Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/357c6622-9161-44d7-ab13-6ea6e0bed2e9.roa
File: 357c6622-9161-44d7-ab13-6ea6e0bed2e9.roa (raw, json)
Hash identifier: zQ70subaysYhs4+sroL4yPaOk85gT1KEM0DNX6tYFpg=
Subject key identifier: FC:3B:3F:1D:33:BC:3A:E2:28:05:D9:29:19:6B:0A:D5:B9:6A:3B:2F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 27169EF1A33D6606120C24956C71BB4378B1A83E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/357c6622-9161-44d7-ab13-6ea6e0bed2e9.roa
Signing time: Sat 28 Feb 2026 06:10:26 +0000
ROA not before: Sat 28 Feb 2026 06:10:26 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:16:9e:f1:a3:3d:66:06:12:0c:24:95:6c:71:bb:43:78:b1:a8:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:10:26 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=68527a77547e3ff6b6a0da5196109f2360f8585237c0949fd85b60e119f06360, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:84:ca:25:fc:84:31:31:d2:1f:2a:cc:02:ad:
47:5b:2a:b0:14:2f:53:33:72:cb:8a:87:b3:0f:a7:
7f:8c:bc:49:f6:5b:fc:14:a5:1e:99:74:7e:0e:15:
06:73:70:91:c1:2e:b9:a9:9f:47:56:f7:4a:8d:50:
b8:8a:5d:c1:60:da:43:ed:06:92:03:9d:f5:64:4f:
eb:02:f9:35:75:a3:11:06:22:cd:03:ee:b6:82:50:
4a:0b:cf:f7:3e:16:01:c7:97:c9:c5:ed:1c:df:b5:
76:d2:ac:cf:29:73:26:65:59:57:c7:05:c8:2f:7e:
c3:c9:29:86:a9:e4:b9:b1:ce:65:05:4d:e1:21:81:
7f:3a:58:91:c5:cc:43:e3:47:b6:3e:e3:0b:9e:69:
63:30:1e:28:25:a6:1c:ae:0c:18:8a:7a:9f:e5:73:
4e:e0:40:6e:31:39:ca:18:50:b8:43:2d:8b:f3:a5:
34:24:df:6e:e1:af:7a:da:04:97:85:c5:bd:94:5d:
dd:1a:a2:ab:4a:df:3a:46:3e:16:62:36:de:21:ac:
33:4a:b7:b3:ef:8e:cd:6a:87:b1:80:42:5e:ec:31:
5c:06:a8:55:54:96:12:3a:b5:1c:4b:28:6d:a2:0c:
84:53:df:ad:54:91:1d:e8:09:ab:6f:a0:08:98:b0:
3a:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:3B:3F:1D:33:BC:3A:E2:28:05:D9:29:19:6B:0A:D5:B9:6A:3B:2F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/357c6622-9161-44d7-ab13-6ea6e0bed2e9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:1000::/40
Signature Algorithm: sha256WithRSAEncryption
be:e5:53:89:ce:f9:fe:56:45:71:bc:2d:e6:c1:87:94:e1:f7:
07:82:45:e9:fc:a0:42:45:2e:a5:ca:c0:ad:f4:f7:9d:fd:3a:
a1:ba:bc:25:b1:be:ec:c8:f2:75:14:49:73:bd:0c:f6:dd:50:
15:74:d0:1c:bb:fd:8a:c6:d7:af:53:c0:cf:fe:b5:66:bd:da:
44:0e:c9:8d:40:04:f0:30:6a:30:94:b0:6a:57:d7:4e:3f:6b:
87:c6:99:a2:65:b9:8b:b1:d1:ba:d0:b5:06:dd:03:a5:33:94:
62:90:78:1a:9a:ef:a5:b5:19:6c:36:b4:ad:5b:40:06:c3:5b:
b5:01:32:37:59:dc:ce:2b:89:de:4e:17:fe:52:b8:ec:f1:66:
29:ef:27:97:0e:e3:a4:15:d3:28:02:72:0a:2c:9a:2b:3a:ea:
fd:69:f3:3d:9e:d6:68:96:84:23:1a:2f:7a:0c:75:ed:4a:d2:
c9:68:51:02:dc:8e:84:84:79:27:51:19:9f:5b:31:f6:51:21:
a9:b3:b0:98:ae:b2:a5:0f:81:33:d0:0f:36:b5:3c:77:c3:9e:
48:72:b8:fd:a4:98:c4:51:ed:85:d9:92:95:6c:eb:b2:85:eb:
71:91:6f:36:87:fb:4d:6d:37:5f:1e:71:52:68:30:88:20:cc:
50:eb:41:e7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJxae8aM9ZgYSDCSVbHG7Q3ixqD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjEwMjZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4NTI3YTc3NTQ3ZTNmZjZiNmEwZGE1MTk2MTA5ZjIzNjBmODU4NTIzN2Mw
OTQ5ZmQ4NWI2MGUxMTlmMDYzNjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKSEyiX8hDEx0h8qzAKtR1sqsBQvUzNyy4qHsw+nf4y8SfZb/BSlHpl0fg4V
BnNwkcEuuamfR1b3So1QuIpdwWDaQ+0GkgOd9WRP6wL5NXWjEQYizQPutoJQSgvP
9z4WAceXycXtHN+1dtKszylzJmVZV8cFyC9+w8kphqnkubHOZQVN4SGBfzpYkcXM
Q+NHtj7jC55pYzAeKCWmHK4MGIp6n+VzTuBAbjE5yhhQuEMti/OlNCTfbuGvetoE
l4XFvZRd3Rqiq0rfOkY+FmI23iGsM0q3s++OzWqHsYBCXuwxXAaoVVSWEjq1HEso
baIMhFPfrVSRHegJq2+gCJiwOm0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT8Oz8d
M7w64igF2SkZawrVuWo7LzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzU3YzY2MjItOTE2MS00NGQ3LWFiMTMtNmVhNmUwYmVkMmU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC+5VOJzvn+VkVxvC3mwYeU4fcHgkXp/KBCRS6l
ysCt9Ped/Tqhurwlsb7syPJ1FElzvQz23VAVdNAcu/2KxtevU8DP/rVmvdpEDsmN
QATwMGowlLBqV9dOP2uHxpmiZbmLsdG60LUG3QOlM5RikHgamu+ltRlsNrStW0AG
w1u1ATI3WdzOK4neThf+Urjs8WYp7yeXDuOkFdMoAnIKLJorOur9afM9ntZoloQj
Gi96DHXtStLJaFEC3I6EhHknURmfWzH2USGps7CYrrKlD4Ez0A82tTx3w55Icrj9
pJjEUe2F2ZKVbOuyhetxkW82h/tNbTdfHnFSaDCIIMxQ60Hn
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:28:53 2026 by rpki-client