Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b1191abf-2871-473a-8ee2-a2089f6894a7.roa
File: b1191abf-2871-473a-8ee2-a2089f6894a7.roa (raw, json)
Hash identifier: TYFdA6l9qBHq/ot100uteq/svafVYGsieqmwpcV6N68=
Subject key identifier: 54:BE:96:92:92:5A:1C:DF:DC:CE:44:F2:C2:A3:FD:F3:DF:B3:BE:65
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 09764D315BA482887943902291DC15C9401C139D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b1191abf-2871-473a-8ee2-a2089f6894a7.roa
Signing time: Fri 20 Feb 2026 01:40:28 +0000
ROA not before: Fri 20 Feb 2026 01:40:28 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:2840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:76:4d:31:5b:a4:82:88:79:43:90:22:91:dc:15:c9:40:1c:13:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:28 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=4432d35c9df9f7130a77ca5160374dd08f958a2fdbca838580c09304f36a265a, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:9b:cd:52:99:9e:79:31:d3:bb:d6:28:82:ea:
6e:d4:45:4a:5a:ff:8c:71:95:77:d6:8c:6e:69:70:
e7:1b:b7:8b:a0:56:c3:c2:a3:df:db:bc:ac:39:80:
d9:b0:60:56:f2:95:58:7f:04:1b:35:0f:9c:d4:d0:
61:49:ac:21:79:81:ff:8c:39:ee:fd:fa:d7:0e:56:
28:a4:3c:65:bb:61:a4:8e:27:cf:3b:47:63:04:63:
76:25:dd:24:c0:07:fb:ff:47:33:a1:2f:1e:a9:89:
58:e3:f0:d8:56:da:e7:68:ca:c8:8d:45:3f:f6:25:
56:b1:97:0d:76:8a:dd:fa:3e:34:81:1c:13:06:f7:
1a:07:49:2b:fa:75:04:ec:03:f8:81:24:7e:9d:a4:
32:92:da:1f:88:64:9e:df:f5:8e:42:af:a5:fb:71:
74:59:17:68:4f:0e:aa:e7:19:88:40:a8:13:ad:04:
00:80:47:58:0e:bf:80:a4:a7:f4:11:8a:e9:a8:56:
12:02:1f:d7:0d:b3:d9:ba:38:20:bf:ad:02:83:26:
0c:7e:2e:2e:99:19:ed:52:41:26:7d:87:66:3a:9d:
a8:66:24:47:18:f7:47:8c:ca:a3:67:f3:59:37:62:
47:3c:90:27:19:f6:14:02:f2:46:06:e2:ab:9c:52:
89:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:BE:96:92:92:5A:1C:DF:DC:CE:44:F2:C2:A3:FD:F3:DF:B3:BE:65
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b1191abf-2871-473a-8ee2-a2089f6894a7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:2840::/48
Signature Algorithm: sha256WithRSAEncryption
35:01:68:68:7d:0f:b0:d6:1f:94:a0:8f:25:d4:36:24:5d:da:
d4:63:15:a9:30:ff:8f:03:72:9f:ea:f2:d2:21:71:66:55:54:
9c:85:29:a8:88:47:f7:1b:99:e2:fc:f7:e1:7d:b7:40:6d:05:
ab:03:f9:45:30:ae:1d:58:db:ae:06:96:76:51:f8:14:85:ee:
fd:1b:00:3f:7e:d4:1e:91:6e:74:0b:15:7b:66:38:d0:4f:2c:
98:cf:00:e3:48:fc:b4:3a:23:07:39:d7:e0:c4:64:ca:51:e0:
d7:45:b4:30:1d:bd:b2:37:d1:7a:67:ea:5f:93:7b:60:7b:5a:
b8:6d:19:cb:c2:6f:d5:cb:71:0c:4c:97:29:33:6e:4f:ac:25:
96:cd:a8:da:85:45:69:8b:80:5b:67:d7:9a:57:4b:14:5f:60:
90:11:c7:7e:c5:e7:32:aa:b0:0b:f6:97:8a:c5:51:d5:da:02:
d5:0d:fb:b1:37:31:4d:fa:2b:a5:c4:b3:f6:5d:af:ef:f8:de:
73:7d:83:d6:f7:52:12:a4:bc:36:4f:04:88:c0:4d:da:8f:da:
91:8f:0b:86:8c:70:44:55:38:64:00:f7:77:97:6a:2b:f3:69:
07:2f:32:62:65:12:fe:28:1f:8f:a2:54:17:e4:3b:fa:fa:5b:
9f:15:b5:52
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCXZNMVukgoh5Q5AikdwVyUAcE50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjhaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0MzJkMzVjOWRmOWY3MTMwYTc3Y2E1MTYwMzc0ZGQwOGY5NThhMmZkYmNh
ODM4NTgwYzA5MzA0ZjM2YTI2NWExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGbzVKZnnkx07vWKILqbtRFSlr/jHGVd9aMbmlw5xu3i6BWw8Kj39u8rDmA
2bBgVvKVWH8EGzUPnNTQYUmsIXmB/4w57v361w5WKKQ8ZbthpI4nzztHYwRjdiXd
JMAH+/9HM6EvHqmJWOPw2Fba52jKyI1FP/YlVrGXDXaK3fo+NIEcEwb3GgdJK/p1
BOwD+IEkfp2kMpLaH4hknt/1jkKvpftxdFkXaE8OqucZiECoE60EAIBHWA6/gKSn
9BGK6ahWEgIf1w2z2bo4IL+tAoMmDH4uLpkZ7VJBJn2HZjqdqGYkRxj3R4zKo2fz
WTdiRzyQJxn2FALyRgbiq5xSiX8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRUvpaS
kloc39zORPLCo/3z37O+ZTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YjExOTFhYmYtMjg3MS00NzNhLThlZTItYTIwODlmNjg5NGE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
QDANBgkqhkiG9w0BAQsFAAOCAQEANQFoaH0PsNYflKCPJdQ2JF3a1GMVqTD/jwNy
n+ry0iFxZlVUnIUpqIhH9xuZ4vz34X23QG0FqwP5RTCuHVjbrgaWdlH4FIXu/RsA
P37UHpFudAsVe2Y40E8smM8A40j8tDojBznX4MRkylHg10W0MB29sjfRemfqX5N7
YHtauG0Zy8Jv1ctxDEyXKTNuT6wlls2o2oVFaYuAW2fXmldLFF9gkBHHfsXnMqqw
C/aXisVR1doC1Q37sTcxTforpcSz9l2v7/jec32D1vdSEqS8Nk8EiMBN2o/akY8L
hoxwRFU4ZAD3d5dqK/NpBy8yYmUS/igfj6JUF+Q7+vpbnxW1Ug==
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:30 2026 by rpki-client