Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6b8f6f39-f637-434c-84f1-a8371e897703.roa
File: 6b8f6f39-f637-434c-84f1-a8371e897703.roa (raw, json)
Hash identifier: PS/VsBzXs8vw25uj1S9HFwJDwMn1kAMtM5XDLFk0+oQ=
Subject key identifier: E0:17:FD:A7:C7:01:2E:C1:7D:6D:14:60:8E:53:F1:D1:E2:EE:4B:1A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4A1E6AC979E52CEA8077285BD6362D251B436D78
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6b8f6f39-f637-434c-84f1-a8371e897703.roa
Signing time: Mon 01 Apr 2024 00:00:00 +0000
ROA not before: Mon 01 Apr 2024 00:00:00 +0000
ROA not after: Mon 06 May 2024 23:59:59 +0000
asID: 8987
IP address blocks: 51.129.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 26 Apr 2024 14:10:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:1e:6a:c9:79:e5:2c:ea:80:77:28:5b:d6:36:2d:25:1b:43:6d:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 1 00:00:00 2024 GMT
Not After : May 6 23:59:59 2024 GMT
Subject: serialNumber=f55b0eda3b161d20db9587aaf6258f5a287d810b32881c0b77bf94046a8b396b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:65:43:e8:a7:97:f0:9c:9d:5b:c3:3f:5f:3f:
06:28:92:df:74:8b:52:3d:44:6e:23:09:8a:0a:a4:
83:10:b3:91:25:79:44:d9:c6:61:b5:48:66:4c:df:
98:d2:63:46:96:59:4c:ac:14:79:1d:30:36:22:65:
c5:c9:54:94:f4:ee:76:12:77:6c:06:f1:ad:88:ef:
81:96:e7:c6:e6:f5:64:27:df:0b:eb:db:b6:33:02:
84:ef:f2:a8:e5:72:42:5a:30:7e:6c:10:2c:49:da:
ca:91:c1:c3:6b:60:28:d1:ae:97:5f:17:bc:0c:20:
28:1a:86:24:59:25:18:ff:22:e5:69:9d:10:23:e1:
ca:c1:f0:d9:df:ec:01:fe:0a:0c:1c:5a:2f:99:a6:
98:0b:5a:cb:e4:15:85:13:ce:9d:f8:f7:04:a2:bb:
18:8b:2e:cd:08:5e:ea:80:a3:00:0a:af:4e:8b:0b:
0c:5d:fc:f6:5f:25:61:f2:5b:67:aa:eb:1f:b2:46:
5b:43:2f:31:f9:b4:1d:b2:3d:bb:07:99:aa:b1:6f:
b0:11:a5:3f:33:85:f4:83:38:19:92:fc:43:27:11:
e6:43:e3:7b:21:18:19:f6:49:b8:d9:f9:9d:83:4e:
be:1c:f3:2d:1d:93:52:26:c9:91:35:6a:f3:9e:08:
10:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:17:FD:A7:C7:01:2E:C1:7D:6D:14:60:8E:53:F1:D1:E2:EE:4B:1A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6b8f6f39-f637-434c-84f1-a8371e897703.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.129.0.0/16
Signature Algorithm: sha256WithRSAEncryption
99:2e:b8:a0:2a:3e:ac:9c:1a:a0:ef:3c:28:98:11:0d:f2:c9:
33:11:3b:0a:3c:8f:fd:db:ec:3b:cb:12:ca:ef:8a:b2:8e:77:
7a:dc:d8:48:2a:35:61:dd:1b:aa:2b:5f:90:e8:b8:c0:32:f6:
d1:17:d0:78:e1:b7:a6:02:75:ae:06:22:e5:5f:3d:4a:08:02:
c8:11:d1:a4:77:72:b3:ae:14:fd:b7:17:3d:6e:27:91:a6:70:
31:ab:4c:49:fc:27:fa:5c:59:ef:53:dc:4e:b8:a4:67:71:85:
ef:84:b4:52:44:7d:4d:eb:e8:c1:a1:64:5e:1d:c6:1c:f7:05:
e9:f5:bb:e6:48:20:18:3b:5d:de:17:52:a2:ac:9a:d8:a1:15:
1a:f2:d6:60:99:a7:3f:13:cf:cc:bb:b9:7a:b1:74:c4:dd:21:
26:1b:d3:6e:f7:c2:53:aa:3a:91:58:5e:68:ab:cd:eb:88:ad:
d4:5a:bb:b6:b8:dd:d6:4c:be:76:84:4a:0c:46:5e:d1:56:d9:
47:70:23:43:ed:db:e5:49:15:d3:3c:c3:60:37:f3:72:5f:07:
7b:f2:f7:a1:14:7d:28:b5:29:0a:ff:ec:8f:fb:0e:1d:22:e4:
a6:b0:f4:68:89:46:d6:a0:5f:c9:1f:b0:68:56:aa:00:aa:98:
bf:6f:21:aa
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSh5qyXnlLOqAdyhb1jYtJRtDbXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA0MDEwMDAwMDBaFw0yNDA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGY1NWIwZWRhM2IxNjFkMjBkYjk1ODdhYWY2MjU4ZjVhMjg3ZDgxMGIzMjg4
MWMwYjc3YmY5NDA0NmE4YjM5NmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5lQ+inl/CcnVvDP18/BiiS33SLUj1EbiMJigqkgxCzkSV5RNnGYbVIZkzf
mNJjRpZZTKwUeR0wNiJlxclUlPTudhJ3bAbxrYjvgZbnxub1ZCffC+vbtjMChO/y
qOVyQlowfmwQLEnaypHBw2tgKNGul18XvAwgKBqGJFklGP8i5WmdECPhysHw2d/s
Af4KDBxaL5mmmAtay+QVhRPOnfj3BKK7GIsuzQhe6oCjAAqvTosLDF389l8lYfJb
Z6rrH7JGW0MvMfm0HbI9uweZqrFvsBGlPzOF9IM4GZL8QycR5kPjeyEYGfZJuNn5
nYNOvhzzLR2TUibJkTVq854IEFUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTgF/2n
xwEuwX1tFGCOU/HR4u5LGjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmI4ZjZmMzktZjYzNy00MzRjLTg0ZjEtYTgzNzFlODk3NzAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOBMA0G
CSqGSIb3DQEBCwUAA4IBAQCZLrigKj6snBqg7zwomBEN8skzETsKPI/92+w7yxLK
74qyjnd63NhIKjVh3RuqK1+Q6LjAMvbRF9B44bemAnWuBiLlXz1KCALIEdGkd3Kz
rhT9txc9bieRpnAxq0xJ/Cf6XFnvU9xOuKRncYXvhLRSRH1N6+jBoWReHcYc9wXp
9bvmSCAYO13eF1KirJrYoRUa8tZgmac/E8/Mu7l6sXTE3SEmG9Nu98JTqjqRWF5o
q83riK3UWru2uN3WTL52hEoMRl7RVtlHcCND7dvlSRXTPMNgN/NyXwd78vehFH0o
tSkK/+yP+w4dIuSmsPRoiUbWoF/JH7BoVqoAqpi/byGq
-----END CERTIFICATE-----
Generated at Thu Apr 25 16:40:22 2024 by rpki-client on console-ams.rpki-client.org