Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
File: a9974ff0-62d1-4203-bf68-04eb8602d197.roa (raw, json)
Hash identifier: Dtbjbhu0jUu1frt1losk8kSH1IwI9eyLxQ418xofy3I=
Subject key identifier: 9B:E7:00:8C:F3:48:D6:B3:65:8B:9B:37:91:91:2C:C6:B5:B3:D9:51
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 19E455C717A3932BEEFAD22F5872B10D7D72D989
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
Signing time: Fri 20 Feb 2026 01:30:17 +0000
ROA not before: Fri 20 Feb 2026 01:30:17 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:7000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:e4:55:c7:17:a3:93:2b:ee:fa:d2:2f:58:72:b1:0d:7d:72:d9:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:17 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=846d5709f18a70451361c41a6e2a24f04728df34808b93de1271aed569248394, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:dc:a0:bf:0a:4e:e1:ea:0f:f7:fa:8a:2a:e6:
47:3c:92:5e:58:07:4b:4f:cf:f1:98:1c:4f:19:c8:
f3:8b:7d:fa:49:77:04:84:4a:1e:34:8e:12:a0:2e:
26:89:2c:ae:f2:12:c5:47:68:d6:cf:79:3c:a9:bf:
02:29:2e:d4:da:37:ee:1a:18:a6:44:07:51:06:7c:
1e:f9:ee:87:26:ea:e5:b7:89:0e:44:b1:7f:e8:f1:
a7:fc:fd:12:e6:9f:09:25:e4:bf:99:ba:15:eb:0b:
8c:fd:e1:05:17:c4:37:c2:96:72:54:16:2b:cb:f0:
70:aa:0e:af:14:88:6f:58:c6:cb:80:bb:fb:d0:05:
aa:06:be:40:69:12:35:67:be:90:b1:69:00:a8:cc:
0c:73:3b:5a:0f:89:f1:64:2b:e7:0d:42:e0:56:fa:
b6:24:99:5e:5a:c9:9a:19:85:df:91:84:e3:d3:b2:
d6:bf:a4:7b:c1:70:64:b1:68:4f:61:9c:be:68:dc:
74:93:d4:f8:b4:5e:01:03:70:0f:d2:90:4c:07:6d:
72:9c:f3:a8:6f:9b:c0:4a:70:77:f4:f3:47:0c:3e:
01:fa:9a:5a:50:58:d6:3c:0c:d4:b6:55:a7:80:2d:
18:84:bb:da:45:3b:8c:c7:69:6a:09:b0:b7:5b:13:
86:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:E7:00:8C:F3:48:D6:B3:65:8B:9B:37:91:91:2C:C6:B5:B3:D9:51
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:7000::/36
Signature Algorithm: sha256WithRSAEncryption
34:19:7f:40:a7:e7:24:d9:f0:7f:ab:cf:fe:0a:35:bf:3f:75:
99:20:81:30:34:d6:01:81:7c:70:91:b0:4b:90:3c:bf:91:1e:
48:74:f3:bd:d2:b7:72:31:bb:00:ba:3a:c5:3d:3a:34:65:57:
5c:3a:b5:19:4e:04:32:04:85:4b:67:49:5b:93:6a:b8:ee:ca:
6c:70:2a:30:fa:b6:ca:c5:04:d1:f9:4a:e1:12:61:6f:3e:12:
d5:c5:c4:b4:ef:04:da:06:07:a3:87:da:f4:bd:e4:56:fc:eb:
c0:9b:74:76:77:ba:bd:22:de:79:ac:84:42:43:72:06:51:d3:
7d:88:e2:4c:e3:79:64:03:26:8d:b4:59:62:cc:c5:b3:2a:c5:
9b:92:80:bc:e6:8f:a6:8b:8d:17:2a:70:f0:1b:82:c3:fb:c1:
9b:f7:ff:cd:fd:b2:80:c2:af:96:d2:c0:79:e6:9a:85:bb:93:
e7:e5:ac:96:02:02:92:d9:ed:11:d1:12:f2:de:0c:8e:91:15:
4d:39:cd:73:14:bb:ca:a6:9f:1c:b7:b7:84:0a:1e:09:8a:97:
1f:ff:c0:66:96:77:70:d2:57:03:98:63:62:d5:81:e7:f2:8c:
2e:95:7a:79:4d:1c:04:ea:65:9f:7d:7c:19:29:1f:b4:eb:f5:
76:ec:65:aa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGeRVxxejkyvu+tIvWHKxDX1y2YkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwMTdaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0NmQ1NzA5ZjE4YTcwNDUxMzYxYzQxYTZlMmEyNGYwNDcyOGRmMzQ4MDhi
OTNkZTEyNzFhZWQ1NjkyNDgzOTQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJncoL8KTuHqD/f6iirmRzySXlgHS0/P8ZgcTxnI84t9+kl3BIRKHjSOEqAu
JoksrvISxUdo1s95PKm/Aiku1No37hoYpkQHUQZ8Hvnuhybq5beJDkSxf+jxp/z9
EuafCSXkv5m6FesLjP3hBRfEN8KWclQWK8vwcKoOrxSIb1jGy4C7+9AFqga+QGkS
NWe+kLFpAKjMDHM7Wg+J8WQr5w1C4Fb6tiSZXlrJmhmF35GE49Oy1r+ke8FwZLFo
T2GcvmjcdJPU+LReAQNwD9KQTAdtcpzzqG+bwEpwd/TzRww+AfqaWlBY1jwM1LZV
p4AtGIS72kU7jMdpagmwt1sThn0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSb5wCM
80jWs2WLmzeRkSzGtbPZUTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTk5NzRmZjAtNjJkMS00MjAzLWJmNjgtMDRlYjg2MDJkMTk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dw
MA0GCSqGSIb3DQEBCwUAA4IBAQA0GX9Ap+ck2fB/q8/+CjW/P3WZIIEwNNYBgXxw
kbBLkDy/kR5IdPO90rdyMbsAujrFPTo0ZVdcOrUZTgQyBIVLZ0lbk2q47spscCow
+rbKxQTR+UrhEmFvPhLVxcS07wTaBgejh9r0veRW/OvAm3R2d7q9It55rIRCQ3IG
UdN9iOJM43lkAyaNtFlizMWzKsWbkoC85o+mi40XKnDwG4LD+8Gb9//N/bKAwq+W
0sB55pqFu5Pn5ayWAgKS2e0R0RLy3gyOkRVNOc1zFLvKpp8ct7eECh4Jipcf/8Bm
lndw0lcDmGNi1YHn8owulXp5TRwE6mWffXwZKR+06/V27GWq
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:39 2026 by rpki-client