Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/bf5a64-8aaf-44a8-bace-36850df4e997/1/mRSxG04mvJO9Bhu6EojH8DYNC3s.roa
File: mRSxG04mvJO9Bhu6EojH8DYNC3s.roa (raw, json)
Hash identifier: +HigRD7TO5M72lr+SrFyOrKk7OxTQdRji87tNo3YCyA=
Subject key identifier: 99:14:B1:1B:4E:26:BC:93:BD:06:1B:BA:12:88:C7:F0:36:0D:0B:7B
Certificate issuer: /CN=fce45fd6fd3d932684c0c5bc27f4fa615a1090e0
Certificate serial: 0188AFF4545BD5D998E6D6A0C588A5A7A522
Authority key identifier: FC:E4:5F:D6:FD:3D:93:26:84:C0:C5:BC:27:F4:FA:61:5A:10:90:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_ORf1v09kyaEwMW8J_T6YVoQkOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/bf5a64-8aaf-44a8-bace-36850df4e997/1/mRSxG04mvJO9Bhu6EojH8DYNC3s.roa
Signing time: Mon 12 Jun 2023 14:13:25 +0000
ROA not before: Mon 12 Jun 2023 14:13:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205078
IP address blocks: 194.48.205.0/24 maxlen: 24
2001:678:864::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:af:f4:54:5b:d5:d9:98:e6:d6:a0:c5:88:a5:a7:a5:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fce45fd6fd3d932684c0c5bc27f4fa615a1090e0
Validity
Not Before: Jun 12 14:13:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9914b11b4e26bc93bd061bba1288c7f0360d0b7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:78:b6:7f:4b:7b:9f:49:ee:7c:3a:fb:10:e8:
55:7b:bf:6c:ac:8e:2c:d0:16:5c:e7:4f:70:f4:64:
5f:77:ff:39:31:4c:b2:da:ca:78:c0:3e:90:06:e9:
d6:60:a9:c7:29:9c:63:16:22:4a:f3:e1:95:3f:7f:
ac:5c:08:97:b4:3f:79:cd:e5:f4:ad:2e:0b:b9:62:
a0:dd:a5:65:3d:52:2d:60:79:ce:d6:29:ac:9e:16:
16:f9:47:0d:5a:69:53:54:fb:09:96:56:f1:6a:ff:
e8:d7:5b:ce:59:d3:cb:c7:cb:90:27:8d:c9:20:d6:
f7:80:d2:8b:b5:fd:4f:07:41:d3:74:34:ff:2b:09:
92:ba:02:6f:b6:e3:82:23:34:33:1e:e3:8d:32:51:
c9:73:15:95:86:09:2a:03:2d:14:ab:f6:f4:9b:dc:
d2:26:38:45:32:d0:8a:19:9d:ac:41:85:74:33:57:
84:67:64:3d:d4:0e:09:89:03:45:b4:e7:92:81:ba:
b6:7b:ee:56:5d:24:cc:ad:8e:48:29:76:6e:98:a3:
2d:6f:ac:09:2a:f4:02:1c:5c:d2:dd:69:0b:30:a6:
b4:58:a6:6c:57:7f:83:9e:82:23:a3:0b:83:a2:d4:
10:2a:5d:58:cd:de:3b:c4:ca:bc:0b:e6:6a:90:19:
f6:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:14:B1:1B:4E:26:BC:93:BD:06:1B:BA:12:88:C7:F0:36:0D:0B:7B
X509v3 Authority Key Identifier:
keyid:FC:E4:5F:D6:FD:3D:93:26:84:C0:C5:BC:27:F4:FA:61:5A:10:90:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ORf1v09kyaEwMW8J_T6YVoQkOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/bf5a64-8aaf-44a8-bace-36850df4e997/1/mRSxG04mvJO9Bhu6EojH8DYNC3s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/bf5a64-8aaf-44a8-bace-36850df4e997/1/_ORf1v09kyaEwMW8J_T6YVoQkOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.48.205.0/24
IPv6:
2001:678:864::/48
Signature Algorithm: sha256WithRSAEncryption
6c:55:49:29:7e:7d:00:63:6e:a0:25:e4:5a:3e:eb:63:35:51:
3e:74:2c:fd:f4:33:84:86:94:41:24:10:06:7a:64:4d:de:1b:
bc:ec:9d:b3:7f:65:ae:dc:79:3c:08:b1:31:11:ab:7d:78:c3:
ef:b2:0e:d8:f9:1e:ce:d9:c8:06:9b:e4:9f:24:51:d3:9f:a4:
70:e6:7b:b3:8f:72:2d:86:b7:ad:ab:23:6d:ec:50:48:2b:43:
84:3f:6d:a9:04:99:37:1f:39:2b:ec:3c:30:a2:b0:ce:5b:98:
aa:95:28:82:24:55:94:c9:c3:fc:9e:5c:b0:27:00:fc:c6:b9:
30:1a:8d:9a:e7:2c:39:44:77:bf:76:d1:50:c3:c0:c3:5b:5f:
34:30:64:8c:86:e9:b3:91:54:1b:e1:5f:f5:cd:81:1c:0d:39:
ca:31:39:57:d3:a0:3f:26:5c:5f:69:2b:17:16:3b:f1:d5:37:
47:53:2a:0f:b5:35:3e:e2:71:09:ac:e7:3b:e5:cf:f6:ef:99:
cb:a9:a8:0d:06:56:11:a1:96:4a:17:27:80:5b:62:b3:d9:32:
0b:f9:42:bd:54:a7:db:89:75:5c:53:cb:39:66:1f:dd:37:06:
9b:9f:00:0e:50:d5:ae:57:c3:02:b8:4e:df:5a:e6:4e:82:37:
e2:83:0c:5b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiv9FRb1dmY5tagxYilp6UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTQ1ZmQ2ZmQzZDkzMjY4NGMwYzViYzI3ZjRmYTYxNWEx
MDkwZTAwHhcNMjMwNjEyMTQxMzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE0YjExYjRlMjZiYzkzYmQwNjFiYmExMjg4YzdmMDM2MGQwYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlni2f0t7n0nufDr7EOhVe79srI4s
0BZc509w9GRfd/85MUyy2sp4wD6QBunWYKnHKZxjFiJK8+GVP3+sXAiXtD95zeX0
rS4LuWKg3aVlPVItYHnO1imsnhYW+UcNWmlTVPsJllbxav/o11vOWdPLx8uQJ43J
INb3gNKLtf1PB0HTdDT/KwmSugJvtuOCIzQzHuONMlHJcxWVhgkqAy0Uq/b0m9zS
JjhFMtCKGZ2sQYV0M1eEZ2Q91A4JiQNFtOeSgbq2e+5WXSTMrY5IKXZumKMtb6wJ
KvQCHFzS3WkLMKa0WKZsV3+DnoIjowuDotQQKl1Yzd47xMq8C+ZqkBn2kwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJkUsRtOJryTvQYbuhKIx/A2DQt7MB8GA1UdIwQY
MBaAFPzkX9b9PZMmhMDFvCf0+mFaEJDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09SZjF2MDlreWFFd01XOEpfVDZZVm9Ra09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iZjVhNjQtOGFhZi00NGE4LWJhY2Ut
MzY4NTBkZjRlOTk3LzEvbVJTeEcwNG12Sk85Qmh1NkVvakg4RFlOQzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iZjVhNjQtOGFhZi00NGE4LWJhY2UtMzY4NTBkZjRlOTk3
LzEvX09SZjF2MDlreWFFd01XOEpfVDZZVm9Ra09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjDNMA8E
AgACMAkDBwAgAQZ4CGQwDQYJKoZIhvcNAQELBQADggEBAGxVSSl+fQBjbqAl5Fo+
62M1UT50LP30M4SGlEEkEAZ6ZE3eG7zsnbN/Za7ceTwIsTERq314w++yDtj5Hs7Z
yAab5J8kUdOfpHDme7OPci2Gt62rI23sUEgrQ4Q/bakEmTcfOSvsPDCisM5bmKqV
KIIkVZTJw/yeXLAnAPzGuTAajZrnLDlEd7920VDDwMNbXzQwZIyG6bORVBvhX/XN
gRwNOcoxOVfToD8mXF9pKxcWO/HVN0dTKg+1NT7icQms5zvlz/bvmcupqA0GVhGh
lkoXJ4BbYrPZMgv5Qr1Up9uJdVxTyzlmH903BpufAA5Q1a5XwwK4Tt9a5k6CN+KD
DFs=
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:21:44 2025 by rpki-client