Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
File: ecd857ec-bcff-41df-b23a-19087481169e.roa (raw, json)
Hash identifier: OL2LrXrCvxf/k7LXmcf3OmPA9eM7dlbPDapRFBeStW4=
Subject key identifier: B3:2E:14:BC:AD:FB:D7:2C:83:AA:76:54:B1:29:76:7A:C3:20:2C:D9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 05FA63488E9998C8699E7230F48E5D4480E22582
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
Signing time: Fri 26 Sep 2025 19:40:15 +0000
ROA not before: Fri 26 Sep 2025 19:40:15 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
05:fa:63:48:8e:99:98:c8:69:9e:72:30:f4:8e:5d:44:80:e2:25:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:15 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=ff09d8d9e69958891df216db8e4b1fd6a83d2ab47bb06ced8bafb5d96d47796a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:43:27:87:80:bb:ce:32:fb:1b:a0:e7:d1:4c:
e2:68:84:af:e8:3a:70:41:43:17:00:d7:48:85:3f:
21:e9:aa:ab:47:de:92:b5:7d:f2:da:52:7c:b5:f6:
77:36:b5:d8:95:c7:1c:c5:43:67:87:33:4a:09:e5:
b3:8d:a8:37:82:6f:b7:18:40:32:bd:16:e9:9e:96:
ee:43:6b:0f:58:d7:4d:af:db:15:eb:88:99:3f:0f:
89:93:71:3c:b0:ed:33:e7:0f:f9:71:7e:c9:09:c5:
8a:b8:e6:05:83:39:54:02:f9:c9:31:c9:bf:65:08:
dd:ce:d7:2d:d4:30:61:05:59:88:fe:77:8e:41:3b:
7a:9e:20:40:44:f8:7a:71:98:c9:16:bf:d2:85:33:
c7:24:35:99:2a:f3:bb:82:0f:85:51:a6:d8:2d:ee:
b3:89:0e:83:0e:6e:3c:9a:f4:09:ba:be:59:4f:e5:
5f:d3:a8:23:a8:3f:fb:27:3b:8c:40:c0:38:d6:93:
73:b3:02:51:16:87:26:3a:da:54:ad:68:ce:00:5a:
09:09:55:73:f0:1a:1d:63:fb:b1:0b:f8:7a:aa:da:
c8:0e:1e:b9:20:a9:e8:13:53:c1:1d:75:68:62:8d:
94:03:b3:7a:fd:76:ed:82:81:03:50:87:ca:47:38:
51:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:2E:14:BC:AD:FB:D7:2C:83:AA:76:54:B1:29:76:7A:C3:20:2C:D9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ecd857ec-bcff-41df-b23a-19087481169e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:5000::/40
Signature Algorithm: sha256WithRSAEncryption
0d:4c:35:f3:1c:82:59:2c:53:78:df:96:da:72:0e:b2:54:1a:
6c:0b:a5:6d:44:47:10:b9:aa:0f:72:d1:29:05:a4:10:56:f5:
52:70:77:48:97:93:3d:b0:d2:b5:ae:7f:8f:5d:ea:22:85:56:
e1:05:24:4a:82:f6:07:8f:f5:cd:c4:0d:d7:6f:67:6c:27:bd:
bd:37:68:34:f5:6c:d3:97:33:cb:28:1c:71:72:a1:25:f5:7f:
bb:19:b8:10:f7:7d:be:6c:90:55:bf:54:8c:92:d8:12:96:b8:
2c:3f:07:45:87:52:e5:a6:9c:d5:5b:16:21:10:02:76:58:a5:
43:d7:c3:59:d7:70:88:7e:74:2f:ec:b6:5f:42:64:d2:3e:f6:
38:9b:31:1b:b9:4b:c3:17:fd:c7:a9:87:ff:9c:34:20:0e:84:
0d:5b:14:c5:81:bb:52:8a:e1:1c:d7:c9:9c:4e:2f:ee:5b:47:
7d:41:94:5c:20:2b:ac:71:c1:05:fb:9c:0a:d1:73:af:6c:5c:
e9:cd:b6:9a:fe:03:15:22:e6:a1:4a:7e:bd:01:64:3b:72:ca:
5c:d9:ef:28:08:f4:a3:89:c8:a0:35:c9:6b:20:b1:99:ef:89:
80:4a:67:40:6c:a6:e1:dc:42:a5:66:7c:b0:06:e9:92:01:e9:
69:99:d7:68
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBfpjSI6ZmMhpnnIw9I5dRIDiJYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwMTVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGZmMDlkOGQ5ZTY5OTU4ODkxZGYyMTZkYjhlNGIxZmQ2YTgzZDJhYjQ3YmIw
NmNlZDhiYWZiNWQ5NmQ0Nzc5NmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKBDJ4eAu84y+xug59FM4miEr+g6cEFDFwDXSIU/Iemqq0fekrV98tpSfLX2
dza12JXHHMVDZ4czSgnls42oN4JvtxhAMr0W6Z6W7kNrD1jXTa/bFeuImT8PiZNx
PLDtM+cP+XF+yQnFirjmBYM5VAL5yTHJv2UI3c7XLdQwYQVZiP53jkE7ep4gQET4
enGYyRa/0oUzxyQ1mSrzu4IPhVGm2C3us4kOgw5uPJr0Cbq+WU/lX9OoI6g/+yc7
jEDAONaTc7MCURaHJjraVK1ozgBaCQlVc/AaHWP7sQv4eqrayA4euSCp6BNTwR11
aGKNlAOzev127YKBA1CHykc4UT8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSzLhS8
rfvXLIOqdlSxKXZ6wyAs2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWNkODU3ZWMtYmNmZi00MWRmLWIyM2EtMTkwODc0ODExNjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G1Q
MA0GCSqGSIb3DQEBCwUAA4IBAQANTDXzHIJZLFN435bacg6yVBpsC6VtREcQuaoP
ctEpBaQQVvVScHdIl5M9sNK1rn+PXeoihVbhBSRKgvYHj/XNxA3Xb2dsJ729N2g0
9WzTlzPLKBxxcqEl9X+7GbgQ932+bJBVv1SMktgSlrgsPwdFh1LlppzVWxYhEAJ2
WKVD18NZ13CIfnQv7LZfQmTSPvY4mzEbuUvDF/3HqYf/nDQgDoQNWxTFgbtSiuEc
18mcTi/uW0d9QZRcICusccEF+5wK0XOvbFzpzbaa/gMVIuahSn69AWQ7cspc2e8o
CPSjicigNclrILGZ74mASmdAbKbh3EKlZnywBumSAelpmddo
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:23 2025 by rpki-client