Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f7af6cdd-e07a-45c3-a036-06562421e95f.roa
File: f7af6cdd-e07a-45c3-a036-06562421e95f.roa (raw, json)
Hash identifier: tLCCvM40AN48/kh1IS3tc1nuzPXxs4/7Or3nOu3xKu8=
Subject key identifier: BB:B9:B6:34:5B:57:E6:68:57:CC:3A:37:A0:B0:00:6C:71:EC:0C:71
Certificate issuer: /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial: 6259DFE1BFA723A4A408F1D30F0D915491574037
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f7af6cdd-e07a-45c3-a036-06562421e95f.roa
Signing time: Tue 07 Jan 2025 00:00:00 +0000
ROA not before: Tue 07 Jan 2025 00:00:00 +0000
ROA not after: Tue 11 Feb 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2406:da38:c080::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:59:df:e1:bf:a7:23:a4:a4:08:f1:d3:0f:0d:91:54:91:57:40:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Validity
Not Before: Jan 7 00:00:00 2025 GMT
Not After : Feb 11 23:59:59 2025 GMT
Subject: serialNumber=d7451e7ff2d5548ff27b9b3a74f6421c50b052d1e315f49a9710f7280fb3d518, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:55:53:bb:e4:f3:2e:5d:35:1c:2f:3a:88:13:
59:ea:4a:aa:f3:b6:d1:41:c9:f9:77:42:74:63:00:
47:16:50:a7:59:bd:f2:99:60:96:f4:b9:e9:8a:2f:
ae:4d:f7:28:f4:c7:77:ce:9a:3c:07:76:1b:64:62:
87:0c:07:89:f1:2b:da:f1:c6:f2:7a:b3:37:d7:93:
01:46:de:ff:3d:85:9d:2e:d2:3c:a7:f5:44:ed:90:
02:f6:d8:b5:38:db:f9:3f:45:b0:11:8a:3b:e4:92:
d3:a6:b3:ec:52:31:23:a8:36:33:35:87:bd:57:97:
dc:b0:9b:2c:e2:cd:24:57:a9:38:e0:84:41:b5:e5:
da:12:04:6b:74:c9:1c:8a:f0:ab:30:ea:78:68:9c:
cf:da:ee:d4:c4:06:51:30:43:ce:b7:43:7a:64:95:
89:e5:fd:30:c7:6c:87:e8:83:e3:41:7d:50:13:d9:
04:09:de:40:a6:63:46:19:17:85:a2:f4:7a:10:d7:
bc:d9:86:a6:48:01:e2:06:8a:aa:fd:77:42:53:d2:
dd:16:a0:f8:f1:ee:b6:dc:b9:83:c0:df:f2:e4:68:
11:ad:9a:2c:9d:94:c6:a3:b9:ef:0e:b3:82:68:2c:
b0:cd:f6:67:ca:4f:d4:87:00:a0:13:a2:ad:22:49:
48:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:B9:B6:34:5B:57:E6:68:57:CC:3A:37:A0:B0:00:6C:71:EC:0C:71
X509v3 Authority Key Identifier:
keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f7af6cdd-e07a-45c3-a036-06562421e95f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2406:da38:c080::/48
Signature Algorithm: sha256WithRSAEncryption
09:4f:b1:01:77:27:c6:bd:b4:e4:a5:7b:1e:36:1d:fa:e8:b8:
fa:cb:d5:34:6f:71:38:e6:bd:eb:1b:f5:02:5f:d6:b4:2a:cb:
e7:12:4f:23:5c:ff:36:fb:a1:c7:30:33:4e:64:58:ec:eb:d0:
0a:f8:f4:6d:65:3c:5d:ab:cb:9c:5b:41:d3:07:74:4b:95:26:
6c:10:28:27:89:c0:36:e1:90:a7:ac:16:81:72:b6:89:51:e3:
ce:ec:d3:8b:68:c7:4c:91:93:10:a4:1b:35:88:14:da:e9:18:
18:03:de:92:66:7a:5c:b3:6d:d6:08:a0:c0:41:5f:51:30:d4:
ad:09:49:05:7e:c4:c6:55:bc:74:1a:44:c4:49:6a:5c:a8:a4:
4b:82:a4:24:21:ba:bf:47:da:60:39:1d:5d:b2:b6:3b:a5:ef:
d7:8b:d2:39:b2:6e:8e:75:55:da:7a:e2:86:f3:88:8d:37:a6:
19:2b:10:62:66:c9:4f:7c:3b:7f:a8:2a:4b:19:87:a4:2d:aa:
fa:34:32:aa:4a:59:df:de:9e:78:d0:86:0d:38:f9:5e:17:a3:
3f:fd:2b:bd:57:2d:32:95:aa:a0:88:9c:d9:77:8f:74:51:19:
cc:63:e5:75:0c:a4:7e:ee:ef:69:93:5a:ce:bc:6d:be:dd:7f:
f3:35:2a:24
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUYlnf4b+nI6SkCPHTDw2RVJFXQDcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZDc0NTFlN2ZmMmQ1NTQ4ZmYyN2I5
YjNhNzRmNjQyMWM1MGIwNTJkMWUzMTVmNDlhOTcxMGY3MjgwZmIzZDUxODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVVTu+TzLl01HC86iBNZ6kqq87bR
Qcn5d0J0YwBHFlCnWb3ymWCW9Lnpii+uTfco9Md3zpo8B3YbZGKHDAeJ8Sva8cby
erM315MBRt7/PYWdLtI8p/VE7ZAC9ti1ONv5P0WwEYo75JLTprPsUjEjqDYzNYe9
V5fcsJss4s0kV6k44IRBteXaEgRrdMkcivCrMOp4aJzP2u7UxAZRMEPOt0N6ZJWJ
5f0wx2yH6IPjQX1QE9kECd5ApmNGGReFovR6ENe82YamSAHiBoqq/XdCU9LdFqD4
8e623LmDwN/y5GgRrZosnZTGo7nvDrOCaCywzfZnyk/UhwCgE6KtIklI2QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLu5tjRbV+ZoV8w6N6CwAGxx7AxxMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y3YWY2Y2RkLWUwN2EtNDVjMy1hMDM2LTA2NTYyNDIxZTk1Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaOMCAMA0GCSqGSIb3DQEBCwUAA4IBAQAJT7EBdyfGvbTkpXse
Nh366Lj6y9U0b3E45r3rG/UCX9a0KsvnEk8jXP82+6HHMDNOZFjs69AK+PRtZTxd
q8ucW0HTB3RLlSZsECgnicA24ZCnrBaBcraJUePO7NOLaMdMkZMQpBs1iBTa6RgY
A96SZnpcs23WCKDAQV9RMNStCUkFfsTGVbx0GkTESWpcqKRLgqQkIbq/R9pgOR1d
srY7pe/Xi9I5sm6OdVXaeuKG84iNN6YZKxBiZslPfDt/qCpLGYekLar6NDKqSlnf
3p540IYNOPleF6M//Su9Vy0ylaqgiJzZd490URnMY+V1DKR+7u9pk1rOvG2+3X/z
NSok
-----END CERTIFICATE-----
Generated at Fri Apr 25 09:23:09 2025 by rpki-client