Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa
File: 03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa (raw, json)
Hash identifier: j9BZTDAT8d7SfWNUqg057+gty2/YNN/EQqhUIvw4a7Y=
Subject key identifier: B5:B7:50:C5:BB:8C:0C:F8:DE:31:58:1E:0C:33:AF:B8:D8:04:EC:AE
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 752903A8AFCF04AE85B1F1EBB552968F89B7CD00
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa
Signing time: Fri 20 Feb 2026 01:30:52 +0000
ROA not before: Fri 20 Feb 2026 01:30:52 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:9800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:29:03:a8:af:cf:04:ae:85:b1:f1:eb:b5:52:96:8f:89:b7:cd:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:52 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=3c61d496b833086721ea7f57c302256620e00ba0a1c2e9d162f22c8d4d1d10bc, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:40:b4:b2:c1:de:74:54:ab:b6:d2:ca:5e:11:
61:71:7a:99:a6:a2:6f:bb:e5:13:3a:a9:df:20:8a:
fc:ff:7b:c6:d6:3c:95:96:05:bc:83:8b:a4:34:e3:
93:66:91:e5:9e:33:c5:e3:2e:f6:b1:07:8c:2e:75:
94:69:55:6e:69:32:8e:ef:b8:1f:39:8e:79:79:19:
8b:8d:10:10:04:05:db:a2:4d:35:93:a1:95:41:6b:
a8:ad:b6:ab:aa:85:17:6e:47:d2:b2:ae:58:21:a5:
17:fb:05:52:0b:2e:9d:68:7d:4a:b4:38:4f:74:fb:
ea:e0:88:ee:29:cd:72:00:9d:e2:3c:61:8b:af:fc:
b0:c9:4d:13:2c:16:fc:af:87:7f:a8:12:8c:46:46:
dc:3b:2b:84:63:ce:17:24:5b:52:df:1e:dc:ab:ba:
ef:4b:f1:54:75:36:a7:21:11:6c:63:2f:f9:46:48:
20:2a:78:2e:1c:48:c3:41:f4:11:55:5b:a6:ec:3e:
9e:23:87:8e:5a:97:4e:31:92:69:57:9a:5b:5e:39:
68:5f:5d:bf:14:03:ee:2c:00:88:d7:2b:ee:80:20:
31:85:63:2a:cb:7b:ea:6d:cc:78:3f:7e:f3:89:d3:
cf:88:f4:2f:ac:ca:53:1e:d3:05:19:ce:2a:a0:ec:
33:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:B7:50:C5:BB:8C:0C:F8:DE:31:58:1E:0C:33:AF:B8:D8:04:EC:AE
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9800::/40
Signature Algorithm: sha256WithRSAEncryption
60:64:be:03:59:32:9a:82:99:d8:93:bf:cf:5c:22:13:11:b0:
bf:ce:6c:4f:06:b2:99:41:81:92:d4:3a:f7:0e:9a:35:57:f2:
fa:0b:6c:ae:b1:b8:d4:57:39:26:ea:3e:d9:e9:19:9b:44:8e:
f2:4a:11:80:65:8b:49:05:91:bf:94:45:c5:50:c9:b2:6e:e8:
f9:8d:fb:d4:3c:1f:3b:66:7a:0c:93:4b:13:e6:db:98:1e:79:
1a:a6:1a:44:64:79:2f:38:f8:73:ec:46:d8:cf:f7:80:e3:fc:
74:b2:44:d7:7d:38:89:81:32:cf:de:5d:11:cf:4b:bb:dc:58:
b2:7c:7b:7f:d9:02:88:5b:4e:1c:98:e7:fe:b2:60:e5:0f:3c:
be:d5:70:92:bf:20:f8:28:90:25:49:e3:6b:f2:ad:f9:a5:ae:
37:89:12:9f:10:f8:7a:a4:15:3b:48:ef:aa:f1:a5:76:be:cc:
51:14:86:09:dd:c0:48:59:71:d2:19:af:c8:f3:22:81:c9:d2:
d6:9e:5e:e8:75:2d:36:5f:78:68:c0:13:6c:5d:53:9c:27:81:
a1:20:aa:1a:09:3f:d8:8c:14:a9:59:88:b1:59:ff:9d:a5:3a:
f6:b6:84:46:50:c8:30:2b:b4:28:64:05:1a:ee:ad:f3:b4:69:
0e:01:70:08
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdSkDqK/PBK6FsfHrtVKWj4m3zQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNTJaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjNjFkNDk2YjgzMzA4NjcyMWVhN2Y1N2MzMDIyNTY2MjBlMDBiYTBhMWMy
ZTlkMTYyZjIyYzhkNGQxZDEwYmMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdAtLLB3nRUq7bSyl4RYXF6maaib7vlEzqp3yCK/P97xtY8lZYFvIOLpDTj
k2aR5Z4zxeMu9rEHjC51lGlVbmkyju+4HzmOeXkZi40QEAQF26JNNZOhlUFrqK22
q6qFF25H0rKuWCGlF/sFUgsunWh9SrQ4T3T76uCI7inNcgCd4jxhi6/8sMlNEywW
/K+Hf6gSjEZG3DsrhGPOFyRbUt8e3Ku670vxVHU2pyERbGMv+UZIICp4LhxIw0H0
EVVbpuw+niOHjlqXTjGSaVeaW145aF9dvxQD7iwAiNcr7oAgMYVjKst76m3MeD9+
84nTz4j0L6zKUx7TBRnOKqDsMycCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS1t1DF
u4wM+N4xWB4MM6+42ATsrjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MDNkNjY0ZWYtMDBjYi00MzlhLTljMzAtZThlZWRjYTNlN2ZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WY
MA0GCSqGSIb3DQEBCwUAA4IBAQBgZL4DWTKagpnYk7/PXCITEbC/zmxPBrKZQYGS
1Dr3Dpo1V/L6C2yusbjUVzkm6j7Z6RmbRI7yShGAZYtJBZG/lEXFUMmybuj5jfvU
PB87ZnoMk0sT5tuYHnkaphpEZHkvOPhz7EbYz/eA4/x0skTXfTiJgTLP3l0Rz0u7
3FiyfHt/2QKIW04cmOf+smDlDzy+1XCSvyD4KJAlSeNr8q35pa43iRKfEPh6pBU7
SO+q8aV2vsxRFIYJ3cBIWXHSGa/I8yKBydLWnl7odS02X3howBNsXVOcJ4GhIKoa
CT/YjBSpWYixWf+dpTr2toRGUMgwK7QoZAUa7q3ztGkOAXAI
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:29:52 2026 by rpki-client