Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
File: ecd857ec-bcff-41df-b23a-19087481169e.roa (raw, json)
Hash identifier: a+CCRR5puFny1uM7trSu4EC7w2cvWC8WSuGV8HXjyNs=
Subject key identifier: 75:DA:69:D2:54:CC:D1:73:48:3D:D5:B3:D4:E0:C4:E1:18:72:3A:29
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2DD2DED4465C509A2D741248A5DBA9C5D6A2F63E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
Signing time: Tue 21 Oct 2025 13:40:50 +0000
ROA not before: Tue 21 Oct 2025 13:40:50 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:d2:de:d4:46:5c:50:9a:2d:74:12:48:a5:db:a9:c5:d6:a2:f6:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:50 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c91411adf65c8b07734eef2be3affb2e639992f2e7b51d9f9b219acb4d4b4573, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:78:fb:30:d6:38:07:cc:77:5b:c7:61:db:f4:
af:86:c0:55:c7:48:ac:0b:00:bd:6f:10:3b:6f:91:
20:a6:c2:d6:3d:6c:af:a2:39:9d:cd:53:5f:7b:98:
27:33:9c:af:e8:a1:ac:a0:2b:bb:1a:7e:08:b4:65:
88:52:cb:cd:1f:cc:11:2c:ba:7f:07:a9:ec:d7:f0:
f0:07:af:24:db:3a:e9:f9:84:e5:37:8d:f1:38:35:
32:9c:13:62:0e:45:be:6c:0e:0b:69:bf:82:4e:35:
35:1f:ed:64:7d:a2:d2:b0:9a:f4:b6:1d:57:27:ea:
d1:0f:bc:d4:1d:83:70:80:67:62:ff:d5:49:ca:8b:
dd:22:25:b9:1f:d8:f0:49:a9:6e:bf:5e:e1:50:0e:
35:bd:b9:c9:c0:71:1e:65:f4:ae:93:06:ce:27:1d:
0e:95:16:b8:d6:34:cb:0c:3a:e3:9c:47:0b:f8:bf:
0e:8a:85:18:8a:4e:0c:36:ce:8a:29:73:f1:40:de:
a3:94:3c:d9:9a:ea:a3:cf:34:45:12:8d:88:aa:a8:
a5:20:00:62:a7:ae:b4:52:e3:8b:4d:e6:f2:63:ae:
6c:7e:69:a8:78:ab:00:1f:8b:25:cd:6b:24:9d:82:
8d:b7:9d:7d:57:d8:be:01:c5:1a:57:53:9c:ea:ba:
37:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:DA:69:D2:54:CC:D1:73:48:3D:D5:B3:D4:E0:C4:E1:18:72:3A:29
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:5000::/40
Signature Algorithm: sha256WithRSAEncryption
41:bc:91:e4:b0:2a:cd:e2:ad:c1:83:f3:58:45:5b:ee:c9:29:
05:4d:34:6b:a1:15:4c:72:ac:8d:e1:89:b3:18:24:7c:a7:99:
7f:d5:5e:38:0f:b7:bf:9c:89:e2:09:16:cc:6c:28:ed:14:63:
cd:a2:c9:7c:2e:32:20:54:fb:5d:29:08:41:91:be:68:43:8b:
eb:d6:e8:97:53:94:9e:af:cb:bf:be:0a:1a:ca:11:71:9c:6a:
98:f6:66:cc:17:0d:70:c3:46:8e:e6:a4:51:57:8c:9a:7b:94:
89:f6:d2:52:3a:44:dd:9c:f4:c7:28:3b:90:df:ea:3d:79:9c:
c0:82:a5:1e:cf:fa:26:32:06:15:c7:06:e1:f5:c2:78:af:57:
0e:da:2a:8d:86:4d:cd:bb:c7:e3:61:41:73:b8:23:13:c0:19:
30:27:d1:d7:1f:6a:f0:f2:03:f1:1a:3d:13:24:24:cf:41:45:
1e:54:2c:44:e7:cc:56:6f:ad:b0:ad:a8:52:84:a8:c6:69:d4:
8f:64:a7:74:01:4a:7f:c6:79:d2:24:8a:11:3d:c4:8b:ab:c8:
ee:21:0a:13:e5:e4:d7:d3:85:74:16:f7:a3:c4:57:27:73:da:
5b:d3:5e:71:a8:95:9a:1c:e8:ae:5a:b5:ad:0f:59:95:1a:7a:
11:a4:81:d6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULdLe1EZcUJotdBJIpdupxdai9j4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwNTBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5MTQxMWFkZjY1YzhiMDc3MzRlZWYyYmUzYWZmYjJlNjM5OTkyZjJlN2I1
MWQ5ZjliMjE5YWNiNGQ0YjQ1NzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANd4+zDWOAfMd1vHYdv0r4bAVcdIrAsAvW8QO2+RIKbC1j1sr6I5nc1TX3uY
JzOcr+ihrKAruxp+CLRliFLLzR/MESy6fwep7Nfw8AevJNs66fmE5TeN8Tg1MpwT
Yg5FvmwOC2m/gk41NR/tZH2i0rCa9LYdVyfq0Q+81B2DcIBnYv/VScqL3SIluR/Y
8Empbr9e4VAONb25ycBxHmX0rpMGzicdDpUWuNY0yww645xHC/i/DoqFGIpODDbO
iilz8UDeo5Q82Zrqo880RRKNiKqopSAAYqeutFLji03m8mOubH5pqHirAB+LJc1r
JJ2CjbedfVfYvgHFGldTnOq6N40CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR12mnS
VMzRc0g91bPU4MThGHI6KTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWNkODU3ZWMtYmNmZi00MWRmLWIyM2EtMTkwODc0ODExNjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G1Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBBvJHksCrN4q3Bg/NYRVvuySkFTTRroRVMcqyN
4YmzGCR8p5l/1V44D7e/nIniCRbMbCjtFGPNosl8LjIgVPtdKQhBkb5oQ4vr1uiX
U5Ser8u/vgoayhFxnGqY9mbMFw1ww0aO5qRRV4yae5SJ9tJSOkTdnPTHKDuQ3+o9
eZzAgqUez/omMgYVxwbh9cJ4r1cO2iqNhk3Nu8fjYUFzuCMTwBkwJ9HXH2rw8gPx
Gj0TJCTPQUUeVCxE58xWb62wrahShKjGadSPZKd0AUp/xnnSJIoRPcSLq8juIQoT
5eTX04V0FvejxFcnc9pb015xqJWaHOiuWrWtD1mVGnoRpIHW
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:16 2025 by rpki-client