Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/bec41a-d9f8-4545-8e48-673640233665/1/f1fDVf2f1Hfq3VEpM2_qRDMuQGg.roa
File: f1fDVf2f1Hfq3VEpM2_qRDMuQGg.roa (raw, json)
Hash identifier: KL+fH6iiTYytfgRKYvFazKvXYxdPdvdstaY7Q3oy5e4=
Subject key identifier: 7F:57:C3:55:FD:9F:D4:77:EA:DD:51:29:33:6F:EA:44:33:2E:40:68
Certificate issuer: /CN=717f55f3c6007b1cbdd7e820890569006757b366
Certificate serial: 05DCCC
Authority key identifier: 71:7F:55:F3:C6:00:7B:1C:BD:D7:E8:20:89:05:69:00:67:57:B3:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cX9V88YAexy91-ggiQVpAGdXs2Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/bec41a-d9f8-4545-8e48-673640233665/1/f1fDVf2f1Hfq3VEpM2_qRDMuQGg.roa
Signing time: Tue 01 Mar 2022 17:08:03 +0000
ROA not before: Tue 01 Mar 2022 17:08:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43638
IP address blocks: 141.138.164.0/22 maxlen: 22
141.138.160.0/21 maxlen: 21
141.138.160.0/22 maxlen: 22
91.197.152.0/22 maxlen: 22
91.197.152.0/23 maxlen: 23
91.197.154.0/23 maxlen: 23
2a01:9380::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 384204 (0x5dccc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=717f55f3c6007b1cbdd7e820890569006757b366
Validity
Not Before: Mar 1 17:08:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7f57c355fd9fd477eadd5129336fea44332e4068
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:14:75:f5:c0:f3:84:3b:8c:e5:b0:c9:91:72:
a5:ac:60:91:7b:d6:2c:86:64:59:ea:29:ef:35:49:
6a:ff:51:93:fb:4c:cf:79:45:92:3e:67:03:f5:51:
28:96:4a:15:e3:ba:00:3c:80:99:45:47:33:67:b4:
a2:5f:cb:b4:75:4a:93:e6:9c:40:38:90:c0:c2:c2:
d7:05:0c:4e:46:c8:05:98:30:68:df:b1:a4:1c:22:
ce:09:27:3d:cf:37:7d:1d:c4:12:02:7e:e3:c2:d2:
45:ff:29:f9:20:56:7e:96:88:22:ea:a1:3b:6d:a7:
fd:5f:05:fe:d9:1b:ae:29:fd:df:5d:52:1a:fc:a2:
55:2e:13:9e:be:61:9a:e0:25:34:50:0e:5b:86:bd:
5b:3c:fa:5f:aa:a9:fe:e0:21:79:a3:c8:65:72:2e:
0e:0d:e0:ef:4a:01:ec:fa:5b:df:e3:e0:aa:0c:62:
42:86:15:c0:c7:e6:f2:f0:19:8a:13:bd:92:70:91:
88:15:30:d5:fc:09:3c:5f:60:7e:a9:51:67:b9:88:
84:6a:51:7d:3d:35:11:33:5b:e7:0f:6f:0c:39:7e:
b5:85:cd:63:52:c7:5a:05:74:0b:0f:4f:c3:7d:8a:
24:2e:4f:e3:e0:4c:ee:27:80:c9:6d:45:d1:fd:38:
57:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:57:C3:55:FD:9F:D4:77:EA:DD:51:29:33:6F:EA:44:33:2E:40:68
X509v3 Authority Key Identifier:
keyid:71:7F:55:F3:C6:00:7B:1C:BD:D7:E8:20:89:05:69:00:67:57:B3:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cX9V88YAexy91-ggiQVpAGdXs2Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/bec41a-d9f8-4545-8e48-673640233665/1/f1fDVf2f1Hfq3VEpM2_qRDMuQGg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/bec41a-d9f8-4545-8e48-673640233665/1/cX9V88YAexy91-ggiQVpAGdXs2Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.152.0/22
141.138.160.0/21
IPv6:
2a01:9380::/32
Signature Algorithm: sha256WithRSAEncryption
81:8d:b2:31:e6:02:31:ee:60:d4:84:bd:3d:f2:fb:90:1d:7f:
bc:d6:42:2c:14:be:f1:ea:29:05:5b:71:98:94:64:c5:5d:2b:
71:8c:1b:be:3c:ce:7a:d7:ff:2f:26:c5:05:31:c6:6c:4d:2f:
9c:27:a7:3a:28:7e:6b:38:5d:6e:9c:40:6b:76:ec:08:27:55:
d9:57:2b:a3:b4:06:60:b9:f7:20:83:9f:9f:87:2f:24:c4:2f:
64:c9:d5:6a:90:b4:ae:3b:0e:03:9b:65:fd:7a:29:ed:cb:61:
49:99:a7:cd:53:31:e7:bc:1c:85:0d:ca:11:c2:7c:a2:79:d2:
9a:bf:78:54:fd:67:77:fa:88:8b:89:af:e9:37:ed:e7:25:c7:
47:8b:20:19:f2:79:e6:0f:44:56:39:0f:69:98:5d:7a:42:bf:
81:6d:e4:22:f8:12:cb:42:8d:62:3c:2c:4e:0a:ca:c4:be:3e:
29:82:b9:19:3a:29:5b:d1:63:5f:4e:b3:d3:2e:89:27:6b:f7:
5c:29:20:f4:78:bc:53:48:1c:01:48:d7:99:32:11:92:0b:86:
4c:8b:f7:09:4c:1b:f0:42:27:66:11:aa:67:f9:51:79:4a:c7:
21:6e:a8:75:a6:38:b8:31:30:4d:95:98:fc:f5:7a:40:47:d4:
65:e7:da:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIDBdzMMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDcx
N2Y1NWYzYzYwMDdiMWNiZGQ3ZTgyMDg5MDU2OTAwNjc1N2IzNjYwHhcNMjIwMzAx
MTcwODAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3ZjU3YzM1NWZkOWZk
NDc3ZWFkZDUxMjkzMzZmZWE0NDMzMmU0MDY4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsRR19cDzhDuM5bDJkXKlrGCRe9YshmRZ6invNUlq/1GT+0zP
eUWSPmcD9VEolkoV47oAPICZRUczZ7SiX8u0dUqT5pxAOJDAwsLXBQxORsgFmDBo
37GkHCLOCSc9zzd9HcQSAn7jwtJF/yn5IFZ+logi6qE7baf9XwX+2RuuKf3fXVIa
/KJVLhOevmGa4CU0UA5bhr1bPPpfqqn+4CF5o8hlci4ODeDvSgHs+lvf4+CqDGJC
hhXAx+by8BmKE72ScJGIFTDV/Ak8X2B+qVFnuYiEalF9PTURM1vnD28MOX61hc1j
UsdaBXQLD0/DfYokLk/j4EzuJ4DJbUXR/ThXiwIDAQABo4ICHjCCAhowHQYDVR0O
BBYEFH9Xw1X9n9R36t1RKTNv6kQzLkBoMB8GA1UdIwQYMBaAFHF/VfPGAHscvdfo
IIkFaQBnV7NmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
Y1g5Vjg4WUFleHk5MS1nZ2lRVnBBR2RYczJZLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC85Yy9iZWM0MWEtZDlmOC00NTQ1LThlNDgtNjczNjQwMjMzNjY1LzEv
ZjFmRFZmMmYxSGZxM1ZFcE0yX3FSRE11UUdnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9i
ZWM0MWEtZDlmOC00NTQ1LThlNDgtNjczNjQwMjMzNjY1LzEvY1g5Vjg4WUFleHk5
MS1nZ2lRVnBBR2RYczJZLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQG
CCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8WYAwQDjYqgMA0EAgACMAcDBQAq
AZOAMA0GCSqGSIb3DQEBCwUAA4IBAQCBjbIx5gIx7mDUhL098vuQHX+81kIsFL7x
6ikFW3GYlGTFXStxjBu+PM561/8vJsUFMcZsTS+cJ6c6KH5rOF1unEBrduwIJ1XZ
VyujtAZgufcgg5+fhy8kxC9kydVqkLSuOw4Dm2X9einty2FJmafNUzHnvByFDcoR
wnyiedKav3hU/Wd3+oiLia/pN+3nJcdHiyAZ8nnmD0RWOQ9pmF16Qr+BbeQi+BLL
Qo1iPCxOCsrEvj4pgrkZOilb0WNfTrPTLokna/dcKSD0eLxTSBwBSNeZMhGSC4ZM
i/cJTBvwQidmEapn+VF5Sschbqh1pji4MTBNlZj89XpAR9Rl59r8
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:53:29 2025 by rpki-client