Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
File: 90e43ec0-92f9-420a-8158-7b97f7f32b51.roa (raw, json)
Hash identifier: dikQSPoTqaesmxmH3+W7gL/ANLgT7XadVvnnBdpPsSI=
Subject key identifier: FD:44:BC:F0:C8:36:66:5D:1C:64:41:BB:A2:FE:01:F8:AA:AC:75:CB
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 508D9DF9347CC56BC32E311D3CE50822538DA6CB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
Signing time: Tue 07 Jan 2025 00:00:00 +0000
ROA not before: Tue 07 Jan 2025 00:00:00 +0000
ROA not after: Tue 11 Feb 2025 23:59:59 +0000
asID: 8987
IP address blocks: 143.65.128.0/18 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:8d:9d:f9:34:7c:c5:6b:c3:2e:31:1d:3c:e5:08:22:53:8d:a6:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jan 7 00:00:00 2025 GMT
Not After : Feb 11 23:59:59 2025 GMT
Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b2:3e:8d:ce:57:40:ea:d7:a0:c3:b6:f9:7e:
de:da:47:d8:df:fe:d3:4f:29:ad:5f:e0:10:04:88:
d0:a1:df:aa:7a:6a:03:be:1b:cf:87:00:5e:b8:81:
ab:83:93:42:07:98:fd:1a:5e:0e:5a:3f:98:65:70:
ba:84:17:fe:bd:1f:56:77:79:a2:ef:24:2d:7c:e7:
c9:02:54:f1:9a:13:f1:a4:3e:bd:c0:96:01:07:ec:
b0:ff:cc:d1:e7:3c:20:c9:a1:96:2a:2c:3a:91:a5:
0c:a4:e2:68:c1:70:71:01:c1:3a:27:3b:41:49:5c:
08:58:4c:28:25:c9:51:46:e8:76:0a:d6:1f:59:8f:
20:8f:32:57:4a:41:0c:dd:cf:7b:8e:77:2c:f7:7c:
d0:d5:72:0d:eb:f0:55:7d:4d:23:13:1b:86:5e:23:
13:77:c5:d3:73:9e:66:eb:74:ed:1c:72:62:15:5c:
05:48:94:43:d0:f3:08:e9:d6:d9:70:93:7e:9e:10:
0d:58:08:32:2e:56:1e:0c:6e:58:f5:c1:c1:0d:63:
29:1a:45:50:a6:b8:02:aa:bb:02:d4:00:22:7f:bb:
f5:b1:09:f9:97:e4:5e:00:85:f9:3c:3e:02:a5:ce:
fa:16:9b:e7:82:26:ab:da:c2:9b:0e:1f:f6:e2:da:
14:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:44:BC:F0:C8:36:66:5D:1C:64:41:BB:A2:FE:01:F8:AA:AC:75:CB
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.128.0/18
Signature Algorithm: sha256WithRSAEncryption
1c:fd:0f:17:9f:0b:c7:06:bb:80:fb:10:22:5b:07:bc:8a:8f:
51:a1:d8:80:7e:81:6b:68:72:b7:54:a1:ba:78:13:f5:77:31:
03:44:54:b4:e1:55:31:e4:45:17:bb:78:6d:46:f3:b4:37:f4:
a1:29:58:b6:3f:50:87:57:de:0a:c5:3f:03:77:4d:24:df:64:
36:6c:ee:09:18:cd:80:8d:67:ea:f4:9c:bd:7c:78:6c:54:11:
bf:68:e5:15:fc:e1:32:e6:76:0f:a1:49:58:e2:b3:c8:60:da:
79:5a:00:80:98:2d:f6:89:e9:1f:de:4a:0f:18:bf:06:95:4d:
52:14:7c:f6:59:2e:53:4f:40:09:b7:41:24:d6:9a:54:c6:d0:
33:24:54:bd:d7:61:9a:fa:27:ab:28:ea:96:65:82:c1:fb:b6:
9a:41:da:d3:e3:bd:b7:d1:6b:52:7f:6c:40:54:f9:0c:df:03:
d4:f4:a3:46:4d:64:0e:01:68:2a:85:0f:18:76:1e:b5:e8:33:
0b:9d:4c:36:c5:2b:e3:4b:b9:93:6a:8e:6a:73:89:b1:46:30:
79:74:2d:d7:19:00:31:a1:c0:8f:5a:b0:0d:fc:47:7d:65:c4:
76:8b:1c:96:9e:78:b4:31:a1:2d:cc:32:96:5d:2d:fc:7a:52:
3e:95:3c:c9
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUUI2d+TR8xWvDLjEdPOUIIlONpsswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMDcwMDAwMDBaFw0yNTAyMTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmZDQzNjVhZTc4YWU1M2Y4NGMxMGI2ZmJhMTQ1ODc2MTA3YjE2YmQ4ZDdm
MTViMmYxMjdlMTY5MGY2ZGVlYmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGyPo3OV0Dq16DDtvl+3tpH2N/+008prV/gEASI0KHfqnpqA74bz4cAXriB
q4OTQgeY/RpeDlo/mGVwuoQX/r0fVnd5ou8kLXznyQJU8ZoT8aQ+vcCWAQfssP/M
0ec8IMmhliosOpGlDKTiaMFwcQHBOic7QUlcCFhMKCXJUUbodgrWH1mPII8yV0pB
DN3Pe453LPd80NVyDevwVX1NIxMbhl4jE3fF03OeZut07RxyYhVcBUiUQ9DzCOnW
2XCTfp4QDVgIMi5WHgxuWPXBwQ1jKRpFUKa4Aqq7AtQAIn+79bEJ+ZfkXgCF+Tw+
AqXO+hab54Imq9rCmw4f9uLaFDsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT9RLzw
yDZmXRxkQbui/gH4qqx1yzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTBlNDNlYzAtOTJmOS00MjBhLTgxNTgtN2I5N2Y3ZjMyYjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEAHP0PF58Lxwa7gPsQIlsHvIqPUaHYgH6Ba2hyt1Sh
ungT9XcxA0RUtOFVMeRFF7t4bUbztDf0oSlYtj9Qh1feCsU/A3dNJN9kNmzuCRjN
gI1n6vScvXx4bFQRv2jlFfzhMuZ2D6FJWOKzyGDaeVoAgJgt9onpH95KDxi/BpVN
UhR89lkuU09ACbdBJNaaVMbQMyRUvddhmvonqyjqlmWCwfu2mkHa0+O9t9FrUn9s
QFT5DN8D1PSjRk1kDgFoKoUPGHYetegzC51MNsUr40u5k2qOanOJsUYweXQt1xkA
MaHAj1qwDfxHfWXEdosclp54tDGhLcwyll0t/HpSPpU8yQ==
-----END CERTIFICATE-----
Generated at Sat Apr 5 15:31:43 2025 by rpki-client