Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
File: 70f878ce-a193-47ae-b517-318c2b88892f.roa (raw, json)
Hash identifier: kL+faiNT+muNmDCdThoTtBb6K10G4GRgB2tk3guq47I=
Subject key identifier: B1:32:BA:69:E8:9B:FE:2A:19:BA:9F:26:AF:E4:91:D7:93:A8:83:A4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 012ABC4719457EA8D22D82F4EB524571D4AA0E41
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
Signing time: Fri 29 Nov 2024 00:00:00 +0000
ROA not before: Fri 29 Nov 2024 00:00:00 +0000
ROA not after: Fri 03 Jan 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.96.0/21 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:2a:bc:47:19:45:7e:a8:d2:2d:82:f4:eb:52:45:71:d4:aa:0e:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 29 00:00:00 2024 GMT
Not After : Jan 3 23:59:59 2025 GMT
Subject: serialNumber=42e2bea6cc1d27d6612604c6d1c85bb88e6125da3eddb15eb68ae88dfcb9deef, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:04:b4:b0:68:73:6f:8b:68:9f:35:f8:c9:f6:
af:43:72:7d:74:d8:3b:18:fa:5a:6a:3d:b9:03:7c:
7f:e7:77:8f:13:10:24:1e:1f:23:30:f1:f4:76:f6:
14:98:77:8d:7e:d6:14:fc:eb:01:98:d0:ca:cb:db:
ca:3e:ef:1c:23:c7:9c:35:d9:64:ff:50:7c:2a:d0:
f6:c6:00:f6:cd:15:97:00:90:a9:61:fa:f0:a5:ec:
cc:41:3f:d3:a9:aa:3a:b8:a3:8a:4c:e3:e1:eb:57:
0a:26:01:76:ca:26:75:3d:76:b3:73:0d:5b:06:bb:
e4:57:3e:df:cc:18:e5:44:0e:68:cb:1c:34:05:26:
6c:af:08:f4:2d:52:8d:5d:71:fb:81:08:f2:6c:a9:
03:35:3e:2a:e3:d2:ad:2d:bc:55:f8:60:1a:8b:d4:
78:7d:e4:c0:13:16:a5:d9:eb:fb:9e:b8:82:4c:cd:
bb:58:6b:c5:fb:97:72:44:cc:47:ac:23:cc:25:8a:
71:f1:43:05:b9:21:13:81:17:6f:3e:10:82:89:b4:
74:f6:b3:2a:a1:e2:0f:4e:f8:7d:e0:dc:84:09:85:
d1:b2:fe:8a:be:2b:90:cf:b3:a6:49:bf:f7:69:c1:
d0:fd:90:58:02:7e:c4:0f:75:cf:33:d6:06:c3:e5:
b9:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:32:BA:69:E8:9B:FE:2A:19:BA:9F:26:AF:E4:91:D7:93:A8:83:A4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.96.0/21
Signature Algorithm: sha256WithRSAEncryption
94:85:5a:94:1b:de:31:76:6b:84:3b:f6:a1:5c:9f:0f:2a:bc:
6c:81:3e:37:94:f3:8d:0d:7d:9e:9f:9c:ba:ec:8c:17:05:88:
ab:93:d2:b6:35:15:fd:99:cf:7d:4a:3d:e7:1e:33:5a:aa:04:
c0:08:b8:8a:24:04:4f:50:a0:69:aa:85:ea:1e:69:05:4a:b0:
56:22:5b:3e:77:9f:c6:d9:93:03:71:c7:41:24:76:a1:fd:4f:
7e:6d:2a:8d:fa:c5:19:63:a6:c6:f4:f2:31:c8:67:33:bf:46:
21:1e:41:52:a3:f6:6b:97:8c:b0:71:7a:3c:46:91:84:e5:d6:
3b:25:30:d0:8b:d5:11:c6:60:99:45:30:5f:e5:3e:8c:b2:1a:
59:ab:2c:f0:3f:40:eb:bc:0b:2a:10:62:2b:1d:b8:91:0a:89:
84:cb:63:40:cc:66:ac:d5:67:69:8b:64:17:12:84:87:96:ca:
c7:cd:ef:80:9e:6e:95:f4:29:21:f7:02:d4:d6:47:ec:57:f1:
00:ec:cc:93:cc:8f:97:e4:a3:ad:4a:19:28:8a:2f:c0:d2:20:
1a:7a:37:1f:2b:0e:5b:8f:0a:9b:77:0a:0a:50:01:fc:91:8d:
86:fc:0f:53:27:5c:6b:a1:e6:04:4e:02:f8:49:23:18:78:eb:
90:11:f8:56
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUASq8RxlFfqjSLYL061JFcdSqDkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDExMjkwMDAwMDBaFw0yNTAxMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyZTJiZWE2Y2MxZDI3ZDY2MTI2MDRjNmQxYzg1YmI4OGU2MTI1ZGEzZWRk
YjE1ZWI2OGFlODhkZmNiOWRlZWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgEtLBoc2+LaJ81+Mn2r0NyfXTYOxj6Wmo9uQN8f+d3jxMQJB4fIzDx9Hb2
FJh3jX7WFPzrAZjQysvbyj7vHCPHnDXZZP9QfCrQ9sYA9s0VlwCQqWH68KXszEE/
06mqOrijikzj4etXCiYBdsomdT12s3MNWwa75Fc+38wY5UQOaMscNAUmbK8I9C1S
jV1x+4EI8mypAzU+KuPSrS28VfhgGovUeH3kwBMWpdnr+564gkzNu1hrxfuXckTM
R6wjzCWKcfFDBbkhE4EXbz4Qgom0dPazKqHiD074feDchAmF0bL+ir4rkM+zpkm/
92nB0P2QWAJ+xA91zzPWBsPluWMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSxMrpp
6Jv+Khm6nyav5JHXk6iDpDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzBmODc4Y2UtYTE5My00N2FlLWI1MTctMzE4YzJiODg4OTJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAlIValBveMXZrhDv2oVyfDyq8bIE+N5TzjQ19np+c
uuyMFwWIq5PStjUV/ZnPfUo95x4zWqoEwAi4iiQET1CgaaqF6h5pBUqwViJbPnef
xtmTA3HHQSR2of1Pfm0qjfrFGWOmxvTyMchnM79GIR5BUqP2a5eMsHF6PEaRhOXW
OyUw0IvVEcZgmUUwX+U+jLIaWass8D9A67wLKhBiKx24kQqJhMtjQMxmrNVnaYtk
FxKEh5bKx83vgJ5ulfQpIfcC1NZH7FfxAOzMk8yPl+SjrUoZKIovwNIgGno3HysO
W48Km3cKClAB/JGNhvwPUydca6HmBE4C+EkjGHjrkBH4Vg==
-----END CERTIFICATE-----
Generated at Fri May 9 07:35:16 2025 by rpki-client