Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa
File: a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa (raw, json)
Hash identifier: Bg7KVuXKymg/+lEZ3EtSJKqGpOewipMJhZkxETYyTRM=
Subject key identifier: 8B:4A:80:F5:59:F1:57:5B:5A:21:BD:A3:07:5B:D9:2D:DF:82:19:40
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 03232A22663AAFADA2A529CE20D55D30E34D3FD0
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa
Signing time: Fri 20 Feb 2026 01:30:47 +0000
ROA not before: Fri 20 Feb 2026 01:30:47 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:23:2a:22:66:3a:af:ad:a2:a5:29:ce:20:d5:5d:30:e3:4d:3f:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:47 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=95744903b360df35f155c1247e595ffce2e8f0225d6eff3bdcae4f234468fedf, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:f9:54:e6:61:70:ac:ce:b3:15:db:bc:ab:1d:
96:0b:3d:ac:0a:7e:53:42:d3:54:cc:e7:cf:fa:ea:
a0:a7:c6:69:37:23:41:67:ce:c4:34:a7:eb:89:27:
1f:d3:2a:7c:00:d0:66:ea:4c:9a:a2:80:1c:83:e3:
ef:5a:d9:b3:16:54:e5:09:5f:02:bf:60:eb:46:76:
a0:ae:42:db:04:3b:d8:63:b5:bb:e8:ce:ec:39:76:
c4:91:90:8d:ac:82:04:6d:fa:f8:1f:e5:06:db:76:
c1:8f:69:b6:cb:45:34:77:43:50:f3:bf:56:ce:27:
7b:b1:ba:5b:7c:95:6b:73:ff:f9:be:34:f3:e7:0a:
80:b4:d5:4d:bd:86:7c:6b:c4:38:8a:2a:33:c9:db:
b1:12:a9:5b:cb:94:7e:01:15:19:e9:ac:c8:d0:0d:
ae:ef:13:7b:0f:71:ce:55:f7:de:83:72:11:77:68:
7b:7f:3a:e6:28:21:8c:73:b0:44:77:06:3d:a0:d7:
c9:24:e4:54:f5:c6:7b:a6:a5:fb:a9:64:73:89:e8:
c4:75:5e:1f:bb:6d:ba:11:90:b6:37:1e:47:32:26:
a9:87:c6:52:e5:91:70:f8:7e:41:ab:7d:b9:80:a3:
57:2a:05:c7:36:0a:1a:e7:23:86:e4:1f:b5:56:11:
79:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:4A:80:F5:59:F1:57:5B:5A:21:BD:A3:07:5B:D9:2D:DF:82:19:40
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8400::/38
Signature Algorithm: sha256WithRSAEncryption
bf:4a:2c:3e:73:1f:76:58:88:f2:a8:14:2b:02:4c:d0:1e:7b:
02:b6:b1:37:34:27:12:1d:b6:2d:b8:fc:dc:e9:47:97:cd:4c:
50:40:b6:65:9e:79:d1:b8:ef:a9:8f:a6:c0:14:a0:e7:0a:f8:
1c:ba:bc:b6:1b:09:ad:86:fa:41:49:48:22:4f:b0:99:08:4c:
03:f7:69:a3:3a:c9:15:b7:e3:02:69:9a:8b:4e:7f:98:e9:c8:
6f:fd:96:c7:04:4d:2b:0f:1a:ab:16:02:24:7b:9c:10:ce:43:
04:2d:c6:99:0c:18:5c:25:9e:08:60:bc:08:00:29:12:5b:f4:
54:0c:4d:b5:7a:a3:70:d6:e2:e5:1d:d8:c8:ed:5a:03:63:1e:
3d:c7:7b:55:54:1f:37:78:ef:ed:a3:cb:25:53:68:20:3c:c2:
89:99:ff:85:44:4b:e5:b9:24:06:91:16:68:dd:b2:3c:a5:9d:
38:fc:eb:a6:d4:39:e6:e1:a1:d5:18:c7:3e:bc:be:11:dd:28:
74:43:42:4c:c5:bb:4d:c9:ea:31:29:a6:88:d3:a9:18:fb:c0:
e4:f1:e1:ed:6f:e2:d2:ed:a7:7e:f1:b3:48:0d:aa:39:9b:b7:
04:d4:bc:b7:80:c6:9e:41:e1:90:26:07:c8:a3:b2:95:8d:57:
7c:aa:9b:c4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAyMqImY6r62ipSnOINVdMONNP9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwNDdaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk1NzQ0OTAzYjM2MGRmMzVmMTU1YzEyNDdlNTk1ZmZjZTJlOGYwMjI1ZDZl
ZmYzYmRjYWU0ZjIzNDQ2OGZlZGYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKD5VOZhcKzOsxXbvKsdlgs9rAp+U0LTVMznz/rqoKfGaTcjQWfOxDSn64kn
H9MqfADQZupMmqKAHIPj71rZsxZU5QlfAr9g60Z2oK5C2wQ72GO1u+jO7Dl2xJGQ
jayCBG36+B/lBtt2wY9ptstFNHdDUPO/Vs4ne7G6W3yVa3P/+b408+cKgLTVTb2G
fGvEOIoqM8nbsRKpW8uUfgEVGemsyNANru8Tew9xzlX33oNyEXdoe3865ighjHOw
RHcGPaDXySTkVPXGe6al+6lkc4noxHVeH7ttuhGQtjceRzImqYfGUuWRcPh+Qat9
uYCjVyoFxzYKGucjhuQftVYReckCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSLSoD1
WfFXW1ohvaMHW9kt34IZQDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTdmZDI4Y2MtYmU2Yy00ZWMyLTg0NWEtYzE1OTVjMmNmZDIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GE
MA0GCSqGSIb3DQEBCwUAA4IBAQC/Siw+cx92WIjyqBQrAkzQHnsCtrE3NCcSHbYt
uPzc6UeXzUxQQLZlnnnRuO+pj6bAFKDnCvgcury2GwmthvpBSUgiT7CZCEwD92mj
OskVt+MCaZqLTn+Y6chv/ZbHBE0rDxqrFgIke5wQzkMELcaZDBhcJZ4IYLwIACkS
W/RUDE21eqNw1uLlHdjI7VoDYx49x3tVVB83eO/to8slU2ggPMKJmf+FREvluSQG
kRZo3bI8pZ04/Oum1Dnm4aHVGMc+vL4R3Sh0Q0JMxbtNyeoxKaaI06kY+8Dk8eHt
b+LS7ad+8bNIDao5m7cE1Ly3gMaeQeGQJgfIo7KVjVd8qpvE
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:29:49 2026 by rpki-client