Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
File: 541ffd81-df5c-4971-9769-a37d113c922b.roa (raw, json)
Hash identifier: nFsYNgdnO2AQfO3jXjGDb9VWjOJGjGwZbuCem7zy9Kk=
Subject key identifier: 69:EC:15:44:F7:BD:6D:54:3B:26:E9:E0:70:E1:FD:E9:54:5D:CC:8E
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 41FD2AF3B09D29EF878E7A9EC78B3DCEE40DF186
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
Signing time: Fri 20 Feb 2026 01:30:16 +0000
ROA not before: Fri 20 Feb 2026 01:30:16 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:e::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:fd:2a:f3:b0:9d:29:ef:87:8e:7a:9e:c7:8b:3d:ce:e4:0d:f1:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:16 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=5a316fda2abf73a64608853b7c8fbc6b6e27a61d21b387ec3d48ecbc31407d47, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:7b:ae:a4:e9:2d:a7:52:dd:91:aa:a3:51:06:
67:21:3c:a2:06:4a:a7:68:35:e8:3e:19:c2:59:b7:
f7:d8:80:4a:b1:5d:6e:00:3f:28:e4:84:04:de:4b:
e0:54:53:c6:44:70:26:19:22:65:8a:54:1e:a0:12:
5c:22:7f:0c:a5:4b:58:2e:e1:2e:66:a0:39:0d:e0:
c6:28:ff:be:54:2f:eb:c5:35:0c:5a:d0:e2:de:c3:
2e:3b:c2:b5:a5:53:c8:e9:9b:53:a9:7b:56:96:a7:
bc:b8:09:db:ca:f1:9a:04:e2:d4:c0:ff:af:60:5d:
98:f2:ae:3a:0f:8e:bb:34:84:87:1f:c6:90:c3:cb:
ec:bd:1d:a1:65:4c:ca:5a:98:73:16:b5:d5:01:f3:
5a:50:2d:c7:e2:67:3b:ba:20:15:b4:ae:38:e9:58:
41:3d:86:07:fe:ba:c9:67:6e:fd:52:f9:42:6a:41:
80:96:16:7e:8b:60:eb:1e:89:8b:cf:e2:12:89:fc:
31:08:7b:69:dc:e0:5f:31:8d:ed:d2:7e:38:47:1a:
27:05:61:b6:08:a6:ad:1f:4e:aa:ca:2e:67:a9:52:
d9:5c:9e:b9:c1:74:b5:de:eb:08:ee:b5:2e:56:50:
e9:65:21:3e:71:a8:d5:62:ba:72:72:6b:38:5e:7a:
c0:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:EC:15:44:F7:BD:6D:54:3B:26:E9:E0:70:E1:FD:E9:54:5D:CC:8E
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:e::/47
Signature Algorithm: sha256WithRSAEncryption
3a:78:46:62:2b:b2:4f:53:99:b4:03:e7:9c:eb:a0:87:5b:da:
39:98:c8:54:d8:6f:79:1a:c1:1b:56:d7:c7:4a:6f:dc:4d:9c:
8c:e0:bb:30:eb:e7:57:5b:4e:f4:33:18:cf:30:84:2b:c6:9b:
e0:45:60:d8:95:c4:08:29:34:62:e1:1f:f1:0c:39:4a:d9:f1:
be:04:4e:63:75:3f:82:47:eb:f3:54:7b:71:56:be:01:32:f3:
f8:b4:a5:6d:b7:3e:d0:bf:0f:e0:fd:81:3b:3c:53:d4:fe:bf:
c1:12:df:42:e5:6d:3a:60:b1:68:79:68:58:41:ff:d5:84:fc:
c3:86:aa:04:66:0a:11:35:54:3c:25:a4:0d:b2:a4:a5:d3:1f:
96:02:21:b2:89:13:72:9b:50:8f:70:0f:3b:a8:0b:47:15:52:
38:7a:cd:77:4b:77:9b:e9:ba:2c:70:e5:c7:62:b7:8b:34:c2:
7a:fb:7d:91:0c:79:f8:08:94:28:a4:28:f9:0c:0f:24:c7:70:
05:39:5d:0a:c8:94:80:e1:b8:20:e6:7f:0e:7b:58:ed:4d:f0:
ad:8b:03:d5:ca:56:d5:df:65:66:18:d2:42:62:2a:33:e6:19:
fe:65:16:b4:ed:eb:35:d8:15:8f:f3:ef:fa:2b:d0:3b:0f:6b:
5a:c5:40:2f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQf0q87CdKe+Hjnqex4s9zuQN8YYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwMTZaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhMzE2ZmRhMmFiZjczYTY0NjA4ODUzYjdjOGZiYzZiNmUyN2E2MWQyMWIz
ODdlYzNkNDhlY2JjMzE0MDdkNDcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJl7rqTpLadS3ZGqo1EGZyE8ogZKp2g16D4Zwlm399iASrFdbgA/KOSEBN5L
4FRTxkRwJhkiZYpUHqASXCJ/DKVLWC7hLmagOQ3gxij/vlQv68U1DFrQ4t7DLjvC
taVTyOmbU6l7VpanvLgJ28rxmgTi1MD/r2BdmPKuOg+OuzSEhx/GkMPL7L0doWVM
ylqYcxa11QHzWlAtx+JnO7ogFbSuOOlYQT2GB/66yWdu/VL5QmpBgJYWfotg6x6J
i8/iEon8MQh7adzgXzGN7dJ+OEcaJwVhtgimrR9OqsouZ6lS2VyeucF0td7rCO61
LlZQ6WUhPnGo1WK6cnJrOF56wO8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRp7BVE
971tVDsm6eBw4f3pVF3MjjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NTQxZmZkODEtZGY1Yy00OTcxLTk3NjktYTM3ZDExM2M5MjJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABP8YA
DjANBgkqhkiG9w0BAQsFAAOCAQEAOnhGYiuyT1OZtAPnnOugh1vaOZjIVNhveRrB
G1bXx0pv3E2cjOC7MOvnV1tO9DMYzzCEK8ab4EVg2JXECCk0YuEf8Qw5StnxvgRO
Y3U/gkfr81R7cVa+ATLz+LSlbbc+0L8P4P2BOzxT1P6/wRLfQuVtOmCxaHloWEH/
1YT8w4aqBGYKETVUPCWkDbKkpdMflgIhsokTcptQj3APO6gLRxVSOHrNd0t3m+m6
LHDlx2K3izTCevt9kQx5+AiUKKQo+QwPJMdwBTldCsiUgOG4IOZ/DntY7U3wrYsD
1cpW1d9lZhjSQmIqM+YZ/mUWtO3rNdgVj/Pv+ivQOw9rWsVALw==
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:31 2026 by rpki-client