Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f71d7429-ef0b-424d-9e36-741d62d1968a.roa
File: f71d7429-ef0b-424d-9e36-741d62d1968a.roa (raw, json)
Hash identifier: F/+KhL7DSM4AOeJc5gTUki/7QA89XJwYkA+8mPViFj4=
Subject key identifier: 4D:AA:24:8D:0B:EF:BB:5E:06:0F:61:BA:7A:BC:13:AF:53:FF:77:EF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 71C742E32EB1A055B4291194B7148D42E24765CC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f71d7429-ef0b-424d-9e36-741d62d1968a.roa
Signing time: Tue 07 Jan 2025 00:00:00 +0000
ROA not before: Tue 07 Jan 2025 00:00:00 +0000
ROA not after: Tue 11 Feb 2025 23:59:59 +0000
asID: 8987
IP address blocks: 51.208.0.0/15 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:c7:42:e3:2e:b1:a0:55:b4:29:11:94:b7:14:8d:42:e2:47:65:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jan 7 00:00:00 2025 GMT
Not After : Feb 11 23:59:59 2025 GMT
Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:e8:53:ec:e3:52:1e:f7:af:94:53:44:ec:a6:
33:73:fc:b0:de:ee:9b:fb:a2:a3:ae:6b:4e:dd:47:
e9:2f:21:0d:89:7b:81:a8:9d:17:93:a6:a4:37:6e:
5a:a5:b8:1f:e5:00:96:db:ce:6e:35:49:cd:f2:18:
e3:2c:df:a5:63:c7:aa:6a:bc:08:bb:a5:d3:1a:d5:
52:dc:ad:dc:b5:14:25:89:10:86:5c:43:a4:03:82:
d1:0b:d0:32:dd:f4:ca:73:f8:21:ad:85:70:4b:50:
f6:a0:f3:b3:76:af:66:42:9e:99:91:83:da:63:08:
e6:9f:d8:ef:84:4d:f3:f0:94:63:2d:ec:ea:26:6a:
b2:ac:7a:14:32:c7:8c:22:8c:89:6d:94:43:cc:cd:
cc:3f:25:b5:23:0c:57:6b:61:45:1e:cf:4c:a7:e2:
17:51:16:20:d1:e6:cf:31:80:e4:06:64:75:d5:e1:
66:2c:62:77:92:c9:c8:ec:e9:33:fe:3e:70:8c:08:
b7:fe:9c:3d:fc:05:7e:0e:eb:87:ff:22:e6:56:d2:
49:a3:dd:04:19:73:e1:2c:1c:84:d9:e5:50:55:a5:
59:96:16:4f:27:b2:43:36:26:a3:4b:ab:ea:4d:8a:
2a:38:32:e8:ef:f4:8a:fc:46:ac:8a:31:6c:e1:6a:
23:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:AA:24:8D:0B:EF:BB:5E:06:0F:61:BA:7A:BC:13:AF:53:FF:77:EF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f71d7429-ef0b-424d-9e36-741d62d1968a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.208.0.0/15
Signature Algorithm: sha256WithRSAEncryption
c0:e0:cd:75:83:ef:82:18:7f:1c:21:0c:b2:f7:f2:7f:bb:40:
bd:79:ad:99:49:9f:fc:82:05:67:b1:e1:b0:4d:a5:e3:30:2c:
38:a7:c0:63:2b:69:e3:97:da:64:83:2b:c7:bc:f7:10:8c:30:
89:bf:aa:fa:c2:5f:44:2f:4c:03:b0:16:05:dc:b1:ed:37:bc:
fc:b9:de:9c:5f:fc:19:27:b1:08:8e:60:b5:aa:60:46:bb:25:
c0:cd:22:b6:a0:ad:ba:50:8f:bb:f5:3a:ce:37:28:7a:48:31:
f0:7d:e7:e2:a3:2d:13:69:f5:8a:ea:32:76:60:96:d0:4f:25:
8c:99:17:99:17:f2:0e:04:e3:e4:1a:94:aa:9e:2d:3f:f6:45:
99:cb:87:00:b4:1a:dc:3f:18:c2:0a:36:d9:77:5f:2d:e2:00:
3d:95:17:60:cc:9d:7d:01:c5:9b:2c:20:bf:4a:dc:de:97:b4:
5e:15:2a:a9:b6:b7:05:a3:68:5c:c5:e0:c1:60:88:55:6e:a1:
24:45:a5:7f:57:43:a4:04:30:18:fb:59:85:c5:9b:e1:6b:a9:
35:08:44:ac:5b:51:22:96:7d:bc:d2:d1:0f:8b:dd:5b:4d:0d:
53:2a:cc:c7:bd:75:4c:19:ff:45:7c:73:9a:be:83:6f:cf:a2:
3f:43:6d:4a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUccdC4y6xoFW0KRGUtxSNQuJHZcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMDcwMDAwMDBaFw0yNTAyMTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGViOTZiMzE3YmMzY2VkMDg4OTZhM2IxNDQwYTQwMTI2Y2Y2MmZkNWY0NzZj
ZmU5NmMxYThmOThmYTMwM2Q2NTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJnoU+zjUh73r5RTROymM3P8sN7um/uio65rTt1H6S8hDYl7gaidF5OmpDdu
WqW4H+UAltvObjVJzfIY4yzfpWPHqmq8CLul0xrVUtyt3LUUJYkQhlxDpAOC0QvQ
Mt30ynP4Ia2FcEtQ9qDzs3avZkKemZGD2mMI5p/Y74RN8/CUYy3s6iZqsqx6FDLH
jCKMiW2UQ8zNzD8ltSMMV2thRR7PTKfiF1EWINHmzzGA5AZkddXhZixid5LJyOzp
M/4+cIwIt/6cPfwFfg7rh/8i5lbSSaPdBBlz4SwchNnlUFWlWZYWTyeyQzYmo0ur
6k2KKjgy6O/0ivxGrIoxbOFqI58CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRNqiSN
C++7XgYPYbp6vBOvU/937zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjcxZDc0MjktZWYwYi00MjRkLTllMzYtNzQxZDYyZDE5NjhhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPQMA0G
CSqGSIb3DQEBCwUAA4IBAQDA4M11g++CGH8cIQyy9/J/u0C9ea2ZSZ/8ggVnseGw
TaXjMCw4p8BjK2njl9pkgyvHvPcQjDCJv6r6wl9EL0wDsBYF3LHtN7z8ud6cX/wZ
J7EIjmC1qmBGuyXAzSK2oK26UI+79TrONyh6SDHwfefioy0TafWK6jJ2YJbQTyWM
mReZF/IOBOPkGpSqni0/9kWZy4cAtBrcPxjCCjbZd18t4gA9lRdgzJ19AcWbLCC/
Stzel7ReFSqptrcFo2hcxeDBYIhVbqEkRaV/V0OkBDAY+1mFxZvha6k1CESsW1Ei
ln280tEPi91bTQ1TKszHvXVMGf9FfHOavoNvz6I/Q21K
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:09:29 2025 by rpki-client