Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
File: 6b104617-be96-4130-b1b4-dbe8facd0109.roa (raw, json)
Hash identifier: cetX6iCU+KTTPdoVpByBIknHpTPl+tgOAWFZerWZOP0=
Subject key identifier: 65:48:70:86:75:FF:81:D5:99:46:09:4F:2E:F9:1F:06:8F:EB:C9:5E
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3ED67AAA3CAD8E6D3A3B6AC768D859B7E5043D26
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
Signing time: Fri 20 Feb 2026 01:30:14 +0000
ROA not before: Fri 20 Feb 2026 01:30:14 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:c000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:d6:7a:aa:3c:ad:8e:6d:3a:3b:6a:c7:68:d8:59:b7:e5:04:3d:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:14 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=8b4962d5a4b3854a23b2f4f82fd67c548b215b344c063fb9d7555ea2b29b4575, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:08:db:f8:5e:97:d5:5f:f0:62:b7:18:69:6f:
8a:53:5e:18:cf:a5:f7:b3:3d:f7:89:de:b7:e3:1f:
40:ed:ff:15:f1:20:56:63:26:ee:2d:8c:e6:0a:3b:
3d:dd:d0:57:fe:c6:45:09:57:83:e4:bb:73:e6:d4:
4d:0a:02:ae:df:5a:e7:53:01:42:99:7c:09:7e:53:
49:74:5e:45:65:db:5f:00:19:04:9a:ed:d2:42:6c:
83:9e:67:62:47:4e:3c:f1:6c:51:30:4c:11:85:69:
14:0b:f5:b6:6a:7f:13:9f:1b:3e:cb:97:cb:bb:87:
4f:6b:07:04:98:80:db:11:47:76:fd:bc:63:fe:d3:
01:86:4e:c9:bb:c6:67:a7:7b:56:02:77:6c:02:17:
36:e9:20:ac:6f:6b:d1:7c:a5:61:ac:c2:5e:7d:a7:
87:68:eb:95:bc:b8:b5:c7:83:f3:5f:1b:5d:12:91:
da:3d:46:84:0f:e8:55:85:a0:3f:62:46:34:dc:09:
b6:df:e5:d3:71:b3:c4:96:61:3d:c2:14:92:c2:f5:
34:83:24:12:60:80:8f:43:df:c9:e5:79:86:9f:f0:
7e:d7:ef:0e:72:ed:eb:63:08:7c:b8:c1:5d:53:67:
01:67:0b:82:67:74:53:14:9c:38:44:6b:56:4a:1b:
ce:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:48:70:86:75:FF:81:D5:99:46:09:4F:2E:F9:1F:06:8F:EB:C9:5E
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:c000::/36
Signature Algorithm: sha256WithRSAEncryption
8b:00:7d:36:b8:e2:c1:0c:f4:97:68:48:95:21:cc:36:9c:90:
4d:c5:30:08:ff:d7:99:c0:53:7f:7c:01:6a:4b:1a:22:18:23:
6d:b6:11:55:86:50:50:c3:f0:d6:bc:14:35:9c:0d:98:16:b1:
94:cc:ed:97:fc:a6:d6:33:5c:02:04:53:48:0a:d2:9f:fe:9b:
b5:77:51:cc:0c:48:79:09:58:88:88:32:e4:3e:af:db:ca:d4:
2b:60:cc:c9:4f:e3:5e:82:26:4e:d9:f7:25:73:a6:76:be:3f:
ba:45:d8:30:53:1c:c7:2e:87:ed:cd:f8:cb:b0:95:08:8a:3c:
dd:37:ff:78:4b:32:78:10:a5:d8:78:a5:e0:f5:73:eb:14:48:
ca:1d:33:02:cc:d1:75:87:86:dc:c1:83:a3:23:74:75:2a:c1:
c7:a3:e5:b8:77:84:ec:f4:5d:2b:63:2f:67:f0:ae:71:47:6f:
2c:8d:50:90:0f:42:03:fd:6a:43:d0:1f:2d:86:dd:93:a3:d2:
78:98:2c:ec:74:85:37:ea:20:3d:59:90:a4:fd:04:17:24:04:
b1:42:f5:47:d1:37:76:80:d0:f4:2e:13:1c:82:68:cd:a5:cd:
9e:11:b6:ae:cb:85:23:b4:6c:8d:8b:5c:3b:7b:d8:75:e4:11:
bf:37:29:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPtZ6qjytjm06O2rHaNhZt+UEPSYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwMTRaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiNDk2MmQ1YTRiMzg1NGEyM2IyZjRmODJmZDY3YzU0OGIyMTViMzQ0YzA2
M2ZiOWQ3NTU1ZWEyYjI5YjQ1NzUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOwI2/hel9Vf8GK3GGlvilNeGM+l97M994net+MfQO3/FfEgVmMm7i2M5go7
Pd3QV/7GRQlXg+S7c+bUTQoCrt9a51MBQpl8CX5TSXReRWXbXwAZBJrt0kJsg55n
YkdOPPFsUTBMEYVpFAv1tmp/E58bPsuXy7uHT2sHBJiA2xFHdv28Y/7TAYZOybvG
Z6d7VgJ3bAIXNukgrG9r0XylYazCXn2nh2jrlby4tceD818bXRKR2j1GhA/oVYWg
P2JGNNwJtt/l03GzxJZhPcIUksL1NIMkEmCAj0PfyeV5hp/wftfvDnLt62MIfLjB
XVNnAWcLgmd0UxScOERrVkobzpsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRlSHCG
df+B1ZlGCU8u+R8Gj+vJXjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NmIxMDQ2MTctYmU5Ni00MTMwLWIxYjQtZGJlOGZhY2QwMTA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fA
MA0GCSqGSIb3DQEBCwUAA4IBAQCLAH02uOLBDPSXaEiVIcw2nJBNxTAI/9eZwFN/
fAFqSxoiGCNtthFVhlBQw/DWvBQ1nA2YFrGUzO2X/KbWM1wCBFNICtKf/pu1d1HM
DEh5CViIiDLkPq/bytQrYMzJT+NegiZO2fclc6Z2vj+6RdgwUxzHLoftzfjLsJUI
ijzdN/94SzJ4EKXYeKXg9XPrFEjKHTMCzNF1h4bcwYOjI3R1KsHHo+W4d4Ts9F0r
Yy9n8K5xR28sjVCQD0ID/WpD0B8tht2To9J4mCzsdIU36iA9WZCk/QQXJASxQvVH
0Td2gND0LhMcgmjNpc2eEbauy4UjtGyNi1w7e9h15BG/Nyn8
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:41 2026 by rpki-client