Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc21f5a9-b6e5-453c-a66b-c9eee5d06588.roa
File: fc21f5a9-b6e5-453c-a66b-c9eee5d06588.roa (raw, json)
Hash identifier: npAyJa4sxbegclblbevNoYKCboAM505fdqnNYXxvydM=
Subject key identifier: 82:0C:E3:D9:6A:F5:F7:BB:56:D0:8B:48:FC:18:BC:72:D2:6F:69:98
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 358DA5BD4F98C8678EF057A297468408F7E26B1F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc21f5a9-b6e5-453c-a66b-c9eee5d06588.roa
Signing time: Mon 18 Nov 2024 00:00:00 +0000
ROA not before: Mon 18 Nov 2024 00:00:00 +0000
ROA not after: Mon 23 Dec 2024 23:59:59 +0000
asID: 8987
IP address blocks: 51.131.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 17:16:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:8d:a5:bd:4f:98:c8:67:8e:f0:57:a2:97:46:84:08:f7:e2:6b:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 18 00:00:00 2024 GMT
Not After : Dec 23 23:59:59 2024 GMT
Subject: serialNumber=49cda73ff01e062ab892f6313624b3d83ef5cd999a9f56485546597a10b25d01, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:4e:f6:23:ea:20:e9:cc:db:75:e6:bc:5d:d0:
d1:85:66:7f:6b:c5:3d:9e:69:f6:8d:c5:fd:24:66:
80:cc:28:ba:66:c7:06:87:a3:e2:2a:68:00:85:bf:
1a:bb:b5:f1:3a:5d:25:d6:e7:8e:fb:2b:a1:f6:f7:
57:97:30:b3:55:c0:c4:79:b8:2e:20:d3:7e:49:e2:
1c:f2:58:41:92:3b:0f:01:11:52:4f:b4:91:ea:27:
c2:d0:78:8d:6a:59:51:94:e5:4c:fc:09:e3:fd:c0:
43:76:2a:a6:22:e5:37:79:f7:d5:a0:8c:29:6d:99:
58:72:55:c9:ff:d0:58:9d:5a:1d:e8:3b:39:1a:25:
ec:cc:bc:e8:ca:52:e9:8e:f7:be:ab:16:42:7b:7c:
d2:b6:cf:8a:2a:1a:6d:c5:83:9a:2e:c4:8c:8d:35:
b2:d9:db:0a:e4:17:4d:37:15:9b:8d:32:b2:13:8a:
17:bf:5e:b2:e6:8e:e0:18:b5:60:ed:35:8b:34:01:
fc:5a:b0:a0:f3:98:ec:41:83:83:a0:8c:6c:ca:c4:
e9:94:76:2a:6e:26:69:40:df:be:a9:cb:08:cb:01:
f9:6f:d3:72:6c:5b:d5:96:e5:2e:59:42:50:1d:24:
77:e7:1c:ea:38:4c:a2:df:92:4b:4f:59:c4:ff:0f:
2e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:0C:E3:D9:6A:F5:F7:BB:56:D0:8B:48:FC:18:BC:72:D2:6F:69:98
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc21f5a9-b6e5-453c-a66b-c9eee5d06588.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.131.0.0/16
Signature Algorithm: sha256WithRSAEncryption
43:c8:09:fd:68:b3:49:45:16:12:13:1e:7f:1a:0b:d3:df:4b:
cf:97:40:e9:f1:15:f2:88:a9:04:d2:f7:4b:80:5d:0b:39:17:
a0:b4:22:f4:e1:9f:df:8b:bb:ad:c3:27:9b:d2:90:e0:2b:df:
16:98:db:02:af:ff:5e:eb:1b:fc:cc:7d:f8:46:cc:b4:67:85:
f0:ad:3c:cd:df:2b:62:3b:98:6e:0e:a9:2a:47:49:b8:f4:7b:
27:7b:ac:57:10:8b:f7:2f:90:30:ac:c5:0a:fc:66:08:79:c0:
09:3d:5a:1c:a3:f5:8a:aa:d0:12:f5:74:24:b5:d0:2a:a9:c8:
a0:34:43:b5:2c:6a:99:2d:f7:6c:4d:c3:d0:23:5e:f0:6b:e9:
71:87:d3:b3:d9:49:dd:1a:99:d6:37:09:22:c6:1b:de:4e:3c:
21:28:e6:c3:9d:0c:2f:66:ed:6f:00:16:07:f6:bb:79:22:9b:
d2:9a:86:26:56:bf:e1:aa:80:2b:78:c9:88:1a:70:12:3c:af:
08:82:ff:5a:f6:e2:ad:83:a6:5c:76:a5:e8:8f:52:62:05:84:
2f:e8:01:25:c8:d2:67:06:cd:87:88:fa:d2:dd:0b:16:4e:dc:
c1:72:8c:42:cb:e7:cb:3b:78:38:64:ef:02:1d:84:66:06:30:
a3:04:3a:ef
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNY2lvU+YyGeO8Feil0aECPfiax8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDExMTgwMDAwMDBaFw0yNDEyMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ5Y2RhNzNmZjAxZTA2MmFiODkyZjYzMTM2MjRiM2Q4M2VmNWNkOTk5YTlm
NTY0ODU1NDY1OTdhMTBiMjVkMDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANZO9iPqIOnM23XmvF3Q0YVmf2vFPZ5p9o3F/SRmgMwoumbHBoej4ipoAIW/
Gru18TpdJdbnjvsrofb3V5cws1XAxHm4LiDTfkniHPJYQZI7DwERUk+0keonwtB4
jWpZUZTlTPwJ4/3AQ3YqpiLlN3n31aCMKW2ZWHJVyf/QWJ1aHeg7ORol7My86MpS
6Y73vqsWQnt80rbPiioabcWDmi7EjI01stnbCuQXTTcVm40yshOKF79esuaO4Bi1
YO01izQB/FqwoPOY7EGDg6CMbMrE6ZR2Km4maUDfvqnLCMsB+W/Tcmxb1ZblLllC
UB0kd+cc6jhMot+SS09ZxP8PLkcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSCDOPZ
avX3u1bQi0j8GLxy0m9pmDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmMyMWY1YTktYjZlNS00NTNjLWE2NmItYzllZWU1ZDA2NTg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADODMA0G
CSqGSIb3DQEBCwUAA4IBAQBDyAn9aLNJRRYSEx5/GgvT30vPl0Dp8RXyiKkE0vdL
gF0LORegtCL04Z/fi7utwyeb0pDgK98WmNsCr/9e6xv8zH34Rsy0Z4XwrTzN3yti
O5huDqkqR0m49Hsne6xXEIv3L5AwrMUK/GYIecAJPVoco/WKqtAS9XQktdAqqcig
NEO1LGqZLfdsTcPQI17wa+lxh9Oz2UndGpnWNwkixhveTjwhKObDnQwvZu1vABYH
9rt5IpvSmoYmVr/hqoAreMmIGnASPK8Igv9a9uKtg6ZcdqXoj1JiBYQv6AElyNJn
Bs2HiPrS3QsWTtzBcoxCy+fLO3g4ZO8CHYRmBjCjBDrv
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:03:30 2024 by rpki-client on console-fra.rpki-client.org