Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
File: 2a407bd1-1674-49d7-8265-4aa9aa99f947.roa (raw, json)
Hash identifier: FK8JGzVAIhJg6mf9ydpDGKRiICvThKLOUobS640xd6o=
Subject key identifier: 98:9A:3C:7A:8F:F8:0E:7B:27:59:6A:6D:2B:CD:7E:65:0A:CF:02:8D
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 13441D5793E28CBD6E3F8E272B04C254A7D4B8C2
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
Signing time: Fri 20 Feb 2026 01:30:48 +0000
ROA not before: Fri 20 Feb 2026 01:30:48 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:9000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:44:1d:57:93:e2:8c:bd:6e:3f:8e:27:2b:04:c2:54:a7:d4:b8:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:48 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=b9fab1dc5a9ac78e1af3428f5a61d50d6f6f06ab32b4365594a50307b867060c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:7d:a4:b4:f0:a5:2c:8e:b6:15:4e:51:46:83:
1e:ec:f1:5b:5b:57:9b:17:5d:aa:43:94:97:2d:33:
c0:ac:99:17:67:24:db:b2:c3:64:cc:47:a0:d2:5f:
02:19:96:16:6e:54:ee:f1:92:e1:b1:90:e2:be:57:
50:7b:57:0a:95:27:9f:4d:94:3b:e4:e3:b6:f9:f3:
de:61:c0:66:7f:ef:ed:14:f5:69:e1:a0:04:6d:9a:
ee:2b:8b:3b:31:96:c9:48:f5:60:83:94:c2:6c:f1:
29:1f:e5:d0:a4:60:23:30:f7:ee:20:d8:7e:09:ce:
02:e6:de:ff:40:9f:36:9d:21:29:2e:f7:67:8d:ba:
23:7e:d6:3d:77:3b:bb:9b:77:56:38:67:74:6b:f6:
9c:78:b6:a3:90:ee:d2:68:54:68:5c:e8:bb:e5:f1:
16:ff:00:a2:6a:ea:db:c6:44:c9:89:e0:3a:e4:58:
ce:b8:05:e9:6e:cd:6f:55:b3:25:fd:12:9c:30:87:
7e:e6:ab:e4:92:1e:78:de:8a:4d:35:ed:a9:6d:66:
cb:be:49:da:81:87:23:21:d0:a1:65:f8:b7:3c:6a:
57:68:b3:f1:c7:8f:8c:4b:04:35:4c:13:44:b1:a7:
9d:fe:9c:5d:3e:ad:c8:e5:b5:1d:1d:d0:87:62:ac:
40:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:9A:3C:7A:8F:F8:0E:7B:27:59:6A:6D:2B:CD:7E:65:0A:CF:02:8D
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9000::/36
Signature Algorithm: sha256WithRSAEncryption
c4:fa:e2:a9:a2:69:ce:5f:5f:5a:d8:e4:f7:32:ea:bf:73:7d:
62:88:ac:b0:61:c6:70:39:91:7f:3c:bb:01:45:67:95:65:31:
1f:e2:6c:ab:60:2e:e5:77:75:f1:61:13:06:76:88:cb:a7:2a:
62:f0:68:d5:0d:b9:41:c4:bf:04:1d:b9:0c:55:f9:05:d3:88:
10:f5:3e:36:1e:35:b7:50:78:e7:f5:d8:5e:1c:fa:c4:71:57:
6c:83:c4:74:ed:4f:1a:a3:ea:8b:c1:7e:a3:f4:d0:89:ee:ef:
0a:b5:ed:e6:62:d2:50:0f:f2:fd:35:94:83:a6:92:2a:6b:2c:
4a:af:0c:eb:f4:29:96:50:67:ae:84:04:3b:75:52:49:fd:7a:
a4:9e:1b:cd:d6:dc:96:68:a7:36:3e:2c:ce:67:43:60:f8:71:
21:e1:4b:0a:36:25:4f:a7:8d:da:a0:6d:50:26:bb:94:d5:f6:
f9:69:f6:7c:2b:90:f7:e5:30:45:30:a1:8f:8a:65:39:9c:95:
bd:9e:70:0c:0b:ff:36:ce:31:f0:1c:7a:25:d9:28:6c:79:a0:
82:da:94:24:51:64:4b:1e:47:37:ad:e8:0d:ca:1a:93:8e:cb:
64:14:16:b8:49:2b:ab:42:36:b0:90:eb:7d:06:bd:ca:db:4d:
73:f2:a1:5b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUE0QdV5PijL1uP44nKwTCVKfUuMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNDhaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5ZmFiMWRjNWE5YWM3OGUxYWYzNDI4ZjVhNjFkNTBkNmY2ZjA2YWIzMmI0
MzY1NTk0YTUwMzA3Yjg2NzA2MGMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL19pLTwpSyOthVOUUaDHuzxW1tXmxddqkOUly0zwKyZF2ck27LDZMxHoNJf
AhmWFm5U7vGS4bGQ4r5XUHtXCpUnn02UO+Tjtvnz3mHAZn/v7RT1aeGgBG2a7iuL
OzGWyUj1YIOUwmzxKR/l0KRgIzD37iDYfgnOAube/0CfNp0hKS73Z426I37WPXc7
u5t3VjhndGv2nHi2o5Du0mhUaFzou+XxFv8Aomrq28ZEyYngOuRYzrgF6W7Nb1Wz
Jf0SnDCHfuar5JIeeN6KTTXtqW1my75J2oGHIyHQoWX4tzxqV2iz8cePjEsENUwT
RLGnnf6cXT6tyOW1HR3Qh2KsQL0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSYmjx6
j/gOeydZam0rzX5lCs8CjTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MmE0MDdiZDEtMTY3NC00OWQ3LTgyNjUtNGFhOWFhOTlmOTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDE+uKpomnOX19a2OT3Muq/c31iiKywYcZwOZF/
PLsBRWeVZTEf4myrYC7ld3XxYRMGdojLpypi8GjVDblBxL8EHbkMVfkF04gQ9T42
HjW3UHjn9dheHPrEcVdsg8R07U8ao+qLwX6j9NCJ7u8Kte3mYtJQD/L9NZSDppIq
ayxKrwzr9CmWUGeuhAQ7dVJJ/XqknhvN1tyWaKc2PizOZ0Ng+HEh4UsKNiVPp43a
oG1QJruU1fb5afZ8K5D35TBFMKGPimU5nJW9nnAMC/82zjHwHHol2ShseaCC2pQk
UWRLHkc3regNyhqTjstkFBa4SSurQjawkOt9Br3K201z8qFb
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:37 2026 by rpki-client