Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
File: a58b6238-ef14-49df-aad0-16d332405e96.roa (raw, json)
Hash identifier: wmaBJvzFxBDrR7ANH8jzSxaQh4lInl2+j2sAMERVhSQ=
Subject key identifier: 11:F8:67:43:06:C3:34:9B:C6:7B:32:49:8B:CF:98:B5:37:8B:69:40
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3E3F3F03DF6519C17606ADFD0787CC8EC361E174
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
Signing time: Fri 20 Feb 2026 01:30:49 +0000
ROA not before: Fri 20 Feb 2026 01:30:49 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:3f:3f:03:df:65:19:c1:76:06:ad:fd:07:87:cc:8e:c3:61:e1:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:49 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=ba4d59999d87c955787e0d37edbbde69c8c73dac72f7ce5b72608cb0c869a97e, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:0a:35:e2:b5:2a:f1:d6:7c:39:cd:5b:6f:a0:
25:7a:00:06:2d:29:1c:a7:5f:47:75:c9:8a:95:7d:
0e:2f:2a:6e:64:ef:c4:f8:2f:f8:10:bb:26:17:25:
80:6d:4b:6c:4c:8f:00:9d:a0:77:73:a2:65:76:b2:
b3:45:10:7f:42:01:f6:44:2e:29:37:7b:ce:67:83:
a8:75:5e:ee:71:dd:2a:12:bb:83:9d:7b:c0:84:b4:
1b:de:1d:51:6f:ce:f4:ed:e2:43:bb:57:a0:e4:f9:
e4:b5:eb:b2:15:24:6b:7b:b9:f2:8b:d9:54:80:a1:
52:65:6e:b8:22:2f:24:d9:08:5f:4a:a8:0f:26:2a:
46:5b:fa:f1:19:05:92:e5:79:0c:fb:5f:86:e5:d6:
90:ce:5e:c3:0f:87:5f:cd:d5:ef:59:29:68:86:a9:
8d:0c:f4:ec:27:d9:7b:11:03:4e:16:47:98:7b:b7:
10:0f:ee:e7:33:e7:e2:1d:f7:70:a9:16:ff:62:fe:
28:10:1e:16:80:5f:16:a9:d0:e7:35:b9:49:8d:cc:
71:9f:c1:9f:ff:6e:4b:10:2f:ba:4f:85:95:b9:d8:
fa:10:67:27:e9:0c:0e:e3:a8:fb:19:93:02:20:ba:
68:32:a4:0b:3c:4c:11:5e:46:fe:5c:79:ce:9f:5e:
c9:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:F8:67:43:06:C3:34:9B:C6:7B:32:49:8B:CF:98:B5:37:8B:69:40
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:1000::/36
Signature Algorithm: sha256WithRSAEncryption
59:2d:e2:6d:93:6d:1a:b6:62:e7:e4:29:c4:c1:84:ed:cc:b4:
2c:ac:bf:54:09:68:ec:e9:02:63:c5:0c:08:12:f6:3e:97:d1:
ff:1c:ad:8f:f0:a7:ca:65:4f:0e:1d:2d:6b:ac:78:d2:6b:db:
08:fc:2d:42:e0:ed:fc:a4:c4:fa:4a:8b:80:76:42:84:cd:e6:
6b:f9:ab:25:31:90:0a:c5:2c:1f:1d:c2:7f:90:20:3e:99:d5:
9f:c9:0e:71:aa:d6:3f:36:00:da:bb:e1:33:5d:02:e9:cf:c1:
5c:ac:b9:67:2c:00:7d:fa:3b:bc:11:0c:3b:0d:0e:10:43:22:
9d:b5:c9:67:cc:b4:b2:a4:7e:91:9c:8e:a1:4f:e1:72:20:60:
34:f8:36:d9:c8:b5:2a:9b:2e:e1:e6:f5:d5:05:fd:8f:86:c3:
be:2d:23:3b:93:7e:f3:4f:45:73:60:1b:a5:24:f8:20:62:81:
62:1d:16:de:ce:f5:b4:ae:56:c6:cd:4c:a5:d9:b8:03:94:1c:
d5:95:b6:96:d2:65:f2:98:0d:7c:e3:e2:0e:fb:0b:bb:c2:0e:
68:5e:c3:ff:d0:6a:9e:e7:84:da:23:f8:f6:96:7d:1f:a8:65:
e0:52:9f:54:27:70:dd:b6:30:95:ce:b8:87:39:d3:6f:fa:61:
9f:31:a7:95
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPj8/A99lGcF2Bq39B4fMjsNh4XQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNDlaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhNGQ1OTk5OWQ4N2M5NTU3ODdlMGQzN2VkYmJkZTY5YzhjNzNkYWM3MmY3
Y2U1YjcyNjA4Y2IwYzg2OWE5N2UxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgKNeK1KvHWfDnNW2+gJXoABi0pHKdfR3XJipV9Di8qbmTvxPgv+BC7Jhcl
gG1LbEyPAJ2gd3OiZXays0UQf0IB9kQuKTd7zmeDqHVe7nHdKhK7g517wIS0G94d
UW/O9O3iQ7tXoOT55LXrshUka3u58ovZVIChUmVuuCIvJNkIX0qoDyYqRlv68RkF
kuV5DPtfhuXWkM5eww+HX83V71kpaIapjQz07CfZexEDThZHmHu3EA/u5zPn4h33
cKkW/2L+KBAeFoBfFqnQ5zW5SY3McZ/Bn/9uSxAvuk+FlbnY+hBnJ+kMDuOo+xmT
AiC6aDKkCzxMEV5G/lx5zp9eyZECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQR+GdD
BsM0m8Z7MkmLz5i1N4tpQDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTU4YjYyMzgtZWYxNC00OWRmLWFhZDAtMTZkMzMyNDA1ZTk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBZLeJtk20atmLn5CnEwYTtzLQsrL9UCWjs6QJj
xQwIEvY+l9H/HK2P8KfKZU8OHS1rrHjSa9sI/C1C4O38pMT6SouAdkKEzeZr+asl
MZAKxSwfHcJ/kCA+mdWfyQ5xqtY/NgDau+EzXQLpz8FcrLlnLAB9+ju8EQw7DQ4Q
QyKdtclnzLSypH6RnI6hT+FyIGA0+DbZyLUqmy7h5vXVBf2PhsO+LSM7k37zT0Vz
YBulJPggYoFiHRbezvW0rlbGzUyl2bgDlBzVlbaW0mXymA184+IO+wu7wg5oXsP/
0Gqe54TaI/j2ln0fqGXgUp9UJ3DdtjCVzriHOdNv+mGfMaeV
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:31 2026 by rpki-client