Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
File: 713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa (raw, json)
Hash identifier: ZutnxSJEQV1FWfZhIkrBH9UiyZ1x6j8Da4nZuRaOjx0=
Subject key identifier: E7:C6:E1:F1:45:62:FC:2F:80:D6:FF:37:89:C2:19:22:5A:E9:BA:6A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 06470137A89BB8CC973558ACF47E48FC8513EA0D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
Signing time: Fri 20 Feb 2026 01:30:46 +0000
ROA not before: Fri 20 Feb 2026 01:30:46 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:8000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:47:01:37:a8:9b:b8:cc:97:35:58:ac:f4:7e:48:fc:85:13:ea:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:46 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=ab518186e23287c798190d4938ba89e73210fcd12d75c3cf344879f5e38e5614, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:df:b3:5b:e5:a1:31:99:cf:74:34:77:90:82:
9d:32:7f:84:00:c8:fe:d8:5f:76:4f:68:a2:12:0b:
11:47:ac:14:06:ad:04:32:7c:e4:d6:13:f5:43:36:
94:83:9e:88:eb:88:19:16:02:20:b2:fc:63:cc:d7:
57:fa:05:44:ae:92:bb:8a:67:7b:a4:e7:0b:10:07:
17:b9:53:5d:b8:12:19:20:68:6e:d6:f0:13:77:3e:
f7:2b:b4:07:3d:b5:9f:9f:55:b3:1e:03:29:a6:42:
de:a0:08:aa:33:3f:fd:aa:a7:8d:45:21:96:a8:ce:
71:3d:e6:93:6b:1b:fc:a4:05:07:84:7f:ed:2d:79:
0f:40:25:3e:b5:1b:d9:99:68:89:1b:2b:0c:86:70:
42:e7:fc:d5:96:76:88:16:23:31:84:c7:3f:be:35:
cb:fe:54:42:af:83:04:72:7c:e8:a5:7f:43:07:a8:
ac:f0:cb:11:17:c1:59:d1:19:3b:6f:cb:81:19:2b:
c6:f1:2e:32:13:58:ac:32:b9:28:81:93:67:b2:c2:
ab:fd:31:a7:5d:9f:f4:a1:f3:f4:5c:fc:9c:4f:66:
c7:19:40:96:9e:78:47:4a:6d:b0:fb:88:e0:eb:6c:
88:36:35:32:3c:45:ba:97:b9:0d:25:b4:fa:b7:ba:
2b:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:C6:E1:F1:45:62:FC:2F:80:D6:FF:37:89:C2:19:22:5A:E9:BA:6A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:8000::/36
Signature Algorithm: sha256WithRSAEncryption
b3:a5:8d:c7:2f:91:3f:79:0e:2b:ce:f1:32:e3:28:2b:91:b6:
af:3a:8a:e1:2e:e2:eb:5f:9d:57:e3:21:26:ba:4a:f6:9a:4e:
25:05:af:b9:c7:86:80:7d:b2:8b:4b:bd:e4:f3:98:27:ac:6e:
aa:26:62:40:7e:35:60:15:27:c7:1f:8d:81:e7:a1:f1:da:47:
15:bb:54:4d:c5:10:4d:84:51:a7:19:d4:58:b2:28:9c:a8:04:
62:01:24:b8:ac:fc:4a:e4:87:78:9a:e4:da:08:fd:8e:d8:a1:
8d:fe:a3:35:a4:50:f9:32:cf:59:ed:c3:c1:45:cf:46:b6:3c:
21:dc:84:12:a1:8f:ea:9e:c6:e1:ed:cd:7b:8e:f9:6c:f6:ac:
8b:50:2f:05:ed:36:b6:f1:53:ef:70:5c:78:85:36:b2:c4:d9:
95:ac:fe:86:80:8b:1f:e0:da:06:72:6d:23:75:4c:bd:73:d0:
0c:f6:8e:a1:a1:fb:6a:06:d6:b7:90:d5:b8:81:ba:61:4e:aa:
16:c4:cb:c7:39:86:e3:d1:04:67:25:df:67:25:c5:9b:a9:21:
e0:a6:9e:90:d5:34:e7:64:b7:d1:fe:a9:81:05:aa:cf:a6:45:
51:61:ee:4f:59:09:61:de:59:37:82:1c:a8:fa:10:ad:9b:e6:
65:b8:07:0b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBkcBN6ibuMyXNVis9H5I/IUT6g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNDZaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiNTE4MTg2ZTIzMjg3Yzc5ODE5MGQ0OTM4YmE4OWU3MzIxMGZjZDEyZDc1
YzNjZjM0NDg3OWY1ZTM4ZTU2MTQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMTfs1vloTGZz3Q0d5CCnTJ/hADI/thfdk9oohILEUesFAatBDJ85NYT9UM2
lIOeiOuIGRYCILL8Y8zXV/oFRK6Su4pne6TnCxAHF7lTXbgSGSBobtbwE3c+9yu0
Bz21n59Vsx4DKaZC3qAIqjM//aqnjUUhlqjOcT3mk2sb/KQFB4R/7S15D0AlPrUb
2ZloiRsrDIZwQuf81ZZ2iBYjMYTHP741y/5UQq+DBHJ86KV/QweorPDLERfBWdEZ
O2/LgRkrxvEuMhNYrDK5KIGTZ7LCq/0xp12f9KHz9Fz8nE9mxxlAlp54R0ptsPuI
4OtsiDY1MjxFupe5DSW0+re6Ky8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTnxuHx
RWL8L4DW/zeJwhkiWum6ajAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzEzYTIyZmMtOTQ1MS00ZDQ4LTlkMDUtNWNkZjljMWFhMTYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eA
MA0GCSqGSIb3DQEBCwUAA4IBAQCzpY3HL5E/eQ4rzvEy4ygrkbavOorhLuLrX51X
4yEmukr2mk4lBa+5x4aAfbKLS73k85gnrG6qJmJAfjVgFSfHH42B56Hx2kcVu1RN
xRBNhFGnGdRYsiicqARiASS4rPxK5Id4muTaCP2O2KGN/qM1pFD5Ms9Z7cPBRc9G
tjwh3IQSoY/qnsbh7c17jvls9qyLUC8F7Ta28VPvcFx4hTayxNmVrP6GgIsf4NoG
cm0jdUy9c9AM9o6hoftqBta3kNW4gbphTqoWxMvHOYbj0QRnJd9nJcWbqSHgpp6Q
1TTnZLfR/qmBBarPpkVRYe5PWQlh3lk3ghyo+hCtm+ZluAcL
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:31 2026 by rpki-client