Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c2fdf2-2a0a-443f-b7e0-a5bdbb145a78/1/AtG2_foSop7MZLIlxxZuQRcimIo.roa
File: AtG2_foSop7MZLIlxxZuQRcimIo.roa (raw, json)
Hash identifier: XRsZ8649CgfNpTZsqQE8RBhqGaT2LboL//JFpMye6ho=
Subject key identifier: 02:D1:B6:FD:FA:12:A2:9E:CC:64:B2:25:C7:16:6E:41:17:22:98:8A
Certificate issuer: /CN=3f528c95f6080ab13cb049783e9244d33d9c4b32
Certificate serial: 018570C2B9C09FC09C49D1C77AC1FFD83DEB
Authority key identifier: 3F:52:8C:95:F6:08:0A:B1:3C:B0:49:78:3E:92:44:D3:3D:9C:4B:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P1KMlfYICrE8sEl4PpJE0z2cSzI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/c2fdf2-2a0a-443f-b7e0-a5bdbb145a78/1/AtG2_foSop7MZLIlxxZuQRcimIo.roa
Signing time: Mon 02 Jan 2023 04:34:47 +0000
ROA not before: Mon 02 Jan 2023 04:34:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213231
IP address blocks: 194.48.191.0/24 maxlen: 24
194.45.217.0/24 maxlen: 24
194.45.233.0/24 maxlen: 24
194.48.3.0/24 maxlen: 24
2a07:e6c0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:c2:b9:c0:9f:c0:9c:49:d1:c7:7a:c1:ff:d8:3d:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f528c95f6080ab13cb049783e9244d33d9c4b32
Validity
Not Before: Jan 2 04:34:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=02d1b6fdfa12a29ecc64b225c7166e411722988a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d1:ba:58:e9:e7:7a:2b:a7:69:2b:25:01:c8:
28:94:5e:40:3f:fd:62:26:e7:b1:29:07:24:a0:af:
99:c7:8b:0f:58:bb:84:5e:a2:0a:da:f0:40:5d:24:
d1:69:3e:6f:0b:ca:0a:b5:28:d1:53:75:de:24:94:
b8:9f:5f:74:b7:f7:d8:57:1c:9c:85:d8:50:07:b5:
94:f6:21:65:56:8e:ee:a1:c8:0f:d5:2d:0f:2c:75:
65:66:55:3a:8c:6f:00:40:72:4e:ef:74:3d:1d:5e:
b1:e0:ca:e9:0a:fe:2b:88:86:e1:1a:20:2a:b5:37:
90:e0:04:9f:cd:0e:f7:b2:3a:9c:37:1c:03:37:34:
53:0d:24:2d:b1:52:d1:26:31:11:78:fc:d3:db:33:
79:ca:f3:2a:bb:c4:27:68:2a:57:39:52:24:75:c7:
a3:a2:3e:b3:32:de:64:68:31:c5:48:38:ba:03:b6:
6b:32:d1:6f:ff:24:69:56:e0:92:49:27:ab:9c:46:
db:78:8c:74:43:9f:b4:56:10:b0:4d:2a:75:43:31:
a4:39:08:d7:cf:89:0a:a6:19:cb:06:68:d1:1a:10:
c2:3f:5a:c4:6b:bc:a3:9f:e8:24:c4:0a:f7:3e:5d:
5b:47:1a:1b:46:45:4d:38:81:3f:67:77:92:b2:e0:
77:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:D1:B6:FD:FA:12:A2:9E:CC:64:B2:25:C7:16:6E:41:17:22:98:8A
X509v3 Authority Key Identifier:
keyid:3F:52:8C:95:F6:08:0A:B1:3C:B0:49:78:3E:92:44:D3:3D:9C:4B:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1KMlfYICrE8sEl4PpJE0z2cSzI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c2fdf2-2a0a-443f-b7e0-a5bdbb145a78/1/AtG2_foSop7MZLIlxxZuQRcimIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c2fdf2-2a0a-443f-b7e0-a5bdbb145a78/1/P1KMlfYICrE8sEl4PpJE0z2cSzI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.45.217.0/24
194.45.233.0/24
194.48.3.0/24
194.48.191.0/24
IPv6:
2a07:e6c0::/29
Signature Algorithm: sha256WithRSAEncryption
2b:e5:4e:5a:bf:c7:17:ba:9c:ef:3a:f0:9f:1e:e9:cf:9b:92:
a7:e5:5d:f2:a8:98:2e:68:23:16:06:3c:9f:a9:9f:27:9d:23:
a6:24:f5:21:0c:90:16:bb:56:29:8f:58:97:36:b6:ac:47:2c:
00:7a:cb:23:6c:11:af:cc:a5:45:e7:8b:81:51:eb:0f:05:f3:
db:72:80:43:6a:ae:c5:61:67:25:05:cf:17:e6:60:a8:b3:83:
62:ce:e9:be:26:24:9f:ad:f3:89:8f:b8:2e:7e:db:30:2d:e0:
f8:31:a6:77:53:ac:3a:bf:d7:74:3e:8c:64:cc:d1:fb:ad:88:
9d:e0:82:b1:3d:7b:20:fe:dc:4f:f5:2e:e9:d6:36:f5:26:70:
44:c6:fa:6e:fc:0a:6f:0f:63:d2:ff:e7:95:b4:bd:fc:3e:a0:
16:a8:29:41:73:4c:3c:92:99:58:84:5e:55:61:c9:d9:3f:64:
11:bd:fa:46:a0:b7:8c:57:dd:d4:1a:f3:ca:89:47:6e:08:3f:
eb:1e:74:04:5c:7c:49:9a:02:8e:9e:7a:d0:31:c7:e3:60:06:
c2:10:cc:15:dd:85:12:c5:d2:b7:3f:ec:d1:59:1d:89:46:73:
d9:0f:c0:b9:1f:a7:a7:5c:67:65:f2:d2:b4:4a:23:53:06:ef:
9c:e0:28:2e
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVwwrnAn8CcSdHHesH/2D3rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNTI4Yzk1ZjYwODBhYjEzY2IwNDk3ODNlOTI0NGQzM2Q5
YzRiMzIwHhcNMjMwMTAyMDQzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQxYjZmZGZhMTJhMjllY2M2NGIyMjVjNzE2NmU0MTE3MjI5ODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNG6WOnneiunaSslAcgolF5AP/1i
JuexKQckoK+Zx4sPWLuEXqIK2vBAXSTRaT5vC8oKtSjRU3XeJJS4n190t/fYVxyc
hdhQB7WU9iFlVo7uocgP1S0PLHVlZlU6jG8AQHJO73Q9HV6x4MrpCv4riIbhGiAq
tTeQ4ASfzQ73sjqcNxwDNzRTDSQtsVLRJjERePzT2zN5yvMqu8QnaCpXOVIkdcej
oj6zMt5kaDHFSDi6A7ZrMtFv/yRpVuCSSSernEbbeIx0Q5+0VhCwTSp1QzGkOQjX
z4kKphnLBmjRGhDCP1rEa7yjn+gkxAr3Pl1bRxobRkVNOIE/Z3eSsuB3QwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFALRtv36EqKezGSyJccWbkEXIpiKMB8GA1UdIwQY
MBaAFD9SjJX2CAqxPLBJeD6SRNM9nEsyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDFLTWxmWUlDckU4c0VsNFBwSkUwejJjU3pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jMmZkZjItMmEwYS00NDNmLWI3ZTAt
YTViZGJiMTQ1YTc4LzEvQXRHMl9mb1NvcDdNWkxJbHh4WnVRUmNpbUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jMmZkZjItMmEwYS00NDNmLWI3ZTAtYTViZGJiMTQ1YTc4
LzEvUDFLTWxmWUlDckU4c0VsNFBwSkUwejJjU3pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAwi3ZAwQA
wi3pAwQAwjADAwQAwjC/MA0EAgACMAcDBQMqB+bAMA0GCSqGSIb3DQEBCwUAA4IB
AQAr5U5av8cXupzvOvCfHunPm5Kn5V3yqJguaCMWBjyfqZ8nnSOmJPUhDJAWu1Yp
j1iXNrasRywAessjbBGvzKVF54uBUesPBfPbcoBDaq7FYWclBc8X5mCos4Nizum+
JiSfrfOJj7guftswLeD4MaZ3U6w6v9d0PoxkzNH7rYid4IKxPXsg/txP9S7p1jb1
JnBExvpu/ApvD2PS/+eVtL38PqAWqClBc0w8kplYhF5VYcnZP2QRvfpGoLeMV93U
GvPKiUduCD/rHnQEXHxJmgKOnnrQMcfjYAbCEMwV3YUSxdK3P+zRWR2JRnPZD8C5
H6enXGdl8tK0SiNTBu+c4Cgu
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:35:08 2025 by rpki-client