Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
File: 3fe8d737-6af0-4f49-813a-04581455d703.roa (raw, json)
Hash identifier: ElQyBnU0wN8rCyETXxYpLzdfhw32foI44EtXVaxo4aU=
Subject key identifier: 23:0B:80:FB:C5:9C:F2:C3:03:A1:6F:2F:C1:67:9C:15:84:94:D4:A5
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3F90C46EE3AE1B241B917FCC137E4A72DA7223F7
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
Signing time: Fri 20 Feb 2026 01:30:51 +0000
ROA not before: Fri 20 Feb 2026 01:30:51 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:90:c4:6e:e3:ae:1b:24:1b:91:7f:cc:13:7e:4a:72:da:72:23:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:51 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=44437dc4ab44cb51fda2642e60c56105b273db11f9f82193a47a0d76384d6c99, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:e4:48:80:e5:7b:bd:98:0b:fb:10:81:05:7d:
2b:e8:f7:13:8c:a5:ae:d5:dc:a2:24:f8:b9:02:67:
df:15:e4:3c:90:62:80:78:b8:98:2b:01:12:74:66:
12:f8:7f:2b:ab:03:bc:82:da:5e:be:9e:b5:f9:bd:
52:7f:2f:93:88:9c:e6:52:be:7d:b7:55:38:c0:a0:
a4:b2:44:4e:b2:d3:99:3e:a6:50:4a:c4:60:34:cb:
9c:a3:84:04:ce:94:7c:76:09:45:a0:e2:56:5d:b1:
7f:58:0a:3a:34:83:f3:fc:57:58:e8:7c:e3:3b:e1:
48:02:53:8c:db:a5:8a:03:70:76:d4:9a:d6:6d:3b:
1b:3a:4f:f8:d1:8e:93:9b:17:a3:bd:65:73:4f:76:
06:ac:38:ca:7c:c9:f4:46:b8:0b:2f:00:ca:b2:f0:
45:a5:4e:9d:65:ab:81:a1:c2:73:5b:1b:5f:17:12:
72:6c:d4:cb:c7:eb:7a:47:2f:65:28:46:91:33:84:
93:6b:b5:aa:98:bf:a2:cf:c3:12:1a:57:45:75:2a:
28:f7:56:c3:b8:06:e2:d0:0d:8c:ca:d1:2e:c2:45:
ed:6c:ad:fd:8e:ff:27:ad:65:89:5e:e6:1a:e3:39:
fa:f4:6a:24:86:4e:a1:e2:2a:fe:29:e9:06:7b:79:
08:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:0B:80:FB:C5:9C:F2:C3:03:A1:6F:2F:C1:67:9C:15:84:94:D4:A5
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8800::/40
Signature Algorithm: sha256WithRSAEncryption
98:28:92:fa:5a:31:11:91:10:b9:29:91:ab:5c:ad:a3:8c:bc:
11:dc:13:7a:fd:d8:29:52:0d:4b:1d:b0:ed:2b:29:0c:3c:69:
13:f0:5a:71:d9:76:98:b2:12:81:8e:dd:fe:25:86:11:94:e5:
92:48:45:61:ab:e4:5a:2d:e5:46:0c:95:ff:98:f0:6f:86:de:
4c:6f:ea:d6:22:f2:fb:b6:83:57:bb:2d:fa:5e:80:bf:ce:5a:
08:fe:b7:80:1f:06:63:cf:32:86:2b:53:b1:02:7b:5e:ff:b4:
4f:eb:fd:0a:f8:36:57:5f:18:b9:17:f3:93:cd:21:6c:3f:57:
c4:f9:76:65:95:ca:5a:eb:bb:80:2a:e4:f2:1d:f6:d0:e4:ad:
38:3d:4c:53:bb:63:61:61:45:d7:48:3c:84:99:a9:2c:97:5a:
1f:15:b5:18:d1:73:9e:7e:0e:18:ed:ca:c3:40:45:c6:0c:52:
ba:a4:9d:e0:19:35:a0:17:cb:2b:ee:70:16:1a:8b:83:31:e2:
aa:e3:84:85:a8:06:7e:75:fd:5b:37:b0:8a:38:ce:50:d1:46:
a1:fd:cc:af:82:1e:aa:e1:dc:8f:bd:49:2f:30:c1:3c:14:cb:
4c:5f:c1:61:d6:16:90:56:c9:fc:cf:3f:60:cd:a5:13:f1:71:
de:98:d7:f6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUP5DEbuOuGyQbkX/ME35KctpyI/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNTFaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0NDM3ZGM0YWI0NGNiNTFmZGEyNjQyZTYwYzU2MTA1YjI3M2RiMTFmOWY4
MjE5M2E0N2EwZDc2Mzg0ZDZjOTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbkSIDle72YC/sQgQV9K+j3E4ylrtXcoiT4uQJn3xXkPJBigHi4mCsBEnRm
Evh/K6sDvILaXr6etfm9Un8vk4ic5lK+fbdVOMCgpLJETrLTmT6mUErEYDTLnKOE
BM6UfHYJRaDiVl2xf1gKOjSD8/xXWOh84zvhSAJTjNuligNwdtSa1m07GzpP+NGO
k5sXo71lc092Bqw4ynzJ9Ea4Cy8AyrLwRaVOnWWrgaHCc1sbXxcScmzUy8frekcv
ZShGkTOEk2u1qpi/os/DEhpXRXUqKPdWw7gG4tANjMrRLsJF7Wyt/Y7/J61liV7m
GuM5+vRqJIZOoeIq/inpBnt5CP0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQjC4D7
xZzywwOhby/BZ5wVhJTUpTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2ZlOGQ3MzctNmFmMC00ZjQ5LTgxM2EtMDQ1ODE0NTVkNzAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WI
MA0GCSqGSIb3DQEBCwUAA4IBAQCYKJL6WjERkRC5KZGrXK2jjLwR3BN6/dgpUg1L
HbDtKykMPGkT8Fpx2XaYshKBjt3+JYYRlOWSSEVhq+RaLeVGDJX/mPBvht5Mb+rW
IvL7toNXuy36XoC/zloI/reAHwZjzzKGK1OxAnte/7RP6/0K+DZXXxi5F/OTzSFs
P1fE+XZllcpa67uAKuTyHfbQ5K04PUxTu2NhYUXXSDyEmaksl1ofFbUY0XOefg4Y
7crDQEXGDFK6pJ3gGTWgF8sr7nAWGouDMeKq44SFqAZ+df1bN7CKOM5Q0Uah/cyv
gh6q4dyPvUkvMME8FMtMX8Fh1haQVsn8zz9gzaUT8XHemNf2
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:30 2026 by rpki-client