Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/74f381b2-46ae-4e78-8d95-25730216e683.roa
File: 74f381b2-46ae-4e78-8d95-25730216e683.roa (raw, json)
Hash identifier: q0EKxfE3MlVHNc97ZuJDIb357xdozwouz7U2g+6s51I=
Subject key identifier: D0:DD:5E:51:7F:B1:9B:80:B9:4C:5B:60:17:5C:50:84:CD:4E:92:8A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 7653A47D1F77C40AAEBA5E01DCDA00D1BC16F6FD
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/74f381b2-46ae-4e78-8d95-25730216e683.roa
Signing time: Tue 24 Feb 2026 00:30:09 +0000
ROA not before: Tue 24 Feb 2026 00:30:09 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc2:8000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:53:a4:7d:1f:77:c4:0a:ae:ba:5e:01:dc:da:00:d1:bc:16:f6:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 24 00:30:09 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=d07e7fcc5717e95134ef591352bef5103c839274d5ab827ab2a0f5789b29224f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:7d:f0:39:e2:85:a5:e9:f4:55:58:45:52:55:
fa:f3:e6:f3:70:d3:67:7a:cb:12:87:5a:33:ce:79:
9f:2d:fa:2c:3e:17:18:99:db:c1:e8:83:b8:e6:eb:
21:36:6f:3d:3b:df:86:0b:09:f9:4a:8d:64:f1:1e:
de:ce:a5:db:62:3a:06:e3:a2:01:5e:0d:41:e8:80:
3d:1b:94:f9:bd:5f:d1:b0:a3:fe:07:4a:6f:62:ed:
f8:ea:91:4f:a5:19:4b:91:90:e9:32:e8:30:ad:c3:
5f:86:2f:f8:a1:b4:28:43:99:ad:b5:83:0e:42:ac:
72:7c:c2:03:5d:f1:34:84:8e:bc:6b:b5:5d:f3:82:
62:3f:7a:06:91:e2:68:f4:77:0e:c2:a5:a6:7f:74:
81:7a:da:cc:c2:1e:58:89:8d:92:9a:64:57:b9:31:
6b:96:5e:40:df:a3:7f:db:fe:60:bd:85:dd:20:aa:
e0:b8:bb:31:f4:1f:3e:3a:c4:65:9f:e1:82:22:c2:
48:c3:fa:19:08:b9:2d:d7:a5:08:dc:9b:b2:ba:60:
da:d7:d4:03:11:e9:b6:e7:69:ce:67:b5:44:f7:6c:
d2:ba:bb:31:65:e4:dd:d5:f9:da:ba:da:26:9d:d5:
db:f2:16:c8:16:65:be:ea:73:c5:9d:01:32:ff:8a:
6b:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:DD:5E:51:7F:B1:9B:80:B9:4C:5B:60:17:5C:50:84:CD:4E:92:8A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/74f381b2-46ae-4e78-8d95-25730216e683.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc2:8000::/36
Signature Algorithm: sha256WithRSAEncryption
60:6c:80:79:70:09:fe:80:ae:72:c5:d2:e9:48:df:2d:9f:b2:
8d:92:a5:fa:f4:07:11:61:cb:2c:e1:39:f0:d8:7c:90:9f:a7:
bc:51:ac:7c:e0:c1:22:bc:87:be:75:04:1e:c7:22:59:dd:c6:
b0:c0:64:69:e6:03:9b:88:0c:3b:81:39:dc:0b:1b:21:57:56:
96:eb:b0:07:bd:92:50:0e:d7:1b:a9:14:78:86:fb:20:5e:f1:
f3:8e:27:fb:cb:ce:ca:a1:ad:fc:2a:4e:90:d1:ff:b4:58:91:
85:52:f2:8a:84:37:40:a5:73:53:64:75:c8:44:ef:e5:ce:80:
8d:82:8f:35:b5:19:dd:b8:87:51:35:bd:d9:11:61:50:db:eb:
ee:b8:1f:96:69:f9:ff:bb:48:24:97:e4:9e:65:59:7a:3a:8c:
69:c4:ca:65:40:ca:36:b3:9d:db:4d:18:5c:62:bc:c5:ff:bd:
f0:64:21:e8:0f:6f:00:ca:dd:a7:b5:86:d9:ac:a1:2f:ed:ee:
dc:9a:50:5e:99:5e:48:cf:b5:c6:f2:a5:a7:02:ee:9d:7f:5d:
a0:27:4a:1c:74:94:d9:b5:b8:93:f7:4d:5f:26:0b:5a:bd:e6:
59:8d:98:e7:06:4d:da:00:54:86:21:53:02:93:70:c7:df:eb:
e4:01:02:44
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdlOkfR93xAquul4B3NoA0bwW9v0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjQwMDMwMDlaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwN2U3ZmNjNTcxN2U5NTEzNGVmNTkxMzUyYmVmNTEwM2M4MzkyNzRkNWFi
ODI3YWIyYTBmNTc4OWIyOTIyNGYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPJ98DnihaXp9FVYRVJV+vPm83DTZ3rLEodaM855ny36LD4XGJnbweiDuObr
ITZvPTvfhgsJ+UqNZPEe3s6l22I6BuOiAV4NQeiAPRuU+b1f0bCj/gdKb2Lt+OqR
T6UZS5GQ6TLoMK3DX4Yv+KG0KEOZrbWDDkKscnzCA13xNISOvGu1XfOCYj96BpHi
aPR3DsKlpn90gXrazMIeWImNkppkV7kxa5ZeQN+jf9v+YL2F3SCq4Li7MfQfPjrE
ZZ/hgiLCSMP6GQi5LdelCNybsrpg2tfUAxHptudpzme1RPds0rq7MWXk3dX52rra
Jp3V2/IWyBZlvupzxZ0BMv+Ka/0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTQ3V5R
f7GbgLlMW2AXXFCEzU6SijAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzRmMzgxYjItNDZhZS00ZTc4LThkOTUtMjU3MzAyMTZlNjgzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8KA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgbIB5cAn+gK5yxdLpSN8tn7KNkqX69AcRYcss
4Tnw2HyQn6e8Uax84MEivIe+dQQexyJZ3cawwGRp5gObiAw7gTncCxshV1aW67AH
vZJQDtcbqRR4hvsgXvHzjif7y87Koa38Kk6Q0f+0WJGFUvKKhDdApXNTZHXIRO/l
zoCNgo81tRnduIdRNb3ZEWFQ2+vuuB+Wafn/u0gkl+SeZVl6OoxpxMplQMo2s53b
TRhcYrzF/73wZCHoD28Ayt2ntYbZrKEv7e7cmlBemV5Iz7XG8qWnAu6df12gJ0oc
dJTZtbiT901fJgtaveZZjZjnBk3aAFSGIVMCk3DH3+vkAQJE
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:16:00 2026 by rpki-client