Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8141b7c7-3722-47fb-a87c-13473348f317.roa
File: 8141b7c7-3722-47fb-a87c-13473348f317.roa (raw, json)
Hash identifier: Zi8f82T0T81dwdVVwW89HrfjL59ohN7PGezU7/7Cr2M=
Subject key identifier: 96:F3:0B:5A:31:9B:B7:6A:FE:90:15:FE:57:67:27:BD:5A:0F:E7:F1
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 235BF93FAFEBC43DBAC419F44614E60C37B89EE7
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8141b7c7-3722-47fb-a87c-13473348f317.roa
Signing time: Fri 20 Feb 2026 01:40:08 +0000
ROA not before: Fri 20 Feb 2026 01:40:08 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:5b:f9:3f:af:eb:c4:3d:ba:c4:19:f4:46:14:e6:0c:37:b8:9e:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:08 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=7e229e165cbdf77c9c591cc05e5085ac8e4fa03679aee2e1c15e2ea29696a79e, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f8:34:34:63:d2:e4:5e:a5:4b:46:22:97:b8:
78:bf:2b:33:23:39:c2:2c:84:45:86:a5:73:e1:8b:
eb:f0:d6:bb:bf:15:53:00:fb:8f:5e:fc:33:c6:a9:
ba:8c:4b:03:14:12:0d:58:f0:64:2b:c5:9e:20:e3:
63:70:00:cf:8a:09:2a:eb:30:8c:7b:28:3d:91:ca:
54:6b:ad:4b:75:18:a8:bb:03:3d:87:b8:0f:9c:69:
62:4e:53:72:65:c8:3d:c3:f2:6b:69:19:0f:24:a2:
08:c4:42:2e:08:32:2b:bb:0b:2b:85:5f:18:ef:3f:
67:60:47:f8:64:ed:1e:91:61:86:1a:be:1f:1b:63:
3c:6c:cf:95:2d:ed:4c:17:d3:a2:a0:ba:a4:9e:10:
01:20:26:49:92:a8:a6:47:53:86:45:a6:63:f7:45:
9c:23:33:2e:fb:66:68:6b:e6:9f:eb:10:80:b5:a0:
af:89:14:9f:64:31:a8:64:26:36:da:8d:17:61:67:
92:9a:f6:7c:82:6d:2b:68:82:60:42:71:8a:73:14:
9e:2d:18:ce:0d:1b:5c:c4:f9:50:22:67:e3:7e:fe:
bb:e0:4c:f6:06:cf:10:58:de:25:5b:a8:2c:41:82:
83:97:96:e2:76:79:67:08:c4:7e:b0:4a:f8:4b:1d:
bc:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:F3:0B:5A:31:9B:B7:6A:FE:90:15:FE:57:67:27:BD:5A:0F:E7:F1
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8141b7c7-3722-47fb-a87c-13473348f317.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8800::/38
Signature Algorithm: sha256WithRSAEncryption
56:2f:ac:10:13:a7:5e:0e:3a:f6:bf:38:a6:c4:f1:ab:f5:69:
63:92:19:19:66:bd:49:15:01:9a:ce:6a:18:f9:24:0d:9f:92:
9a:d4:4e:5a:24:68:ee:d0:bd:4e:2e:84:ea:3e:a6:48:44:8e:
a0:64:ad:4d:bf:68:e1:e5:bf:fc:4c:5c:c0:35:e8:af:64:c1:
7e:84:cf:61:a0:cd:89:63:5a:91:88:42:1f:86:44:05:ef:de:
ae:f3:2d:c2:d3:13:8a:4e:9a:b6:a6:e4:c1:08:96:07:32:1a:
5c:4e:e0:e0:54:c5:62:d0:7c:a0:a3:d2:a3:df:f1:e5:55:19:
db:14:c7:cf:cf:42:c7:7d:ee:5a:28:34:91:5b:71:ed:a4:75:
f1:c3:1f:d8:8a:e6:fd:af:1f:df:c6:23:1f:ae:60:13:cc:ab:
e4:3d:56:2a:15:71:58:c5:fd:93:51:79:bb:75:01:4c:e5:a1:
7e:d7:da:55:e1:ad:11:46:f4:17:4e:f6:01:5e:50:e9:f5:39:
eb:53:6c:11:7a:75:14:df:0a:5f:55:76:09:55:7e:85:c9:ff:
be:7f:33:d2:ee:10:e0:97:38:8c:ee:dd:f3:d7:e3:3c:24:67:
bb:9c:84:cc:e8:04:3e:31:0d:7f:7f:ce:6f:13:3b:70:74:51:
f5:e8:93:f2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI1v5P6/rxD26xBn0RhTmDDe4nucwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMDhaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMjI5ZTE2NWNiZGY3N2M5YzU5MWNjMDVlNTA4NWFjOGU0ZmEwMzY3OWFl
ZTJlMWMxNWUyZWEyOTY5NmE3OWUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL74NDRj0uRepUtGIpe4eL8rMyM5wiyERYalc+GL6/DWu78VUwD7j178M8ap
uoxLAxQSDVjwZCvFniDjY3AAz4oJKuswjHsoPZHKVGutS3UYqLsDPYe4D5xpYk5T
cmXIPcPya2kZDySiCMRCLggyK7sLK4VfGO8/Z2BH+GTtHpFhhhq+HxtjPGzPlS3t
TBfToqC6pJ4QASAmSZKopkdThkWmY/dFnCMzLvtmaGvmn+sQgLWgr4kUn2QxqGQm
NtqNF2Fnkpr2fIJtK2iCYEJxinMUni0Yzg0bXMT5UCJn437+u+BM9gbPEFjeJVuo
LEGCg5eW4nZ5ZwjEfrBK+EsdvFkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSW8wta
MZu3av6QFf5XZye9Wg/n8TAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ODE0MWI3YzctMzcyMi00N2ZiLWE4N2MtMTM0NzMzNDhmMzE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GI
MA0GCSqGSIb3DQEBCwUAA4IBAQBWL6wQE6deDjr2vzimxPGr9WljkhkZZr1JFQGa
zmoY+SQNn5Ka1E5aJGju0L1OLoTqPqZIRI6gZK1Nv2jh5b/8TFzANeivZMF+hM9h
oM2JY1qRiEIfhkQF796u8y3C0xOKTpq2puTBCJYHMhpcTuDgVMVi0Hygo9Kj3/Hl
VRnbFMfPz0LHfe5aKDSRW3HtpHXxwx/Yiub9rx/fxiMfrmATzKvkPVYqFXFYxf2T
UXm7dQFM5aF+19pV4a0RRvQXTvYBXlDp9TnrU2wRenUU3wpfVXYJVX6Fyf++fzPS
7hDglziM7t3z1+M8JGe7nITM6AQ+MQ1/f85vEztwdFH16JPy
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:27 2026 by rpki-client