Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
File: ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa (raw, json)
Hash identifier: xCa/Zat7BIjPq9lAlvvXU+DFQ6hojv4z2F0JKX3YvCs=
Subject key identifier: 3C:40:EC:28:70:49:21:3A:94:53:B6:C4:50:1B:B8:3D:B7:B2:61:84
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0ABC093A2D6805C540FDD5C13857BB793C0B1A44
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
Signing time: Fri 20 Feb 2026 01:40:31 +0000
ROA not before: Fri 20 Feb 2026 01:40:31 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:bc:09:3a:2d:68:05:c5:40:fd:d5:c1:38:57:bb:79:3c:0b:1a:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:31 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=e5cf0656498fc7088f04cd52a73159aae12da3f810c60be42a6722094bdcce23, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:0f:89:2e:f7:94:fd:12:cd:fc:50:9b:db:0d:
9c:34:4b:2b:55:48:85:da:40:18:a2:f0:a2:63:63:
8c:ce:3e:55:63:ad:e8:33:85:b4:78:e4:44:f4:e6:
bf:27:e7:80:3a:33:67:da:a7:44:45:f7:1a:4e:08:
21:40:59:db:bf:a7:14:a1:a6:d1:07:06:a7:50:9a:
1e:e1:f4:86:de:6b:62:70:1d:48:da:68:ff:4e:fd:
b5:de:a6:04:7a:86:a7:fe:d7:c9:0d:d4:47:1e:2e:
c2:26:aa:38:26:2d:b5:9a:6d:18:59:e2:9c:4e:ff:
b7:e0:a7:39:56:13:4d:4f:34:91:30:67:36:24:8b:
54:73:23:0e:51:aa:08:77:73:50:b5:ba:0e:2b:41:
4c:5f:41:34:47:9e:4f:3b:93:c7:13:50:e2:de:94:
68:d6:2a:c9:ec:aa:5c:b0:8d:4b:49:61:1a:58:eb:
5c:d8:4a:dd:1d:4b:22:61:6a:12:d0:bf:85:04:75:
65:35:55:5b:7d:f5:76:80:4b:41:9d:45:f5:cf:97:
2a:f9:58:27:62:05:c5:ce:0c:34:e5:6c:80:02:34:
7d:90:26:6d:e1:50:04:2e:a0:bd:01:2c:ef:13:bd:
29:d9:95:c4:5a:57:73:81:5e:2f:0a:7b:93:80:d7:
2f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:40:EC:28:70:49:21:3A:94:53:B6:C4:50:1B:B8:3D:B7:B2:61:84
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/36
Signature Algorithm: sha256WithRSAEncryption
ad:7e:85:5d:7f:5f:b9:a9:3c:00:d3:7f:37:af:5f:82:c1:ac:
5d:f7:3d:0f:56:95:a4:03:b1:e0:03:b0:36:b5:70:22:0f:79:
48:a3:f5:54:f0:00:8b:2f:0b:0e:37:91:bf:ee:ac:9b:68:1d:
43:eb:e2:27:1c:8f:6a:a2:83:01:66:97:26:c9:e4:72:0f:3e:
91:c6:1e:69:8d:c8:a8:3a:23:48:ac:c6:77:4d:13:96:ee:52:
c6:9e:fe:bc:4b:da:e4:b2:4f:9f:50:74:a6:2a:54:a2:4e:e6:
7b:6b:56:93:ad:f2:aa:10:d3:54:bb:d1:22:05:12:a7:44:15:
24:43:c2:df:84:b1:1e:e6:83:84:f0:77:0e:75:d0:5d:03:af:
47:33:c4:7a:16:a7:8f:37:ad:c6:cd:51:88:42:e7:56:e8:9c:
21:2d:df:6c:ef:00:49:1c:b4:dc:66:4b:06:10:5a:0e:09:20:
b5:b0:6e:32:9d:6b:40:a6:4b:f4:b0:c7:25:f5:6f:2e:35:84:
d6:c0:d0:76:6c:1d:7a:64:e7:20:fa:64:f3:df:0f:b9:c8:33:
3f:42:3f:85:b1:7e:ec:4d:81:e2:db:08:07:4b:27:bf:9a:58:
fe:cf:9b:8b:1d:5a:6c:45:9f:80:9e:86:80:fb:8a:85:21:12:
76:8b:d2:3a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCrwJOi1oBcVA/dXBOFe7eTwLGkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMzFaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1Y2YwNjU2NDk4ZmM3MDg4ZjA0Y2Q1MmE3MzE1OWFhZTEyZGEzZjgxMGM2
MGJlNDJhNjcyMjA5NGJkY2NlMjMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMoPiS73lP0SzfxQm9sNnDRLK1VIhdpAGKLwomNjjM4+VWOt6DOFtHjkRPTm
vyfngDozZ9qnREX3Gk4IIUBZ27+nFKGm0QcGp1CaHuH0ht5rYnAdSNpo/079td6m
BHqGp/7XyQ3URx4uwiaqOCYttZptGFninE7/t+CnOVYTTU80kTBnNiSLVHMjDlGq
CHdzULW6DitBTF9BNEeeTzuTxxNQ4t6UaNYqyeyqXLCNS0lhGljrXNhK3R1LImFq
EtC/hQR1ZTVVW331doBLQZ1F9c+XKvlYJ2IFxc4MNOVsgAI0fZAmbeFQBC6gvQEs
7xO9KdmVxFpXc4FeLwp7k4DXLzkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ8QOwo
cEkhOpRTtsRQG7g9t7JhhDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWYyZTFmYjYtZDM2OC00NWRlLTg2NmQtMGUwOWY0OWI1ZWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8AA
MA0GCSqGSIb3DQEBCwUAA4IBAQCtfoVdf1+5qTwA0383r1+Cwaxd9z0PVpWkA7Hg
A7A2tXAiD3lIo/VU8ACLLwsON5G/7qybaB1D6+InHI9qooMBZpcmyeRyDz6Rxh5p
jcioOiNIrMZ3TROW7lLGnv68S9rksk+fUHSmKlSiTuZ7a1aTrfKqENNUu9EiBRKn
RBUkQ8LfhLEe5oOE8HcOddBdA69HM8R6FqePN63GzVGIQudW6JwhLd9s7wBJHLTc
ZksGEFoOCSC1sG4ynWtApkv0sMcl9W8uNYTWwNB2bB16ZOcg+mTz3w+5yDM/Qj+F
sX7sTYHi2wgHSye/mlj+z5uLHVpsRZ+AnoaA+4qFIRJ2i9I6
-----END CERTIFICATE-----
Generated at Sat Feb 21 08:46:40 2026 by rpki-client