Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
File: 4251c6ee-a4b0-4746-967f-94d2557ebf12.roa (raw, json)
Hash identifier: Wdmhxpgj08NVHrNKMbsRKuZIpgAS5m6KJsGR7aDdCmQ=
Subject key identifier: 13:78:2B:36:91:EC:4C:F8:34:8A:2A:69:95:7A:AC:DF:D9:F1:B6:CE
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6273928E056074658D05A53F3B72F01BDD644E16
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
Signing time: Fri 20 Feb 2026 01:30:49 +0000
ROA not before: Fri 20 Feb 2026 01:30:49 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:73:92:8e:05:60:74:65:8d:05:a5:3f:3b:72:f0:1b:dd:64:4e:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:49 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=10cf6d8c0792dbbe2735fc7916f6fca28cc40a0f4420f02bad653e849fe7dcea, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:9b:6f:69:b8:0b:d9:7f:46:30:d6:54:e9:c4:
ec:26:47:87:9e:0a:7a:6f:50:db:81:c7:c0:0f:fb:
89:fb:6d:ca:c8:9b:a1:17:e8:6d:c7:44:1a:37:88:
04:36:4f:ca:d8:bd:a4:9d:22:8d:ca:7a:96:bd:8a:
63:2e:07:d7:5c:76:c3:a1:a0:f8:3b:4e:85:e2:77:
ca:99:af:01:bc:7f:c2:99:0f:bb:87:21:48:dc:63:
9d:e4:93:67:6c:ae:9f:be:49:67:34:46:d4:81:45:
60:b9:06:90:8e:28:76:ac:19:05:56:06:e9:2a:8b:
57:fb:6c:89:3b:7c:d2:3c:41:fd:28:76:53:f3:c5:
9e:1f:e1:ee:f6:21:dc:0c:01:b3:30:b9:a1:a5:c1:
84:f7:a3:1f:ad:70:d9:e8:f2:8c:75:05:ff:6a:97:
13:8e:be:61:03:d8:2c:6e:dd:f1:c6:da:f0:11:b6:
6e:02:05:b7:9b:39:b6:6a:e9:5b:ae:f2:e9:41:f0:
ad:31:c2:fc:ee:9a:81:99:f6:a9:11:28:d8:ec:bc:
3b:e2:cb:e4:45:ea:67:91:5e:12:4b:bc:c1:37:bc:
25:a7:52:7b:24:02:38:b9:d8:66:da:f7:8a:8c:e4:
83:a5:2f:27:d4:c9:57:05:de:f7:55:3b:81:ee:36:
82:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:78:2B:36:91:EC:4C:F8:34:8A:2A:69:95:7A:AC:DF:D9:F1:B6:CE
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:880::/48
Signature Algorithm: sha256WithRSAEncryption
7a:60:f1:4f:da:61:f9:40:f8:5c:4e:cf:f5:cd:97:3c:8d:17:
bb:a8:60:30:1e:49:55:74:cb:23:97:77:5e:fb:d8:47:fe:d2:
a0:69:dd:b3:46:84:0e:ad:19:ec:9c:6b:a8:4c:01:01:1e:5e:
95:b0:cc:c0:ef:81:99:aa:3d:a6:ab:02:70:1a:8b:3f:af:b4:
79:90:ea:19:ca:e9:cb:07:91:1a:fe:00:9a:e6:9e:df:1e:1b:
a7:c4:f4:f0:3b:1e:df:5f:7b:e1:d7:cf:93:67:e3:8b:ae:8f:
65:07:c4:82:f9:53:9c:b6:fd:35:ab:42:1c:b5:c7:f4:d7:69:
cc:7f:28:65:c4:da:82:e2:ed:16:70:79:1e:0d:2f:6d:be:37:
c4:37:06:3c:a2:0d:cc:a4:65:3d:ce:d2:02:10:f6:a9:7a:7f:
9e:a2:3a:6b:0f:83:29:75:6f:49:c1:69:47:40:29:66:91:af:
4a:92:c8:26:54:54:1f:70:c0:fa:b4:64:0d:d4:04:25:df:ff:
01:8e:64:17:c4:3f:17:55:f3:e8:62:b6:af:9d:c7:b4:74:c3:
54:fb:13:e1:36:93:8e:bf:8f:df:b0:f7:c0:74:ce:01:9d:30:
c1:ef:50:5f:00:06:b9:00:38:0d:6f:b4:1f:c2:3c:47:99:9b:
ee:d8:cc:24
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUYnOSjgVgdGWNBaU/O3LwG91kThYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNDlaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDEwY2Y2ZDhjMDc5MmRiYmUyNzM1ZmM3OTE2ZjZmY2EyOGNjNDBhMGY0NDIw
ZjAyYmFkNjUzZTg0OWZlN2RjZWExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIybb2m4C9l/RjDWVOnE7CZHh54Kem9Q24HHwA/7ifttysiboRfobcdEGjeI
BDZPyti9pJ0ijcp6lr2KYy4H11x2w6Gg+DtOheJ3ypmvAbx/wpkPu4chSNxjneST
Z2yun75JZzRG1IFFYLkGkI4odqwZBVYG6SqLV/tsiTt80jxB/Sh2U/PFnh/h7vYh
3AwBszC5oaXBhPejH61w2ejyjHUF/2qXE46+YQPYLG7d8cba8BG2bgIFt5s5tmrp
W67y6UHwrTHC/O6agZn2qREo2Oy8O+LL5EXqZ5FeEku8wTe8JadSeyQCOLnYZtr3
iozkg6UvJ9TJVwXe91U7ge42gpMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQTeCs2
kexM+DSKKmmVeqzf2fG2zjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NDI1MWM2ZWUtYTRiMC00NzQ2LTk2N2YtOTRkMjU1N2ViZjEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
gDANBgkqhkiG9w0BAQsFAAOCAQEAemDxT9ph+UD4XE7P9c2XPI0Xu6hgMB5JVXTL
I5d3XvvYR/7SoGnds0aEDq0Z7JxrqEwBAR5elbDMwO+Bmao9pqsCcBqLP6+0eZDq
GcrpyweRGv4Amuae3x4bp8T08Dse31974dfPk2fji66PZQfEgvlTnLb9NatCHLXH
9NdpzH8oZcTaguLtFnB5Hg0vbb43xDcGPKINzKRlPc7SAhD2qXp/nqI6aw+DKXVv
ScFpR0ApZpGvSpLIJlRUH3DA+rRkDdQEJd//AY5kF8Q/F1Xz6GK2r53HtHTDVPsT
4TaTjr+P37D3wHTOAZ0wwe9QXwAGuQA4DW+0H8I8R5mb7tjMJA==
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:38 2026 by rpki-client