Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/arPaOiJViVNkCsp03uOJTewDxVM.roa
File: arPaOiJViVNkCsp03uOJTewDxVM.roa (raw, json)
Hash identifier: FarYI6xYVlkOTy5RseUMjhWTJoAZwVsdXe7zyNEpfPw=
Subject key identifier: 6A:B3:DA:3A:22:55:89:53:64:0A:CA:74:DE:E3:89:4D:EC:03:C5:53
Certificate issuer: /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial: 018570306B50D5DC80E39BA74B395486ECD8
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/arPaOiJViVNkCsp03uOJTewDxVM.roa
Signing time: Mon 02 Jan 2023 01:54:59 +0000
ROA not before: Mon 02 Jan 2023 01:54:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50889
IP address blocks: 217.199.209.0/24 maxlen: 24
217.199.222.0/24 maxlen: 24
89.248.237.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:30:6b:50:d5:dc:80:e3:9b:a7:4b:39:54:86:ec:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Validity
Not Before: Jan 2 01:54:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6ab3da3a22558953640aca74dee3894dec03c553
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:74:b1:5a:17:3d:d5:2a:a7:53:8f:cf:65:3e:
c9:78:bc:cc:a6:0e:1a:f6:16:5a:52:d0:18:9f:ab:
e4:7c:4a:09:fa:38:48:10:3a:f3:e2:26:7f:88:1f:
2e:5b:04:1f:70:b3:fe:6e:82:4c:6d:4b:fb:1d:1c:
b9:65:6f:11:ec:6c:e9:d4:75:6d:ee:ea:55:21:cc:
1a:6b:e7:53:b8:a2:cf:27:b3:67:28:7d:e1:f8:f9:
6d:92:23:e9:79:53:d9:9b:2e:af:9c:b9:2b:21:37:
dd:4d:76:17:88:2d:64:0f:e6:0d:1e:c2:17:36:51:
c6:57:a5:3c:7f:b8:73:8a:2d:92:f1:55:dd:d9:ab:
ad:d0:ac:20:50:c0:d5:41:08:8d:bf:ca:67:2b:bd:
ad:4b:42:53:e6:72:3e:ad:cd:87:53:0e:0b:cc:36:
06:a0:d2:2b:92:1c:4d:32:3c:a7:7d:80:27:3c:99:
21:9e:21:90:ae:4c:8e:e0:2d:81:52:6a:36:02:18:
c2:2b:58:31:05:32:72:43:9e:1e:ba:c5:68:5d:fe:
c9:ba:8b:7d:fc:7a:df:bd:62:96:c0:8d:a3:9f:d8:
54:22:b9:07:1f:8a:65:d8:04:b1:b7:3d:cf:a3:0d:
79:5e:02:ba:57:18:14:f2:e1:83:f7:3a:c6:cc:ee:
98:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:B3:DA:3A:22:55:89:53:64:0A:CA:74:DE:E3:89:4D:EC:03:C5:53
X509v3 Authority Key Identifier:
keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/arPaOiJViVNkCsp03uOJTewDxVM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.248.237.0/24
217.199.209.0/24
217.199.222.0/24
Signature Algorithm: sha256WithRSAEncryption
39:06:61:0b:26:4f:24:10:e4:08:cc:69:5b:46:41:b4:ed:e1:
a2:2f:99:55:93:cb:c9:d2:e5:9e:d4:67:59:81:66:6e:5a:b8:
77:70:8f:88:e3:2b:ab:62:16:0d:46:8c:35:29:79:78:26:1e:
7e:61:d6:48:7f:ea:44:3b:69:09:86:01:6c:8d:bf:63:f1:fc:
41:77:41:26:19:0d:3c:25:08:f6:52:c2:fd:66:e1:36:72:53:
13:0a:43:cf:b6:34:c0:32:0f:39:04:21:e9:b7:a1:e8:8f:b8:
dc:68:61:ad:ad:80:28:92:c5:95:f0:7e:d0:6b:78:61:8e:c0:
5b:b1:24:11:41:e2:8b:ca:e0:1a:63:35:57:f9:bc:8d:22:f5:
a9:ea:69:1d:da:f5:55:50:56:79:8c:78:be:90:ae:a2:d9:0f:
59:53:aa:2d:07:3e:96:e1:5f:14:82:4c:0c:93:31:fa:00:67:
85:99:75:5a:2d:68:6a:c4:7d:9c:c3:b5:49:7a:3a:73:df:ff:
69:64:64:00:70:70:ad:4a:0b:be:99:31:31:a8:f3:7a:2f:e0:
11:ee:6f:0f:2a:64:95:bf:d4:af:f1:7e:2f:0c:26:ff:be:ba:
2a:c7:05:ae:32:13:02:24:f0:bf:ef:d3:50:ad:f6:9e:13:8a:
78:fa:28:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVwMGtQ1dyA45unSzlUhuzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjMwMTAyMDE1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWIzZGEzYTIyNTU4OTUzNjQwYWNhNzRkZWUzODk0ZGVjMDNjNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHSxWhc91SqnU4/PZT7JeLzMpg4a
9hZaUtAYn6vkfEoJ+jhIEDrz4iZ/iB8uWwQfcLP+boJMbUv7HRy5ZW8R7Gzp1HVt
7upVIcwaa+dTuKLPJ7NnKH3h+PltkiPpeVPZmy6vnLkrITfdTXYXiC1kD+YNHsIX
NlHGV6U8f7hzii2S8VXd2aut0KwgUMDVQQiNv8pnK72tS0JT5nI+rc2HUw4LzDYG
oNIrkhxNMjynfYAnPJkhniGQrkyO4C2BUmo2AhjCK1gxBTJyQ54eusVoXf7Juot9
/HrfvWKWwI2jn9hUIrkHH4pl2ASxtz3Pow15XgK6VxgU8uGD9zrGzO6YIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGqz2joiVYlTZArKdN7jiU3sA8VTMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvYXJQYU9pSlZpVk5rQ3NwMDN1T0pUZXdEeFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWfjtAwQA
2cfRAwQA2cfeMA0GCSqGSIb3DQEBCwUAA4IBAQA5BmELJk8kEOQIzGlbRkG07eGi
L5lVk8vJ0uWe1GdZgWZuWrh3cI+I4yurYhYNRow1KXl4Jh5+YdZIf+pEO2kJhgFs
jb9j8fxBd0EmGQ08JQj2UsL9ZuE2clMTCkPPtjTAMg85BCHpt6Hoj7jcaGGtrYAo
ksWV8H7Qa3hhjsBbsSQRQeKLyuAaYzVX+byNIvWp6mkd2vVVUFZ5jHi+kK6i2Q9Z
U6otBz6W4V8UgkwMkzH6AGeFmXVaLWhqxH2cw7VJejpz3/9pZGQAcHCtSgu+mTEx
qPN6L+AR7m8PKmSVv9Sv8X4vDCb/vroqxwWuMhMCJPC/79NQrfaeE4p4+iiA
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:58 2025 by rpki-client