Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
File: 71ecb785-83f2-49e3-899e-5a6d8098f651.roa (raw, json)
Hash identifier: RR3RlMUyqlRa3RB+02Na02wLUyo/tAD1HWASkz5eZXA=
Subject key identifier: 82:29:B0:7F:F3:D9:8B:AB:85:88:5F:DE:F6:08:CB:42:40:2A:D0:C2
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 57422940CF1140099788248816B6C4B6EFD5CD63
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
Signing time: Fri 20 Feb 2026 01:40:25 +0000
ROA not before: Fri 20 Feb 2026 01:40:25 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:5000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:42:29:40:cf:11:40:09:97:88:24:88:16:b6:c4:b6:ef:d5:cd:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:25 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=46d2cf9115a4144397dfdf2cd531190c21ca2bba7d7831d7a929505c90fd161a, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:be:36:9b:f7:a6:f2:c7:4f:48:16:ee:0b:1c:
17:fb:b2:ab:61:27:23:53:c6:e8:ec:a9:1e:0d:1c:
20:dc:1c:ae:9c:ae:34:4f:d2:91:39:c1:72:4f:1d:
d1:e0:0a:57:ff:f9:7e:f1:6b:58:ad:de:e3:55:28:
3d:fa:04:93:fa:d1:e5:8a:87:08:f7:62:7a:25:5c:
6b:23:66:3c:2a:b3:8a:04:f3:eb:33:f9:a5:c0:57:
a6:a0:ac:98:9c:6f:fd:ef:72:25:f1:3b:f0:e5:40:
84:29:9a:bf:c0:b7:5b:eb:10:2f:5a:6a:29:30:38:
bb:43:81:3f:a5:15:b0:86:31:fd:c1:29:cd:87:ef:
87:46:4a:5e:b9:33:76:df:f3:e8:bb:64:38:20:0a:
08:02:dd:1d:74:d0:f6:13:b9:00:28:f3:1a:b7:e2:
02:f0:93:f4:a2:19:3c:5c:4e:24:1d:69:a3:ce:28:
1b:71:38:24:bf:a7:4a:f0:eb:b5:d8:79:9d:25:f1:
d8:95:e2:98:c8:63:5a:5f:38:b0:94:13:40:e6:c3:
34:53:08:59:f1:ae:c2:27:07:c5:9d:2b:25:2e:41:
af:35:aa:93:e7:ae:f1:d9:71:b5:cc:01:07:ba:26:
a5:6d:7d:ea:02:da:bd:cb:f4:aa:8d:cf:ac:00:78:
45:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:29:B0:7F:F3:D9:8B:AB:85:88:5F:DE:F6:08:CB:42:40:2A:D0:C2
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:5000::/36
Signature Algorithm: sha256WithRSAEncryption
60:42:9b:30:e9:71:a6:32:76:24:45:dd:c1:aa:f7:2b:ef:5b:
b6:94:35:e7:da:1b:cd:d7:e6:76:fe:c1:3b:04:de:4e:77:c6:
00:0d:b4:8b:21:b5:36:c9:37:18:9b:1e:3b:62:de:a6:66:ec:
fe:ef:0c:05:7e:b2:8b:22:8d:aa:8c:de:86:32:6b:5a:fe:b3:
ca:5d:29:ed:f7:a9:34:5c:d3:43:61:89:56:f9:ed:a8:ba:a4:
28:cb:f1:ab:26:8c:bd:4e:f8:d7:cc:65:ae:55:f2:59:e0:f1:
41:79:9b:74:5f:5f:ba:62:06:a5:28:aa:91:e1:2b:c9:54:b3:
11:97:29:8c:2b:ab:14:02:cc:9f:f0:6c:bd:f4:ab:e7:43:50:
e1:64:bf:de:5e:be:f7:11:c0:ad:b6:fc:84:f7:0a:71:0a:34:
c8:1d:52:0c:b3:46:61:7d:a4:9d:ab:15:c1:b0:93:64:8b:08:
64:1a:03:40:97:28:c8:4f:f3:5e:da:e4:ac:00:b8:d5:09:07:
7c:6c:67:c0:2f:21:3c:5f:15:ef:01:bc:14:14:4b:3d:2e:cc:
e9:12:81:77:4e:43:e6:97:22:6f:48:34:a5:29:77:7c:af:0c:
a2:0c:be:48:b2:d0:55:89:66:79:84:5c:27:0a:a4:62:bd:c1:
e0:8a:ae:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUV0IpQM8RQAmXiCSIFrbEtu/VzWMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjVaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2ZDJjZjkxMTVhNDE0NDM5N2RmZGYyY2Q1MzExOTBjMjFjYTJiYmE3ZDc4
MzFkN2E5Mjk1MDVjOTBmZDE2MWExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJO+Npv3pvLHT0gW7gscF/uyq2EnI1PG6OypHg0cINwcrpyuNE/SkTnBck8d
0eAKV//5fvFrWK3e41UoPfoEk/rR5YqHCPdieiVcayNmPCqzigTz6zP5pcBXpqCs
mJxv/e9yJfE78OVAhCmav8C3W+sQL1pqKTA4u0OBP6UVsIYx/cEpzYfvh0ZKXrkz
dt/z6LtkOCAKCALdHXTQ9hO5ACjzGrfiAvCT9KIZPFxOJB1po84oG3E4JL+nSvDr
tdh5nSXx2JXimMhjWl84sJQTQObDNFMIWfGuwicHxZ0rJS5BrzWqk+eu8dlxtcwB
B7ompW196gLavcv0qo3PrAB4RZcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSCKbB/
89mLq4WIX972CMtCQCrQwjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzFlY2I3ODUtODNmMi00OWUzLTg5OWUtNWE2ZDgwOThmNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8NQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBgQpsw6XGmMnYkRd3Bqvcr71u2lDXn2hvN1+Z2
/sE7BN5Od8YADbSLIbU2yTcYmx47Yt6mZuz+7wwFfrKLIo2qjN6GMmta/rPKXSnt
96k0XNNDYYlW+e2ouqQoy/GrJoy9TvjXzGWuVfJZ4PFBeZt0X1+6YgalKKqR4SvJ
VLMRlymMK6sUAsyf8Gy99KvnQ1DhZL/eXr73EcCttvyE9wpxCjTIHVIMs0ZhfaSd
qxXBsJNkiwhkGgNAlyjIT/Ne2uSsALjVCQd8bGfALyE8XxXvAbwUFEs9LszpEoF3
TkPmlyJvSDSlKXd8rwyiDL5IstBViWZ5hFwnCqRivcHgiq4N
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:40 2026 by rpki-client