Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
File: ecfac2f3-79d5-4611-9977-14a354495dc8.roa (raw, json)
Hash identifier: aZ4q7Chm4YObWrG+QtFhcqoJPUdTlYZGWFMVlqkaFUM=
Subject key identifier: A2:21:54:8E:E3:56:F9:2C:B9:7E:46:00:5A:C8:19:C7:E2:CD:E8:98
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5B659936AE2190DF080F1A740BE2FA83B486B55F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
Signing time: Fri 20 Feb 2026 01:40:05 +0000
ROA not before: Fri 20 Feb 2026 01:40:05 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:65:99:36:ae:21:90:df:08:0f:1a:74:0b:e2:fa:83:b4:86:b5:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:05 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=ae7a0ece49d6a5ea94702aa024a20f4acbfb3b05eb83aecc9b575b38c4ab989f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:50:8d:ad:ad:df:78:b7:b1:e6:9c:8b:83:67:
5e:ab:20:97:46:f0:ee:73:73:d7:58:3f:6e:9d:5e:
fc:1d:5f:6d:c4:6e:c7:fd:2d:a4:93:c9:84:2a:3f:
67:6f:2f:ed:7b:33:b3:ba:0a:54:6d:78:e2:7a:c9:
e4:63:3b:b1:a5:11:b6:cf:d8:03:fd:10:71:a7:a1:
68:00:6a:0e:92:bb:c7:6c:89:8f:63:4b:52:7c:ee:
01:80:c4:30:31:47:07:f1:92:a1:4a:c4:3f:20:58:
1d:c1:4d:d4:cf:f7:df:c3:76:67:c8:71:e6:76:6f:
b8:23:3e:a1:20:a8:64:84:18:02:81:64:3b:84:c0:
59:c5:32:24:80:bc:81:65:89:82:10:79:bc:43:50:
49:ee:78:65:69:52:99:de:1b:48:66:b5:4c:8e:2e:
06:27:ab:43:2b:df:51:1f:16:94:41:8d:8b:75:cb:
7e:b4:93:cb:a2:14:2f:e5:d2:3a:87:66:12:02:cd:
9c:db:ae:cb:fb:b7:8c:43:28:40:67:c8:91:ef:96:
3a:e0:c6:d1:9b:ad:60:c6:0b:0b:95:df:b6:24:79:
f3:66:9a:2f:81:69:83:44:89:56:02:65:aa:4a:0d:
75:10:2f:87:a2:7e:80:30:73:97:30:a2:fa:d0:c0:
e0:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:21:54:8E:E3:56:F9:2C:B9:7E:46:00:5A:C8:19:C7:E2:CD:E8:98
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
a9:4c:55:e7:d8:17:9c:37:11:01:75:3d:d1:db:69:43:ea:0b:
12:dd:cb:5d:07:dd:42:ab:8d:48:b6:e1:c2:59:64:f5:8f:e7:
f9:48:33:7f:72:a2:aa:bc:00:2f:c6:6b:6b:f8:d7:14:36:97:
2b:a1:c0:2c:95:8c:4f:e0:61:e5:e3:5e:c9:33:ba:ce:6c:5a:
a2:92:3c:f9:82:07:3b:85:53:39:14:fe:4c:56:cf:d6:c0:7b:
4a:f5:fe:ac:29:e0:d0:c0:fe:70:72:9c:7c:05:d8:b7:ce:63:
c8:8c:4a:c0:fc:25:5f:1e:bd:cc:fa:7a:21:48:84:53:53:97:
ca:f5:4e:af:db:8d:a7:3c:d9:61:24:e4:6a:f1:c4:04:ff:0c:
6f:91:b3:01:5d:63:ab:1e:72:ce:54:68:39:df:5b:3c:41:5e:
aa:f5:8e:f7:30:43:88:0b:65:e7:01:c4:70:c8:af:cb:56:68:
52:b7:63:e8:7b:78:9a:94:48:17:38:6b:8f:be:3f:f8:cb:2f:
22:a8:d4:b5:49:9a:58:d6:f2:45:cb:1f:34:47:e0:e4:fd:a5:
9e:3f:3b:5f:77:37:99:46:8d:76:98:e7:31:d3:da:8c:f2:21:
dd:45:70:0e:b8:22:78:80:09:79:d9:17:2b:7e:0c:6d:ea:74:
4a:a9:8d:d4
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUW2WZNq4hkN8IDxp0C+L6g7SGtV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMDVaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlN2EwZWNlNDlkNmE1ZWE5NDcwMmFhMDI0YTIwZjRhY2JmYjNiMDVlYjgz
YWVjYzliNTc1YjM4YzRhYjk4OWYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpQja2t33i3seaci4NnXqsgl0bw7nNz11g/bp1e/B1fbcRux/0tpJPJhCo/
Z28v7Xszs7oKVG144nrJ5GM7saURts/YA/0QcaehaABqDpK7x2yJj2NLUnzuAYDE
MDFHB/GSoUrEPyBYHcFN1M/338N2Z8hx5nZvuCM+oSCoZIQYAoFkO4TAWcUyJIC8
gWWJghB5vENQSe54ZWlSmd4bSGa1TI4uBierQyvfUR8WlEGNi3XLfrSTy6IUL+XS
OodmEgLNnNuuy/u3jEMoQGfIke+WOuDG0ZutYMYLC5XftiR582aaL4Fpg0SJVgJl
qkoNdRAvh6J+gDBzlzCi+tDA4M0CAwEAAaOCAiIwggIeMB0GA1UdDgQWBBSiIVSO
41b5LLl+RgBayBnH4s3omDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWNmYWMyZjMtNzlkNS00NjExLTk5NzctMTRhMzU0NDk1ZGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyABP8Aw
DQYJKoZIhvcNAQELBQADggEBAKlMVefYF5w3EQF1PdHbaUPqCxLdy10H3UKrjUi2
4cJZZPWP5/lIM39yoqq8AC/Ga2v41xQ2lyuhwCyVjE/gYeXjXskzus5sWqKSPPmC
BzuFUzkU/kxWz9bAe0r1/qwp4NDA/nBynHwF2LfOY8iMSsD8JV8evcz6eiFIhFNT
l8r1Tq/bjac82WEk5GrxxAT/DG+RswFdY6secs5UaDnfWzxBXqr1jvcwQ4gLZecB
xHDIr8tWaFK3Y+h7eJqUSBc4a4++P/jLLyKo1LVJmljW8kXLHzRH4OT9pZ4/O193
N5lGjXaY5zHT2ozyId1FcA64IniACXnZFyt+DG3qdEqpjdQ=
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:24:40 2026 by rpki-client