Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/76596d4d-5093-4468-a590-5fe51a279b6f.roa
File: 76596d4d-5093-4468-a590-5fe51a279b6f.roa (raw, json)
Hash identifier: FcRn2X6tY+O8prjZ0NbOrDZk5X6Trx2A6e+cXA1pMGI=
Subject key identifier: F3:88:57:56:52:C4:52:AC:4A:E6:F0:B6:CB:BE:7B:73:B4:8C:1A:EF
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 53A74343A91FB8A15CA664C411F3066AAE7E7C16
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/76596d4d-5093-4468-a590-5fe51a279b6f.roa
Signing time: Fri 20 Feb 2026 01:40:24 +0000
ROA not before: Fri 20 Feb 2026 01:40:24 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:8800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:a7:43:43:a9:1f:b8:a1:5c:a6:64:c4:11:f3:06:6a:ae:7e:7c:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:24 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=de1ba0b1714dd343fd88436519571c3ed80806f7dda8c079c6eef52f139703d2, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:ce:8a:0d:a2:86:0a:b2:74:54:bf:35:32:19:
e1:8d:d2:46:be:08:aa:92:4b:a0:6c:fc:6e:29:c8:
f1:e7:54:0c:08:fe:55:59:ea:6d:f1:10:be:4f:f3:
60:92:33:9f:13:1f:0d:2d:03:1d:15:dd:96:7c:b8:
04:9e:4a:7c:d4:dd:58:d6:9c:7f:b1:3f:5e:ed:31:
90:c2:cb:9a:b6:e1:18:11:2d:5a:23:82:13:e6:ef:
77:91:ff:37:2c:26:bf:b2:ca:ac:44:85:aa:ab:af:
32:50:a8:64:e3:92:e1:9e:5a:a2:3e:28:b9:af:1e:
64:9b:ed:70:17:77:9c:fd:f9:6b:a2:5d:4f:df:7b:
28:fa:cb:5e:77:51:e7:ae:01:bd:1e:ca:05:57:97:
36:a9:7f:72:c2:58:3e:e3:cc:c0:9c:25:aa:5f:fe:
6e:5f:34:22:86:aa:e9:78:2b:75:f5:20:53:1b:de:
0d:44:f2:e3:12:cc:4e:be:25:6c:7b:c4:33:71:f5:
ae:a7:b2:22:a6:ee:83:d2:69:23:05:3d:dc:fc:c3:
9e:9a:61:ff:2b:14:16:1a:ad:12:58:50:75:30:4d:
db:ba:a3:ae:18:8c:55:2c:37:d8:87:f6:7e:de:58:
8f:d7:df:88:28:e2:65:0b:0f:6d:07:8d:fc:9f:65:
d0:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:88:57:56:52:C4:52:AC:4A:E6:F0:B6:CB:BE:7B:73:B4:8C:1A:EF
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/76596d4d-5093-4468-a590-5fe51a279b6f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:8800::/40
Signature Algorithm: sha256WithRSAEncryption
00:cd:36:0d:c8:cc:90:33:56:41:80:0d:c0:25:97:c9:0f:72:
2e:c5:32:9d:c4:c5:10:94:9c:61:fc:a5:c3:98:e7:89:6f:a1:
62:5b:bd:11:44:c2:d2:72:ee:91:75:98:dc:e0:15:1e:ad:a3:
5b:23:e2:5e:ff:7e:92:5d:07:fe:ba:49:e2:77:21:bc:cd:ee:
ae:a6:5e:d7:ac:40:c4:40:d2:46:79:a7:fd:d4:dd:74:3e:0a:
0e:0f:86:82:d7:2c:38:a4:68:ef:ff:4c:a7:e7:03:bf:a4:60:
fa:62:cd:37:96:c7:ea:41:5b:6b:f7:f0:01:c4:19:89:f4:6c:
9e:6c:95:90:d0:58:70:bf:2f:b1:a8:e2:b0:4e:8c:d0:91:5e:
fa:b5:3e:af:a0:1f:e5:67:7f:fd:19:fc:57:bb:51:ec:59:42:
9c:70:53:6f:2a:34:b4:7d:e6:60:9a:88:d9:cb:cd:ab:ec:54:
ef:df:aa:85:97:f0:6c:34:da:5e:5e:96:70:01:1d:f9:0f:48:
d9:d3:7c:32:3e:b6:31:29:80:26:76:2a:b5:ff:ac:03:bb:ea:
46:19:53:31:ae:23:d4:99:3a:f8:c9:1d:5f:15:74:8e:c0:43:
91:60:af:f0:c7:15:d3:09:82:63:43:62:76:de:f6:f4:a9:38:
ed:11:91:84
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU6dDQ6kfuKFcpmTEEfMGaq5+fBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjRaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGRlMWJhMGIxNzE0ZGQzNDNmZDg4NDM2NTE5NTcxYzNlZDgwODA2ZjdkZGE4
YzA3OWM2ZWVmNTJmMTM5NzAzZDIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO/Oig2ihgqydFS/NTIZ4Y3SRr4IqpJLoGz8binI8edUDAj+VVnqbfEQvk/z
YJIznxMfDS0DHRXdlny4BJ5KfNTdWNacf7E/Xu0xkMLLmrbhGBEtWiOCE+bvd5H/
Nywmv7LKrESFqquvMlCoZOOS4Z5aoj4oua8eZJvtcBd3nP35a6JdT997KPrLXndR
564BvR7KBVeXNql/csJYPuPMwJwlql/+bl80Ioaq6XgrdfUgUxveDUTy4xLMTr4l
bHvEM3H1rqeyIqbug9JpIwU93PzDnpph/ysUFhqtElhQdTBN27qjrhiMVSw32If2
ft5Yj9ffiCjiZQsPbQeN/J9l0F8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTziFdW
UsRSrErm8LbLvntztIwa7zAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzY1OTZkNGQtNTA5My00NDY4LWE1OTAtNWZlNTFhMjc5YjZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8OI
MA0GCSqGSIb3DQEBCwUAA4IBAQAAzTYNyMyQM1ZBgA3AJZfJD3IuxTKdxMUQlJxh
/KXDmOeJb6FiW70RRMLScu6RdZjc4BUeraNbI+Je/36SXQf+uknidyG8ze6upl7X
rEDEQNJGeaf91N10PgoOD4aC1yw4pGjv/0yn5wO/pGD6Ys03lsfqQVtr9/ABxBmJ
9GyebJWQ0Fhwvy+xqOKwTozQkV76tT6voB/lZ3/9GfxXu1HsWUKccFNvKjS0feZg
mojZy82r7FTv36qFl/BsNNpeXpZwAR35D0jZ03wyPrYxKYAmdiq1/6wDu+pGGVMx
riPUmTr4yR1fFXSOwEORYK/wxxXTCYJjQ2J23vb0qTjtEZGE
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:28 2026 by rpki-client