Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/tNALg0Jw51EjkzFaqjzgTsOV-Mw.roa
File: tNALg0Jw51EjkzFaqjzgTsOV-Mw.roa (raw, json)
Hash identifier: 48qrKhCVZ913enEZ36jghj5bii6iKxDBD6Er54lgmZY=
Subject key identifier: B4:D0:0B:83:42:70:E7:51:23:93:31:5A:AA:3C:E0:4E:C3:95:F8:CC
Certificate issuer: /CN=535761913f575c411c992322ebb06cd2f37f02a2
Certificate serial: 01856FD50CDD4A7F827903BF8BB9413E89B7
Authority key identifier: 53:57:61:91:3F:57:5C:41:1C:99:23:22:EB:B0:6C:D2:F3:7F:02:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U1dhkT9XXEEcmSMi67Bs0vN_AqI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/tNALg0Jw51EjkzFaqjzgTsOV-Mw.roa
Signing time: Mon 02 Jan 2023 00:15:11 +0000
ROA not before: Mon 02 Jan 2023 00:15:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5520
IP address blocks: 134.95.0.0/16 maxlen: 16
185.240.116.0/22 maxlen: 22
2a00:a200::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d5:0c:dd:4a:7f:82:79:03:bf:8b:b9:41:3e:89:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=535761913f575c411c992322ebb06cd2f37f02a2
Validity
Not Before: Jan 2 00:15:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b4d00b834270e7512393315aaa3ce04ec395f8cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:5d:b7:78:35:5f:5b:4e:5b:ec:31:cb:25:4a:
bb:6d:1c:6b:f8:40:82:5a:43:d3:34:66:6b:6a:54:
18:a9:cb:58:b8:29:a8:6d:0f:7c:2c:8b:92:79:98:
79:ef:9e:7c:f5:58:98:52:3d:1d:c4:1e:41:26:7d:
55:fb:76:33:53:a2:d3:72:1c:bf:9f:dd:d0:f8:2f:
91:a7:a8:54:b2:8c:6e:42:14:3e:db:ed:c0:f1:61:
a7:b0:7c:55:54:d5:59:b1:b9:26:af:76:3f:73:ad:
be:a1:23:ad:ba:74:a0:be:52:52:47:76:6e:cf:ff:
10:1b:ba:1d:15:be:87:8c:84:ff:c7:e8:32:61:14:
3e:5d:d4:3f:74:02:d2:47:e6:8c:b1:16:5d:75:89:
a0:c5:10:b0:a3:67:84:7e:11:d1:03:de:9e:e5:eb:
af:63:35:8f:f7:d3:2f:40:a4:80:85:7b:ab:bc:55:
15:98:ac:38:ff:ea:50:02:77:bb:f4:78:c8:1d:59:
0c:f3:c4:a7:d1:7f:33:d8:82:de:94:09:bd:09:8f:
00:bc:b1:53:b8:0c:73:2c:26:ce:01:c2:a7:e5:ef:
b3:f3:0e:55:da:bc:f7:e3:c4:61:72:a9:6a:c5:02:
b7:c8:be:65:cb:8d:ec:e9:1b:27:01:6c:41:05:a0:
f6:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:D0:0B:83:42:70:E7:51:23:93:31:5A:AA:3C:E0:4E:C3:95:F8:CC
X509v3 Authority Key Identifier:
keyid:53:57:61:91:3F:57:5C:41:1C:99:23:22:EB:B0:6C:D2:F3:7F:02:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1dhkT9XXEEcmSMi67Bs0vN_AqI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/tNALg0Jw51EjkzFaqjzgTsOV-Mw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/U1dhkT9XXEEcmSMi67Bs0vN_AqI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
134.95.0.0/16
185.240.116.0/22
IPv6:
2a00:a200::/32
Signature Algorithm: sha256WithRSAEncryption
6c:95:44:35:b8:24:75:26:f9:96:0e:90:85:85:7f:9f:a9:7f:
6d:97:72:8f:f9:42:22:00:ee:58:e7:b1:0d:a5:8c:22:9c:26:
b5:b3:5b:97:6d:64:b4:f4:74:a2:23:7d:02:fc:27:fc:e7:b3:
35:b6:64:4d:aa:50:62:11:e2:81:99:cd:72:e9:54:2b:75:d8:
ef:cd:8a:4d:ee:be:88:e6:af:7f:83:ad:41:56:90:20:c1:31:
7a:40:0f:cf:98:74:33:93:ff:5c:f8:4d:d3:de:ce:bf:46:7f:
38:d4:ed:e6:9d:e5:18:9f:3d:7a:f3:db:e1:d5:6c:20:87:25:
a2:60:e5:c2:f5:85:3b:d1:df:bb:68:d5:01:d3:a1:d9:bd:6c:
61:d8:c1:4f:d7:17:63:d2:80:26:94:68:82:9a:7d:c7:9f:e6:
9f:8a:69:55:d4:e6:61:75:20:2a:7d:b1:86:0b:d2:68:ce:f2:
f1:67:4d:62:e7:b7:31:37:ff:95:d2:4d:4a:79:53:62:a6:99:
48:41:53:82:36:42:ca:06:13:b6:5e:10:1c:0c:0f:90:27:19:
66:ba:60:bd:85:ff:1d:12:da:e5:18:2d:13:b5:1a:42:30:1d:
08:05:76:49:7d:1f:3e:aa:b4:46:f7:28:74:be:d3:77:5c:e7:
4f:4b:fe:e9
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVv1QzdSn+CeQO/i7lBPom3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTc2MTkxM2Y1NzVjNDExYzk5MjMyMmViYjA2Y2QyZjM3
ZjAyYTIwHhcNMjMwMTAyMDAxNTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQwMGI4MzQyNzBlNzUxMjM5MzMxNWFhYTNjZTA0ZWMzOTVmOGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgV23eDVfW05b7DHLJUq7bRxr+ECC
WkPTNGZralQYqctYuCmobQ98LIuSeZh575589ViYUj0dxB5BJn1V+3YzU6LTchy/
n93Q+C+Rp6hUsoxuQhQ+2+3A8WGnsHxVVNVZsbkmr3Y/c62+oSOtunSgvlJSR3Zu
z/8QG7odFb6HjIT/x+gyYRQ+XdQ/dALSR+aMsRZddYmgxRCwo2eEfhHRA96e5euv
YzWP99MvQKSAhXurvFUVmKw4/+pQAne79HjIHVkM88Sn0X8z2ILelAm9CY8AvLFT
uAxzLCbOAcKn5e+z8w5V2rz348RhcqlqxQK3yL5ly43s6RsnAWxBBaD2wwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLTQC4NCcOdRI5MxWqo84E7DlfjMMB8GA1UdIwQY
MBaAFFNXYZE/V1xBHJkjIuuwbNLzfwKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFkaGtUOVhYRUVjbVNNaTY3QnMwdk5fQXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85ZjAwYTktYjYwZi00ZTMyLTkwMzct
MDRkZmMzNjYzZTM1LzEvdE5BTGcwSnc1MUVqa3pGYXFqemdUc09WLU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85ZjAwYTktYjYwZi00ZTMyLTkwMzctMDRkZmMzNjYzZTM1
LzEvVTFkaGtUOVhYRUVjbVNNaTY3QnMwdk5fQXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAhl8DBAK5
8HQwDQQCAAIwBwMFACoAogAwDQYJKoZIhvcNAQELBQADggEBAGyVRDW4JHUm+ZYO
kIWFf5+pf22Xco/5QiIA7ljnsQ2ljCKcJrWzW5dtZLT0dKIjfQL8J/znszW2ZE2q
UGIR4oGZzXLpVCt12O/Nik3uvojmr3+DrUFWkCDBMXpAD8+YdDOT/1z4TdPezr9G
fzjU7ead5RifPXrz2+HVbCCHJaJg5cL1hTvR37to1QHTodm9bGHYwU/XF2PSgCaU
aIKafcef5p+KaVXU5mF1ICp9sYYL0mjO8vFnTWLntzE3/5XSTUp5U2KmmUhBU4I2
QsoGE7ZeEBwMD5AnGWa6YL2F/x0S2uUYLRO1GkIwHQgFdkl9Hz6qtEb3KHS+03dc
509L/uk=
-----END CERTIFICATE-----
Generated at Tue Apr 22 05:28:02 2025 by rpki-client