQEZ34Ffj4U/qovtapmdXHCc
Zn+Fdawj/XlKe4EmKeuyFwLXigTecKVELHx2k1rcw26ptoeQARN55tfhG2yCfmWd
CaL1kvifteWVRN1Nkio1dJyb4bJD+9ZaX6/852QJCL/pOE6/IBh21XD+oqS0I0q5
tQ7KCgZhfhaiGq4qbisO6cxLbOgUC/TTdWVCv5zXV9sMRm4/zGU1xkjwrA5s1A+t
6ssRa4i/jzIRTmCCixn57jDVq5SAHDbrrcV3v5BSH+nDiQ==
-----END CERTIFICATE-----
Generated at Tue Jul 22 21:51:45 2025 by rpki-client