Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
File: a0285121-a068-4bba-9eaa-0bf4b963158a.roa (raw, json)
Hash identifier: Tmiq6aqKcBK60bDTGsFZ1Yo/B4tH5Ub/TpoVWgDWAXY=
Subject key identifier: B7:78:64:E6:1F:7B:4B:8E:99:43:C0:32:35:F8:56:FA:E2:B9:2A:7E
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 236F393F01C0EC579C16BFEE2A8B8B6FB17C389D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
Signing time: Fri 20 Feb 2026 01:40:25 +0000
ROA not before: Fri 20 Feb 2026 01:40:25 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:100::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:6f:39:3f:01:c0:ec:57:9c:16:bf:ee:2a:8b:8b:6f:b1:7c:38:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:25 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=83fcea4137cf33cd7164ab645c6657960df2e8936110fa6049e5128eafbcab71, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:2a:65:1a:9f:df:95:48:29:ec:9d:6d:50:76:
0d:c9:58:d9:e8:d2:22:36:63:5c:29:fe:e8:d5:5d:
e4:84:29:fb:2a:58:67:1a:50:e7:f8:5f:37:55:8e:
3c:48:6c:bb:b1:76:43:b8:03:dc:9b:4c:2a:32:8e:
76:f4:7b:3b:f4:2a:b8:f3:ec:63:fa:f8:1f:fd:98:
45:f7:ee:d3:1b:48:45:0c:61:de:13:5e:10:59:e8:
98:9f:a9:35:7d:96:f8:34:40:6f:0d:a2:05:67:d5:
d4:b8:5a:48:76:1e:22:4c:a3:c5:4b:c4:74:3a:a4:
4a:81:f6:59:22:38:30:22:61:d5:4c:48:76:c4:67:
f6:5f:71:02:31:b6:65:e5:17:58:39:db:d3:30:e1:
e2:81:bb:61:ae:bb:4a:04:e3:76:4a:9b:d6:14:1c:
9f:59:64:9e:35:cd:cc:5c:21:3a:5b:ba:6d:b8:c2:
42:ff:46:10:91:34:aa:3b:8f:8a:74:94:bd:51:70:
30:55:77:c7:17:aa:b4:d8:e3:44:bc:52:b5:21:18:
77:58:e6:40:5c:b3:94:ed:55:2b:f8:d8:db:f1:0f:
cf:16:1f:94:9b:2c:5d:d1:00:0f:cc:9c:8c:5d:09:
56:63:23:b9:a5:c6:5e:b7:c2:82:99:16:4e:43:05:
53:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:78:64:E6:1F:7B:4B:8E:99:43:C0:32:35:F8:56:FA:E2:B9:2A:7E
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:100::/44
Signature Algorithm: sha256WithRSAEncryption
43:bc:ef:12:04:a1:fe:e4:64:79:2f:6d:83:16:35:5f:16:bb:
ed:24:6f:31:1a:99:4b:0b:30:4d:da:f1:d3:1c:32:5d:e4:ff:
ee:92:87:15:9b:d5:dc:4e:c1:47:78:5f:d7:de:43:14:68:f9:
5c:f5:92:d3:d0:27:a5:b9:f9:7c:d0:87:13:d1:a9:45:81:eb:
ef:5b:1d:ee:c9:41:47:c7:cb:0a:0f:4e:9c:df:f7:41:45:b3:
30:92:76:b1:07:34:61:5a:ac:c0:a2:25:75:9b:3a:7c:56:e7:
39:59:b1:91:bd:c2:b4:59:21:b9:c5:06:8a:58:94:bd:f2:e8:
ef:88:3b:6e:e8:27:e4:84:d3:1d:79:32:99:10:e2:7b:76:a3:
dd:5a:2c:1c:92:d4:4d:65:4b:98:c6:0b:bd:eb:be:ed:2e:e5:
94:cc:69:92:6c:79:9e:b0:98:29:c8:e5:16:40:f4:2f:bb:cb:
92:50:4a:88:c8:2a:e9:d1:18:e1:79:89:b3:d1:83:82:e0:12:
b3:0b:9d:27:5d:eb:9b:be:58:9b:17:1b:cc:86:1c:fa:39:54:
63:41:3e:a3:eb:62:04:8e:66:11:3d:55:b2:87:10:8e:4d:96:
5d:b6:b1:0a:79:85:17:7a:d4:90:35:43:19:b9:78:03:e3:b2:
f2:86:a8:b1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUI285PwHA7FecFr/uKouLb7F8OJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjVaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzZmNlYTQxMzdjZjMzY2Q3MTY0YWI2NDVjNjY1Nzk2MGRmMmU4OTM2MTEw
ZmE2MDQ5ZTUxMjhlYWZiY2FiNzExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKcqZRqf35VIKeydbVB2DclY2ejSIjZjXCn+6NVd5IQp+ypYZxpQ5/hfN1WO
PEhsu7F2Q7gD3JtMKjKOdvR7O/QquPPsY/r4H/2YRffu0xtIRQxh3hNeEFnomJ+p
NX2W+DRAbw2iBWfV1LhaSHYeIkyjxUvEdDqkSoH2WSI4MCJh1UxIdsRn9l9xAjG2
ZeUXWDnb0zDh4oG7Ya67SgTjdkqb1hQcn1lknjXNzFwhOlu6bbjCQv9GEJE0qjuP
inSUvVFwMFV3xxeqtNjjRLxStSEYd1jmQFyzlO1VK/jY2/EPzxYflJssXdEAD8yc
jF0JVmMjuaXGXrfCgpkWTkMFUxkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS3eGTm
H3tLjplDwDI1+Fb64rkqfjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTAyODUxMjEtYTA2OC00YmJhLTllYWEtMGJmNGI5NjMxNThhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCABP8YB
ADANBgkqhkiG9w0BAQsFAAOCAQEAQ7zvEgSh/uRkeS9tgxY1Xxa77SRvMRqZSwsw
Tdrx0xwyXeT/7pKHFZvV3E7BR3hf195DFGj5XPWS09Anpbn5fNCHE9GpRYHr71sd
7slBR8fLCg9OnN/3QUWzMJJ2sQc0YVqswKIldZs6fFbnOVmxkb3CtFkhucUGiliU
vfLo74g7bugn5ITTHXkymRDie3aj3VosHJLUTWVLmMYLveu+7S7llMxpkmx5nrCY
KcjlFkD0L7vLklBKiMgq6dEY4XmJs9GDguASswudJ13rm75YmxcbzIYc+jlUY0E+
o+tiBI5mET1VsocQjk2WXbaxCnmFF3rUkDVDGbl4A+Oy8oaosQ==
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:41 2026 by rpki-client