Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
File: cdf607fb-daf0-4767-b47b-4a8c3266c681.roa (raw, json)
Hash identifier: ZmzWjurkrNvcpuyK4bHrfuepKOSZaX0sAJ/U0D6KIiA=
Subject key identifier: 4E:EB:31:AD:24:66:D6:FE:CB:21:22:11:84:36:1E:DF:05:3B:A9:42
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 557A729613CCC7FFAF625B80F978F576B0BE39BE
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
Signing time: Fri 20 Feb 2026 01:30:11 +0000
ROA not before: Fri 20 Feb 2026 01:30:11 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:7a:72:96:13:cc:c7:ff:af:62:5b:80:f9:78:f5:76:b0:be:39:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:30:11 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=1de1b1ce74502aaea41cb1dc1cb10892d0260d18f04e95a977d251bd9328eb16, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f2:53:34:e8:40:27:6f:5d:42:ec:6a:9d:42:
dd:30:c6:30:38:55:38:9a:30:a3:1b:41:ec:6a:b0:
9d:19:47:c5:cf:8a:16:1f:3d:39:ca:44:18:82:ac:
a5:08:c6:9a:89:21:70:9b:de:1f:d6:72:45:c4:dd:
d7:7f:db:8d:b6:21:3e:e0:76:da:08:c3:92:a0:09:
3c:6f:33:ad:94:13:83:72:dd:59:fa:12:ce:c8:94:
ef:ca:b9:c0:52:16:03:89:e9:99:5c:7a:5c:f4:ed:
b3:24:cf:3c:34:f0:f8:c7:7f:bb:b3:1a:63:70:c7:
cd:87:4b:39:06:46:6b:d4:fc:cc:4d:c9:41:c0:2f:
ff:97:e4:5e:d6:96:6d:30:31:9f:94:15:ca:40:b7:
99:24:4c:55:06:00:27:25:71:ea:2b:c6:3a:67:ff:
cb:d9:35:37:3b:b9:05:ae:54:50:e2:a6:81:d0:70:
91:1c:0f:be:4c:24:af:5d:30:c0:e2:0e:be:2c:04:
50:1c:fb:b8:05:93:13:40:7a:ba:2e:5d:0e:1c:a1:
e9:ca:8e:98:39:ff:e4:e4:4d:a6:a3:2c:36:fc:4b:
76:d7:38:20:e2:d0:87:f2:03:e2:bf:1c:00:b2:c5:
7a:06:25:01:78:93:dd:b6:44:ae:09:f8:15:ac:07:
79:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:EB:31:AD:24:66:D6:FE:CB:21:22:11:84:36:1E:DF:05:3B:A9:42
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8c00::/38
Signature Algorithm: sha256WithRSAEncryption
35:ee:9a:06:53:05:22:3c:b1:34:1e:96:e7:0d:8a:87:2c:c9:
b1:60:c4:79:e1:41:52:87:9d:b8:b0:ea:e7:99:c7:ba:22:aa:
21:e4:93:09:eb:5f:73:96:3f:7c:5d:42:29:79:be:f2:b0:39:
a6:75:2b:c2:c7:23:06:90:76:be:cc:7c:dc:00:b6:ff:21:d7:
77:f7:04:89:1b:4a:5a:95:df:85:cb:9c:89:d3:1d:c6:73:ec:
b4:6d:34:03:a5:8e:65:d7:24:8b:9e:79:51:5c:52:15:1f:c4:
5f:4a:3c:bd:4c:a1:d1:52:a4:13:c5:3f:c8:67:7d:fd:00:74:
32:5f:97:af:d3:fd:06:33:2c:ea:c1:a1:9b:6e:48:93:10:71:
94:79:b1:87:bb:30:47:82:68:d8:2e:c1:6a:dc:f7:9f:b4:59:
48:ed:ca:dd:a6:f6:d9:8d:b1:13:79:4a:96:cd:51:27:fa:c0:
42:63:12:50:2e:fd:c8:3d:78:ee:c9:13:02:7b:f3:1d:cf:60:
24:98:d3:85:98:85:fa:6c:e3:e4:ee:91:47:8f:b8:25:57:fe:
c7:d2:63:c1:c5:bb:72:c2:fd:40:2a:84:97:84:ff:f7:80:43:
01:87:98:b3:96:ae:ad:ab:f5:a6:2b:3a:dc:17:49:4e:fe:62:
a0:b5:17:3c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVXpylhPMx/+vYluA+Xj1drC+Ob4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTMwMTFaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkZTFiMWNlNzQ1MDJhYWVhNDFjYjFkYzFjYjEwODkyZDAyNjBkMThmMDRl
OTVhOTc3ZDI1MWJkOTMyOGViMTYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL7yUzToQCdvXULsap1C3TDGMDhVOJowoxtB7GqwnRlHxc+KFh89OcpEGIKs
pQjGmokhcJveH9ZyRcTd13/bjbYhPuB22gjDkqAJPG8zrZQTg3LdWfoSzsiU78q5
wFIWA4npmVx6XPTtsyTPPDTw+Md/u7MaY3DHzYdLOQZGa9T8zE3JQcAv/5fkXtaW
bTAxn5QVykC3mSRMVQYAJyVx6ivGOmf/y9k1Nzu5Ba5UUOKmgdBwkRwPvkwkr10w
wOIOviwEUBz7uAWTE0B6ui5dDhyh6cqOmDn/5ORNpqMsNvxLdtc4IOLQh/ID4r8c
ALLFegYlAXiT3bZErgn4FawHefcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRO6zGt
JGbW/sshIhGENh7fBTupQjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Y2RmNjA3ZmItZGFmMC00NzY3LWI0N2ItNGE4YzMyNjZjNjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GM
MA0GCSqGSIb3DQEBCwUAA4IBAQA17poGUwUiPLE0HpbnDYqHLMmxYMR54UFSh524
sOrnmce6Iqoh5JMJ619zlj98XUIpeb7ysDmmdSvCxyMGkHa+zHzcALb/Idd39wSJ
G0pald+Fy5yJ0x3Gc+y0bTQDpY5l1ySLnnlRXFIVH8RfSjy9TKHRUqQTxT/IZ339
AHQyX5ev0/0GMyzqwaGbbkiTEHGUebGHuzBHgmjYLsFq3PeftFlI7crdpvbZjbET
eUqWzVEn+sBCYxJQLv3IPXjuyRMCe/Mdz2AkmNOFmIX6bOPk7pFHj7glV/7H0mPB
xbtywv1AKoSXhP/3gEMBh5izlq6tq/WmKzrcF0lO/mKgtRc8
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:39 2026 by rpki-client