Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa
File: 5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa (raw, json)
Hash identifier: h3V3w7JlvCrlov1UJNrqYhFLbOqUD3nqAnVospo8tSk=
Subject key identifier: 8A:33:4A:74:B3:25:7B:2C:FD:34:6E:DC:9C:68:70:3A:98:F6:DC:02
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3EFDB5E1643B7EB0EC4889ED7BF6C63303AE3086
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa
Signing time: Fri 20 Feb 2026 01:40:07 +0000
ROA not before: Fri 20 Feb 2026 01:40:07 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:a800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:fd:b5:e1:64:3b:7e:b0:ec:48:89:ed:7b:f6:c6:33:03:ae:30:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:07 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=e2a9bb1fa404bb1e9ecaf78b4ed65bec7af53e265b60e8f49ab9817ce6a7ab6c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:a6:8b:7c:c9:0c:aa:0c:a8:b5:9f:ce:70:ef:
6b:30:00:13:8e:f5:11:94:fc:be:51:14:c3:2a:55:
29:f6:63:c2:6c:47:85:ec:19:48:70:9f:f3:97:44:
8d:5c:15:fd:88:78:40:65:03:d4:4f:59:6a:6e:e9:
32:b7:3e:e3:1c:0f:88:c1:2d:fb:c7:ce:12:7a:0a:
80:8a:97:f3:73:fc:95:c7:fc:f2:ec:0c:92:25:00:
b2:62:8e:fc:d8:d4:83:63:14:ce:a7:24:f9:c8:03:
9c:85:84:d4:a2:31:2b:b6:36:c7:f1:74:26:d1:92:
cf:5a:1e:da:69:ab:9a:0b:7a:e7:92:9d:15:3d:c4:
8e:48:13:c7:f3:98:d9:17:43:cf:1b:9e:1c:a9:47:
16:bb:ba:0a:ab:7d:ea:26:1e:af:0d:66:47:16:ba:
7b:74:13:8e:e6:8b:81:29:2d:88:46:6c:16:db:52:
95:9c:16:ec:9a:91:98:b1:7a:3c:53:b2:fe:6b:c3:
fd:30:7b:fa:c9:16:8c:81:8d:55:5d:e0:ee:b0:f0:
af:20:a0:22:6b:35:f6:df:98:1d:bc:0f:c5:a9:55:
e8:1d:99:56:01:7b:40:28:44:6e:74:f5:0e:8d:2b:
21:78:77:fb:c0:93:97:14:84:cd:72:2a:32:ed:11:
e4:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:33:4A:74:B3:25:7B:2C:FD:34:6E:DC:9C:68:70:3A:98:F6:DC:02
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:a800::/40
Signature Algorithm: sha256WithRSAEncryption
73:89:b0:f5:0d:54:00:7f:fd:3c:95:76:26:f5:2b:c8:01:23:
9c:8c:77:78:88:fe:4f:75:81:96:15:39:78:f1:73:82:2f:34:
f9:cd:bb:d0:f8:0b:10:76:4e:30:fa:6e:62:ad:aa:f6:ae:39:
43:47:92:d6:a7:69:83:e6:e0:37:78:44:03:2e:6f:58:aa:b5:
3a:4c:e8:ac:d6:95:d2:54:25:4f:4c:07:5d:6a:ac:da:b3:3f:
e3:47:89:d7:64:f8:b6:87:c4:43:d6:68:94:d8:59:09:7f:a0:
c2:0e:bf:45:3d:3b:37:7f:75:54:e6:3c:98:0d:cf:94:58:1c:
c1:df:46:ab:bf:6a:8e:e4:6c:29:9e:45:36:b5:0d:47:11:b4:
68:5d:16:ff:bf:b6:23:2f:1b:23:ab:2a:a1:d5:12:39:d0:31:
dd:31:d4:33:d4:14:b4:e5:e0:c1:72:71:15:c2:a7:a2:29:0f:
3a:d1:01:56:41:40:90:60:36:1e:b9:dc:ff:f3:bd:59:a0:50:
7f:6b:6e:65:a4:0a:fb:be:13:00:59:20:44:d3:81:e1:c5:74:
43:ba:2f:85:8c:33:97:61:f3:5c:00:99:1d:a8:91:74:06:04:
6e:db:cb:cd:7e:24:c2:cb:51:d4:fa:e5:db:6b:4e:a3:23:9a:
03:b1:0f:33
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPv214WQ7frDsSInte/bGMwOuMIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMDdaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyYTliYjFmYTQwNGJiMWU5ZWNhZjc4YjRlZDY1YmVjN2FmNTNlMjY1YjYw
ZThmNDlhYjk4MTdjZTZhN2FiNmMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGmi3zJDKoMqLWfznDvazAAE471EZT8vlEUwypVKfZjwmxHhewZSHCf85dE
jVwV/Yh4QGUD1E9Zam7pMrc+4xwPiMEt+8fOEnoKgIqX83P8lcf88uwMkiUAsmKO
/NjUg2MUzqck+cgDnIWE1KIxK7Y2x/F0JtGSz1oe2mmrmgt655KdFT3EjkgTx/OY
2RdDzxueHKlHFru6Cqt96iYerw1mRxa6e3QTjuaLgSktiEZsFttSlZwW7JqRmLF6
PFOy/mvD/TB7+skWjIGNVV3g7rDwryCgIms19t+YHbwPxalV6B2ZVgF7QChEbnT1
Do0rIXh3+8CTlxSEzXIqMu0R5P0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSKM0p0
syV7LP00btycaHA6mPbcAjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NWI5YWI5N2EtMDhmYS00Y2M2LTg4OGYtZmI5NTQyOTNmYzczLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Oo
MA0GCSqGSIb3DQEBCwUAA4IBAQBzibD1DVQAf/08lXYm9SvIASOcjHd4iP5PdYGW
FTl48XOCLzT5zbvQ+AsQdk4w+m5irar2rjlDR5LWp2mD5uA3eEQDLm9YqrU6TOis
1pXSVCVPTAddaqzasz/jR4nXZPi2h8RD1miU2FkJf6DCDr9FPTs3f3VU5jyYDc+U
WBzB30arv2qO5GwpnkU2tQ1HEbRoXRb/v7YjLxsjqyqh1RI50DHdMdQz1BS05eDB
cnEVwqeiKQ860QFWQUCQYDYeudz/871ZoFB/a25lpAr7vhMAWSBE04HhxXRDui+F
jDOXYfNcAJkdqJF0BgRu28vNfiTCy1HU+uXba06jI5oDsQ8z
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:41 2026 by rpki-client