Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
File: cc65de9d-dc78-4e7d-96ff-16c3294057be.roa (raw, json)
Hash identifier: d9feHjaS1pMo/n/RIxS3mL08qiV7Fu/vYgpRCsbksl8=
Subject key identifier: E5:8E:5A:FB:52:65:B4:F4:2F:71:E3:18:00:40:68:D8:FA:06:CB:E3
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6855C888628616AF6EE68BA4F21283C11D04153E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
Signing time: Wed 15 Mar 2023 00:00:00 +0000
ROA not before: Wed 15 Mar 2023 00:00:00 +0000
ROA not after: Wed 19 Apr 2023 23:59:59 +0000
asID: 16509
IP address blocks: 195.17.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 16 Mar 2023 07:18:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:55:c8:88:62:86:16:af:6e:e6:8b:a4:f2:12:83:c1:1d:04:15:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 15 00:00:00 2023 GMT
Not After : Apr 19 23:59:59 2023 GMT
Subject: serialNumber=a32038d8d8e9ff339eb8558ebea9044ce7f72fbb6c4083073e6550d6500f1b2e, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:82:91:ae:02:56:7c:8e:86:aa:7a:52:ff:5c:
83:ca:4f:30:68:32:71:85:a2:f6:73:f0:25:b5:f5:
ad:7b:a6:e5:d5:73:f4:06:9b:05:86:f6:14:ca:39:
82:bd:7a:78:2b:04:41:6c:d7:e0:69:c9:aa:ea:ad:
04:dc:46:fd:45:c0:bd:4a:8d:6f:4e:1b:b6:aa:f7:
b5:9c:2a:52:09:7e:4f:12:a9:2e:ce:92:18:5c:f1:
70:96:95:08:d3:4b:f1:85:a4:9f:c5:63:85:0a:ba:
b2:df:06:71:e7:d4:64:c1:53:85:ad:f6:cb:7e:6d:
a8:e3:30:a9:d6:79:ae:50:51:e7:25:62:87:bc:27:
91:31:1d:af:3f:0d:07:bb:8c:9b:98:a4:42:43:fb:
7c:38:9f:d3:f2:45:44:f8:06:3e:f6:60:18:c1:10:
07:7d:c2:b7:ae:c9:5a:dc:6c:13:23:ba:50:c6:3b:
ae:57:7f:0c:06:ba:5d:ed:95:db:55:0c:ab:3f:43:
98:e0:72:04:38:e5:1f:97:6b:9c:c3:dd:3f:2a:e2:
96:f3:e9:f7:b4:bb:d1:89:c9:f9:d6:73:ed:af:44:
c8:c7:b4:6b:86:40:33:46:fe:c4:67:7a:fc:0f:1d:
58:01:fe:a4:04:a2:c4:3c:1a:7a:2c:53:15:c3:21:
81:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:8E:5A:FB:52:65:B4:F4:2F:71:E3:18:00:40:68:D8:FA:06:CB:E3
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.17.0.0/16
Signature Algorithm: sha256WithRSAEncryption
bf:4e:b7:46:cd:ce:de:6c:e8:67:c3:8f:06:aa:7d:b9:30:03:
69:76:56:b3:48:b4:96:f4:27:80:36:11:db:d0:6d:93:88:11:
8a:6b:92:e0:f0:d3:d8:7c:70:be:36:67:d4:d3:94:95:d7:ac:
ac:6c:14:b4:0b:b5:89:5f:49:d6:a7:1d:a5:09:b2:bb:e2:6c:
e3:20:36:fb:93:fa:a3:c5:48:f0:ba:20:b6:f0:cb:9c:f3:48:
8b:7d:3c:0a:9f:c1:a3:3c:f0:77:df:f6:42:a4:63:e6:a6:bd:
3f:8c:91:51:90:1d:7b:a3:55:95:9b:b8:25:30:55:d7:69:64:
92:d2:fc:9f:a0:ed:f0:40:3c:8c:de:20:de:c0:9a:3c:b0:22:
36:73:bb:5e:38:cb:3f:bc:44:bd:2b:d6:11:57:f1:10:1b:7b:
2a:2f:87:6b:2b:7c:e3:07:bd:c0:6b:76:9c:41:59:1e:66:d8:
53:b8:f2:8c:17:22:4a:c5:18:bb:84:5b:ae:84:91:ab:f9:6f:
e0:23:80:0f:d1:14:b6:ad:7d:94:37:7f:3b:b1:92:63:2a:af:
01:eb:5b:39:2e:4b:25:b7:6d:f7:48:fc:1e:6c:33:b4:89:16:
84:1e:94:bb:46:fd:3e:64:2b:47:6f:f7:80:da:43:a0:d9:b0:
27:74:53:35
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIUaFXIiGKGFq9u5ouk8hKDwR0EFT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTUwMDAwMDBaFw0yMzA0MTkyMzU5NTlaMIGlMUkwRwYD
VQQFE0BhMzIwMzhkOGQ4ZTlmZjMzOWViODU1OGViZWE5MDQ0Y2U3ZjcyZmJiNmM0
MDgzMDczZTY1NTBkNjUwMGYxYjJlMS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
14KRrgJWfI6GqnpS/1yDyk8waDJxhaL2c/AltfWte6bl1XP0BpsFhvYUyjmCvXp4
KwRBbNfgacmq6q0E3Eb9RcC9So1vThu2qve1nCpSCX5PEqkuzpIYXPFwlpUI00vx
haSfxWOFCrqy3wZx59RkwVOFrfbLfm2o4zCp1nmuUFHnJWKHvCeRMR2vPw0Hu4yb
mKRCQ/t8OJ/T8kVE+AY+9mAYwRAHfcK3rsla3GwTI7pQxjuuV38MBrpd7ZXbVQyr
P0OY4HIEOOUfl2ucw90/KuKW8+n3tLvRicn51nPtr0TIx7RrhkAzRv7EZ3r8Dx1Y
Af6kBKLEPBp6LFMVwyGBdQIDAQABo4ICIDCCAhwwHQYDVR0OBBYEFOWOWvtSZbT0
L3HjGABAaNj6BsvjMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9jYzY1
ZGU5ZC1kYzc4LTRlN2QtOTZmZi0xNmMzMjk0MDU3YmUucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAwxEwDQYJKoZI
hvcNAQELBQADggEBAL9Ot0bNzt5s6GfDjwaqfbkwA2l2VrNItJb0J4A2EdvQbZOI
EYprkuDw09h8cL42Z9TTlJXXrKxsFLQLtYlfSdanHaUJsrvibOMgNvuT+qPFSPC6
ILbwy5zzSIt9PAqfwaM88Hff9kKkY+amvT+MkVGQHXujVZWbuCUwVddpZJLS/J+g
7fBAPIzeIN7AmjywIjZzu144yz+8RL0r1hFX8RAbeyovh2srfOMHvcBrdpxBWR5m
2FO48owXIkrFGLuEW66Ekav5b+AjgA/RFLatfZQ3fzuxkmMqrwHrWzkuSyW3bfdI
/B5sM7SJFoQelLtG/T5kK0dv94DaQ6DZsCd0UzU=
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:43:20 2023 by rpki-client on console-ams.rpki-client.org