Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
File: ecd857ec-bcff-41df-b23a-19087481169e.roa (raw, json)
Hash identifier: Qvy8Z4xA9I4WxHIH2SbeeSkFQWUvaUO5nGyThyFwEYk=
Subject key identifier: 0A:02:63:68:F7:C6:D7:FA:33:F5:66:34:63:98:B7:EA:8E:FD:B8:D4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 51E745056CB3143473D47489B6E9D5116B940A6E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
Signing time: Tue 05 Aug 2025 19:40:39 +0000
ROA not before: Tue 05 Aug 2025 19:40:39 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:e7:45:05:6c:b3:14:34:73:d4:74:89:b6:e9:d5:11:6b:94:0a:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:40:39 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=053a9f873ae530cf97ecc667fc961cfc4b0151bdd90596f09e96b53b5071889f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:b6:8a:a9:42:8c:0a:a3:4c:43:54:8d:15:68:
46:79:8e:b4:82:02:1c:85:fd:75:e6:47:32:ac:3c:
fb:81:2d:2a:ff:60:47:03:5e:96:16:96:cc:df:8c:
f1:ae:a5:40:1f:f9:4b:1b:b6:00:ba:4e:29:68:39:
a7:4b:69:ea:dc:51:8d:0d:3d:85:76:f2:3f:62:c7:
ec:d3:8f:ad:38:c0:64:08:0b:13:72:19:0c:4d:53:
c7:62:1b:26:3a:e5:98:fb:d9:14:6e:75:23:e5:40:
50:d4:be:3e:9a:2b:ff:ee:bb:cf:b3:34:e6:84:f3:
6b:c7:11:ef:61:c3:a5:73:5e:c3:ee:72:9a:02:58:
41:ca:6f:bc:32:59:b4:0e:ad:24:b8:11:4a:4a:51:
4d:e1:3b:26:73:38:04:64:65:10:70:c8:01:73:9f:
4e:a6:9e:e5:c2:3e:20:e3:fe:58:b1:83:c4:43:19:
d6:0e:e2:89:75:b3:cd:ea:0e:0b:a2:aa:d2:df:53:
45:d6:9f:b8:ee:3a:62:b1:fe:d6:10:ca:5e:96:65:
25:cd:a6:41:12:2a:44:e7:79:9b:e4:52:23:06:02:
b0:d0:dd:e0:e9:ac:67:d3:88:7f:01:81:f7:ab:c3:
d5:6c:d4:73:ff:21:e5:46:a0:4a:ba:78:f7:ff:97:
e3:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:02:63:68:F7:C6:D7:FA:33:F5:66:34:63:98:B7:EA:8E:FD:B8:D4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:5000::/40
Signature Algorithm: sha256WithRSAEncryption
85:56:f4:d2:e4:68:01:d9:61:8c:1a:15:39:aa:5d:f2:22:f5:
9a:db:d3:00:60:0b:c8:3b:99:2d:18:da:28:79:c2:fc:d6:56:
28:40:97:13:76:08:cf:7b:9f:78:3a:3a:0e:a2:f9:62:a0:59:
05:7b:ef:70:73:e3:a1:f6:31:10:18:69:b2:3e:b1:5c:54:74:
5c:3f:e2:e6:86:68:35:b5:b5:44:20:7a:83:c9:23:cc:27:61:
e7:db:2b:bd:29:1e:fe:e4:b6:70:60:43:2c:1e:43:e5:f5:1a:
1b:3c:44:eb:a4:0c:e8:ac:27:e9:95:d4:42:c3:2c:2f:b6:4d:
51:f5:42:c5:f4:94:a8:47:50:f6:80:2c:b1:b6:7e:a2:98:9c:
34:46:dc:16:7f:ad:dc:1e:58:a7:3e:5b:8d:15:32:59:05:02:
dd:f0:ee:5c:7e:b6:4c:5f:5f:d4:61:d2:06:b1:c6:69:43:b1:
5e:e6:a1:04:b6:41:5a:82:04:8c:6e:cc:5c:00:07:49:31:f5:
73:59:1c:d0:a1:bf:5e:11:4c:2a:b9:bc:aa:02:c3:1c:86:6e:
52:b7:36:ec:5b:6b:53:a2:a5:30:88:67:ae:6b:ad:5b:ee:71:
b6:d3:a4:39:d7:1e:ef:dd:d9:39:e8:af:7d:18:a6:fd:d8:1e:
de:69:82:60
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUedFBWyzFDRz1HSJtunVEWuUCm4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQwMzlaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1M2E5Zjg3M2FlNTMwY2Y5N2VjYzY2N2ZjOTYxY2ZjNGIwMTUxYmRkOTA1
OTZmMDllOTZiNTNiNTA3MTg4OWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALC2iqlCjAqjTENUjRVoRnmOtIICHIX9deZHMqw8+4EtKv9gRwNelhaWzN+M
8a6lQB/5Sxu2ALpOKWg5p0tp6txRjQ09hXbyP2LH7NOPrTjAZAgLE3IZDE1Tx2Ib
JjrlmPvZFG51I+VAUNS+Ppor/+67z7M05oTza8cR72HDpXNew+5ymgJYQcpvvDJZ
tA6tJLgRSkpRTeE7JnM4BGRlEHDIAXOfTqae5cI+IOP+WLGDxEMZ1g7iiXWzzeoO
C6Kq0t9TRdafuO46YrH+1hDKXpZlJc2mQRIqROd5m+RSIwYCsNDd4OmsZ9OIfwGB
96vD1WzUc/8h5UagSrp49/+X460CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQKAmNo
98bX+jP1ZjRjmLfqjv241DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWNkODU3ZWMtYmNmZi00MWRmLWIyM2EtMTkwODc0ODExNjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G1Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCFVvTS5GgB2WGMGhU5ql3yIvWa29MAYAvIO5kt
GNooecL81lYoQJcTdgjPe594OjoOovlioFkFe+9wc+Oh9jEQGGmyPrFcVHRcP+Lm
hmg1tbVEIHqDySPMJ2Hn2yu9KR7+5LZwYEMsHkPl9RobPETrpAzorCfpldRCwywv
tk1R9ULF9JSoR1D2gCyxtn6imJw0RtwWf63cHlinPluNFTJZBQLd8O5cfrZMX1/U
YdIGscZpQ7Fe5qEEtkFaggSMbsxcAAdJMfVzWRzQob9eEUwqubyqAsMchm5Stzbs
W2tToqUwiGeua61b7nG206Q51x7v3dk56K99GKb92B7eaYJg
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:03:53 2025 by rpki-client