Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/3UCgS3IJb3znw5Yh6bcJ_3eZKOA.roa
File: 3UCgS3IJb3znw5Yh6bcJ_3eZKOA.roa (raw, json)
Hash identifier: F3C1rTTDqGZ82ASJ2nN4MVK4lOwN0bukuyNHgzWmGQ0=
Subject key identifier: DD:40:A0:4B:72:09:6F:7C:E7:C3:96:21:E9:B7:09:FF:77:99:28:E0
Certificate issuer: /CN=47bcd770f8ea3d48ecbb4c3eab895f422ffac90d
Certificate serial: 01856C4143F63A1C3F9F54E4D990AD4F5DBC
Authority key identifier: 47:BC:D7:70:F8:EA:3D:48:EC:BB:4C:3E:AB:89:5F:42:2F:FA:C9:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/3UCgS3IJb3znw5Yh6bcJ_3eZKOA.roa
Signing time: Sun 01 Jan 2023 07:34:54 +0000
ROA not before: Sun 01 Jan 2023 07:34:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31438
IP address blocks: 83.137.64.0/21 maxlen: 21
212.89.192.0/19 maxlen: 19
2a0d:5f00::/30 maxlen: 30
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:41:43:f6:3a:1c:3f:9f:54:e4:d9:90:ad:4f:5d:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=47bcd770f8ea3d48ecbb4c3eab895f422ffac90d
Validity
Not Before: Jan 1 07:34:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd40a04b72096f7ce7c39621e9b709ff779928e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:7a:a0:e5:cf:e7:e8:fa:f6:f3:95:36:d1:97:
69:1a:7c:3d:27:48:41:13:5d:35:c6:4a:26:ee:32:
65:65:d6:5d:b6:7f:e7:0c:1b:c0:d7:27:33:ce:51:
5c:e5:44:f2:d9:e3:88:85:e0:ea:d3:2e:a1:73:02:
49:1a:c1:d3:a7:1b:9e:dd:06:bd:d7:e7:00:30:1b:
1d:5b:76:ed:9e:ce:31:42:7b:81:d7:17:ba:1a:fd:
b4:97:dc:02:09:46:a4:92:50:9f:f7:fd:06:35:71:
3d:02:db:99:e6:64:19:37:d0:53:c2:09:e1:4c:79:
a9:6c:6b:d9:f0:64:c9:2a:4f:20:55:b4:72:09:06:
39:27:42:0a:c8:0a:a5:18:c3:af:65:71:65:96:cf:
c8:25:63:c8:9b:73:e1:b5:87:24:d8:ff:d0:91:15:
23:c4:28:87:a3:7e:7c:ac:04:5d:cb:ab:84:2e:7d:
95:58:ce:41:3c:d6:35:7a:c1:f3:88:72:16:b1:eb:
f6:b1:66:ef:a6:02:dd:cd:09:68:f3:77:df:21:c5:
51:21:e4:91:1d:65:f2:3a:db:dc:b1:43:bb:54:bf:
65:e9:0f:a0:19:10:67:04:f9:7f:5f:18:96:a0:7b:
02:98:a2:1f:a8:58:05:5e:44:42:d6:7d:15:0e:77:
00:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:40:A0:4B:72:09:6F:7C:E7:C3:96:21:E9:B7:09:FF:77:99:28:E0
X509v3 Authority Key Identifier:
keyid:47:BC:D7:70:F8:EA:3D:48:EC:BB:4C:3E:AB:89:5F:42:2F:FA:C9:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/3UCgS3IJb3znw5Yh6bcJ_3eZKOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.64.0/21
212.89.192.0/19
IPv6:
2a0d:5f00::/30
Signature Algorithm: sha256WithRSAEncryption
5b:ce:c7:ba:d2:f9:73:9b:ee:9b:5c:24:b3:a6:e6:05:93:53:
41:8b:a3:2e:20:49:2f:5a:ed:3c:24:20:13:47:4f:d4:f8:8d:
ee:de:35:8d:84:b5:e1:65:cf:31:8e:77:43:c3:c7:d3:66:1f:
e0:a9:5a:00:fd:94:7a:68:fd:f2:77:3e:10:34:ba:ce:9a:34:
24:df:34:da:da:13:56:f3:d5:e5:a8:24:a7:b3:0e:c8:77:7b:
78:df:ad:5b:52:81:61:bb:ab:7b:41:41:8b:89:b3:13:9b:79:
7a:6d:47:b9:bd:03:f2:6f:74:95:68:d1:c6:c1:e4:da:a0:a9:
b8:61:68:71:e8:d8:6f:ec:04:72:c6:46:e1:cd:37:7b:db:77:
7b:4b:5b:5e:22:5a:61:c5:87:ca:e9:7a:01:a4:60:2c:6f:05:
6b:4b:a0:6c:50:ce:73:90:f9:14:82:a5:ba:aa:0e:61:e2:d5:
de:03:68:87:3e:95:1b:09:f7:3b:1f:f3:78:d3:cb:0d:6f:7c:
a4:ae:e0:a1:db:02:cc:2f:bb:ac:43:47:19:0b:0e:29:80:94:
35:36:5a:ce:a0:9f:68:98:31:74:6f:5f:95:e6:77:b9:c1:fb:
e0:a1:bb:19:6d:17:f7:bb:14:dd:3e:db:d9:aa:09:1c:3b:b1:
53:24:76:64
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVsQUP2Ohw/n1Tk2ZCtT128MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YmNkNzcwZjhlYTNkNDhlY2JiNGMzZWFiODk1ZjQyMmZm
YWM5MGQwHhcNMjMwMTAxMDczNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQwYTA0YjcyMDk2ZjdjZTdjMzk2MjFlOWI3MDlmZjc3OTkyOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXqg5c/n6Pr285U20ZdpGnw9J0hB
E101xkom7jJlZdZdtn/nDBvA1yczzlFc5UTy2eOIheDq0y6hcwJJGsHTpxue3Qa9
1+cAMBsdW3btns4xQnuB1xe6Gv20l9wCCUakklCf9/0GNXE9AtuZ5mQZN9BTwgnh
THmpbGvZ8GTJKk8gVbRyCQY5J0IKyAqlGMOvZXFlls/IJWPIm3PhtYck2P/QkRUj
xCiHo358rARdy6uELn2VWM5BPNY1esHziHIWsev2sWbvpgLdzQlo83ffIcVRIeSR
HWXyOtvcsUO7VL9l6Q+gGRBnBPl/XxiWoHsCmKIfqFgFXkRC1n0VDncAzQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN1AoEtyCW9858OWIem3Cf93mSjgMB8GA1UdIwQY
MBaAFEe813D46j1I7LtMPquJX0Iv+skNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjd6WGNQanFQVWpzdTB3LXE0bGZRaV82eVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85N2E1YzktNmIyOC00YzYxLTk2ZTEt
YTZkMDAwMjAzZmI1LzEvM1VDZ1MzSUpiM3pudzVZaDZiY0pfM2VaS09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85N2E1YzktNmIyOC00YzYxLTk2ZTEtYTZkMDAwMjAzZmI1
LzEvUjd6WGNQanFQVWpzdTB3LXE0bGZRaV82eVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDU4lAAwQF
1FnAMA0EAgACMAcDBQIqDV8AMA0GCSqGSIb3DQEBCwUAA4IBAQBbzse60vlzm+6b
XCSzpuYFk1NBi6MuIEkvWu08JCATR0/U+I3u3jWNhLXhZc8xjndDw8fTZh/gqVoA
/ZR6aP3ydz4QNLrOmjQk3zTa2hNW89XlqCSnsw7Id3t4361bUoFhu6t7QUGLibMT
m3l6bUe5vQPyb3SVaNHGweTaoKm4YWhx6Nhv7ARyxkbhzTd723d7S1teIlphxYfK
6XoBpGAsbwVrS6BsUM5zkPkUgqW6qg5h4tXeA2iHPpUbCfc7H/N408sNb3ykruCh
2wLML7usQ0cZCw4pgJQ1NlrOoJ9omDF0b1+V5ne5wfvgobsZbRf3uxTdPtvZqgkc
O7FTJHZk
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:59:00 2025 by rpki-client