Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vgPGUxBQzYcl4gWfb52s77SwjaE.roa
File: vgPGUxBQzYcl4gWfb52s77SwjaE.roa (raw, json)
Hash identifier: lAvio8bquSo7aIWJo/2u1AZk6AXV0YAYDr2PBZq/Nfg=
Subject key identifier: BE:03:C6:53:10:50:CD:87:25:E2:05:9F:6F:9D:AC:EF:B4:B0:8D:A1
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01875275F39F25D2FD5BA3A441203175AF77
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vgPGUxBQzYcl4gWfb52s77SwjaE.roa
Signing time: Wed 05 Apr 2023 17:27:54 +0000
ROA not before: Wed 05 Apr 2023 17:27:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213035
IP address blocks: 193.124.227.0/24 maxlen: 24
195.133.13.0/24 maxlen: 24
195.133.37.0/24 maxlen: 24
212.192.240.0/24 maxlen: 24
192.124.188.0/24 maxlen: 24
212.192.243.0/24 maxlen: 24
194.87.84.0/24 maxlen: 24
194.87.187.0/24 maxlen: 24
194.87.86.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:52:75:f3:9f:25:d2:fd:5b:a3:a4:41:20:31:75:af:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Apr 5 17:27:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=be03c6531050cd8725e2059f6f9dacefb4b08da1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:32:57:9e:8c:80:74:2e:5a:ae:f4:c5:77:99:
b4:34:e0:9e:03:ef:17:aa:55:70:b5:61:9a:84:a0:
7b:4a:4d:17:89:0e:09:f6:40:27:08:3f:84:c2:45:
de:9c:c3:cd:d9:d6:97:04:98:03:e5:7f:fb:16:0b:
bc:5e:65:f6:db:d1:91:18:16:34:54:f6:ec:01:3e:
42:ca:f4:29:ff:86:42:33:bd:3b:e6:14:c7:2f:b2:
f4:3f:2c:b6:32:7a:d9:a3:97:f0:99:6a:e3:08:80:
15:a6:42:e7:dd:3a:90:94:08:00:8f:fb:99:cf:51:
6e:4f:b9:54:03:c3:b2:03:ad:4b:76:d8:f2:04:77:
2c:d3:1e:36:bd:d3:c7:a6:15:14:58:13:c1:a6:e5:
25:cc:08:df:11:d8:d3:d4:e6:9e:04:71:2f:1c:bb:
ec:49:b8:a0:ce:44:dd:2d:76:4f:74:c9:51:28:5e:
a1:9c:73:11:10:64:c3:65:ea:7f:9c:45:21:3e:e5:
79:14:41:d8:dc:42:e9:df:a4:38:00:bd:59:10:49:
91:77:82:cd:6a:fe:4e:55:00:a2:12:5d:b3:94:cb:
29:79:34:c6:c9:f8:c2:bd:df:b9:b4:1d:d1:32:30:
68:c9:cf:6f:31:f1:23:90:3f:11:a2:8c:0b:8f:5d:
e9:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:03:C6:53:10:50:CD:87:25:E2:05:9F:6F:9D:AC:EF:B4:B0:8D:A1
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vgPGUxBQzYcl4gWfb52s77SwjaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.188.0/24
193.124.227.0/24
194.87.84.0/24
194.87.86.0/24
194.87.187.0/24
195.133.13.0/24
195.133.37.0/24
212.192.240.0/24
212.192.243.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:67:6a:5f:33:55:22:bf:e2:02:43:4b:1b:b1:3c:4e:7c:4f:
0b:82:24:b8:ca:ed:86:5a:26:b9:64:ad:87:1d:e7:02:84:fe:
97:2c:21:01:27:25:19:e9:de:32:5c:0e:77:f2:69:12:56:3d:
6a:b5:39:e2:d1:2c:ac:43:3f:c6:66:74:4e:a0:a3:3c:71:66:
46:4a:25:5e:03:39:c0:9e:41:b0:38:74:ed:5c:5b:b1:6d:c9:
9c:3e:2c:dc:da:bc:67:19:01:fe:ff:aa:b0:6b:45:f2:06:e2:
74:c9:16:98:b9:65:4b:78:de:fe:1d:07:e6:bf:c7:c3:70:c7:
c1:6f:20:df:fe:1b:e4:3e:05:17:0a:14:68:28:78:64:a6:13:
c8:d1:61:9f:51:ba:96:aa:17:55:36:ab:35:fe:9f:a1:4d:f3:
6d:45:c1:3d:49:52:d7:cc:4d:6f:75:a9:9e:37:f1:ce:27:86:
d3:d2:f4:9a:ad:56:3b:76:1e:1c:35:83:f7:ce:a9:8c:fe:3e:
2d:95:85:fc:3e:ae:95:0a:ff:0f:56:b6:16:7c:8d:26:35:cf:
03:a8:f7:25:9e:be:de:e8:80:f5:40:c3:5d:64:41:24:32:52:
b7:2b:50:e3:89:35:ff:a3:0f:aa:51:aa:03:ed:61:a8:5d:e0:
4e:4c:1f:76
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYdSdfOfJdL9W6OkQSAxda93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDA1MTcyNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTAzYzY1MzEwNTBjZDg3MjVlMjA1OWY2ZjlkYWNlZmI0YjA4ZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzJXnoyAdC5arvTFd5m0NOCeA+8X
qlVwtWGahKB7Sk0XiQ4J9kAnCD+EwkXenMPN2daXBJgD5X/7Fgu8XmX229GRGBY0
VPbsAT5CyvQp/4ZCM7075hTHL7L0Pyy2MnrZo5fwmWrjCIAVpkLn3TqQlAgAj/uZ
z1FuT7lUA8OyA61LdtjyBHcs0x42vdPHphUUWBPBpuUlzAjfEdjT1OaeBHEvHLvs
SbigzkTdLXZPdMlRKF6hnHMREGTDZep/nEUhPuV5FEHY3ELp36Q4AL1ZEEmRd4LN
av5OVQCiEl2zlMspeTTGyfjCvd+5tB3RMjBoyc9vMfEjkD8RoowLj13p+wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFL4DxlMQUM2HJeIFn2+drO+0sI2hMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdmdQR1V4QlF6WWNsNGdXZmI1MnM3N1N3amFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwHy8AwQA
wXzjAwQAwldUAwQAwldWAwQAwle7AwQAw4UNAwQAw4UlAwQA1MDwAwQA1MDzMA0G
CSqGSIb3DQEBCwUAA4IBAQBuZ2pfM1Uiv+ICQ0sbsTxOfE8LgiS4yu2GWia5ZK2H
HecChP6XLCEBJyUZ6d4yXA538mkSVj1qtTni0SysQz/GZnROoKM8cWZGSiVeAznA
nkGwOHTtXFuxbcmcPizc2rxnGQH+/6qwa0XyBuJ0yRaYuWVLeN7+HQfmv8fDcMfB
byDf/hvkPgUXChRoKHhkphPI0WGfUbqWqhdVNqs1/p+hTfNtRcE9SVLXzE1vdame
N/HOJ4bT0vSarVY7dh4cNYP3zqmM/j4tlYX8Pq6VCv8PVrYWfI0mNc8DqPclnr7e
6ID1QMNdZEEkMlK3K1DjiTX/ow+qUaoD7WGoXeBOTB92
-----END CERTIFICATE-----
Generated at Sun Jun 8 08:39:31 2025 by rpki-client