Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
File: 795bae65-e494-4497-8c64-6c78c5a4b388.roa (raw, json)
Hash identifier: qGZTTGgtc3OYMMZ9gdCtdPQUXwO7R11KllIBIwfXjjU=
Subject key identifier: 3C:C2:CD:E6:C8:82:29:15:0C:27:6F:33:21:3A:63:C8:FA:E8:E1:A4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7004975B524668EFF1BFEB5B6E3D02EB5CF71F68
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
Signing time: Tue 14 Jan 2025 00:00:00 +0000
ROA not before: Tue 14 Jan 2025 00:00:00 +0000
ROA not after: Tue 18 Feb 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.104.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:04:97:5b:52:46:68:ef:f1:bf:eb:5b:6e:3d:02:eb:5c:f7:1f:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jan 14 00:00:00 2025 GMT
Not After : Feb 18 23:59:59 2025 GMT
Subject: serialNumber=720fa67897b0625342822d50f5a014d6fa7079075741aab16ef3777f8a02e0f1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:e5:f1:d9:d5:e1:f1:19:ec:38:3a:f0:c3:10:
47:04:94:a0:be:9b:50:b4:06:e5:7f:1d:16:b5:da:
6c:0c:be:ff:8b:37:2a:b4:70:06:34:99:9f:e0:52:
3c:06:4e:70:0d:be:51:a1:06:b9:e6:cb:e8:5b:80:
46:38:44:84:13:80:1c:d0:ad:8a:3c:84:6e:e5:be:
d3:88:cc:3c:c8:5c:55:80:1c:81:fb:6d:2a:eb:7e:
ff:b7:15:9b:89:33:7e:2d:9e:4f:66:fd:0f:9e:c9:
1d:77:5a:b4:3a:e7:d6:2b:d4:5f:82:22:a8:c9:ec:
1d:20:8f:d8:d1:53:5f:83:29:5e:f0:60:74:40:09:
08:fd:1c:75:9f:61:6b:f2:14:35:9d:31:22:28:59:
51:83:55:30:78:ea:54:9c:a7:f3:83:74:e9:4d:1d:
00:a1:bc:d0:cc:1d:40:e9:bc:37:b3:b0:2a:ce:96:
32:41:79:8e:cd:2f:6d:76:85:ff:bb:56:fa:80:44:
bf:27:17:16:20:c1:d6:ba:94:fb:8a:de:a2:49:68:
73:16:aa:0c:16:06:2b:e3:5f:be:13:fd:44:7c:8c:
28:29:6e:1c:d1:60:27:93:f8:62:cc:85:b0:15:77:
48:b4:bc:9a:a1:77:e3:7b:60:c7:7e:bd:08:f1:bd:
df:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:C2:CD:E6:C8:82:29:15:0C:27:6F:33:21:3A:63:C8:FA:E8:E1:A4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.104.0/21
Signature Algorithm: sha256WithRSAEncryption
7f:20:1d:f7:db:b5:ae:00:a0:a0:0d:92:07:d6:09:0f:75:bf:
5b:ca:46:0b:e0:eb:1b:9e:c5:9d:fe:53:00:0f:5d:90:85:63:
9d:09:74:7a:93:83:98:dd:7c:f4:b9:f1:64:fe:3c:7b:04:bb:
ae:3f:70:99:ac:a4:40:0b:46:8b:39:56:07:59:61:9e:6d:5b:
be:84:c3:e1:5e:43:68:5f:9a:5f:31:be:71:ed:5b:dc:ea:c0:
5c:c2:9a:5e:e3:81:73:2d:49:bb:65:83:31:54:0b:23:81:54:
d5:95:7c:f7:be:06:2a:fc:c7:f3:b1:2b:cd:e9:f8:5a:61:0b:
b1:33:17:28:ae:df:e2:e8:87:a4:7b:e8:8f:7f:26:54:ed:6f:
51:68:32:14:d5:7a:61:cf:9e:40:99:42:17:80:9a:4a:36:8b:
81:c9:a2:03:87:51:ec:7c:55:3d:fb:e0:9d:64:dd:81:65:cf:
0c:95:32:35:46:45:1a:22:67:bc:a7:90:4e:b7:78:69:82:14:
35:cb:d6:df:6e:e4:fc:54:e0:39:47:b9:5b:8b:48:9c:ba:df:
af:22:69:2b:41:7f:76:1b:a0:1c:56:06:86:02:de:9c:4e:f1:
21:de:ec:14:c1:a1:37:f9:75:f6:e6:19:87:37:8f:5a:0d:dc:
e4:4e:9f:5f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUcASXW1JGaO/xv+tbbj0C61z3H2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMTQwMDAwMDBaFw0yNTAyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyMGZhNjc4OTdiMDYyNTM0MjgyMmQ1MGY1YTAxNGQ2ZmE3MDc5MDc1NzQx
YWFiMTZlZjM3NzdmOGEwMmUwZjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKnl8dnV4fEZ7Dg68MMQRwSUoL6bULQG5X8dFrXabAy+/4s3KrRwBjSZn+BS
PAZOcA2+UaEGuebL6FuARjhEhBOAHNCtijyEbuW+04jMPMhcVYAcgfttKut+/7cV
m4kzfi2eT2b9D57JHXdatDrn1ivUX4IiqMnsHSCP2NFTX4MpXvBgdEAJCP0cdZ9h
a/IUNZ0xIihZUYNVMHjqVJyn84N06U0dAKG80MwdQOm8N7OwKs6WMkF5js0vbXaF
/7tW+oBEvycXFiDB1rqU+4reoklocxaqDBYGK+NfvhP9RHyMKCluHNFgJ5P4YsyF
sBV3SLS8mqF343tgx369CPG93ysCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ8ws3m
yIIpFQwnbzMhOmPI+ujhpDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Nzk1YmFlNjUtZTQ5NC00NDk3LThjNjQtNmM3OGM1YTRiMzg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAaDAN
BgkqhkiG9w0BAQsFAAOCAQEAfyAd99u1rgCgoA2SB9YJD3W/W8pGC+DrG57Fnf5T
AA9dkIVjnQl0epODmN189LnxZP48ewS7rj9wmaykQAtGizlWB1lhnm1bvoTD4V5D
aF+aXzG+ce1b3OrAXMKaXuOBcy1Ju2WDMVQLI4FU1ZV8974GKvzH87Erzen4WmEL
sTMXKK7f4uiHpHvoj38mVO1vUWgyFNV6Yc+eQJlCF4CaSjaLgcmiA4dR7HxVPfvg
nWTdgWXPDJUyNUZFGiJnvKeQTrd4aYIUNcvW327k/FTgOUe5W4tInLrfryJpK0F/
dhugHFYGhgLenE7xId7sFMGhN/l19uYZhzePWg3c5E6fXw==
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:16:28 2025 by rpki-client