Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/66ec7005-da32-4331-af29-ce60900e5f1f.roa
File: 66ec7005-da32-4331-af29-ce60900e5f1f.roa (raw, json)
Hash identifier: vaOhDNNu/X+Z5gY1YjbZnvOZSHVL0Ja4izmKsUaJ+Ic=
Subject key identifier: FD:D0:F1:C7:2A:BE:03:46:3C:4F:90:B2:50:6E:1E:64:1D:DE:73:09
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5F17DE410F1327179E5550767CCFE920D90980C6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/66ec7005-da32-4331-af29-ce60900e5f1f.roa
Signing time: Tue 07 Jan 2025 00:00:00 +0000
ROA not before: Tue 07 Jan 2025 00:00:00 +0000
ROA not after: Tue 11 Feb 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d079:4000::/40 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:17:de:41:0f:13:27:17:9e:55:50:76:7c:cf:e9:20:d9:09:80:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jan 7 00:00:00 2025 GMT
Not After : Feb 11 23:59:59 2025 GMT
Subject: serialNumber=01b6a8b7061192e612544a67122fce0b26502a51e970a6524b062e90fd7467ab, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:95:9c:3d:2f:1b:b0:da:41:18:de:3c:e5:d6:
2b:2f:80:dd:82:b0:68:39:72:d9:46:d6:45:0e:bb:
ff:c6:b2:28:83:6b:3c:4a:66:6c:40:b6:4f:0a:01:
db:27:a8:7b:70:2d:b6:16:1e:b4:2c:a7:4b:64:e7:
36:53:ad:e8:dc:b7:fe:8c:17:e9:a3:2c:8c:c2:d6:
5d:31:2f:44:38:72:0e:e5:75:32:8c:01:c2:a7:42:
62:b6:45:57:f9:6a:f9:fb:fa:48:5f:d5:80:8f:25:
a1:2a:c7:e3:32:af:2d:84:af:68:e4:54:65:8a:60:
fd:54:5f:20:eb:89:c0:4c:55:5c:fc:26:de:13:51:
6e:b9:20:34:5a:08:ab:90:68:64:25:03:d5:ce:d1:
88:fe:47:6b:18:9e:15:e5:a2:32:4f:d1:ec:2f:a0:
34:b9:6b:4e:55:74:22:02:10:ad:54:53:ff:bd:77:
69:fe:f5:61:5f:a9:f7:02:e8:54:ee:30:f3:2e:24:
38:62:b5:fc:29:84:d4:0b:6c:85:99:f1:8d:e5:e0:
f1:76:e9:c1:34:51:73:5d:4b:65:92:06:b9:34:bc:
c9:69:d3:f3:7d:f1:32:21:49:c3:6f:af:13:8a:6c:
f7:f6:1a:f5:21:4a:bd:3d:c9:d0:d4:b3:b0:51:4a:
25:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:D0:F1:C7:2A:BE:03:46:3C:4F:90:B2:50:6E:1E:64:1D:DE:73:09
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/66ec7005-da32-4331-af29-ce60900e5f1f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d079:4000::/40
Signature Algorithm: sha256WithRSAEncryption
83:ca:ba:89:2d:e8:ed:26:44:c9:0c:a0:8d:75:ff:c5:a6:94:
fb:63:db:7c:96:45:bd:bb:0f:36:08:d5:4b:82:3e:7a:18:90:
b1:a3:60:c3:4c:63:d9:45:1c:d4:60:83:f5:f1:96:ed:ea:ad:
35:36:17:fe:f7:30:52:41:73:bd:ce:73:fa:56:94:fa:08:99:
ea:06:98:cb:5a:ac:fb:a3:4c:ed:87:f7:58:14:f6:78:c6:bc:
50:e4:9d:6a:02:df:ca:2d:6c:66:36:db:ba:f2:92:9c:d4:e4:
82:ab:38:47:6d:b6:d4:77:f7:52:fe:aa:b0:7f:fd:49:91:ff:
f7:03:16:a1:94:da:7c:2d:9d:53:6f:b2:49:96:41:d2:7a:d4:
50:20:7a:29:ff:63:47:07:1b:4f:83:42:85:6e:4f:d5:c5:a8:
ff:9b:2e:4d:7b:b7:53:58:0e:dc:3a:cb:35:89:26:99:7d:5d:
1d:aa:21:fc:2e:5b:b3:99:66:36:4c:21:91:45:3f:72:c9:7c:
b5:a4:ce:b9:b1:5d:5e:50:13:c0:3e:e7:43:4b:60:cc:58:bd:
2c:0e:43:41:40:0b:88:e1:cf:b4:bf:c3:1a:0f:ed:46:c1:8f:
31:39:2f:20:be:89:b6:bb:eb:f6:74:d4:5f:50:68:a9:bd:d3:
5a:6c:b2:26
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXxfeQQ8TJxeeVVB2fM/pINkJgMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAxMDcwMDAwMDBaFw0yNTAyMTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDAxYjZhOGI3MDYxMTkyZTYxMjU0NGE2NzEyMmZjZTBiMjY1MDJhNTFlOTcw
YTY1MjRiMDYyZTkwZmQ3NDY3YWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANiVnD0vG7DaQRjePOXWKy+A3YKwaDly2UbWRQ67/8ayKINrPEpmbEC2TwoB
2yeoe3AtthYetCynS2TnNlOt6Ny3/owX6aMsjMLWXTEvRDhyDuV1MowBwqdCYrZF
V/lq+fv6SF/VgI8loSrH4zKvLYSvaORUZYpg/VRfIOuJwExVXPwm3hNRbrkgNFoI
q5BoZCUD1c7RiP5HaxieFeWiMk/R7C+gNLlrTlV0IgIQrVRT/713af71YV+p9wLo
VO4w8y4kOGK1/CmE1AtshZnxjeXg8XbpwTRRc11LZZIGuTS8yWnT833xMiFJw2+v
E4ps9/Ya9SFKvT3J0NSzsFFKJZkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT90PHH
Kr4DRjxPkLJQbh5kHd5zCTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjZlYzcwMDUtZGEzMi00MzMxLWFmMjktY2U2MDkwMGU1ZjFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HlA
MA0GCSqGSIb3DQEBCwUAA4IBAQCDyrqJLejtJkTJDKCNdf/FppT7Y9t8lkW9uw82
CNVLgj56GJCxo2DDTGPZRRzUYIP18Zbt6q01Nhf+9zBSQXO9znP6VpT6CJnqBpjL
Wqz7o0zth/dYFPZ4xrxQ5J1qAt/KLWxmNtu68pKc1OSCqzhHbbbUd/dS/qqwf/1J
kf/3AxahlNp8LZ1Tb7JJlkHSetRQIHop/2NHBxtPg0KFbk/Vxaj/my5Ne7dTWA7c
Oss1iSaZfV0dqiH8LluzmWY2TCGRRT9yyXy1pM65sV1eUBPAPudDS2DMWL0sDkNB
QAuI4c+0v8MaD+1GwY8xOS8gvom2u+v2dNRfUGipvdNabLIm
-----END CERTIFICATE-----
Generated at Thu Apr 17 05:10:58 2025 by rpki-client