Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/54519fcd-4655-4148-9d7d-913b0c0cfe03.roa
File: 54519fcd-4655-4148-9d7d-913b0c0cfe03.roa (raw, json)
Hash identifier: UuTM4QNgVxAeU145twQL7yLsQJuoHNN4ELZZTOKHzp8=
Subject key identifier: 59:04:68:6F:1A:8F:63:D0:BB:EE:3D:75:18:9C:4A:B8:39:7A:22:88
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 55A69CECD81A6AAAE735D2689D2B81C3C38B524D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/54519fcd-4655-4148-9d7d-913b0c0cfe03.roa
Signing time: Fri 20 Feb 2026 01:40:46 +0000
ROA not before: Fri 20 Feb 2026 01:40:46 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:9000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:a6:9c:ec:d8:1a:6a:aa:e7:35:d2:68:9d:2b:81:c3:c3:8b:52:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:46 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=a432ef01b4a8ad258ee00e74e2a10c5205f44c4a27dee972e59e053f19d23891, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:07:46:c1:b1:95:26:87:68:8c:e6:83:cc:60:
f8:19:0b:3c:32:90:12:72:e2:ad:77:a5:2d:30:9c:
fc:e5:7b:4b:cb:d0:73:40:12:c0:1e:9c:a6:63:d0:
08:eb:e5:ae:59:c5:67:6a:a8:52:1d:a8:e5:02:ab:
a0:d8:70:62:84:2f:ac:2e:0a:f8:e4:ce:f4:ad:57:
af:7d:a2:bd:de:16:39:e5:ea:b0:87:15:3e:c4:bc:
4d:d6:f6:25:a0:ab:6e:2f:06:01:44:ce:39:7f:b4:
cf:a3:44:3c:0f:fa:e2:80:7b:29:fb:09:72:f4:24:
86:90:ad:88:5d:31:1c:e6:94:29:6b:41:59:f5:44:
09:1d:41:53:28:a5:ff:62:f0:25:8c:a3:12:7b:be:
fa:20:c8:f8:31:f6:70:e2:56:d4:61:ba:34:dd:b4:
67:4a:21:cf:33:a2:24:0b:e6:ae:8e:3d:dd:44:77:
6a:39:48:fe:61:88:d5:fa:db:ca:b6:6e:65:f7:0c:
a3:04:c0:1e:51:c1:97:83:9c:da:9d:f7:4d:3e:85:
e6:a3:68:a5:72:e9:5c:1d:40:20:15:28:7b:5e:ba:
57:56:e5:e2:c9:1d:e3:82:c9:b9:78:cb:5b:c0:1b:
69:bf:de:00:23:dd:15:8d:4e:9b:b7:60:8a:ed:3d:
0b:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:04:68:6F:1A:8F:63:D0:BB:EE:3D:75:18:9C:4A:B8:39:7A:22:88
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/54519fcd-4655-4148-9d7d-913b0c0cfe03.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:9000::/36
Signature Algorithm: sha256WithRSAEncryption
7f:95:7b:bf:34:f5:36:35:21:7b:fd:9d:91:3a:52:a6:ba:8a:
ff:98:01:3f:80:2a:df:f2:d9:3b:d2:c8:9a:47:23:cf:ba:2c:
22:5a:58:bc:cb:a6:37:3a:79:83:88:5a:ae:dc:7d:da:fe:6f:
24:e1:57:9d:3f:42:ea:e9:21:1c:76:69:cd:ac:62:2b:03:c3:
11:d5:57:36:55:74:8c:28:20:6e:73:63:78:31:dc:2a:54:cb:
29:c8:c0:39:a8:c0:0d:d1:ca:ce:76:cb:ce:05:8e:f7:71:49:
24:6c:4b:46:cb:a3:14:14:26:14:a9:38:89:14:61:a0:62:09:
cf:cf:dc:d9:e1:c7:3e:86:8a:eb:01:94:82:28:70:6c:3c:f9:
55:aa:7e:ec:f3:d3:3b:f3:49:c2:e7:4e:f2:23:ad:ca:3b:f8:
c7:72:34:27:1f:d6:6e:54:1f:2c:e1:b9:d8:ba:3a:dc:57:f6:
b2:b6:2e:e5:a5:a6:3e:6f:80:f9:29:26:1c:10:05:be:3b:4f:
dd:3a:6a:02:8f:56:2a:40:2c:c0:f5:e1:f3:33:a7:d9:c6:7c:
a2:f7:0a:61:cb:02:de:43:1c:a3:73:c9:8b:87:d4:9e:6b:a3:
55:25:42:5d:eb:f7:fd:dd:99:ff:c9:b9:7e:7b:3e:90:14:7d:
6a:ec:9f:26
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVaac7NgaaqrnNdJonSuBw8OLUk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwNDZaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0MzJlZjAxYjRhOGFkMjU4ZWUwMGU3NGUyYTEwYzUyMDVmNDRjNGEyN2Rl
ZTk3MmU1OWUwNTNmMTlkMjM4OTExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOMHRsGxlSaHaIzmg8xg+BkLPDKQEnLirXelLTCc/OV7S8vQc0ASwB6cpmPQ
COvlrlnFZ2qoUh2o5QKroNhwYoQvrC4K+OTO9K1Xr32ivd4WOeXqsIcVPsS8Tdb2
JaCrbi8GAUTOOX+0z6NEPA/64oB7KfsJcvQkhpCtiF0xHOaUKWtBWfVECR1BUyil
/2LwJYyjEnu++iDI+DH2cOJW1GG6NN20Z0ohzzOiJAvmro493UR3ajlI/mGI1frb
yrZuZfcMowTAHlHBl4Oc2p33TT6F5qNopXLpXB1AIBUoe166V1bl4skd44LJuXjL
W8Abab/eACPdFY1Om7dgiu09C2ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZBGhv
Go9j0LvuPXUYnEq4OXoiiDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NTQ1MTlmY2QtNDY1NS00MTQ4LTlkN2QtOTEzYjBjMGNmZTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB/lXu/NPU2NSF7/Z2ROlKmuor/mAE/gCrf8tk7
0siaRyPPuiwiWli8y6Y3OnmDiFqu3H3a/m8k4VedP0Lq6SEcdmnNrGIrA8MR1Vc2
VXSMKCBuc2N4MdwqVMspyMA5qMAN0crOdsvOBY73cUkkbEtGy6MUFCYUqTiJFGGg
YgnPz9zZ4cc+horrAZSCKHBsPPlVqn7s89M780nC507yI63KO/jHcjQnH9ZuVB8s
4bnYujrcV/ayti7lpaY+b4D5KSYcEAW+O0/dOmoCj1YqQCzA9eHzM6fZxnyi9wph
ywLeQxyjc8mLh9Sea6NVJUJd6/f93Zn/ybl+ez6QFH1q7J8m
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:42 2026 by rpki-client