Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
File: a217acb6-25db-4f7f-bed2-0251978424c1.roa (raw, json)
Hash identifier: 7ylEfnOA0m8f/DTosHAj+hm3Vb16DKf/5xBOjnULv4Q=
Subject key identifier: 56:3D:A1:F3:2E:DB:2F:08:96:D5:E8:CC:6A:BA:8B:57:BF:88:91:91
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3FB39B8D2C79198BC16A54F38D39571252C5C9E6
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
Signing time: Fri 20 Feb 2026 01:30:18 +0000
ROA not before: Fri 20 Feb 2026 01:30:18 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:b3:9b:8d:2c:79:19:8b:c1:6a:54:f3:8d:39:57:12:52:c5:c9:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:18 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=fa3d4ac841eac0a54fcbc597772f4bf3e0546c0dbff5262e89eeb96fa4273a6c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:5d:6e:77:98:21:6a:c3:1f:7e:ae:ef:56:36:
c5:ab:05:db:7d:02:e6:33:14:9b:9e:ec:4c:f2:07:
7b:ad:96:e8:57:7a:e7:67:af:a3:eb:b3:78:9d:aa:
2e:25:3b:c8:32:b9:01:3b:ba:e6:65:a8:e4:cb:ba:
8e:aa:0a:47:a9:c1:d6:90:54:1a:68:d8:93:46:78:
67:84:0a:a4:24:bd:92:51:95:c8:eb:0e:30:8f:bb:
88:a7:d5:b3:5c:56:f4:7f:15:0c:7d:fb:d4:64:e0:
6c:f3:ab:fc:7f:d2:db:89:b6:f1:fd:92:16:6b:77:
cf:8c:fc:4e:d3:86:d2:70:09:f4:f3:4a:5a:a7:2f:
67:d0:40:7f:d1:9c:19:f7:87:55:06:04:e8:b8:bf:
44:fb:86:2f:0e:fb:23:00:dd:9e:c3:17:bb:c6:fa:
9a:66:a4:7e:37:f2:87:f4:17:40:8b:11:2d:93:25:
4f:00:3e:54:0a:5b:5e:87:d1:45:dc:fe:69:14:e6:
a3:7a:a8:c6:c5:b7:0c:ba:57:f6:57:a6:64:bd:0c:
17:b4:87:98:e5:8a:b5:c5:03:f8:64:8b:97:c4:7c:
b4:3a:36:5a:d5:cc:6c:f8:35:86:1c:34:08:13:d9:
3b:16:15:01:9a:94:a0:34:64:36:94:cf:dd:02:36:
73:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:3D:A1:F3:2E:DB:2F:08:96:D5:E8:CC:6A:BA:8B:57:BF:88:91:91
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:840::/48
Signature Algorithm: sha256WithRSAEncryption
ba:14:35:47:5c:47:02:78:39:76:56:ab:71:17:fd:3f:48:47:
52:34:fc:bb:a5:5f:b0:32:4e:6f:ce:6c:f5:c1:ec:eb:64:73:
06:68:8e:24:21:75:4d:24:02:5c:38:50:83:86:4f:50:b0:ea:
7c:da:d4:fe:d2:2d:6d:da:61:12:22:b1:60:ea:94:ef:cd:ae:
b3:cc:d1:ae:48:dd:94:d9:85:1b:50:40:89:37:c4:1a:9d:f3:
9e:3f:06:6a:49:37:0c:01:40:5d:11:a6:22:26:9a:57:b0:37:
8e:74:e9:db:df:15:e6:61:5d:de:69:7b:80:8a:f3:e0:50:30:
91:d0:02:fe:3d:56:68:53:dc:11:09:91:ef:83:29:08:a0:d1:
44:78:c2:af:ca:ea:02:4e:57:d5:38:12:12:9d:a1:da:3b:f3:
3d:5d:20:d2:03:ba:62:5e:cb:4d:02:48:2d:91:7e:9f:48:8c:
68:ab:cb:6c:20:8c:cd:1d:a1:cb:99:19:0a:f3:05:b6:2d:6f:
6d:77:69:f0:50:30:2e:aa:a6:f0:6a:6e:47:3c:9c:b7:ae:c8:
8e:66:7e:f3:8e:6b:2d:38:04:bc:b7:6e:d7:16:47:f7:8e:f3:
94:67:e9:48:5a:f1:d7:8f:3a:88:91:5e:e7:9c:30:09:f5:20:
48:14:78:27
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUP7ObjSx5GYvBalTzjTlXElLFyeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwMThaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhM2Q0YWM4NDFlYWMwYTU0ZmNiYzU5Nzc3MmY0YmYzZTA1NDZjMGRiZmY1
MjYyZTg5ZWViOTZmYTQyNzNhNmMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpdbneYIWrDH36u71Y2xasF230C5jMUm57sTPIHe62W6Fd652evo+uzeJ2q
LiU7yDK5ATu65mWo5Mu6jqoKR6nB1pBUGmjYk0Z4Z4QKpCS9klGVyOsOMI+7iKfV
s1xW9H8VDH371GTgbPOr/H/S24m28f2SFmt3z4z8TtOG0nAJ9PNKWqcvZ9BAf9Gc
GfeHVQYE6Li/RPuGLw77IwDdnsMXu8b6mmakfjfyh/QXQIsRLZMlTwA+VApbXofR
Rdz+aRTmo3qoxsW3DLpX9lemZL0MF7SHmOWKtcUD+GSLl8R8tDo2WtXMbPg1hhw0
CBPZOxYVAZqUoDRkNpTP3QI2c98CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRWPaHz
LtsvCJbV6MxquotXv4iRkTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTIxN2FjYjYtMjVkYi00ZjdmLWJlZDItMDI1MTk3ODQyNGMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
QDANBgkqhkiG9w0BAQsFAAOCAQEAuhQ1R1xHAng5dlarcRf9P0hHUjT8u6VfsDJO
b85s9cHs62RzBmiOJCF1TSQCXDhQg4ZPULDqfNrU/tItbdphEiKxYOqU782us8zR
rkjdlNmFG1BAiTfEGp3znj8Gakk3DAFAXRGmIiaaV7A3jnTp298V5mFd3ml7gIrz
4FAwkdAC/j1WaFPcEQmR74MpCKDRRHjCr8rqAk5X1TgSEp2h2jvzPV0g0gO6Yl7L
TQJILZF+n0iMaKvLbCCMzR2hy5kZCvMFti1vbXdp8FAwLqqm8GpuRzyct67IjmZ+
845rLTgEvLdu1xZH947zlGfpSFrx1486iJFe55wwCfUgSBR4Jw==
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:32 2026 by rpki-client