Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
File: 543bc67d-08f9-4a99-bf5e-68100e034395.roa (raw, json)
Hash identifier: ARtvaj4lAO5tfcbo9tgXVdPHv+D4qPUkWJCf2LNR+R0=
Subject key identifier: C5:D6:0F:E4:1A:FA:67:4E:D3:7B:18:D0:20:5D:92:9C:23:6F:28:71
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1DB6F55608452E8D00FB7B0007B786B82DD6CB54
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
Signing time: Sat 28 Feb 2026 06:00:38 +0000
ROA not before: Sat 28 Feb 2026 06:00:38 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:4080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:b6:f5:56:08:45:2e:8d:00:fb:7b:00:07:b7:86:b8:2d:d6:cb:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:00:38 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=f209b7c5e3a27fe9de8e7c1e542028b148795ed9ae3c8f075fa364c2de89d071, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:ae:52:d8:1e:96:ff:af:39:a4:0d:35:2e:d0:
ad:a2:69:12:39:ac:e6:65:c8:27:f9:bb:f6:62:0f:
20:93:20:f0:80:49:5a:4f:f3:a7:b3:95:51:30:ba:
6c:59:fa:61:a5:cf:b0:6b:69:c7:ca:eb:a5:48:09:
a2:46:b3:43:0b:95:23:dd:2f:3c:70:7c:8d:59:77:
a8:1c:f1:30:db:79:89:8c:d5:7d:54:2b:c1:43:8b:
99:06:92:b4:97:6c:f8:ed:52:23:68:26:1c:e9:b0:
78:77:27:3e:60:91:35:bc:05:f6:b9:93:ee:bf:48:
bb:f4:66:65:bc:4f:ab:2a:89:20:a8:56:72:36:c5:
3c:76:92:f6:4c:0b:5d:8f:33:93:cb:0f:49:50:c3:
fe:80:f2:9b:04:1b:de:95:44:b7:fc:ed:7e:49:08:
3f:57:8e:96:1f:1a:2c:37:53:a7:8a:52:41:cc:88:
fc:96:a6:57:29:cc:7d:76:ca:05:c1:ed:32:29:fb:
5a:6d:f7:e7:06:69:0b:5f:5e:d5:af:7a:03:44:0f:
f7:4d:38:ea:88:00:9d:0d:d2:ee:25:9b:9b:92:26:
c9:3e:54:f5:66:dc:fc:a7:a7:e7:36:88:fd:b2:f3:
f4:42:4d:39:0b:6d:17:26:e5:c8:4a:58:d1:d3:03:
00:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:D6:0F:E4:1A:FA:67:4E:D3:7B:18:D0:20:5D:92:9C:23:6F:28:71
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:4080::/48
Signature Algorithm: sha256WithRSAEncryption
8b:f2:4f:75:87:df:d4:4a:ef:f0:4d:df:fb:10:0b:3a:5f:f5:
27:5a:3a:1e:f0:d7:e6:66:eb:4e:b1:b3:ce:1f:b8:bd:f6:3d:
55:df:92:03:82:50:29:f4:c6:ed:e9:57:f6:8b:d8:47:fa:00:
2c:49:34:9c:63:d6:8c:97:28:37:40:b0:8b:71:a3:03:f1:d8:
bc:48:6a:cf:d4:85:86:b1:1b:7d:ea:0e:81:ff:f4:0c:b2:0e:
af:1e:03:9a:45:ca:c3:00:17:99:93:fc:0f:8b:6c:6f:58:80:
eb:7a:06:60:98:ae:48:bd:ef:f0:8a:3d:a1:bb:89:5e:44:b5:
b4:a8:5b:1e:26:f4:30:11:28:9f:f8:4b:d0:46:8f:ed:ed:76:
cd:bf:6b:bf:12:85:f0:4f:e4:30:8e:53:cf:b4:e1:1c:b6:f5:
80:96:74:b1:42:e0:d3:de:65:68:9c:0d:aa:06:57:2f:23:e5:
82:5c:81:8b:f1:ae:21:80:41:5b:66:3d:be:30:02:bb:c9:2b:
f8:e5:f1:78:cb:1b:e3:64:96:86:30:49:ad:ef:25:32:35:98:
a7:4c:e6:2f:a7:55:cf:bd:71:2d:5b:f1:77:99:cb:33:f9:27:
9e:7a:14:e3:8a:80:18:83:79:16:41:ce:74:33:71:2e:a9:ff:
d1:2b:33:1a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHbb1VghFLo0A+3sAB7eGuC3Wy1QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjAwMzhaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyMDliN2M1ZTNhMjdmZTlkZThlN2MxZTU0MjAyOGIxNDg3OTVlZDlhZTNj
OGYwNzVmYTM2NGMyZGU4OWQwNzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANeuUtgelv+vOaQNNS7QraJpEjms5mXIJ/m79mIPIJMg8IBJWk/zp7OVUTC6
bFn6YaXPsGtpx8rrpUgJokazQwuVI90vPHB8jVl3qBzxMNt5iYzVfVQrwUOLmQaS
tJds+O1SI2gmHOmweHcnPmCRNbwF9rmT7r9Iu/RmZbxPqyqJIKhWcjbFPHaS9kwL
XY8zk8sPSVDD/oDymwQb3pVEt/ztfkkIP1eOlh8aLDdTp4pSQcyI/JamVynMfXbK
BcHtMin7Wm335wZpC19e1a96A0QP90046ogAnQ3S7iWbm5ImyT5U9Wbc/Ken5zaI
/bLz9EJNOQttFyblyEpY0dMDAOsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTF1g/k
GvpnTtN7GNAgXZKcI28ocTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQzYmM2N2QtMDhmOS00YTk5LWJmNWUtNjgxMDBlMDM0Mzk1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJA
gDANBgkqhkiG9w0BAQsFAAOCAQEAi/JPdYff1Erv8E3f+xALOl/1J1o6HvDX5mbr
TrGzzh+4vfY9Vd+SA4JQKfTG7elX9ovYR/oALEk0nGPWjJcoN0Cwi3GjA/HYvEhq
z9SFhrEbfeoOgf/0DLIOrx4DmkXKwwAXmZP8D4tsb1iA63oGYJiuSL3v8Io9obuJ
XkS1tKhbHib0MBEon/hL0EaP7e12zb9rvxKF8E/kMI5Tz7ThHLb1gJZ0sULg095l
aJwNqgZXLyPlglyBi/GuIYBBW2Y9vjACu8kr+OXxeMsb42SWhjBJre8lMjWYp0zm
L6dVz71xLVvxd5nLM/knnnoU44qAGIN5FkHOdDNxLqn/0SszGg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:19:19 2026 by rpki-client