Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
File: fda00aef-6886-4665-94fd-a76addf441b7.roa (raw, json)
Hash identifier: wy90YQ+d5SXS/GNmPPaz9eWxh4oIqjcE/SI84xa/EHM=
Subject key identifier: E8:68:8E:37:BC:72:E6:B5:9E:CF:F1:13:86:79:7E:D4:DA:14:F9:01
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 444FE1E8C3163DA4B3B52A87D20816EA80AA89AD
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
Signing time: Fri 20 Feb 2026 01:40:30 +0000
ROA not before: Fri 20 Feb 2026 01:40:30 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:4f:e1:e8:c3:16:3d:a4:b3:b5:2a:87:d2:08:16:ea:80:aa:89:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:30 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=e770fb6fe0a1a67724e96d5dddf7c9735cb12826a8d9e4886507aafc0fb085cb, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:34:73:18:2e:7c:d6:76:aa:83:47:8c:d3:75:
3f:5c:20:c7:7d:1c:f4:f3:2c:6f:63:d3:9d:80:7d:
10:d4:99:d1:30:a8:e6:4c:e9:1b:34:ca:a3:40:e2:
df:47:f5:1c:16:9d:39:a6:3d:0b:c3:bd:c1:cb:d8:
cd:6e:ab:05:34:34:ee:2a:be:da:ba:b7:d2:3c:ea:
52:d9:ef:23:35:2d:08:47:56:da:37:36:8b:b9:2e:
80:11:6c:3e:80:8b:e2:fe:4e:8d:4d:ac:92:ee:91:
1c:69:b9:8b:91:46:00:02:2a:b3:69:dc:30:e1:9b:
cd:02:0c:26:b9:40:c6:3d:38:9e:71:45:32:66:0a:
d7:8a:00:3f:c8:79:a5:fb:60:95:b3:5a:fc:57:93:
6c:a2:42:6d:fa:e3:ce:12:29:45:c0:81:d7:ed:b7:
a3:2a:ab:d4:7e:aa:a3:f9:e1:54:ab:6b:b0:64:52:
4a:43:a2:a5:26:e5:3e:2e:b1:16:d6:3c:7c:f6:99:
f3:a3:0b:bf:82:ce:39:9b:a9:68:1e:c2:39:41:ac:
46:77:39:e2:d9:5a:3d:cb:f8:1e:4a:28:18:84:0f:
35:ec:4d:6c:1d:e4:b0:3e:d7:50:6e:c5:28:48:f3:
4a:c0:97:c2:f8:64:8e:0b:9f:e9:39:cf:10:f8:6c:
2d:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:68:8E:37:BC:72:E6:B5:9E:CF:F1:13:86:79:7E:D4:DA:14:F9:01
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:8000::/36
Signature Algorithm: sha256WithRSAEncryption
1d:a7:fd:28:0d:84:2b:50:81:43:71:9e:c4:83:b6:d1:74:54:
a7:c1:77:e5:4d:38:11:95:a3:5b:69:39:e3:f5:82:1c:23:9a:
9a:26:43:0f:13:50:b3:c4:b6:31:3e:e2:9d:ed:90:1a:3a:d6:
6e:72:9b:9e:ea:7f:f0:1a:f9:78:e5:ae:f9:fa:a0:09:49:9c:
d6:37:3c:27:51:28:61:bd:fd:79:cf:0a:33:e7:16:b5:c1:94:
63:b5:67:84:ba:ac:bd:e2:07:43:55:cd:7f:e3:92:cc:ab:f5:
1c:b3:c8:18:28:6a:4b:d3:b9:60:ea:13:18:f4:52:b3:a4:d9:
8a:4b:06:54:2a:9e:66:52:41:2d:fd:6c:a0:0f:fa:66:90:8b:
d1:d8:80:9a:84:1d:61:04:0a:18:29:dd:3e:38:a3:2b:b8:00:
eb:7a:63:88:27:3e:06:db:35:18:fa:76:da:ce:1e:3d:d9:56:
e5:e9:f9:2c:c2:f5:48:72:df:df:92:81:4d:08:89:39:5d:d0:
3c:d3:07:75:c4:6d:b6:23:3f:eb:2e:33:b7:b0:cd:c1:8e:14:
63:fa:ee:f0:ff:a8:20:46:b7:b6:de:e6:65:dc:47:ac:ff:4c:
a7:20:f7:50:fa:c0:19:4c:31:44:38:07:0f:6c:73:d5:a1:04:
bd:19:b0:84
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURE/h6MMWPaSztSqH0ggW6oCqia0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwMzBaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU3NzBmYjZmZTBhMWE2NzcyNGU5NmQ1ZGRkZjdjOTczNWNiMTI4MjZhOGQ5
ZTQ4ODY1MDdhYWZjMGZiMDg1Y2IxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK00cxgufNZ2qoNHjNN1P1wgx30c9PMsb2PTnYB9ENSZ0TCo5kzpGzTKo0Di
30f1HBadOaY9C8O9wcvYzW6rBTQ07iq+2rq30jzqUtnvIzUtCEdW2jc2i7kugBFs
PoCL4v5OjU2sku6RHGm5i5FGAAIqs2ncMOGbzQIMJrlAxj04nnFFMmYK14oAP8h5
pftglbNa/FeTbKJCbfrjzhIpRcCB1+23oyqr1H6qo/nhVKtrsGRSSkOipSblPi6x
FtY8fPaZ86MLv4LOOZupaB7COUGsRnc54tlaPcv4HkooGIQPNexNbB3ksD7XUG7F
KEjzSsCXwvhkjguf6TnPEPhsLQcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBToaI43
vHLmtZ7P8ROGeX7U2hT5ATAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZmRhMDBhZWYtNjg4Ni00NjY1LTk0ZmQtYTc2YWRkZjQ0MWI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8OA
MA0GCSqGSIb3DQEBCwUAA4IBAQAdp/0oDYQrUIFDcZ7Eg7bRdFSnwXflTTgRlaNb
aTnj9YIcI5qaJkMPE1CzxLYxPuKd7ZAaOtZucpue6n/wGvl45a75+qAJSZzWNzwn
UShhvf15zwoz5xa1wZRjtWeEuqy94gdDVc1/45LMq/Ucs8gYKGpL07lg6hMY9FKz
pNmKSwZUKp5mUkEt/WygD/pmkIvR2ICahB1hBAoYKd0+OKMruADremOIJz4G2zUY
+nbazh492Vbl6fkswvVIct/fkoFNCIk5XdA80wd1xG22Iz/rLjO3sM3BjhRj+u7w
/6ggRre23uZl3Ees/0ynIPdQ+sAZTDFEOAcPbHPVoQS9GbCE
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:29:50 2026 by rpki-client