Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d326f8cc-1ff8-487b-a402-194dc48b8195.roa
File: d326f8cc-1ff8-487b-a402-194dc48b8195.roa (raw, json)
Hash identifier: i8j5P+O3lXFhsrbauLykWXFdNXjZ8g4ijVoTLyHCN2g=
Subject key identifier: 21:93:0B:AE:C9:FF:B7:63:02:EC:B0:4D:FD:2C:7B:26:C8:CF:D4:8A
Certificate issuer: /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial: 07FBAC66F884395EEEAC2B4D8D42E34F4353D823
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access: rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d326f8cc-1ff8-487b-a402-194dc48b8195.roa
Signing time: Tue 03 Dec 2024 00:00:00 +0000
ROA not before: Tue 03 Dec 2024 00:00:00 +0000
ROA not after: Tue 07 Jan 2025 23:59:59 +0000
asID: 8987
IP address blocks: 16.156.0.0/14 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:fb:ac:66:f8:84:39:5e:ee:ac:2b:4d:8d:42:e3:4f:43:53:d8:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Validity
Not Before: Dec 3 00:00:00 2024 GMT
Not After : Jan 7 23:59:59 2025 GMT
Subject: serialNumber=873f52927c34a6797b2c0f7161698e47f3aae5938c138dfa7f4ff54e850ec626, CN=b25c970f-d813-445c-bfe2-62668518c87e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:36:3f:e8:b3:77:45:22:ff:b2:a0:3d:84:ba:
00:44:dd:d9:c7:dd:96:fb:f4:75:78:34:7f:0f:b5:
35:b4:8f:7a:e2:e3:28:aa:4e:27:34:af:3a:85:12:
18:1b:a0:ab:3b:88:81:b0:ae:23:2b:ed:ef:d9:2e:
fc:ce:c9:4a:4f:7b:9a:cc:fe:9b:cb:de:e7:a0:2e:
da:86:ee:36:bf:54:b0:1e:9a:88:0a:9c:f7:75:53:
74:7e:24:63:77:63:7b:c7:a4:7f:bf:7a:8a:15:ba:
d7:15:a6:3f:89:bd:a9:f8:35:00:da:55:5c:78:b5:
3b:9b:b6:31:44:20:cd:21:b8:8f:6e:59:f0:79:34:
14:0c:d2:19:f8:9d:04:97:0e:8c:9b:dc:54:b0:02:
a4:32:33:24:a6:28:7a:fa:d3:17:b5:d9:fe:eb:59:
e3:33:c1:ea:7f:bf:80:75:2d:4c:bd:8b:8c:70:97:
77:22:d2:38:65:2f:57:43:0f:bb:e8:59:1d:b6:38:
78:dd:20:96:03:48:73:a0:b4:46:15:b6:b0:8c:bd:
94:d2:f7:f8:08:b7:07:39:c5:7d:7f:f7:9d:57:44:
f1:51:39:2c:9b:44:1e:1d:59:18:25:c7:7e:dc:2f:
08:b3:4c:0e:ec:6d:4a:78:1a:dc:27:3e:94:ae:60:
77:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:93:0B:AE:C9:FF:B7:63:02:EC:B0:4D:FD:2C:7B:26:C8:CF:D4:8A
X509v3 Authority Key Identifier:
keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d326f8cc-1ff8-487b-a402-194dc48b8195.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
16.156.0.0/14
Signature Algorithm: sha256WithRSAEncryption
bb:67:b4:15:aa:27:34:fa:e8:ba:3a:43:e5:5a:fe:8b:76:bd:
aa:56:e0:11:4f:fe:0e:e8:7a:24:a1:8f:08:c1:69:21:2f:64:
08:0b:85:13:f7:b1:ab:92:70:5f:ae:38:9b:79:08:92:2b:08:
6b:0e:16:50:a9:a3:d8:ac:a7:d4:6b:57:3e:86:a3:a0:77:9a:
15:55:d4:b6:de:2b:e9:80:2c:ae:b5:21:09:2c:dc:df:e8:c5:
72:36:9b:45:e3:4a:5e:48:c2:58:68:73:5d:6a:b0:7d:5a:c2:
bd:6e:91:6b:49:45:7b:b6:1f:ba:cf:34:76:d2:08:12:6a:39:
45:53:25:e9:b9:98:57:3a:89:b2:f6:a8:3f:6b:bb:35:22:77:
e5:2f:ab:97:be:e1:9a:fb:43:f4:39:25:7a:62:e2:3e:04:49:
b7:7b:39:de:1a:0a:e2:9d:3a:a9:76:a4:1a:13:b9:fb:b2:63:
a1:57:f1:40:08:42:f0:c5:77:b1:0e:e9:7e:c7:9e:5d:7d:c8:
8a:93:e9:40:98:c4:3d:e7:a9:07:62:3e:be:d6:46:e3:00:ea:
d9:a4:9f:3b:5d:61:71:6f:ab:07:c0:e9:61:de:7a:12:ba:fa:
99:b7:bc:bb:bc:f4:13:37:f3:54:46:7b:d7:ec:eb:8e:ea:b8:
18:e6:3c:0f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUB/usZviEOV7urCtNjULjT0NT2CMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzNmNTI5MjdjMzRhNjc5N2IyYzBmNzE2MTY5OGU0N2Yz
YWFlNTkzOGMxMzhkZmE3ZjRmZjU0ZTg1MGVjNjI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrNj/os3dFIv+yoD2EugBE3dnH3Zb79HV4NH8PtTW0j3ri
4yiqTic0rzqFEhgboKs7iIGwriMr7e/ZLvzOyUpPe5rM/pvL3uegLtqG7ja/VLAe
mogKnPd1U3R+JGN3Y3vHpH+/eooVutcVpj+Jvan4NQDaVVx4tTubtjFEIM0huI9u
WfB5NBQM0hn4nQSXDoyb3FSwAqQyMySmKHr60xe12f7rWeMzwep/v4B1LUy9i4xw
l3ci0jhlL1dDD7voWR22OHjdIJYDSHOgtEYVtrCMvZTS9/gItwc5xX1/951XRPFR
OSybRB4dWRglx37cLwizTA7sbUp4GtwnPpSuYHfNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIZMLrsn/t2MC7LBN/Sx7JsjP1IowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzMjZmOGNjLTFmZjgtNDg3Yi1hNDAyLTE5NGRjNDhiODE5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIQnDANBgkqhkiG9w0BAQsFAAOCAQEAu2e0FaonNProujpD5Vr+i3a9qlbg
EU/+Duh6JKGPCMFpIS9kCAuFE/exq5JwX644m3kIkisIaw4WUKmj2Kyn1GtXPoaj
oHeaFVXUtt4r6YAsrrUhCSzc3+jFcjabReNKXkjCWGhzXWqwfVrCvW6Ra0lFe7Yf
us80dtIIEmo5RVMl6bmYVzqJsvaoP2u7NSJ35S+rl77hmvtD9DklemLiPgRJt3s5
3hoK4p06qXakGhO5+7JjoVfxQAhC8MV3sQ7pfseeXX3IipPpQJjEPeepB2I+vtZG
4wDq2aSfO11hcW+rB8DpYd56Err6mbe8u7z0EzfzVEZ71+zrjuq4GOY8Dw==
-----END CERTIFICATE-----
Generated at Wed Apr 16 16:47:02 2025 by rpki-client