Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/c9330d-4d4a-4458-888a-e362a90edec1/1/KWLrluPmwcSnGynGUnk0yht4Y0U.roa
File: KWLrluPmwcSnGynGUnk0yht4Y0U.roa (raw, json)
Hash identifier: cHBLLlolwRpK/jq2ITXqkpH4MX+GcFYW8Ul5uH8V1xE=
Subject key identifier: 29:62:EB:96:E3:E6:C1:C4:A7:1B:29:C6:52:79:34:CA:1B:78:63:45
Certificate issuer: /CN=2ac89af05d20711e0a94e84bf4b44766362c5083
Certificate serial: 01856C0A3649BF949354A33FECA5DBB6516E
Authority key identifier: 2A:C8:9A:F0:5D:20:71:1E:0A:94:E8:4B:F4:B4:47:66:36:2C:50:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ksia8F0gcR4KlOhL9LRHZjYsUIM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/c9330d-4d4a-4458-888a-e362a90edec1/1/KWLrluPmwcSnGynGUnk0yht4Y0U.roa
Signing time: Sun 01 Jan 2023 06:34:46 +0000
ROA not before: Sun 01 Jan 2023 06:34:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210657
IP address blocks: 194.62.61.0/24 maxlen: 24
194.62.62.0/24 maxlen: 24
194.62.63.0/24 maxlen: 24
194.62.60.0/24 maxlen: 24
2a0c:fcc0::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:0a:36:49:bf:94:93:54:a3:3f:ec:a5:db:b6:51:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac89af05d20711e0a94e84bf4b44766362c5083
Validity
Not Before: Jan 1 06:34:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2962eb96e3e6c1c4a71b29c6527934ca1b786345
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:a1:05:dd:b5:6d:82:be:9b:68:d4:52:37:9a:
7e:86:fc:36:d8:43:0b:9c:e9:e1:8d:c2:9e:eb:90:
63:22:4c:bf:ed:46:8e:d3:10:ca:3c:ec:29:c8:cd:
92:d7:a5:61:82:9f:71:e3:cf:76:1c:ea:25:4f:36:
fd:07:38:ae:35:6a:a9:b3:40:2e:4e:4d:b4:e4:08:
a5:1d:ed:c1:c0:69:bf:12:58:d9:f7:34:7d:29:99:
e9:8f:e7:fa:b3:e5:17:d6:cc:61:23:33:f4:23:33:
c2:bf:07:ad:c8:25:41:5f:e5:2d:f6:eb:b4:1b:38:
e8:6f:bc:c0:6d:22:69:b7:c3:47:ac:b3:cf:ec:da:
b4:44:d9:c4:f7:37:17:86:32:20:3a:06:38:80:b2:
be:f4:cc:ae:9a:19:41:8f:1d:ee:f8:25:bc:b3:03:
92:ac:6f:ab:9e:a6:1a:93:bb:97:df:46:f6:c0:b3:
ce:34:ed:8e:5f:0f:b7:41:c6:7a:96:a2:b3:8b:8e:
59:89:5a:40:e7:64:f3:2f:45:a2:77:d9:1d:62:16:
8a:d6:73:1b:dd:f2:37:45:b0:82:22:f1:ea:d7:3a:
0e:4a:03:ad:28:8a:46:64:33:69:f2:0a:b2:ca:f9:
7f:c7:9e:59:2e:fd:89:12:24:c7:57:60:be:f0:e4:
4c:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:62:EB:96:E3:E6:C1:C4:A7:1B:29:C6:52:79:34:CA:1B:78:63:45
X509v3 Authority Key Identifier:
keyid:2A:C8:9A:F0:5D:20:71:1E:0A:94:E8:4B:F4:B4:47:66:36:2C:50:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ksia8F0gcR4KlOhL9LRHZjYsUIM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/c9330d-4d4a-4458-888a-e362a90edec1/1/KWLrluPmwcSnGynGUnk0yht4Y0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/c9330d-4d4a-4458-888a-e362a90edec1/1/Ksia8F0gcR4KlOhL9LRHZjYsUIM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.62.60.0/22
IPv6:
2a0c:fcc0::/32
Signature Algorithm: sha256WithRSAEncryption
4d:4f:b2:a2:17:fe:ad:72:cf:89:a2:66:15:8f:d8:65:a5:b9:
40:04:5c:4d:a4:06:58:e0:ed:73:90:87:ad:fd:b4:ea:67:97:
87:84:df:ce:89:ce:26:e3:f3:24:2f:f9:ad:19:8f:54:14:d5:
e5:3f:3a:25:cb:c9:8e:b6:8a:cf:c8:7f:19:47:21:c7:9b:e3:
cb:cc:14:77:e5:9e:ba:b1:38:6b:f6:91:67:e0:ae:a6:47:8a:
bb:22:ab:73:bb:09:38:a6:a7:1f:b7:ce:ef:b5:69:c6:b2:76:
74:9b:4b:98:49:ab:52:2c:ab:ee:56:ec:2c:1f:05:0e:43:fc:
ee:1e:fd:20:fb:36:09:9f:19:e3:9f:05:36:17:42:2b:33:d7:
3f:c4:82:9b:4d:e4:85:7d:72:f6:c2:59:92:a0:bf:c1:ed:d8:
aa:21:ce:58:25:3f:7a:12:29:7b:c7:b1:83:8f:65:b8:c9:80:
86:bd:41:5c:8d:00:08:3b:ac:8e:5d:9f:23:27:6d:5a:17:1f:
50:31:86:3c:98:50:5d:19:83:19:a2:74:ef:78:ef:e1:e7:38:
08:3d:27:c6:84:11:b8:82:45:35:37:db:a9:a9:6c:fa:7c:8b:
0b:84:d8:28:7e:d5:a6:3d:23:8c:be:33:03:3d:c9:3a:b5:14:
02:f7:bf:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVsCjZJv5STVKM/7KXbtlFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzg5YWYwNWQyMDcxMWUwYTk0ZTg0YmY0YjQ0NzY2MzYy
YzUwODMwHhcNMjMwMTAxMDYzNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYyZWI5NmUzZTZjMWM0YTcxYjI5YzY1Mjc5MzRjYTFiNzg2MzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqEF3bVtgr6baNRSN5p+hvw22EML
nOnhjcKe65BjIky/7UaO0xDKPOwpyM2S16Vhgp9x4892HOolTzb9BziuNWqps0Au
Tk205AilHe3BwGm/EljZ9zR9KZnpj+f6s+UX1sxhIzP0IzPCvwetyCVBX+Ut9uu0
Gzjob7zAbSJpt8NHrLPP7Nq0RNnE9zcXhjIgOgY4gLK+9MyumhlBjx3u+CW8swOS
rG+rnqYak7uX30b2wLPONO2OXw+3QcZ6lqKzi45ZiVpA52TzL0Wid9kdYhaK1nMb
3fI3RbCCIvHq1zoOSgOtKIpGZDNp8gqyyvl/x55ZLv2JEiTHV2C+8ORMKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCli65bj5sHEpxspxlJ5NMobeGNFMB8GA1UdIwQY
MBaAFCrImvBdIHEeCpToS/S0R2Y2LFCDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NpYThGMGdjUjRLbE9oTDlMUkhaallzVUlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jOTMzMGQtNGQ0YS00NDU4LTg4OGEt
ZTM2MmE5MGVkZWMxLzEvS1dMcmx1UG13Y1NuR3luR1VuazB5aHQ0WTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jOTMzMGQtNGQ0YS00NDU4LTg4OGEtZTM2MmE5MGVkZWMx
LzEvS3NpYThGMGdjUjRLbE9oTDlMUkhaallzVUlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwj48MA0E
AgACMAcDBQAqDPzAMA0GCSqGSIb3DQEBCwUAA4IBAQBNT7KiF/6tcs+JomYVj9hl
pblABFxNpAZY4O1zkIet/bTqZ5eHhN/Oic4m4/MkL/mtGY9UFNXlPzoly8mOtorP
yH8ZRyHHm+PLzBR35Z66sThr9pFn4K6mR4q7Iqtzuwk4pqcft87vtWnGsnZ0m0uY
SatSLKvuVuwsHwUOQ/zuHv0g+zYJnxnjnwU2F0IrM9c/xIKbTeSFfXL2wlmSoL/B
7diqIc5YJT96Eil7x7GDj2W4yYCGvUFcjQAIO6yOXZ8jJ21aFx9QMYY8mFBdGYMZ
onTveO/h5zgIPSfGhBG4gkU1N9upqWz6fIsLhNgoftWmPSOMvjMDPck6tRQC97/W
-----END CERTIFICATE-----
Generated at Mon Apr 21 10:37:25 2025 by rpki-client