Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0ba7c95b-32b6-4997-be62-2b1530a313c6.roa
File: 0ba7c95b-32b6-4997-be62-2b1530a313c6.roa (raw, json)
Hash identifier: rWYrL1Xj5gqWKPrkyE1JGlbFamF97kOJMkNN2oPElBY=
Subject key identifier: 48:98:14:8D:9A:8E:5E:46:CD:BC:AF:87:38:09:70:1C:42:A1:C4:F5
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0BBAF0523222946E04B24A752DE63AD9E2B4FBC9
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0ba7c95b-32b6-4997-be62-2b1530a313c6.roa
Signing time: Fri 20 Feb 2026 01:40:45 +0000
ROA not before: Fri 20 Feb 2026 01:40:45 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:ba:f0:52:32:22:94:6e:04:b2:4a:75:2d:e6:3a:d9:e2:b4:fb:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:45 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=4d5ecb5d2242ce11c0a5394de954ec9cb49c8c446c83238b86fa5af6f67ac9be, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:ce:d1:8a:07:20:2d:ef:b6:b3:28:41:78:65:
df:fc:e3:d7:d0:48:04:5c:e2:19:d8:02:e4:b2:04:
81:f6:ef:75:b2:97:48:a4:f0:64:99:08:8c:ec:8d:
5e:02:b7:67:9e:3b:71:d7:33:ab:64:48:21:ee:e4:
eb:53:2b:16:26:99:5e:6f:7e:6c:a4:e6:2a:8d:1b:
53:da:67:b6:6c:ec:7f:39:8b:aa:f6:85:eb:3d:7e:
d3:e8:9b:86:f1:88:e7:09:5f:60:a8:5c:b6:cc:7a:
75:9f:8f:b3:c1:15:3f:43:e3:9b:1d:a9:2e:d6:d5:
0a:19:31:85:e9:68:de:8d:41:1e:23:a2:a1:51:91:
39:85:1b:55:38:25:55:c4:36:5e:dc:84:90:5b:19:
12:42:46:90:56:bd:03:ab:89:c6:92:7a:a9:22:e5:
ae:cb:fc:4a:c2:86:71:cb:5a:cd:d4:ad:d6:c8:41:
3e:51:70:9d:3b:f3:b5:24:2a:fb:ef:55:11:42:2b:
56:bc:88:02:6b:26:e6:85:02:7f:32:93:e3:dd:56:
93:da:b0:c0:a8:02:3c:ca:a3:17:31:fd:53:18:a0:
02:a8:41:c8:16:fb:5f:13:64:01:3c:c0:60:12:86:
31:39:0b:39:f2:a0:8c:08:1b:2a:16:3d:80:30:17:
c4:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:98:14:8D:9A:8E:5E:46:CD:BC:AF:87:38:09:70:1C:42:A1:C4:F5
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0ba7c95b-32b6-4997-be62-2b1530a313c6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:800::/40
Signature Algorithm: sha256WithRSAEncryption
80:7d:e2:c7:a0:ba:83:e8:34:ad:45:04:ce:1d:c8:ac:e2:41:
e9:80:24:27:a8:8c:74:06:f3:44:07:64:f3:71:76:67:57:eb:
79:f1:2f:71:55:c5:03:6a:31:2c:4d:84:8f:4b:8a:fa:55:e7:
90:39:96:51:d0:fe:b5:3e:80:5a:ef:57:64:8b:a0:c3:ba:6b:
1e:d2:cf:b2:01:13:99:bb:68:58:9b:dc:65:35:33:f9:82:23:
9c:6f:76:0f:99:c6:e0:9b:81:c8:9a:07:5c:03:88:82:19:7b:
fc:30:ba:7e:4f:e3:f4:ff:ca:94:74:65:3c:d2:c5:53:0f:71:
25:6b:39:ae:60:d7:a2:ef:e3:07:9b:e2:14:36:8e:13:c3:b3:
91:ed:98:8c:a0:2e:a9:2d:d8:c7:11:04:af:3f:b9:75:e7:06:
78:3f:d6:3b:8d:f1:1c:30:0e:73:54:4e:01:72:5d:e7:f8:82:
ab:d4:c7:be:54:1b:24:00:3a:e9:a7:4d:8d:13:7d:7d:fb:17:
c9:cc:62:85:91:ce:d7:68:1d:70:10:78:c5:18:f0:d8:23:6c:
b0:49:27:26:98:93:6f:7f:9e:8b:e5:53:18:6a:a0:9f:8a:08:
a3:ac:de:3e:d5:5c:05:34:f1:fc:a4:d3:5c:30:e7:c9:29:ff:
f5:75:53:99
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUC7rwUjIilG4Eskp1LeY62eK0+8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwNDVaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkNWVjYjVkMjI0MmNlMTFjMGE1Mzk0ZGU5NTRlYzljYjQ5YzhjNDQ2Yzgz
MjM4Yjg2ZmE1YWY2ZjY3YWM5YmUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKPO0YoHIC3vtrMoQXhl3/zj19BIBFziGdgC5LIEgfbvdbKXSKTwZJkIjOyN
XgK3Z547cdczq2RIIe7k61MrFiaZXm9+bKTmKo0bU9pntmzsfzmLqvaF6z1+0+ib
hvGI5wlfYKhctsx6dZ+Ps8EVP0Pjmx2pLtbVChkxhelo3o1BHiOioVGROYUbVTgl
VcQ2XtyEkFsZEkJGkFa9A6uJxpJ6qSLlrsv8SsKGcctazdSt1shBPlFwnTvztSQq
++9VEUIrVryIAmsm5oUCfzKT491Wk9qwwKgCPMqjFzH9UxigAqhByBb7XxNkATzA
YBKGMTkLOfKgjAgbKhY9gDAXxDcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRImBSN
mo5eRs28r4c4CXAcQqHE9TAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MGJhN2M5NWItMzJiNi00OTk3LWJlNjItMmIxNTMwYTMxM2M2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8AI
MA0GCSqGSIb3DQEBCwUAA4IBAQCAfeLHoLqD6DStRQTOHcis4kHpgCQnqIx0BvNE
B2TzcXZnV+t58S9xVcUDajEsTYSPS4r6VeeQOZZR0P61PoBa71dki6DDumse0s+y
AROZu2hYm9xlNTP5giOcb3YPmcbgm4HImgdcA4iCGXv8MLp+T+P0/8qUdGU80sVT
D3ElazmuYNei7+MHm+IUNo4Tw7OR7ZiMoC6pLdjHEQSvP7l15wZ4P9Y7jfEcMA5z
VE4Bcl3n+IKr1Me+VBskADrpp02NE319+xfJzGKFkc7XaB1wEHjFGPDYI2ywSScm
mJNvf56L5VMYaqCfigijrN4+1VwFNPH8pNNcMOfJKf/1dVOZ
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:30 2026 by rpki-client