Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa
File: b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa (raw, json)
Hash identifier: kdZHverqdUIJ5FQ8NI860OG+7EVKi5BTfAT4gUGNr20=
Subject key identifier: 2D:74:B8:FE:5B:C5:1C:4B:A3:16:B7:4A:ED:FA:21:6A:15:AA:07:45
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 40F49F40EE588689041DBF4FD833236A6C342FA0
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa
Signing time: Fri 20 Feb 2026 01:40:27 +0000
ROA not before: Fri 20 Feb 2026 01:40:27 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:f4:9f:40:ee:58:86:89:04:1d:bf:4f:d8:33:23:6a:6c:34:2f:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:27 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=b4f0ddf9cbf924e2cb07c6af621a1cdb586e985b87ae3be5d37154ff85eacf46, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:9d:f5:81:14:88:1a:f0:7e:3a:40:2b:c7:d2:
0a:b3:ce:a5:91:0c:fe:9c:39:70:68:f5:cb:af:1b:
03:3a:56:06:c3:83:ea:f7:ad:a0:a4:63:12:63:0e:
cd:ad:e9:03:7b:93:c0:ef:74:eb:b2:c3:02:2f:23:
0f:8b:fe:ce:01:a6:93:6b:38:d6:51:77:fe:0f:3e:
d6:97:09:78:b6:4f:bc:96:cf:76:10:03:75:5b:00:
1b:ef:92:3a:96:ac:9a:31:22:9f:ff:f7:e3:2b:7b:
a8:62:a1:5d:6a:d1:28:09:6c:b5:b0:3c:64:e7:aa:
4e:4d:18:0e:14:8c:da:06:91:5b:8b:d1:49:1e:31:
fd:67:d4:63:9a:8f:4e:41:20:00:a3:51:fe:7d:1a:
40:02:87:1b:ee:32:d7:01:f5:88:9f:c7:c8:50:fb:
c1:b2:ed:95:59:cd:92:9f:15:a9:26:32:1c:48:0e:
04:9a:c3:96:06:7f:13:3c:da:38:3e:32:ab:5c:a9:
d2:04:81:53:75:ff:54:54:a2:78:0c:d3:c5:7a:e7:
fb:3b:e0:b4:cd:d6:19:0e:aa:7d:eb:4d:11:46:63:
68:4f:59:ec:cb:60:5b:31:22:76:b4:4f:49:b9:bd:
61:fe:64:3c:16:ea:34:fb:14:e4:76:61:b2:ca:85:
10:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:74:B8:FE:5B:C5:1C:4B:A3:16:B7:4A:ED:FA:21:6A:15:AA:07:45
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6000::/36
Signature Algorithm: sha256WithRSAEncryption
83:89:23:78:bc:61:73:c5:25:9a:9d:24:27:64:c4:1a:17:d1:
82:aa:74:97:ae:b8:8e:e1:b9:97:25:d2:5a:af:0e:a6:ba:e7:
12:f2:5e:29:a8:d4:9a:c1:ce:57:c6:60:77:7d:0a:1a:1b:4f:
d5:84:5a:9a:97:db:24:31:a1:7e:55:3e:fd:ca:79:eb:07:68:
1b:00:21:48:31:10:f2:a0:ef:ce:b0:90:9c:ca:81:6d:cf:bc:
97:08:0a:7b:36:1e:83:28:db:2d:b0:79:09:45:96:dd:30:6f:
ca:83:ac:70:f2:14:0c:0b:dd:93:57:22:f6:ee:fd:64:ee:96:
7a:88:f1:97:64:c7:7c:a0:1a:12:cb:6a:1a:d2:fa:6a:b6:91:
bf:3e:63:78:27:b0:40:b5:ae:8c:56:3d:41:67:25:55:d7:c7:
ab:e5:1a:27:06:97:48:ae:94:3d:40:53:29:84:0a:7f:dd:85:
85:4e:16:c0:47:ce:44:2b:36:13:60:5b:a4:73:b5:f4:56:09:
be:6e:f4:e8:4e:e1:e7:eb:93:84:ce:ac:b9:83:ec:62:d9:95:
c1:69:8d:25:63:ab:0e:de:f4:cc:f1:be:4a:2c:1b:3e:52:76:
fd:ae:33:6b:b9:bf:cf:ab:db:0c:91:c0:60:0d:8f:85:db:7c:
f7:7d:70:6d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQPSfQO5YhokEHb9P2DMjamw0L6AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMjdaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0ZjBkZGY5Y2JmOTI0ZTJjYjA3YzZhZjYyMWExY2RiNTg2ZTk4NWI4N2Fl
M2JlNWQzNzE1NGZmODVlYWNmNDYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSd9YEUiBrwfjpAK8fSCrPOpZEM/pw5cGj1y68bAzpWBsOD6vetoKRjEmMO
za3pA3uTwO9067LDAi8jD4v+zgGmk2s41lF3/g8+1pcJeLZPvJbPdhADdVsAG++S
OpasmjEin//34yt7qGKhXWrRKAlstbA8ZOeqTk0YDhSM2gaRW4vRSR4x/WfUY5qP
TkEgAKNR/n0aQAKHG+4y1wH1iJ/HyFD7wbLtlVnNkp8VqSYyHEgOBJrDlgZ/Ezza
OD4yq1yp0gSBU3X/VFSieAzTxXrn+zvgtM3WGQ6qfetNEUZjaE9Z7MtgWzEidrRP
Sbm9Yf5kPBbqNPsU5HZhssqFEEcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQtdLj+
W8UcS6MWt0rt+iFqFaoHRTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YjI3MzhhYTctYmUzYy00OGY5LThiNTktZTVkYjU4ZDkyNDRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dg
MA0GCSqGSIb3DQEBCwUAA4IBAQCDiSN4vGFzxSWanSQnZMQaF9GCqnSXrriO4bmX
JdJarw6muucS8l4pqNSawc5XxmB3fQoaG0/VhFqal9skMaF+VT79ynnrB2gbACFI
MRDyoO/OsJCcyoFtz7yXCAp7Nh6DKNstsHkJRZbdMG/Kg6xw8hQMC92TVyL27v1k
7pZ6iPGXZMd8oBoSy2oa0vpqtpG/PmN4J7BAta6MVj1BZyVV18er5RonBpdIrpQ9
QFMphAp/3YWFThbAR85EKzYTYFukc7X0Vgm+bvToTuHn65OEzqy5g+xi2ZXBaY0l
Y6sO3vTM8b5KLBs+Unb9rjNrub/Pq9sMkcBgDY+F23z3fXBt
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:29:49 2026 by rpki-client