Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/p3u_Zse5wBGkwVNhUjLnbD1tm_I.roa
File: p3u_Zse5wBGkwVNhUjLnbD1tm_I.roa (raw, json)
Hash identifier: ZY0yVTh/qxxiTwydKCC7gc6L23kYWqHb5B4rdX4gKoo=
Subject key identifier: A7:7B:BF:66:C7:B9:C0:11:A4:C1:53:61:52:32:E7:6C:3D:6D:9B:F2
Certificate issuer: /CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Certificate serial: 018571699EC9D9DAAA6DCFDEFB9DD7E48999
Authority key identifier: F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/p3u_Zse5wBGkwVNhUjLnbD1tm_I.roa
Signing time: Mon 02 Jan 2023 07:37:05 +0000
ROA not before: Mon 02 Jan 2023 07:37:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 30844
IP address blocks: 46.17.232.0/21 maxlen: 24
77.246.48.0/20 maxlen: 24
217.15.112.0/20 maxlen: 24
217.74.224.0/20 maxlen: 24
5.11.8.0/21 maxlen: 24
185.25.208.0/22 maxlen: 24
2a01:410:2::/48 maxlen: 48
2a01:410::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:9e:c9:d9:da:aa:6d:cf:de:fb:9d:d7:e4:89:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Validity
Not Before: Jan 2 07:37:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a77bbf66c7b9c011a4c153615232e76c3d6d9bf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:16:03:41:b0:41:5f:e0:dd:18:8c:26:e1:1c:
16:0d:4c:4e:c8:bb:2e:a4:31:ce:b0:3f:bb:2b:b3:
8c:58:8c:2b:c7:64:89:39:4c:5b:0b:7c:39:4f:4d:
ea:6a:78:a8:54:b1:0a:43:20:cd:9a:84:e2:4a:6f:
80:47:58:3a:0f:16:0c:15:05:78:ae:12:95:ad:f5:
ac:35:d0:a8:c0:d9:09:fe:2e:a6:a2:63:a4:2a:4f:
66:de:45:09:5d:c5:39:1f:94:b6:24:83:ab:50:56:
fc:ca:d6:5a:1e:3e:54:10:13:3a:b9:b6:b2:d8:e6:
65:93:97:bc:ae:45:0e:a0:1d:54:b9:ff:ce:30:3b:
fd:e9:63:ec:9f:f4:30:fe:f8:4b:48:11:ab:0c:8c:
1c:8a:62:b9:b4:36:bd:d0:bc:8e:55:6b:31:a8:04:
28:ac:f5:96:b6:41:93:6a:59:05:4e:4d:9e:05:8b:
c4:e0:6c:a4:d0:94:2e:89:2a:be:4d:56:22:17:15:
3e:8f:44:07:e8:93:28:a0:a4:cf:45:1c:72:f4:63:
ce:84:c7:ef:ad:98:fb:cb:4d:7c:29:2d:a2:8b:c7:
37:e9:06:df:15:aa:b2:a3:9d:bc:90:13:01:b4:73:
19:5b:13:40:ba:46:cd:d0:30:1c:1d:a3:1f:7f:9c:
44:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:7B:BF:66:C7:B9:C0:11:A4:C1:53:61:52:32:E7:6C:3D:6D:9B:F2
X509v3 Authority Key Identifier:
keyid:F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/p3u_Zse5wBGkwVNhUjLnbD1tm_I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.11.8.0/21
46.17.232.0/21
77.246.48.0/20
185.25.208.0/22
217.15.112.0/20
217.74.224.0/20
IPv6:
2a01:410::/32
Signature Algorithm: sha256WithRSAEncryption
19:10:9a:c1:db:b1:18:bc:15:df:a8:31:24:c9:c8:39:7e:d2:
98:6d:a3:cc:0b:cc:ce:e1:7f:1b:e2:0b:2d:fc:d1:5a:ae:ae:
18:98:5e:bc:04:2d:6f:fd:5a:de:77:bc:d5:f2:cc:49:3a:35:
44:71:a5:bd:96:94:dc:f1:e5:8f:67:d9:8c:03:1c:60:48:07:
75:69:3a:bf:6b:0d:d2:0d:ac:b4:db:a7:0b:a0:4b:18:f5:5e:
93:d2:2b:b6:a4:cd:c5:43:28:a8:d1:e6:d5:dd:4b:af:39:07:
b5:f0:4b:c2:8b:75:f0:63:1d:6e:31:7e:d3:91:d1:3e:0f:30:
5c:4b:36:94:59:03:45:c7:18:12:3b:14:f0:a4:b2:f0:8e:b8:
3e:10:7e:8c:f0:d1:cc:f4:98:9d:d6:d8:69:d2:7e:81:50:d6:
86:70:35:09:8c:58:aa:bd:1a:1d:c1:54:77:72:13:1a:24:f2:
86:ef:d1:07:e2:90:23:aa:0f:8a:cb:65:7a:64:ca:e2:92:cf:
78:7a:34:9c:16:11:57:4e:63:af:37:7c:d9:3d:83:21:d3:90:
65:ec:7f:51:ce:14:fc:b4:0c:75:0e:85:7f:be:a4:3b:7c:64:
21:6e:63:2c:c5:80:fa:91:69:0c:29:df:62:9e:bc:9c:3c:c5:
d7:8a:bc:cc
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVxaZ7J2dqqbc/e+53X5ImZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTc2NzNjNzhlZmFlNWY2YmQ4MGEyNWFjZTNkM2MzNzE5
M2U3ODkwHhcNMjMwMTAyMDczNzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdiYmY2NmM3YjljMDExYTRjMTUzNjE1MjMyZTc2YzNkNmQ5YmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBYDQbBBX+DdGIwm4RwWDUxOyLsu
pDHOsD+7K7OMWIwrx2SJOUxbC3w5T03qanioVLEKQyDNmoTiSm+AR1g6DxYMFQV4
rhKVrfWsNdCowNkJ/i6momOkKk9m3kUJXcU5H5S2JIOrUFb8ytZaHj5UEBM6ubay
2OZlk5e8rkUOoB1Uuf/OMDv96WPsn/Qw/vhLSBGrDIwcimK5tDa90LyOVWsxqAQo
rPWWtkGTalkFTk2eBYvE4Gyk0JQuiSq+TVYiFxU+j0QH6JMooKTPRRxy9GPOhMfv
rZj7y018KS2ii8c36QbfFaqyo528kBMBtHMZWxNAukbN0DAcHaMff5xEOwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKd7v2bHucARpMFTYVIy52w9bZvyMB8GA1UdIwQY
MBaAFPSXZzx4765fa9gKJazj08Nxk+eJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYt
NmUwNjk2ZmVlOGU2LzEvcDN1X1pzZTV3Qkdrd1ZOaFVqTG5iRDF0bV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYtNmUwNjk2ZmVlOGU2
LzEvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDBQsIAwQD
LhHoAwQETfYwAwQCuRnQAwQE2Q9wAwQE2UrgMA0EAgACMAcDBQAqAQQQMA0GCSqG
SIb3DQEBCwUAA4IBAQAZEJrB27EYvBXfqDEkycg5ftKYbaPMC8zO4X8b4gst/NFa
rq4YmF68BC1v/Vred7zV8sxJOjVEcaW9lpTc8eWPZ9mMAxxgSAd1aTq/aw3SDay0
26cLoEsY9V6T0iu2pM3FQyio0ebV3UuvOQe18EvCi3XwYx1uMX7TkdE+DzBcSzaU
WQNFxxgSOxTwpLLwjrg+EH6M8NHM9Jid1thp0n6BUNaGcDUJjFiqvRodwVR3chMa
JPKG79EH4pAjqg+Ky2V6ZMriks94ejScFhFXTmOvN3zZPYMh05Bl7H9RzhT8tAx1
DoV/vqQ7fGQhbmMsxYD6kWkMKd9inrycPMXXirzM
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:29:25 2025 by rpki-client