Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/14c89f5a-e81a-409d-bc58-42bed3a3217e.roa
File: 14c89f5a-e81a-409d-bc58-42bed3a3217e.roa (raw, json)
Hash identifier: nqFK7mxo9wVg5b34hrAdREFY46ZhHJtl7ZvFzqE2pAs=
Subject key identifier: 6B:A6:D4:31:03:EF:47:17:D0:5E:E7:44:94:99:37:92:C5:EA:34:6F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 73D5690D749AE54EA4B2B0ABB0DB71F710C560B4
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/14c89f5a-e81a-409d-bc58-42bed3a3217e.roa
Signing time: Fri 20 Feb 2026 01:40:06 +0000
ROA not before: Fri 20 Feb 2026 01:40:06 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:6800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:d5:69:0d:74:9a:e5:4e:a4:b2:b0:ab:b0:db:71:f7:10:c5:60:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:06 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=059da95827c8580bf2514b7872292c35b86c4b3b14fc9ecc6668441e049fb0e4, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:cb:db:6c:37:ec:cb:7f:95:78:34:96:82:26:
73:4f:69:00:68:88:06:97:59:f1:04:73:e3:df:f5:
59:3a:8d:88:7d:03:e9:cc:7a:f9:35:92:ce:65:da:
70:6a:27:41:db:7c:06:a4:4b:1e:3e:ba:70:dd:86:
02:58:85:5d:e5:27:e2:4a:57:a8:b5:cf:be:50:de:
64:eb:3a:52:c9:88:42:8b:36:55:86:e3:1d:58:9f:
92:65:45:f1:16:0c:80:36:ac:db:e0:93:ad:f9:82:
86:5b:fb:f1:4e:be:92:bf:35:30:c6:a1:b6:1d:e0:
8b:8d:2f:b2:a3:f1:28:17:64:5e:53:e1:99:b2:0e:
88:5e:54:24:c3:f5:be:ce:f6:74:fe:7b:99:c4:c1:
fb:41:70:8e:62:a0:a5:5c:7b:24:28:24:fc:52:2a:
34:90:eb:f0:16:1d:55:0f:2c:91:df:56:37:7b:39:
3b:96:b4:9b:90:e1:38:32:0a:83:92:c3:2e:e2:d3:
6b:5c:e8:32:51:80:d2:ca:d5:e5:42:e0:be:1e:26:
dd:14:fe:df:5d:69:05:10:58:68:82:07:33:69:4b:
49:1e:40:88:98:84:58:fd:22:7d:ca:2e:da:e7:56:
17:e5:85:aa:ac:50:83:e1:4a:8b:44:e0:5a:83:10:
06:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:A6:D4:31:03:EF:47:17:D0:5E:E7:44:94:99:37:92:C5:EA:34:6F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/14c89f5a-e81a-409d-bc58-42bed3a3217e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:6800::/40
Signature Algorithm: sha256WithRSAEncryption
52:c7:e3:60:93:5f:b5:04:2d:8a:84:ec:5c:22:36:85:37:d0:
62:82:67:66:70:30:5a:aa:82:df:5d:ba:9a:42:cd:60:83:0a:
f0:d5:54:28:ee:38:23:4d:17:0b:2d:f6:5c:f3:98:24:8e:a0:
fa:e5:04:f5:00:bb:df:9c:43:27:c0:e5:55:46:26:74:e6:85:
0e:2e:3a:ed:ec:c9:b6:f5:82:3c:55:7b:20:2e:45:ab:ef:11:
82:63:75:b8:32:26:b2:b8:91:bf:12:5a:ee:85:fc:b0:85:2d:
da:6f:5b:8d:e9:de:39:6c:a0:69:02:07:6c:db:7e:f9:74:76:
9d:ea:fb:a5:ea:33:88:a0:3d:bd:8f:d7:80:bb:52:50:e3:7c:
71:ec:99:9d:53:d1:99:86:4b:e8:e2:13:9b:8a:22:96:7d:79:
56:92:e6:e9:87:fc:47:42:fb:87:ed:03:0f:6b:f2:ab:e3:8b:
01:7e:d5:2b:9c:4a:8b:ac:15:9f:7c:44:b3:70:da:72:09:86:
20:3f:32:c2:8e:b2:b2:40:be:69:88:80:df:ec:39:fa:8f:45:
e7:60:cf:4a:59:b7:d0:e0:e4:f2:82:cb:f2:ce:8e:20:d0:36:
4b:35:01:72:bc:1a:2a:87:c8:4d:dd:ac:0c:c6:9f:66:ea:fc:
72:e1:5e:34
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUc9VpDXSa5U6ksrCrsNtx9xDFYLQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMDZaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1OWRhOTU4MjdjODU4MGJmMjUxNGI3ODcyMjkyYzM1Yjg2YzRiM2IxNGZj
OWVjYzY2Njg0NDFlMDQ5ZmIwZTQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMLL22w37Mt/lXg0loImc09pAGiIBpdZ8QRz49/1WTqNiH0D6cx6+TWSzmXa
cGonQdt8BqRLHj66cN2GAliFXeUn4kpXqLXPvlDeZOs6UsmIQos2VYbjHVifkmVF
8RYMgDas2+CTrfmChlv78U6+kr81MMahth3gi40vsqPxKBdkXlPhmbIOiF5UJMP1
vs72dP57mcTB+0FwjmKgpVx7JCgk/FIqNJDr8BYdVQ8skd9WN3s5O5a0m5DhODIK
g5LDLuLTa1zoMlGA0srV5ULgvh4m3RT+311pBRBYaIIHM2lLSR5AiJiEWP0ifcou
2udWF+WFqqxQg+FKi0TgWoMQBm8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRrptQx
A+9HF9Be50SUmTeSxeo0bzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MTRjODlmNWEtZTgxYS00MDlkLWJjNTgtNDJiZWQzYTMyMTdlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8No
MA0GCSqGSIb3DQEBCwUAA4IBAQBSx+Ngk1+1BC2KhOxcIjaFN9BigmdmcDBaqoLf
XbqaQs1ggwrw1VQo7jgjTRcLLfZc85gkjqD65QT1ALvfnEMnwOVVRiZ05oUOLjrt
7Mm29YI8VXsgLkWr7xGCY3W4MiayuJG/ElruhfywhS3ab1uN6d45bKBpAgds2375
dHad6vul6jOIoD29j9eAu1JQ43xx7JmdU9GZhkvo4hObiiKWfXlWkubph/xHQvuH
7QMPa/Kr44sBftUrnEqLrBWffESzcNpyCYYgPzLCjrKyQL5piIDf7Dn6j0XnYM9K
WbfQ4OTygsvyzo4g0DZLNQFyvBoqh8hN3awMxp9m6vxy4V40
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:29:48 2026 by rpki-client