Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
File: d5d13f03-51e3-4e02-981f-1c9a02e38524.roa (raw, json)
Hash identifier: oCQnnXwzP4qRN59p5eYGde3yjMbhRQgO+8xzKOJpFDg=
Subject key identifier: 2E:43:65:33:59:91:25:14:61:2F:67:30:1F:75:9F:84:E3:43:2B:0B
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4AED74A1E8AFCE2FF34FFBB4468FDDC71543B57C
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
Signing time: Fri 20 Feb 2026 01:40:47 +0000
ROA not before: Fri 20 Feb 2026 01:40:47 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:5000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:ed:74:a1:e8:af:ce:2f:f3:4f:fb:b4:46:8f:dd:c7:15:43:b5:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:47 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=4a83ccdfcb4e7d74850375e6367fe9530eaf7f47beb232faa73d34c29328eabb, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:77:88:77:17:44:e8:0b:72:d2:60:c7:7e:45:
ef:a8:5d:fa:a3:28:9d:7d:46:3f:67:f0:49:e5:5f:
83:95:d5:d3:ee:38:8d:4f:0f:26:0a:81:7b:38:ac:
c2:9b:37:76:b5:24:7d:4b:34:08:3e:1c:34:87:7b:
8d:55:8a:eb:e9:1c:35:e9:15:dd:cb:90:ee:19:90:
d2:5f:72:0f:7b:74:f0:31:10:e9:de:15:e0:59:fa:
2b:ee:50:08:ef:29:c7:cd:cb:dc:57:d5:fd:73:af:
ee:09:8a:f8:c2:59:56:03:8b:f3:16:ba:1e:42:c7:
d5:4c:7a:bb:25:8d:30:94:1c:fe:03:b5:60:0d:07:
bb:c6:4f:b8:49:7d:07:e0:ce:d3:4f:3c:82:d9:4a:
6b:3e:85:53:5c:20:4d:6f:ab:9a:47:7e:85:13:12:
0e:c6:04:f0:ea:f9:aa:a2:ed:9c:cd:d8:54:fc:95:
f8:03:f8:79:f0:97:da:4a:b9:59:57:dd:7e:48:7a:
73:a2:71:d5:f4:95:af:ca:1e:6a:a9:1a:7e:e6:28:
35:c3:f3:2d:37:b3:d7:53:d6:fa:67:e4:48:a8:05:
dc:df:9f:96:0e:f3:25:20:40:f9:43:80:ec:6c:00:
84:f3:a9:9f:f9:ac:92:00:39:4d:4f:dc:b3:da:45:
d2:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:43:65:33:59:91:25:14:61:2F:67:30:1F:75:9F:84:E3:43:2B:0B
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:5000::/36
Signature Algorithm: sha256WithRSAEncryption
2b:52:47:55:7e:b1:58:e3:4f:e3:4d:d7:0e:4a:40:04:b3:6e:
27:00:1d:d4:c5:5c:f5:9c:3d:39:85:e2:70:5f:83:81:c7:44:
a1:e5:be:12:3e:77:18:c4:38:58:36:2b:d2:02:9b:d7:29:af:
c4:19:b1:5d:f9:d6:39:ad:87:8b:26:65:39:a3:c4:2f:66:75:
97:d1:f9:55:e7:5e:bb:54:f1:2c:49:35:9b:b0:53:66:44:35:
9e:81:09:64:40:08:7a:3a:5e:69:8a:03:e8:e1:75:27:27:cb:
f3:6d:3c:39:ec:90:46:61:c8:0b:12:0a:95:66:7d:ce:8a:16:
9a:52:99:0d:66:b3:63:dd:8e:d6:ab:f4:86:98:d9:e8:4f:b3:
4e:d0:a7:8a:6a:33:5e:78:cb:6a:32:02:3a:e2:46:4d:c7:bb:
72:1b:21:f9:26:a8:85:60:e2:4a:89:76:da:b8:31:2b:c3:fc:
02:07:b0:41:81:dc:74:97:00:57:f8:95:37:e9:44:c4:f8:92:
fb:c0:82:78:4f:d6:95:07:db:01:4e:fb:da:3a:3b:3e:40:96:
26:37:86:e4:ce:0a:20:b8:46:c4:a4:fa:e1:95:92:70:f0:3a:
40:eb:1a:99:d0:c0:06:18:52:d8:93:48:2a:f3:6d:b7:64:f2:
43:b0:b4:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSu10oeivzi/zT/u0Ro/dxxVDtXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwNDdaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhODNjY2RmY2I0ZTdkNzQ4NTAzNzVlNjM2N2ZlOTUzMGVhZjdmNDdiZWIy
MzJmYWE3M2QzNGMyOTMyOGVhYmIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMR3iHcXROgLctJgx35F76hd+qMonX1GP2fwSeVfg5XV0+44jU8PJgqBezis
wps3drUkfUs0CD4cNId7jVWK6+kcNekV3cuQ7hmQ0l9yD3t08DEQ6d4V4Fn6K+5Q
CO8px83L3FfV/XOv7gmK+MJZVgOL8xa6HkLH1Ux6uyWNMJQc/gO1YA0Hu8ZPuEl9
B+DO0088gtlKaz6FU1wgTW+rmkd+hRMSDsYE8Or5qqLtnM3YVPyV+AP4efCX2kq5
WVfdfkh6c6Jx1fSVr8oeaqkafuYoNcPzLTez11PW+mfkSKgF3N+flg7zJSBA+UOA
7GwAhPOpn/mskgA5TU/cs9pF0rcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQuQ2Uz
WZElFGEvZzAfdZ+E40MrCzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDVkMTNmMDMtNTFlMy00ZTAyLTk4MWYtMWM5YTAyZTM4NTI0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dQ
MA0GCSqGSIb3DQEBCwUAA4IBAQArUkdVfrFY40/jTdcOSkAEs24nAB3UxVz1nD05
heJwX4OBx0Sh5b4SPncYxDhYNivSApvXKa/EGbFd+dY5rYeLJmU5o8QvZnWX0flV
5167VPEsSTWbsFNmRDWegQlkQAh6Ol5pigPo4XUnJ8vzbTw57JBGYcgLEgqVZn3O
ihaaUpkNZrNj3Y7Wq/SGmNnoT7NO0KeKajNeeMtqMgI64kZNx7tyGyH5JqiFYOJK
iXbauDErw/wCB7BBgdx0lwBX+JU36UTE+JL7wIJ4T9aVB9sBTvvaOjs+QJYmN4bk
zgoguEbEpPrhlZJw8DpA6xqZ0MAGGFLYk0gq8223ZPJDsLRq
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:30 2026 by rpki-client