Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7cf0ad47-8bb3-480b-be13-5f3302af8307.roa
File: 7cf0ad47-8bb3-480b-be13-5f3302af8307.roa (raw, json)
Hash identifier: gZGtff2VrsRyA9pKBNbweDeTh7/TAXRJp5ovjY0J7QQ=
Subject key identifier: 85:57:E8:B0:FE:23:1B:C1:90:56:95:82:4E:31:2F:61:77:2B:55:5A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3E4F12CDAA0CD3CC3047964EF492046538D57E1D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7cf0ad47-8bb3-480b-be13-5f3302af8307.roa
Signing time: Fri 20 Feb 2026 01:40:30 +0000
ROA not before: Fri 20 Feb 2026 01:40:30 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:e000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:4f:12:cd:aa:0c:d3:cc:30:47:96:4e:f4:92:04:65:38:d5:7e:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:30 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=f38da875e1bfff305d193883f2b2cba94aa8ec6b844612d68b37eddc08b8b644, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:8b:8b:2e:5b:a4:05:f6:c3:cd:85:5f:fb:94:
b0:6f:c9:e3:c3:fd:09:ce:2e:36:36:de:0c:a5:38:
5d:f3:73:e0:95:15:51:f8:fc:fd:02:06:5d:98:12:
8e:9d:23:be:34:a0:ad:9e:77:75:32:e3:e9:9e:94:
5d:ba:b0:0b:c3:13:de:d0:7a:b1:2d:34:e0:4e:09:
62:b3:d3:e8:70:2f:bf:51:99:6c:cd:24:8f:cf:b1:
16:1d:a6:b3:12:44:e3:89:2e:09:fc:f2:68:70:77:
e6:90:1a:29:9f:41:4c:50:f4:c4:2e:5c:69:39:d5:
eb:0d:c1:3f:d4:1f:eb:d8:f6:6c:a9:f7:1d:b3:64:
00:41:83:32:11:61:45:e4:41:5c:ff:66:ca:ad:d2:
2e:16:fc:d2:50:ec:e3:71:c1:a1:af:d3:8b:99:6b:
4f:3e:de:53:b9:0e:59:90:03:c8:8b:9d:d0:2d:2f:
03:bf:95:41:30:01:ea:04:4a:08:b1:a6:67:32:d7:
ee:8c:39:2a:d1:e4:c5:7a:7f:2b:0d:5f:af:26:8f:
b7:a7:f4:3e:02:20:58:b5:1a:7a:f1:f5:85:40:4c:
7a:19:0f:7c:1c:43:03:6c:85:8b:f8:d9:88:2a:7f:
99:6e:e3:c6:0a:ac:f2:fd:0e:21:86:ba:a5:43:eb:
d7:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:57:E8:B0:FE:23:1B:C1:90:56:95:82:4E:31:2F:61:77:2B:55:5A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7cf0ad47-8bb3-480b-be13-5f3302af8307.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:e000::/36
Signature Algorithm: sha256WithRSAEncryption
98:f4:13:23:56:4d:c4:38:03:a0:54:81:ee:fd:11:40:46:49:
46:06:23:5d:8c:aa:53:41:84:70:1e:e1:d3:fe:47:86:b8:22:
16:12:6f:63:56:59:5a:43:fe:7d:3c:aa:d8:49:94:c2:00:7c:
01:16:f2:4c:23:af:7b:aa:49:1a:cd:81:39:2c:9b:08:32:e7:
5e:e3:71:7c:b7:b8:71:df:12:e2:23:ac:5c:1a:70:a7:ef:bb:
07:b7:7e:67:cb:62:2b:7b:38:e8:dc:e6:4b:ca:58:a7:2d:e1:
d2:a5:21:38:ae:82:a3:d8:e5:8a:93:1a:1c:47:a1:2e:22:c1:
a5:2b:ea:13:d4:22:d1:4d:b8:71:30:a3:ee:ee:ae:fa:1e:b9:
7f:54:04:71:95:7e:27:b9:f7:57:2c:39:bb:44:20:7c:b5:99:
45:05:79:f9:36:49:76:b2:df:c7:48:9e:12:ef:77:39:f2:1c:
fb:3c:dc:5a:b2:10:ca:a9:e1:ef:7f:38:36:80:9b:63:0c:91:
93:28:c8:c3:ed:58:cf:77:0d:b1:01:d2:32:aa:da:72:70:eb:
be:16:2a:e7:32:17:fc:27:e8:db:1e:47:74:1e:68:fe:8a:aa:
ad:6f:2d:f4:c2:9b:66:ff:9f:c0:a9:25:99:3d:3b:56:a4:0c:
47:1c:43:95
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPk8SzaoM08wwR5ZO9JIEZTjVfh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMzBaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGYzOGRhODc1ZTFiZmZmMzA1ZDE5Mzg4M2YyYjJjYmE5NGFhOGVjNmI4NDQ2
MTJkNjhiMzdlZGRjMDhiOGI2NDQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqLiy5bpAX2w82FX/uUsG/J48P9Cc4uNjbeDKU4XfNz4JUVUfj8/QIGXZgS
jp0jvjSgrZ53dTLj6Z6UXbqwC8MT3tB6sS004E4JYrPT6HAvv1GZbM0kj8+xFh2m
sxJE44kuCfzyaHB35pAaKZ9BTFD0xC5caTnV6w3BP9Qf69j2bKn3HbNkAEGDMhFh
ReRBXP9myq3SLhb80lDs43HBoa/Ti5lrTz7eU7kOWZADyIud0C0vA7+VQTAB6gRK
CLGmZzLX7ow5KtHkxXp/Kw1fryaPt6f0PgIgWLUaevH1hUBMehkPfBxDA2yFi/jZ
iCp/mW7jxgqs8v0OIYa6pUPr1+0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSFV+iw
/iMbwZBWlYJOMS9hdytVWjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
N2NmMGFkNDctOGJiMy00ODBiLWJlMTMtNWYzMzAyYWY4MzA3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fg
MA0GCSqGSIb3DQEBCwUAA4IBAQCY9BMjVk3EOAOgVIHu/RFARklGBiNdjKpTQYRw
HuHT/keGuCIWEm9jVllaQ/59PKrYSZTCAHwBFvJMI697qkkazYE5LJsIMude43F8
t7hx3xLiI6xcGnCn77sHt35ny2Irezjo3OZLylinLeHSpSE4roKj2OWKkxocR6Eu
IsGlK+oT1CLRTbhxMKPu7q76Hrl/VARxlX4nufdXLDm7RCB8tZlFBXn5Nkl2st/H
SJ4S73c58hz7PNxashDKqeHvfzg2gJtjDJGTKMjD7VjPdw2xAdIyqtpycOu+Firn
Mhf8J+jbHkd0Hmj+iqqtby30wptm/5/AqSWZPTtWpAxHHEOV
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:39 2026 by rpki-client