Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
File: 1daf6597-c039-470d-a015-f42507e1afef.roa (raw, json)
Hash identifier: /DyTQP07Nyt+Ny2QkMTnKi/FihI8f+KP6p1x8VzNO30=
Subject key identifier: F1:43:24:E5:38:9C:F8:A0:04:5B:81:CD:1D:48:86:8B:A4:56:4D:AB
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 24D44AEF2E12E4BDC9F63020EEBFA102EF9CE0F5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
Signing time: Mon 18 Nov 2024 00:00:00 +0000
ROA not before: Mon 18 Nov 2024 00:00:00 +0000
ROA not after: Mon 23 Dec 2024 23:59:59 +0000
asID: 16509
IP address blocks: 51.172.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 17:16:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:d4:4a:ef:2e:12:e4:bd:c9:f6:30:20:ee:bf:a1:02:ef:9c:e0:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 18 00:00:00 2024 GMT
Not After : Dec 23 23:59:59 2024 GMT
Subject: serialNumber=23116b953070140ecbdbc0a0ca0b13092e198d481c9515d46d498e0b47aec0e7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:79:f8:f0:29:81:ff:c1:b9:ed:a7:28:a4:3a:
64:c4:c5:4c:49:9f:d8:ff:de:93:7b:c0:19:13:fa:
33:cf:b5:98:23:2a:c4:04:ef:91:ad:a6:13:b9:db:
89:1b:5d:dd:f7:66:b8:0f:27:f8:db:ba:25:3b:75:
6d:bf:16:a4:68:ec:a5:f0:5b:3f:e6:0c:6d:0a:14:
53:45:1e:8d:72:f2:39:6f:c1:f8:85:57:15:bf:c2:
99:5b:71:51:26:57:28:3e:5d:66:45:45:a3:fd:8b:
e3:64:12:06:4f:f0:d9:83:8f:86:3c:ea:fb:26:4c:
52:03:1f:d1:45:ec:2b:d5:86:f6:79:63:ca:5f:ae:
01:c4:3f:9a:c3:6a:e2:f8:86:26:f2:9e:f8:9c:45:
6f:f0:69:26:eb:b1:fe:4b:15:98:62:76:ce:3a:06:
e2:b5:f8:e9:29:11:89:40:07:45:9e:7f:5f:01:01:
17:7c:e5:e5:6f:9e:c1:67:b7:e5:ba:c5:3c:d2:bb:
79:33:a9:f2:bb:04:ce:e3:49:44:f0:8d:fb:b5:c7:
16:00:d6:1c:07:8f:e6:3b:20:1d:6d:39:8b:9f:19:
f5:e8:b4:d4:d7:2a:88:16:61:bb:cb:0b:07:f9:84:
64:98:41:13:c8:bb:58:91:5b:2a:3c:74:e4:d9:90:
20:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:43:24:E5:38:9C:F8:A0:04:5B:81:CD:1D:48:86:8B:A4:56:4D:AB
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.172.0.0/15
Signature Algorithm: sha256WithRSAEncryption
4f:d6:5e:c0:dc:d4:f1:8c:fd:1d:ee:26:9e:63:18:85:82:36:
e3:de:10:b0:0a:29:49:bf:d5:b2:8f:b3:83:88:8a:10:19:e3:
14:91:b2:f6:f1:86:12:07:c7:ce:4e:15:a4:fe:f2:a2:2c:aa:
8f:58:56:6b:bf:21:fe:12:d8:a2:d3:21:d8:42:06:56:45:91:
0b:12:ed:33:63:67:79:99:cc:14:b1:dd:5d:cc:35:fc:c7:4a:
69:e6:4a:33:fe:b6:ea:ce:2d:d7:97:29:be:8e:d0:a6:49:a8:
b5:c7:ea:a9:94:c0:29:42:3b:41:c1:11:61:ae:74:87:09:5e:
87:26:fa:00:10:6f:e5:f2:06:c6:0e:15:42:bc:7a:df:45:77:
38:95:ba:3a:50:95:25:22:1f:2d:70:99:2c:a7:0b:4f:0a:6f:
d0:9e:aa:7c:69:e9:76:7e:1c:07:0c:6c:11:89:04:3a:0d:d0:
a4:be:7b:61:3e:4c:42:96:b8:69:06:5b:59:a4:7e:4b:ee:50:
63:9b:33:3d:b3:99:26:d8:9a:fa:af:18:70:d1:06:de:86:3a:
67:f6:37:b9:11:09:ff:97:8f:94:6e:d8:c8:3b:d9:70:b1:b3:
54:db:f5:4d:a6:c1:85:f9:23:ac:35:a9:1d:ca:bb:fb:56:24:
15:57:3d:1b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJNRK7y4S5L3J9jAg7r+hAu+c4PUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDExMTgwMDAwMDBaFw0yNDEyMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzMTE2Yjk1MzA3MDE0MGVjYmRiYzBhMGNhMGIxMzA5MmUxOThkNDgxYzk1
MTVkNDZkNDk4ZTBiNDdhZWMwZTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALp5+PApgf/Bue2nKKQ6ZMTFTEmf2P/ek3vAGRP6M8+1mCMqxATvka2mE7nb
iRtd3fdmuA8n+Nu6JTt1bb8WpGjspfBbP+YMbQoUU0UejXLyOW/B+IVXFb/CmVtx
USZXKD5dZkVFo/2L42QSBk/w2YOPhjzq+yZMUgMf0UXsK9WG9nljyl+uAcQ/msNq
4viGJvKe+JxFb/BpJuux/ksVmGJ2zjoG4rX46SkRiUAHRZ5/XwEBF3zl5W+ewWe3
5brFPNK7eTOp8rsEzuNJRPCN+7XHFgDWHAeP5jsgHW05i58Z9ei01NcqiBZhu8sL
B/mEZJhBE8i7WJFbKjx05NmQIGMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTxQyTl
OJz4oARbgc0dSIaLpFZNqzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRhZjY1OTctYzAzOS00NzBkLWEwMTUtZjQyNTA3ZTFhZmVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQBP1l7A3NTxjP0d7iaeYxiFgjbj3hCwCilJv9Wyj7OD
iIoQGeMUkbL28YYSB8fOThWk/vKiLKqPWFZrvyH+Etii0yHYQgZWRZELEu0zY2d5
mcwUsd1dzDX8x0pp5koz/rbqzi3Xlym+jtCmSai1x+qplMApQjtBwRFhrnSHCV6H
JvoAEG/l8gbGDhVCvHrfRXc4lbo6UJUlIh8tcJkspwtPCm/Qnqp8ael2fhwHDGwR
iQQ6DdCkvnthPkxClrhpBltZpH5L7lBjmzM9s5km2Jr6rxhw0Qbehjpn9je5EQn/
l4+UbtjIO9lwsbNU2/VNpsGF+SOsNakdyrv7ViQVVz0b
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:03:28 2024 by rpki-client on console-fra.rpki-client.org