Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4ce5b31b-8d42-403f-b519-f240e7958f0e.roa
File: 4ce5b31b-8d42-403f-b519-f240e7958f0e.roa (raw, json)
Hash identifier: n/Pcuzuu4xwLWZv9Kd0Aue/140eZij/gwZEjdMBm4oE=
Subject key identifier: E3:74:63:0E:6B:22:55:3C:80:03:B2:08:17:2D:5E:98:F0:84:49:BB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1ACDD75440781F23EA0850DB89491EFDB9646B50
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4ce5b31b-8d42-403f-b519-f240e7958f0e.roa
Signing time: Fri 20 Feb 2026 01:40:28 +0000
ROA not before: Fri 20 Feb 2026 01:40:28 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:1800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:cd:d7:54:40:78:1f:23:ea:08:50:db:89:49:1e:fd:b9:64:6b:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:28 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=ab12a70a7f37d4bf66d01c34b8a3e016aebbbb0e9381ead4ef0fde311d79a0f0, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:d6:ae:69:66:75:9a:f0:e7:6e:59:1d:a7:2e:
d0:9a:92:46:23:5c:96:ed:ec:cf:92:a3:fb:31:f3:
bd:24:c3:3d:a9:db:89:a7:bf:6d:c6:29:07:74:1e:
59:40:5e:e9:ec:1a:55:86:3f:58:7c:84:f7:f8:38:
bb:5d:f9:41:3b:dd:f0:4e:2a:83:30:44:8e:60:0f:
3f:3d:5c:90:44:7b:9e:88:f0:ac:43:75:8d:7b:be:
8d:9b:80:7e:00:4a:e0:63:23:2f:30:27:7e:72:8c:
a9:2c:46:1f:98:df:d7:67:4a:41:d0:21:6b:ed:88:
c7:db:6f:92:cc:12:ec:cd:1e:75:47:b9:57:ea:96:
72:7b:45:e9:da:9f:23:f6:47:d2:a6:d7:a9:c4:b3:
15:02:a8:fa:ce:bf:f4:ef:e9:29:c9:dd:da:41:c7:
d5:1e:38:4c:9b:68:30:e7:ab:36:f1:4c:b2:92:a8:
09:54:d3:85:d4:6e:06:60:e1:ed:20:1f:fe:b5:c1:
de:33:a3:60:b6:15:be:a6:84:0b:d2:e5:da:89:15:
b4:28:e8:2d:d6:68:0a:ce:a3:9c:24:95:b6:3d:af:
ad:84:a6:ff:33:c5:46:7f:d0:8d:df:f8:b5:d6:3a:
5d:39:cc:dd:91:4a:b1:0d:90:9e:ec:b7:99:47:20:
8b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:74:63:0E:6B:22:55:3C:80:03:B2:08:17:2D:5E:98:F0:84:49:BB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4ce5b31b-8d42-403f-b519-f240e7958f0e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:1800::/40
Signature Algorithm: sha256WithRSAEncryption
63:4e:68:8f:58:ff:06:91:6c:cb:0f:bb:38:c8:4d:f0:b4:57:
48:f9:ba:2c:dd:31:b7:64:33:6a:93:71:28:a0:fb:b9:8d:b4:
86:ce:30:90:0e:6e:a5:46:9d:36:03:ab:1f:c0:f2:15:e9:aa:
ac:70:20:83:c7:98:05:06:71:3e:f6:1b:9f:06:12:be:2e:d1:
4d:d5:8d:07:8c:4d:71:84:f2:7f:66:5b:e0:77:ee:3d:02:14:
3a:98:02:bb:e5:d7:38:23:54:66:88:9c:65:49:56:d1:d9:f1:
96:fb:b3:e8:c0:b0:2e:b8:3c:ac:8b:dc:fa:1a:e2:b2:3e:37:
91:4f:9c:c2:20:05:d9:fa:f5:a1:52:0e:a9:7e:91:ed:c0:4f:
5e:52:d2:8e:68:be:69:27:26:9b:0e:c1:30:c5:99:a3:41:2a:
c9:a9:c3:2d:46:bd:ba:50:0b:92:60:9e:ed:59:d7:83:1d:d9:
aa:d4:36:f1:0e:60:4f:26:8b:1d:00:62:e7:f6:57:16:eb:55:
a8:86:dd:6f:9a:c2:5e:ea:e7:a1:73:e6:11:ca:db:8e:80:02:
3f:c6:5c:54:5e:77:f0:74:6d:14:48:65:a3:96:d0:00:2f:69:
80:4f:75:a9:8d:65:fd:f3:0f:e2:36:cd:3a:ef:92:96:5e:2f:
5e:18:28:5f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGs3XVEB4HyPqCFDbiUke/blka1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjhaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiMTJhNzBhN2YzN2Q0YmY2NmQwMWMzNGI4YTNlMDE2YWViYmJiMGU5Mzgx
ZWFkNGVmMGZkZTMxMWQ3OWEwZjAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKPWrmlmdZrw525ZHacu0JqSRiNclu3sz5Kj+zHzvSTDPanbiae/bcYpB3Qe
WUBe6ewaVYY/WHyE9/g4u135QTvd8E4qgzBEjmAPPz1ckER7nojwrEN1jXu+jZuA
fgBK4GMjLzAnfnKMqSxGH5jf12dKQdAha+2Ix9tvkswS7M0edUe5V+qWcntF6dqf
I/ZH0qbXqcSzFQKo+s6/9O/pKcnd2kHH1R44TJtoMOerNvFMspKoCVTThdRuBmDh
7SAf/rXB3jOjYLYVvqaEC9Ll2okVtCjoLdZoCs6jnCSVtj2vrYSm/zPFRn/Qjd/4
tdY6XTnM3ZFKsQ2Qnuy3mUcgi6kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTjdGMO
ayJVPIADsggXLV6Y8IRJuzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NGNlNWIzMWItOGQ0Mi00MDNmLWI1MTktZjI0MGU3OTU4ZjBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8cY
MA0GCSqGSIb3DQEBCwUAA4IBAQBjTmiPWP8GkWzLD7s4yE3wtFdI+bos3TG3ZDNq
k3EooPu5jbSGzjCQDm6lRp02A6sfwPIV6aqscCCDx5gFBnE+9hufBhK+LtFN1Y0H
jE1xhPJ/Zlvgd+49AhQ6mAK75dc4I1RmiJxlSVbR2fGW+7PowLAuuDysi9z6GuKy
PjeRT5zCIAXZ+vWhUg6pfpHtwE9eUtKOaL5pJyabDsEwxZmjQSrJqcMtRr26UAuS
YJ7tWdeDHdmq1DbxDmBPJosdAGLn9lcW61Woht1vmsJe6uehc+YRytuOgAI/xlxU
XnfwdG0USGWjltAAL2mAT3WpjWX98w/iNs0675KWXi9eGChf
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:29 2026 by rpki-client