Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
File: c806309a-9e3e-4b0e-aad2-1356d070a437.roa (raw, json)
Hash identifier: g/jk89mlJcHkOkZXxIKst9qCjPv73fUWYpVvpZw5Tmk=
Subject key identifier: CB:45:74:57:64:A4:76:BE:0B:EC:94:E3:D1:25:75:B9:7B:CC:4C:5B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 06E17F5657CE1F93DB643AF013A60BA67D4F9C50
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
Signing time: Wed 15 Mar 2023 00:00:00 +0000
ROA not before: Wed 15 Mar 2023 00:00:00 +0000
ROA not after: Wed 19 Apr 2023 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:13::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 16 Mar 2023 07:18:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:e1:7f:56:57:ce:1f:93:db:64:3a:f0:13:a6:0b:a6:7d:4f:9c:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 15 00:00:00 2023 GMT
Not After : Apr 19 23:59:59 2023 GMT
Subject: serialNumber=70a6165efb0af3050392292615ddb6427efdca70e245be748add834f7fdfffa5, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:f6:8d:b2:8f:94:96:bf:d7:6c:74:5a:73:86:
bc:dc:1d:82:25:b0:51:70:09:31:e5:8c:0f:58:2f:
50:6e:e1:97:73:39:69:7d:ab:86:f8:87:50:ac:1e:
42:18:4b:98:02:51:77:2b:0a:50:52:84:0d:3c:45:
a8:3c:13:48:f6:24:1f:42:34:16:63:39:f1:ce:9b:
43:cb:f4:d3:35:05:cc:9d:10:03:ea:7b:66:1e:51:
34:2b:a4:6f:14:04:e3:5a:c8:2d:dd:b8:ad:36:1f:
74:ad:87:16:e0:c2:da:ca:2a:c2:98:a2:b7:b5:39:
f3:8d:ac:f4:0f:5e:85:5e:8e:55:3d:64:2b:49:35:
7e:3f:f5:a3:06:f6:d5:14:a5:8b:54:e1:52:7f:3b:
25:a0:30:86:ce:15:62:16:10:c9:26:96:86:c3:08:
cb:14:20:f7:c4:a5:62:66:11:70:cf:3e:ac:99:c7:
56:1d:26:e7:f4:d8:9c:c1:d0:cd:63:4a:a0:d4:53:
d7:a6:a4:73:94:b0:c3:78:82:8f:73:75:3c:e6:fb:
81:90:ff:a5:f3:6c:cf:0a:c0:16:12:06:e0:a7:85:
66:0e:7d:93:ba:ce:4d:40:02:5b:4c:ef:c9:a1:47:
b6:f7:66:1e:67:ee:5e:1e:62:d1:26:3a:3f:4e:e8:
53:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:45:74:57:64:A4:76:BE:0B:EC:94:E3:D1:25:75:B9:7B:CC:4C:5B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:13::/48
Signature Algorithm: sha256WithRSAEncryption
86:ee:57:76:b6:74:a1:d4:d3:56:e0:f1:c8:d0:18:c1:ff:98:
6e:4b:f8:68:6a:b6:9d:cb:4b:c8:68:6f:5f:c7:9a:5c:6c:5f:
1f:0e:38:c6:48:52:aa:4c:a4:cb:d1:74:d1:1a:c1:05:07:34:
4b:19:be:2a:fe:b3:d2:97:19:56:37:66:b0:26:14:19:4a:71:
b0:50:78:1e:9b:5f:bf:2a:6b:10:79:b5:8e:f3:dc:d5:a5:31:
28:13:13:2a:ca:94:e9:63:db:ff:88:56:0f:86:12:9f:ba:d5:
21:55:bb:96:8d:ba:66:1e:c5:a8:52:8b:bb:fb:35:20:ec:cf:
69:30:b0:2f:91:b9:77:2c:7e:44:d8:73:77:b0:6d:73:87:ca:
bd:d6:8b:6d:f9:f6:92:b9:21:e7:53:0f:39:af:08:83:73:75:
1a:dd:a2:10:62:29:7f:c8:5d:60:74:5e:26:1a:77:22:84:a1:
63:5f:bc:fd:fd:f5:64:33:93:af:fc:ec:e3:26:1c:ab:79:da:
6b:49:91:66:46:71:5d:de:fd:7a:22:50:21:5f:e1:97:ee:0a:
3f:3e:36:ff:05:2e:90:ec:f5:4f:c3:8e:8e:83:df:b9:db:41:
ec:71:f8:f5:19:d2:73:d3:47:62:e0:86:19:2e:2e:3e:bc:f0:
18:83:85:73
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIUBuF/VlfOH5PbZDrwE6YLpn1PnFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTUwMDAwMDBaFw0yMzA0MTkyMzU5NTlaMIGlMUkwRwYD
VQQFE0A3MGE2MTY1ZWZiMGFmMzA1MDM5MjI5MjYxNWRkYjY0MjdlZmRjYTcwZTI0
NWJlNzQ4YWRkODM0ZjdmZGZmZmE1MS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
1PaNso+Ulr/XbHRac4a83B2CJbBRcAkx5YwPWC9QbuGXczlpfauG+IdQrB5CGEuY
AlF3KwpQUoQNPEWoPBNI9iQfQjQWYznxzptDy/TTNQXMnRAD6ntmHlE0K6RvFATj
Wsgt3bitNh90rYcW4MLayirCmKK3tTnzjaz0D16FXo5VPWQrSTV+P/WjBvbVFKWL
VOFSfzsloDCGzhViFhDJJpaGwwjLFCD3xKViZhFwzz6smcdWHSbn9NicwdDNY0qg
1FPXpqRzlLDDeIKPc3U85vuBkP+l82zPCsAWEgbgp4VmDn2Tus5NQAJbTO/JoUe2
92YeZ+5eHmLRJjo/TuhTbwIDAQABo4ICJDCCAiAwHQYDVR0OBBYEFMtFdFdkpHa+
C+yU49Eldbl7zExbMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9jODA2
MzA5YS05ZTNlLTRiMGUtYWFkMi0xMzU2ZDA3MGE0Mzcucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEFeAATMA0G
CSqGSIb3DQEBCwUAA4IBAQCG7ld2tnSh1NNW4PHI0BjB/5huS/hoarady0vIaG9f
x5pcbF8fDjjGSFKqTKTL0XTRGsEFBzRLGb4q/rPSlxlWN2awJhQZSnGwUHgem1+/
KmsQebWO89zVpTEoExMqypTpY9v/iFYPhhKfutUhVbuWjbpmHsWoUou7+zUg7M9p
MLAvkbl3LH5E2HN3sG1zh8q91ott+faSuSHnUw85rwiDc3Ua3aIQYil/yF1gdF4m
GncihKFjX7z9/fVkM5Ov/OzjJhyredprSZFmRnFd3v16IlAhX+GX7go/Pjb/BS6Q
7PVPw46Og9+520Hscfj1GdJz00di4IYZLi4+vPAYg4Vz
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:44 2023 by rpki-client on console-fra.rpki-client.org