Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
File: d3861b82-61e2-49b9-b47f-b22209774f28.roa (raw, json)
Hash identifier: YSfjGd7ntWxR13K5OXpwxNq7Sems0lTWQhJgwwv0NUQ=
Subject key identifier: 16:01:7E:4F:2E:4F:2F:E6:E5:C4:59:1A:78:DE:56:7D:5C:40:35:C8
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 163F88D7CFD2BB450B6F6518A41A64D5B5B7885F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
Signing time: Fri 20 Feb 2026 01:40:48 +0000
ROA not before: Fri 20 Feb 2026 01:40:48 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:3f:88:d7:cf:d2:bb:45:0b:6f:65:18:a4:1a:64:d5:b5:b7:88:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:48 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=a50af7dea25ba9badb768bcafcf5f865ab9d5bb9334e966fe6e78e1fcf064091, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:aa:ef:ca:8b:d8:16:d6:61:5f:74:ad:f9:c3:
32:25:e8:22:df:d8:42:7f:c5:8c:2e:04:14:fe:f4:
0f:a6:c3:1f:92:15:6d:41:a1:c3:91:62:87:b3:40:
ca:60:d2:f9:e7:03:7b:64:6c:a6:f2:de:2b:bd:90:
40:70:ce:cd:a0:6e:f6:4c:fb:41:2f:38:27:6d:ec:
22:dc:c8:bf:9f:37:e3:9e:86:07:6a:4b:51:0a:25:
1c:bc:90:b2:1d:4b:13:38:28:8c:00:c8:c5:f0:de:
98:83:ae:0a:bd:60:8f:e3:64:65:0c:c8:0c:b6:27:
50:5c:31:43:df:c7:a0:af:8e:8f:85:fb:ae:84:cf:
3e:b7:fb:53:92:63:00:2a:be:ca:60:60:6d:54:5a:
2c:ab:45:51:5e:dc:4c:8c:b3:f5:73:6f:6c:f3:0c:
aa:95:ff:24:01:57:db:ad:dd:6b:3f:92:44:05:af:
70:3c:bc:96:15:77:1f:ed:ab:1e:fe:d5:59:ed:85:
d3:18:69:c6:8e:71:4d:b6:9f:bb:ff:fa:09:a9:1b:
38:70:c2:c1:80:e1:f1:4e:3a:4a:c9:63:e4:b0:64:
ad:d1:1d:46:1d:e6:2a:d2:73:87:01:c7:f9:22:2b:
40:4d:f2:59:dd:b4:69:e0:4b:20:64:fb:ea:f4:e2:
63:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:01:7E:4F:2E:4F:2F:E6:E5:C4:59:1A:78:DE:56:7D:5C:40:35:C8
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f800::/40
Signature Algorithm: sha256WithRSAEncryption
c3:4f:8b:9d:95:1a:18:ca:c2:81:24:e2:99:96:5f:4a:07:f4:
5a:ea:3c:bc:cb:f8:7c:c8:9c:b0:f3:b2:dd:b5:e9:59:28:d5:
2b:e6:fd:8e:ef:90:d9:27:eb:2b:f3:d1:8f:ec:b4:40:4e:d0:
51:bb:08:e5:71:c1:f2:76:a6:4c:f0:8d:9e:04:6d:79:51:9c:
37:72:bb:f4:08:7b:35:f4:9f:3e:b8:8c:e8:5d:16:52:3f:5b:
e2:c9:43:92:b5:f3:d8:3a:4b:d9:bd:72:93:70:e6:b1:d8:f1:
ce:83:bd:97:21:8e:aa:87:80:dd:79:8a:c3:ad:ca:8e:20:20:
c9:85:92:20:96:c2:73:d4:98:b6:ae:66:f2:09:2f:c4:75:2c:
a9:06:96:1e:15:47:99:fe:df:51:a5:19:98:9b:a6:d6:2b:a5:
7b:72:e0:9e:94:f9:d5:e6:a6:45:88:62:2f:91:b0:e7:db:af:
26:dc:ca:38:9c:37:47:12:f0:3e:bb:f6:97:6e:dc:4a:31:fa:
b8:55:5b:ab:d2:8a:10:a0:86:96:25:97:63:b0:35:e4:8f:41:
01:38:09:04:28:07:9f:a8:c9:99:e4:c1:88:e7:60:a4:fe:de:
e5:80:1b:7e:d7:69:18:5b:3a:c3:fb:15:1e:42:60:52:15:75:
e7:dd:52:e7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFj+I18/Su0ULb2UYpBpk1bW3iF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwNDhaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE1MGFmN2RlYTI1YmE5YmFkYjc2OGJjYWZjZjVmODY1YWI5ZDViYjkzMzRl
OTY2ZmU2ZTc4ZTFmY2YwNjQwOTExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGq78qL2BbWYV90rfnDMiXoIt/YQn/FjC4EFP70D6bDH5IVbUGhw5Fih7NA
ymDS+ecDe2RspvLeK72QQHDOzaBu9kz7QS84J23sItzIv583456GB2pLUQolHLyQ
sh1LEzgojADIxfDemIOuCr1gj+NkZQzIDLYnUFwxQ9/HoK+Oj4X7roTPPrf7U5Jj
ACq+ymBgbVRaLKtFUV7cTIyz9XNvbPMMqpX/JAFX263daz+SRAWvcDy8lhV3H+2r
Hv7VWe2F0xhpxo5xTbafu//6CakbOHDCwYDh8U46Sslj5LBkrdEdRh3mKtJzhwHH
+SIrQE3yWd20aeBLIGT76vTiYxkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQWAX5P
Lk8v5uXEWRp43lZ9XEA1yDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDM4NjFiODItNjFlMi00OWI5LWI0N2YtYjIyMjA5Nzc0ZjI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8f4
MA0GCSqGSIb3DQEBCwUAA4IBAQDDT4udlRoYysKBJOKZll9KB/Ra6jy8y/h8yJyw
87LdtelZKNUr5v2O75DZJ+sr89GP7LRATtBRuwjlccHydqZM8I2eBG15UZw3crv0
CHs19J8+uIzoXRZSP1viyUOStfPYOkvZvXKTcOax2PHOg72XIY6qh4DdeYrDrcqO
ICDJhZIglsJz1Ji2rmbyCS/EdSypBpYeFUeZ/t9RpRmYm6bWK6V7cuCelPnV5qZF
iGIvkbDn268m3Mo4nDdHEvA+u/aXbtxKMfq4VVur0ooQoIaWJZdjsDXkj0EBOAkE
KAefqMmZ5MGI52Ck/t7lgBt+12kYWzrD+xUeQmBSFXXn3VLn
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:31 2026 by rpki-client