Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/40a62114-09f8-4383-abc5-a7d805c42d0a.roa
File: 40a62114-09f8-4383-abc5-a7d805c42d0a.roa (raw, json)
Hash identifier: 7slbQ5OqfWANgkhWCmTVRa08Au1QIntytRkURnFpnZ4=
Subject key identifier: A8:64:5C:3C:81:D4:5D:3D:46:F2:14:ED:AD:31:69:9E:5D:76:F9:14
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 14BB76E364FB5A9A8A5FFE456ADE3949C8478595
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/40a62114-09f8-4383-abc5-a7d805c42d0a.roa
Signing time: Mon 01 Apr 2024 00:00:00 +0000
ROA not before: Mon 01 Apr 2024 00:00:00 +0000
ROA not after: Mon 06 May 2024 23:59:59 +0000
asID: 8987
IP address blocks: 2a11:47c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Apr 2024 20:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:bb:76:e3:64:fb:5a:9a:8a:5f:fe:45:6a:de:39:49:c8:47:85:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 1 00:00:00 2024 GMT
Not After : May 6 23:59:59 2024 GMT
Subject: serialNumber=cbbe9517be57be7677a10e970fbe29c8d4d10ef9929c1a67329ac569144d6e4e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a8:99:fb:ff:cf:08:7f:39:23:c3:44:25:43:
2a:e0:34:e2:a7:a0:20:f0:9d:2d:22:1c:0c:20:44:
53:0d:bd:ad:09:47:d6:c2:9e:e0:0e:dc:f1:16:ec:
3c:97:f9:10:3d:d4:e0:97:ec:2e:a1:e5:d0:51:52:
43:79:02:a3:a2:7e:c7:72:ee:e9:20:96:23:d2:8f:
0f:3f:af:0a:c2:57:c7:92:59:de:93:5a:21:38:e1:
4e:c2:82:a7:fd:f6:f5:7e:91:f8:dc:00:92:d1:b2:
ed:b2:55:cf:89:ea:9d:1f:46:f9:4f:87:79:37:d3:
99:71:06:ee:36:bd:f3:ba:f8:32:29:3b:49:db:20:
1b:86:9b:d0:3b:1a:28:58:e6:0d:93:ca:fc:43:35:
ce:24:98:52:90:4e:db:50:34:7a:ee:be:bc:1f:0b:
4d:db:55:2f:79:85:60:d2:21:6f:13:cf:89:03:03:
28:48:36:07:5c:f1:f4:65:fd:65:7f:ff:1d:08:7d:
99:68:dd:b2:99:87:63:e3:25:c2:99:1f:82:35:7c:
47:47:55:ab:6c:61:6f:e6:d9:3f:e1:8d:57:ff:82:
9d:aa:a7:30:51:d0:31:66:d0:b6:f4:88:1b:16:63:
0d:72:86:04:d7:ce:86:33:9d:39:f4:84:62:d7:bd:
61:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:64:5C:3C:81:D4:5D:3D:46:F2:14:ED:AD:31:69:9E:5D:76:F9:14
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/40a62114-09f8-4383-abc5-a7d805c42d0a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:47c0::/29
Signature Algorithm: sha256WithRSAEncryption
ac:ba:03:3d:7c:2a:fe:9c:33:35:bb:05:7c:22:bf:d2:8b:15:
ad:5f:92:dc:f6:bd:f5:ee:3c:99:bd:3d:04:18:a3:e3:5b:5c:
1b:27:ef:6f:ed:c5:39:d8:4b:cd:3f:33:f6:67:2b:75:35:42:
58:bf:64:e4:9b:78:15:05:61:b4:9f:25:65:c4:4e:89:04:95:
7a:95:03:6c:d3:19:95:9f:4e:4d:48:cd:d6:2c:5f:26:a9:dc:
84:a0:7a:10:70:ae:7c:8f:51:c8:f0:75:64:73:43:59:db:72:
73:0f:20:19:6b:e4:bc:5c:d8:56:c8:67:e3:a6:1e:4c:04:d0:
24:d3:32:87:dc:f7:91:c4:71:31:7b:13:72:6c:6a:6b:1d:17:
6c:09:32:54:3a:80:02:57:fc:ca:87:99:03:7c:40:69:98:71:
12:66:92:ea:86:0a:7d:f7:ab:47:4f:b9:b9:cd:56:01:72:03:
bd:e7:cd:ca:67:60:54:7b:cd:2b:e9:b3:c3:f1:37:b2:fe:a5:
56:8b:d1:0c:92:cd:e1:a1:6a:6e:c6:b6:0c:3f:49:d7:b8:e7:
73:5e:de:38:8d:35:1b:03:b0:e0:ab:f9:82:4e:ac:de:e7:88:
f0:bb:8e:72:b2:f0:cd:89:c2:dd:13:ad:d8:b7:09:c3:2b:d4:
95:6b:d1:96
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUFLt242T7WpqKX/5Fat45SchHhZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA0MDEwMDAwMDBaFw0yNDA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiYmU5NTE3YmU1N2JlNzY3N2ExMGU5NzBmYmUyOWM4ZDRkMTBlZjk5Mjlj
MWE2NzMyOWFjNTY5MTQ0ZDZlNGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMuomfv/zwh/OSPDRCVDKuA04qegIPCdLSIcDCBEUw29rQlH1sKe4A7c8Rbs
PJf5ED3U4JfsLqHl0FFSQ3kCo6J+x3Lu6SCWI9KPDz+vCsJXx5JZ3pNaITjhTsKC
p/329X6R+NwAktGy7bJVz4nqnR9G+U+HeTfTmXEG7ja987r4Mik7SdsgG4ab0Dsa
KFjmDZPK/EM1ziSYUpBO21A0eu6+vB8LTdtVL3mFYNIhbxPPiQMDKEg2B1zx9GX9
ZX//HQh9mWjdspmHY+MlwpkfgjV8R0dVq2xhb+bZP+GNV/+CnaqnMFHQMWbQtvSI
GxZjDXKGBNfOhjOdOfSEYte9YYUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBSoZFw8
gdRdPUbyFO2tMWmeXXb5FDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDBhNjIxMTQtMDlmOC00MzgzLWFiYzUtYTdkODA1YzQyZDBhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBAKy6Az18Kv6cMzW7BXwiv9KLFa1fktz2vfXuPJm9
PQQYo+NbXBsn72/txTnYS80/M/ZnK3U1Qli/ZOSbeBUFYbSfJWXETokElXqVA2zT
GZWfTk1IzdYsXyap3ISgehBwrnyPUcjwdWRzQ1nbcnMPIBlr5Lxc2FbIZ+OmHkwE
0CTTMofc95HEcTF7E3JsamsdF2wJMlQ6gAJX/MqHmQN8QGmYcRJmkuqGCn33q0dP
ubnNVgFyA73nzcpnYFR7zSvps8PxN7L+pVaL0QySzeGham7Gtgw/Sde453Ne3jiN
NRsDsOCr+YJOrN7niPC7jnKy8M2Jwt0Trdi3CcMr1JVr0ZY=
-----END CERTIFICATE-----
Generated at Thu Apr 18 00:46:56 2024 by rpki-client on console-fra.rpki-client.org