Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1350b3cb-6def-4283-90f3-051faef7a4e3.roa
File: 1350b3cb-6def-4283-90f3-051faef7a4e3.roa (raw, json)
Hash identifier: +Bwr92Gw2AJpHhnDkfmkAJelS2xYCrKBTz3WQdGI7fQ=
Subject key identifier: 1C:A8:4C:68:E2:6B:B1:FC:60:70:3D:28:C1:28:E9:BF:4D:A0:9D:50
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0993A5856EEB337CF484786856109842A1AD8768
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1350b3cb-6def-4283-90f3-051faef7a4e3.roa
Signing time: Mon 16 Dec 2024 00:00:00 +0000
ROA not before: Mon 16 Dec 2024 00:00:00 +0000
ROA not after: Mon 20 Jan 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.20.0.0/14 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:93:a5:85:6e:eb:33:7c:f4:84:78:68:56:10:98:42:a1:ad:87:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Dec 16 00:00:00 2024 GMT
Not After : Jan 20 23:59:59 2025 GMT
Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:07:6d:d5:4d:63:7e:f0:e6:c3:33:62:05:33:
6c:dc:d3:f3:5b:4c:13:e5:8d:ed:55:0e:de:b4:7d:
f4:44:ed:07:93:56:d4:2e:7d:e2:11:49:04:7f:a5:
75:0d:d8:5f:2e:9c:26:49:9a:90:89:27:50:de:ef:
83:7d:48:a6:23:4a:d0:3c:4a:24:72:1e:8d:f0:25:
6d:ab:94:e5:1e:c4:3c:da:53:b7:cd:72:2b:de:b0:
9b:cc:59:1f:47:72:5c:bf:fe:83:5d:18:6a:36:33:
1f:2f:a9:f0:1d:c1:77:6a:af:4f:ef:61:77:bd:4b:
fe:76:ad:a2:ec:8a:9e:b1:de:ad:f3:6f:49:83:85:
9d:5a:92:1e:14:1d:73:2c:eb:7e:4f:be:75:51:89:
5f:c7:a0:a5:f4:c7:ba:42:e7:3c:22:9e:9e:a4:86:
80:04:4b:8c:ba:4a:c3:94:4b:a3:3f:8a:83:1b:74:
e0:7f:b6:f5:93:8a:86:03:ea:4f:76:16:29:80:be:
2f:7a:3a:01:2c:28:6e:01:81:27:00:ec:79:53:00:
4e:51:c3:3a:30:e3:63:1e:d5:14:54:e6:68:27:80:
65:6d:f9:ca:d2:97:f7:0c:14:39:b4:5c:e8:4a:40:
df:2a:44:75:60:fc:ae:69:43:be:56:f5:0e:a5:d1:
d1:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:A8:4C:68:E2:6B:B1:FC:60:70:3D:28:C1:28:E9:BF:4D:A0:9D:50
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1350b3cb-6def-4283-90f3-051faef7a4e3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.20.0.0/14
Signature Algorithm: sha256WithRSAEncryption
a9:32:33:76:3b:c0:7d:99:7c:fc:50:91:10:99:8e:ee:b3:cf:
41:1f:4a:ef:9b:39:7c:23:4f:26:df:e9:97:87:5f:c2:db:50:
c8:27:6d:a6:ba:b6:79:de:a9:54:14:14:5e:23:00:e6:0f:e9:
35:f7:7b:84:07:1b:f9:cd:b9:1e:0e:b7:0e:d4:32:3f:a4:2f:
90:21:20:8c:d6:58:74:5b:f0:dd:6e:ea:43:b9:8e:d0:b3:71:
c4:2f:59:ab:73:c7:b1:37:9d:38:61:cf:1c:ac:41:65:a7:c2:
5c:46:e9:ed:bb:97:2b:00:74:f1:6a:13:cc:e1:48:55:05:ea:
d6:34:6b:34:37:0a:31:09:e1:34:57:df:14:dd:94:7d:e9:f5:
a1:34:2f:81:08:26:f2:ba:16:f5:d9:0a:15:08:64:23:08:b9:
db:b4:a0:bd:97:c9:74:71:c6:df:8b:6b:0b:9c:81:8d:35:42:
70:84:8e:2a:93:cc:c3:d6:9e:21:4a:ee:26:75:ca:8a:01:90:
2b:36:d8:9a:d7:bb:32:fa:32:7e:31:b2:46:7a:70:3a:01:e6:
7d:ba:e3:35:a7:ba:ef:0d:d5:33:72:38:82:12:42:50:38:57:
a9:b8:ed:88:a7:b7:51:b1:58:c0:52:b2:21:11:ee:fa:31:1d:
7d:ca:43:db
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCZOlhW7rM3z0hHhoVhCYQqGth2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDEyMTYwMDAwMDBaFw0yNTAxMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1MmE5ZjZiMTE5ZmEzYzQ2NDYyOTI3NmRjMjA0NjAzNWMxNGQwOThlM2Zm
NTQzNGQ2NzI3MTEzNmNmYzE2ZDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwHbdVNY37w5sMzYgUzbNzT81tME+WN7VUO3rR99ETtB5NW1C594hFJBH+l
dQ3YXy6cJkmakIknUN7vg31IpiNK0DxKJHIejfAlbauU5R7EPNpTt81yK96wm8xZ
H0dyXL/+g10YajYzHy+p8B3Bd2qvT+9hd71L/natouyKnrHerfNvSYOFnVqSHhQd
cyzrfk++dVGJX8egpfTHukLnPCKenqSGgARLjLpKw5RLoz+Kgxt04H+29ZOKhgPq
T3YWKYC+L3o6ASwobgGBJwDseVMATlHDOjDjYx7VFFTmaCeAZW35ytKX9wwUObRc
6EpA3ypEdWD8rmlDvlb1DqXR0RUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQcqExo
4mux/GBwPSjBKOm/TaCdUDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTM1MGIzY2ItNmRlZi00MjgzLTkwZjMtMDUxZmFlZjdhNGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjMUMA0G
CSqGSIb3DQEBCwUAA4IBAQCpMjN2O8B9mXz8UJEQmY7us89BH0rvmzl8I08m3+mX
h1/C21DIJ22murZ53qlUFBReIwDmD+k193uEBxv5zbkeDrcO1DI/pC+QISCM1lh0
W/DdbupDuY7Qs3HEL1mrc8exN504Yc8crEFlp8JcRuntu5crAHTxahPM4UhVBerW
NGs0NwoxCeE0V98U3ZR96fWhNC+BCCbyuhb12QoVCGQjCLnbtKC9l8l0ccbfi2sL
nIGNNUJwhI4qk8zD1p4hSu4mdcqKAZArNtia17sy+jJ+MbJGenA6AeZ9uuM1p7rv
DdUzcjiCEkJQOFepuO2Ip7dRsVjAUrIhEe76MR19ykPb
-----END CERTIFICATE-----
Generated at Sat Apr 5 15:37:12 2025 by rpki-client