Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
File: 3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa (raw, json)
Hash identifier: UXKrjYrcMDaI5pJVyvTSeWbzig4UscnoQJToeFT55Yw=
Subject key identifier: 08:1B:1B:F7:92:34:7D:92:F5:58:8F:17:0B:35:CA:24:B4:C6:ED:B1
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3945C052E8DE5FCB2D422F022DC8836DC7DEC369
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
Signing time: Fri 20 Feb 2026 01:40:40 +0000
ROA not before: Fri 20 Feb 2026 01:40:40 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:45:c0:52:e8:de:5f:cb:2d:42:2f:02:2d:c8:83:6d:c7:de:c3:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:40 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=8c236e7d96e585efbd89e412d0389c94e3f62ae37bef48e1e18fbe1162f684bf, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:02:6c:03:a7:c9:57:9c:4e:9b:da:cd:59:1b:
d0:22:67:ef:8e:fa:52:69:3c:b5:c8:dd:a0:60:69:
58:47:29:2d:9f:82:b1:3a:cf:39:97:4f:99:94:00:
cd:20:41:6d:60:1c:c7:93:fc:11:4f:0b:e2:02:22:
a1:1a:82:b9:cd:75:ef:8c:86:62:49:6a:2e:a9:b7:
f1:63:f1:89:d1:9c:cd:99:34:d3:c7:82:4d:93:53:
5e:b4:b2:27:5a:ce:f6:30:9f:50:56:a2:6c:86:25:
10:71:62:02:4d:46:dd:2b:2c:2d:b6:df:02:9d:36:
ad:ad:11:cb:03:01:f6:b2:88:c6:70:8c:b3:f3:8c:
cc:d4:ac:94:4c:3f:6d:6a:3c:09:55:31:b2:f0:82:
f3:c7:6f:20:8f:e4:8b:6c:03:85:ea:bc:13:f6:85:
69:49:91:73:07:39:25:8b:4b:10:6b:87:e1:ee:43:
05:1c:54:eb:5b:69:2b:4c:d6:b7:08:a5:ae:20:70:
fc:4f:8b:18:38:bb:23:48:98:c8:e1:84:bf:6c:39:
22:80:9e:e4:0e:96:2f:05:00:71:eb:00:17:25:bd:
91:2c:ab:3e:8e:00:c2:54:a4:d3:6f:94:03:17:d2:
df:41:0d:18:c1:17:2f:76:20:2c:39:ac:62:9a:cc:
e6:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:1B:1B:F7:92:34:7D:92:F5:58:8F:17:0B:35:CA:24:B4:C6:ED:B1
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8000::/36
Signature Algorithm: sha256WithRSAEncryption
97:fd:c4:62:35:4a:51:d5:71:ed:5d:87:6f:44:a4:19:af:cc:
38:29:74:8e:46:e2:c6:6d:89:7d:23:92:ab:04:d1:5c:6c:4c:
bc:51:43:e3:fe:24:ab:c0:07:42:b1:53:a4:bb:5c:a2:39:ee:
aa:20:73:80:28:26:3d:8a:93:11:25:eb:65:9e:17:af:16:15:
1a:86:bc:4f:81:e9:55:62:fe:fe:f5:da:d5:d0:ba:8a:59:e7:
7f:f2:52:8f:32:f8:54:eb:69:1a:0b:a5:4f:71:82:0b:47:26:
54:6e:34:c1:77:52:4f:6a:54:b7:e4:b1:d9:6c:6e:c4:0d:0a:
65:84:56:e2:12:e5:81:c7:d5:2d:1a:e3:34:7f:5c:2c:8f:44:
4b:23:3b:ef:34:0a:49:b5:9d:a4:52:12:d9:e8:c5:fb:24:5d:
7d:11:2f:9f:88:b7:a7:a0:6e:75:b8:4f:76:41:4d:9b:06:78:
54:98:9b:ec:fb:dc:2b:ab:31:52:5a:86:9c:7e:75:8d:eb:71:
85:7b:c9:14:eb:11:f9:74:df:5b:15:60:55:b9:8a:0f:28:bb:
1a:92:9f:b0:75:32:b7:66:e5:68:90:2a:fc:90:96:28:f4:5b:
ec:fe:d1:5d:46:0d:6d:d1:46:76:2c:d6:d7:48:79:72:1a:dc:
c5:11:02:ca
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOUXAUujeX8stQi8CLciDbcfew2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwNDBaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjMjM2ZTdkOTZlNTg1ZWZiZDg5ZTQxMmQwMzg5Yzk0ZTNmNjJhZTM3YmVm
NDhlMWUxOGZiZTExNjJmNjg0YmYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALACbAOnyVecTpvazVkb0CJn7476Umk8tcjdoGBpWEcpLZ+CsTrPOZdPmZQA
zSBBbWAcx5P8EU8L4gIioRqCuc1174yGYklqLqm38WPxidGczZk008eCTZNTXrSy
J1rO9jCfUFaibIYlEHFiAk1G3SssLbbfAp02ra0RywMB9rKIxnCMs/OMzNSslEw/
bWo8CVUxsvCC88dvII/ki2wDheq8E/aFaUmRcwc5JYtLEGuH4e5DBRxU61tpK0zW
twilriBw/E+LGDi7I0iYyOGEv2w5IoCe5A6WLwUAcesAFyW9kSyrPo4AwlSk02+U
AxfS30ENGMEXL3YgLDmsYprM5vUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQIGxv3
kjR9kvVYjxcLNcoktMbtsTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2EzM2Q4NDQtNDI2Yi00MWI4LWFhOGMtZjRhYjI2YTY2ZmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WA
MA0GCSqGSIb3DQEBCwUAA4IBAQCX/cRiNUpR1XHtXYdvRKQZr8w4KXSORuLGbYl9
I5KrBNFcbEy8UUPj/iSrwAdCsVOku1yiOe6qIHOAKCY9ipMRJetlnhevFhUahrxP
gelVYv7+9drV0LqKWed/8lKPMvhU62kaC6VPcYILRyZUbjTBd1JPalS35LHZbG7E
DQplhFbiEuWBx9UtGuM0f1wsj0RLIzvvNApJtZ2kUhLZ6MX7JF19ES+fiLenoG51
uE92QU2bBnhUmJvs+9wrqzFSWoacfnWN63GFe8kU6xH5dN9bFWBVuYoPKLsakp+w
dTK3ZuVokCr8kJYo9Fvs/tFdRg1t0UZ2LNbXSHlyGtzFEQLK
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:29 2026 by rpki-client