Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
File: 346959dd-64e1-47f4-a247-4a19fe4282cf.roa (raw, json)
Hash identifier: woOuyIpRgGTPd+Zhm0pNVAIs/wGNzEqOZXyfVhQsJHE=
Subject key identifier: AA:81:D7:B1:EA:5B:BA:CE:42:1F:B4:06:DF:33:0A:78:1D:C9:A1:EA
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3C37CA504FC2C8FC7DFE511B689642F2E2D922D2
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
Signing time: Fri 20 Feb 2026 01:40:25 +0000
ROA not before: Fri 20 Feb 2026 01:40:25 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:37:ca:50:4f:c2:c8:fc:7d:fe:51:1b:68:96:42:f2:e2:d9:22:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:25 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=2c225ee8e472596c542896d50437780aba7591ca3525dca60c9acba605cd6f6c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:cf:ab:44:88:c7:80:5f:19:b3:5c:59:7e:1b:
23:1a:cb:44:d4:a3:5e:97:43:60:d1:a3:3c:ee:7d:
91:c6:2b:07:7b:43:fc:f2:31:6a:51:24:6d:82:ef:
86:b9:b4:88:36:61:f9:2a:6e:ce:c0:cb:51:0a:67:
e1:46:67:1e:d0:c6:cf:9c:6a:e9:90:31:ad:08:59:
77:27:68:89:04:35:75:c0:64:66:b1:a4:f4:8a:1a:
30:dd:ec:dc:fb:8f:04:f2:85:5b:cb:da:ab:c3:27:
f9:ad:c6:92:7a:46:01:54:a7:79:88:ce:91:fc:f7:
67:44:09:d4:61:4f:90:af:d6:48:e9:56:23:e2:41:
38:72:41:de:31:06:8c:73:3e:e9:50:f8:33:59:a8:
bb:99:9a:a9:be:01:d3:e8:9c:12:0f:06:de:74:e4:
71:74:15:12:de:3f:8e:6b:5f:e0:78:dc:78:7f:97:
ab:48:dd:45:63:53:2e:af:ca:66:bd:6d:0a:ab:50:
f6:51:37:71:af:94:7b:93:84:0f:2d:6d:cb:97:e5:
0a:79:0f:37:92:85:b6:3f:14:cc:14:10:52:96:32:
e6:f4:06:d1:cc:d5:b3:ee:17:ae:9a:5c:f0:20:5d:
b4:4c:cf:fd:bd:19:07:84:4f:6b:d6:cf:2f:a2:dd:
f3:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:81:D7:B1:EA:5B:BA:CE:42:1F:B4:06:DF:33:0A:78:1D:C9:A1:EA
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1::/32
Signature Algorithm: sha256WithRSAEncryption
45:78:be:b0:10:52:2b:1e:1b:12:10:7b:7f:3d:96:b0:55:87:
bd:ca:21:c7:33:0f:47:b7:5b:1d:c1:32:3e:30:58:6c:28:a5:
f0:84:b4:d1:85:6c:e6:9b:28:10:78:8b:b1:2b:ec:11:36:f8:
ae:cc:99:7c:e2:23:2c:33:fc:24:c2:a9:8b:3f:67:47:ee:4a:
a5:f0:f3:84:95:82:1e:c3:c1:b0:d8:38:c0:40:d7:d5:cd:e4:
a4:ba:4a:24:4a:a1:4b:0c:97:47:5a:19:d5:47:f5:e8:e7:aa:
13:e9:8d:10:0c:4b:91:a9:4a:8a:d6:dc:c8:37:31:7e:44:fc:
8b:87:67:9e:2e:fe:93:8e:78:41:1f:70:44:80:8f:26:8f:74:
d3:7f:08:fe:ca:c7:4a:c2:17:a6:dd:6e:cb:89:82:8f:65:12:
63:e2:48:e2:14:c7:26:1c:9e:8c:36:4d:06:21:80:f3:3a:6f:
94:b7:08:df:49:1a:30:0c:65:69:ea:dd:cd:d4:4a:f7:1a:b8:
19:e3:51:70:dd:18:f2:a6:b8:36:61:7b:70:41:65:ae:48:c3:
62:ce:4c:dd:63:12:93:49:ce:df:c5:73:df:1e:a2:75:76:f0:
d8:aa:64:c5:46:e6:4d:69:86:f1:24:3e:09:87:02:2b:dd:03:
8a:e0:ef:f1
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUPDfKUE/CyPx9/lEbaJZC8uLZItIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjVaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjMjI1ZWU4ZTQ3MjU5NmM1NDI4OTZkNTA0Mzc3ODBhYmE3NTkxY2EzNTI1
ZGNhNjBjOWFjYmE2MDVjZDZmNmMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM/Pq0SIx4BfGbNcWX4bIxrLRNSjXpdDYNGjPO59kcYrB3tD/PIxalEkbYLv
hrm0iDZh+SpuzsDLUQpn4UZnHtDGz5xq6ZAxrQhZdydoiQQ1dcBkZrGk9IoaMN3s
3PuPBPKFW8vaq8Mn+a3GknpGAVSneYjOkfz3Z0QJ1GFPkK/WSOlWI+JBOHJB3jEG
jHM+6VD4M1mou5maqb4B0+icEg8G3nTkcXQVEt4/jmtf4HjceH+Xq0jdRWNTLq/K
Zr1tCqtQ9lE3ca+Ue5OEDy1ty5flCnkPN5KFtj8UzBQQUpYy5vQG0czVs+4Xrppc
8CBdtEzP/b0ZB4RPa9bPL6Ld82cCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBSqgdex
6lu6zkIftAbfMwp4Hcmh6jAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MzQ2OTU5ZGQtNjRlMS00N2Y0LWEyNDctNGExOWZlNDI4MmNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABP8Ew
DQYJKoZIhvcNAQELBQADggEBAEV4vrAQUiseGxIQe389lrBVh73KIcczD0e3Wx3B
Mj4wWGwopfCEtNGFbOabKBB4i7Er7BE2+K7MmXziIywz/CTCqYs/Z0fuSqXw84SV
gh7DwbDYOMBA19XN5KS6SiRKoUsMl0daGdVH9ejnqhPpjRAMS5GpSorW3Mg3MX5E
/IuHZ54u/pOOeEEfcESAjyaPdNN/CP7Kx0rCF6bdbsuJgo9lEmPiSOIUxyYcnow2
TQYhgPM6b5S3CN9JGjAMZWnq3c3USvcauBnjUXDdGPKmuDZhe3BBZa5Iw2LOTN1j
EpNJzt/Fc98eonV28NiqZMVG5k1phvEkPgmHAivdA4rg7/E=
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:38 2026 by rpki-client