Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3132158f-89b9-4064-adce-f249f4489521.roa
File: 3132158f-89b9-4064-adce-f249f4489521.roa (raw, json)
Hash identifier: 2/OYnuJI60kpMd+GfOA+uvtRkMQBHC0tkNIoDQqzUIc=
Subject key identifier: 32:F9:9C:EC:BC:5A:87:88:66:38:15:8D:FA:A3:8D:2E:67:B0:C6:EB
Certificate issuer: /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial: 26ED27AD0FF04C09232FD6512A36006F86260315
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3132158f-89b9-4064-adce-f249f4489521.roa
Signing time: Fri 21 Mar 2025 00:00:15 +0000
ROA not before: Fri 21 Mar 2025 00:00:15 +0000
ROA not after: Fri 25 Apr 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2406:da60:2800::/40 maxlen: 48
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:ed:27:ad:0f:f0:4c:09:23:2f:d6:51:2a:36:00:6f:86:26:03:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F635F0000
Validity
Not Before: Mar 21 00:00:15 2025 GMT
Not After : Apr 25 23:59:59 2025 GMT
Subject: CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:66:6a:ac:53:0b:ea:70:9a:c1:15:52:e6:b1:
71:fa:1e:38:cb:ac:79:12:6b:85:85:0e:9a:53:f4:
53:72:b5:49:03:5d:ef:1f:32:b4:7a:3e:a3:46:5d:
5c:70:23:aa:8f:f6:ff:8c:b5:89:b9:bb:dc:24:57:
07:5a:56:95:f9:aa:29:6c:11:7a:07:d5:5e:31:a4:
4a:66:1b:f9:33:cf:85:b0:5e:48:3e:89:ab:18:78:
db:eb:3c:5e:15:d1:32:a3:e8:17:3f:0a:8b:7c:f7:
e0:3d:af:da:6f:49:2b:05:34:15:d8:3e:93:84:5b:
29:3e:32:d7:23:f3:c5:c3:b9:cf:02:af:81:4f:e8:
bc:b9:aa:0a:72:0a:44:05:95:37:53:ff:b0:28:9d:
42:ef:6f:a5:cc:b8:3f:95:81:78:5d:b8:3a:c4:c2:
e6:4c:53:29:10:2a:b1:f0:1d:42:1d:ff:f8:2c:d2:
7c:8d:bf:fa:c5:cd:65:21:69:12:d6:3c:f5:d8:33:
83:cd:f3:6a:21:31:55:43:cb:32:29:be:21:92:ae:
ee:9d:9d:bf:c1:e2:aa:ab:1f:bd:e9:f8:1e:b6:9c:
64:a3:88:2c:fc:4c:61:a0:a4:b2:32:e0:dd:ed:b1:
11:6a:df:70:76:7c:d4:e8:6f:f9:cd:51:6f:49:0e:
f4:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:F9:9C:EC:BC:5A:87:88:66:38:15:8D:FA:A3:8D:2E:67:B0:C6:EB
X509v3 Authority Key Identifier:
keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3132158f-89b9-4064-adce-f249f4489521.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2406:da60:2800::/40
Signature Algorithm: sha256WithRSAEncryption
22:16:e5:d7:45:0e:04:d3:a4:05:c3:70:4b:60:b4:d3:80:60:
99:46:1f:a0:23:88:72:09:aa:19:6f:76:99:5b:dd:0a:e8:94:
87:b8:8b:db:90:7d:3f:16:db:6b:50:d6:8e:17:84:32:fd:d8:
72:54:e1:02:7d:8e:78:3e:f0:99:b4:7a:23:b9:fe:3e:9e:a3:
6b:2e:0c:de:94:3a:db:01:55:c4:8a:fb:43:a0:a7:6d:94:63:
5d:fd:3e:6b:fe:bf:31:ce:a9:42:70:f5:5b:67:b2:1f:89:5c:
50:7f:65:0b:a1:71:02:c3:aa:2c:4e:1e:7a:58:ec:a8:11:9f:
8b:b6:1f:7a:ae:8d:5c:9c:e9:94:61:df:2a:be:7a:f1:00:80:
45:cb:ac:c3:18:33:7d:22:7c:cc:75:2d:fb:22:b8:65:09:ea:
fb:6a:3e:31:64:4a:99:55:0b:2d:29:d4:42:9f:fa:66:07:3c:
60:4c:92:12:c2:07:08:3d:5c:46:69:5a:17:9b:e7:be:c3:5a:
ff:ed:9c:1c:b4:43:b9:ba:8b:ec:3d:f1:df:0c:94:cc:41:ab:
79:d3:ea:68:9b:d2:cd:4c:63:4e:b2:07:12:e8:dc:eb:0a:6b:
fc:f6:e3:62:34:3c:5b:9c:a2:79:4f:13:b2:73:32:7b:cf:54:
30:8a:b7:a5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJu0nrQ/wTAkjL9ZRKjYAb4YmAxUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyMTAwMDAxNVoX
DTI1MDQyNTIzNTk1OVowejFJMEcGA1UEBRNAODJhNjE1MTgxYjhlYTE3Yjc0NmJj
N2NmMzRkNTIwNjEyOTNmYjkyYzdmZDU0MDFjM2E3NGRiMTU4Mjg3YzQ3NTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWZqrFML6nCawRVS5rFx+h44y6x5
EmuFhQ6aU/RTcrVJA13vHzK0ej6jRl1ccCOqj/b/jLWJubvcJFcHWlaV+aopbBF6
B9VeMaRKZhv5M8+FsF5IPomrGHjb6zxeFdEyo+gXPwqLfPfgPa/ab0krBTQV2D6T
hFspPjLXI/PFw7nPAq+BT+i8uaoKcgpEBZU3U/+wKJ1C72+lzLg/lYF4Xbg6xMLm
TFMpECqx8B1CHf/4LNJ8jb/6xc1lIWkS1jz12DODzfNqITFVQ8syKb4hkq7unZ2/
weKqqx+96fgetpxko4gs/ExhoKSyMuDd7bERat9wdnzU6G/5zVFvSQ70DQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDL5nOy8WoeIZjgVjfqjjS5nsMbrMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMxMzIxNThmLTg5YjktNDA2NC1hZGNlLWYyNDlmNDQ4OTUyMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYCgwDQYJKoZIhvcNAQELBQADggEBACIW5ddFDgTTpAXDcEtg
tNOAYJlGH6AjiHIJqhlvdplb3QrolIe4i9uQfT8W22tQ1o4XhDL92HJU4QJ9jng+
8Jm0eiO5/j6eo2suDN6UOtsBVcSK+0Ogp22UY139Pmv+vzHOqUJw9Vtnsh+JXFB/
ZQuhcQLDqixOHnpY7KgRn4u2H3qujVyc6ZRh3yq+evEAgEXLrMMYM30ifMx1Lfsi
uGUJ6vtqPjFkSplVCy0p1EKf+mYHPGBMkhLCBwg9XEZpWheb577DWv/tnBy0Q7m6
i+w98d8MlMxBq3nT6mib0s1MY06yBxLo3OsKa/z242I0PFuconlPE7JzMnvPVDCK
t6U=
-----END CERTIFICATE-----
Generated at Fri Apr 4 23:45:31 2025 by rpki-client