Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/I4rzb0BMhmFLKUEPT3YwZyfB2tQ.roa
File: I4rzb0BMhmFLKUEPT3YwZyfB2tQ.roa (raw, json)
Hash identifier: m3CHlvCVvB3mgPkGl123Vr+XEzQxvFV1Z7Kg+ezjD/I=
Subject key identifier: 23:8A:F3:6F:40:4C:86:61:4B:29:41:0F:4F:76:30:67:27:C1:DA:D4
Certificate issuer: /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial: 0181D3486F2CC048458DB46C618DCC72705A
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/I4rzb0BMhmFLKUEPT3YwZyfB2tQ.roa
Signing time: Wed 06 Jul 2022 11:32:28 +0000
ROA not before: Wed 06 Jul 2022 11:32:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 4455
IP address blocks: 31.217.128.0/19 maxlen: 24
31.217.128.0/24 maxlen: 24
31.217.130.0/24 maxlen: 24
31.217.129.0/24 maxlen: 24
185.55.16.0/22 maxlen: 24
46.18.168.0/21 maxlen: 24
89.30.68.0/22 maxlen: 24
91.196.184.0/22 maxlen: 24
194.126.217.0/24 maxlen: 24
89.30.0.0/17 maxlen: 24
83.243.16.0/21 maxlen: 24
2a01:8200::/32 maxlen: 64
2a02:27f0::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:d3:48:6f:2c:c0:48:45:8d:b4:6c:61:8d:cc:72:70:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Validity
Not Before: Jul 6 11:32:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=238af36f404c86614b29410f4f76306727c1dad4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:69:df:bf:03:fc:4f:3f:f4:af:3c:d4:22:96:
3f:f2:78:22:23:7a:d6:17:2f:67:df:4f:85:0a:23:
71:bc:4c:48:b3:79:ca:92:da:07:d1:ba:bc:c3:be:
6f:eb:2a:25:df:b4:1b:fb:20:b1:68:2d:79:9c:90:
51:9e:c2:5f:a3:b2:9c:a4:01:40:1f:78:d8:39:f6:
1e:1d:1d:c8:29:95:a4:40:8f:81:0c:a6:2c:a4:b5:
6d:8a:4f:9f:44:be:78:b8:75:ed:8b:57:56:36:28:
f0:d7:38:da:9a:b9:b1:34:29:4d:b0:21:60:8d:e4:
18:6e:e8:22:51:9a:ca:f8:9f:d5:0c:cc:42:9c:ec:
8e:ce:2f:7f:f3:20:2a:2c:a4:49:b7:79:44:03:4e:
39:c4:b2:53:3a:d4:ef:30:56:93:c3:c6:5a:b7:df:
f2:79:8f:94:93:68:44:3f:36:f6:cd:f5:29:fe:a3:
7b:96:5d:2b:8b:26:51:9b:51:02:41:18:3a:66:49:
81:47:d6:ca:c8:70:52:ab:8d:de:dd:ab:ec:dd:a6:
32:a3:cb:91:a9:86:f3:15:b0:bf:74:ef:e3:97:40:
8d:e3:13:62:2f:45:42:73:f0:53:bc:a9:8b:4f:c9:
58:c3:7a:ea:4f:01:50:ff:88:cc:0a:26:b0:e0:f0:
f6:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:8A:F3:6F:40:4C:86:61:4B:29:41:0F:4F:76:30:67:27:C1:DA:D4
X509v3 Authority Key Identifier:
keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/I4rzb0BMhmFLKUEPT3YwZyfB2tQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.128.0/19
46.18.168.0/21
83.243.16.0/21
89.30.0.0/17
91.196.184.0/22
185.55.16.0/22
194.126.217.0/24
IPv6:
2a01:8200::/32
2a02:27f0::/32
Signature Algorithm: sha256WithRSAEncryption
c0:7a:85:bf:28:fe:14:d2:ce:c1:ba:d7:bf:cc:d3:b8:2d:f2:
a7:7e:e7:fb:65:20:36:66:76:ff:d9:dd:0d:4b:a0:32:e4:9c:
ac:28:2f:4f:2f:77:b4:2e:cb:af:a2:7e:0f:f3:2f:74:9e:b7:
b5:1f:4f:47:4c:fe:1c:b1:d9:e4:3d:b9:34:6a:df:09:89:49:
f5:13:5c:ec:c9:3c:c7:29:1b:17:b2:e9:82:38:94:25:66:1c:
1b:09:ef:bc:e1:37:91:cd:93:71:30:db:17:c5:c2:33:c5:52:
5d:d2:2a:65:96:d1:38:7c:7b:9f:84:4d:b5:5d:e9:14:28:31:
f0:9a:1f:77:ea:8f:92:81:2f:26:a6:fa:91:fe:65:2f:fd:87:
c1:26:f6:cd:38:93:e2:e4:d8:32:bd:f6:1f:b7:4b:66:ef:e9:
50:ac:00:be:ee:fd:3b:82:a6:de:8e:37:4d:64:06:6d:59:1a:
4f:dc:9e:7b:ea:92:a5:74:c2:ea:7b:28:4a:1c:76:21:ac:ff:
c6:cd:83:19:b2:0a:bd:01:fa:57:85:ed:bf:ef:10:82:c4:25:
c1:c5:0f:16:46:28:f4:35:75:f7:4a:30:96:5b:33:9a:9a:13:
13:6b:31:29:07:4e:ef:7d:92:30:e6:be:6f:9a:4c:48:86:d3:
f5:8a:43:98
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYHTSG8swEhFjbRsYY3McnBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjIwNzA2MTEzMjI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzhhZjM2ZjQwNGM4NjYxNGIyOTQxMGY0Zjc2MzA2NzI3YzFkYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2nfvwP8Tz/0rzzUIpY/8ngiI3rW
Fy9n30+FCiNxvExIs3nKktoH0bq8w75v6yol37Qb+yCxaC15nJBRnsJfo7KcpAFA
H3jYOfYeHR3IKZWkQI+BDKYspLVtik+fRL54uHXti1dWNijw1zjamrmxNClNsCFg
jeQYbugiUZrK+J/VDMxCnOyOzi9/8yAqLKRJt3lEA045xLJTOtTvMFaTw8Zat9/y
eY+Uk2hEPzb2zfUp/qN7ll0riyZRm1ECQRg6ZkmBR9bKyHBSq43e3avs3aYyo8uR
qYbzFbC/dO/jl0CN4xNiL0VCc/BTvKmLT8lYw3rqTwFQ/4jMCiaw4PD2QwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFCOK829ATIZhSylBD092MGcnwdrUMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvSTRyemIwQk1obUZMS1VFUFQzWXdaeWZCMnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQFH9mAAwQD
LhKoAwQDU/MQAwQHWR4AAwQCW8S4AwQCuTcQAwQAwn7ZMBQEAgACMA4DBQAqAYIA
AwUAKgIn8DANBgkqhkiG9w0BAQsFAAOCAQEAwHqFvyj+FNLOwbrXv8zTuC3yp37n
+2UgNmZ2/9ndDUugMuScrCgvTy93tC7Lr6J+D/MvdJ63tR9PR0z+HLHZ5D25NGrf
CYlJ9RNc7Mk8xykbF7LpgjiUJWYcGwnvvOE3kc2TcTDbF8XCM8VSXdIqZZbROHx7
n4RNtV3pFCgx8Jofd+qPkoEvJqb6kf5lL/2HwSb2zTiT4uTYMr32H7dLZu/pUKwA
vu79O4Km3o43TWQGbVkaT9yee+qSpXTC6nsoShx2Iaz/xs2DGbIKvQH6V4Xtv+8Q
gsQlwcUPFkYo9DV190owllszmpoTE2sxKQdO732SMOa+b5pMSIbT9YpDmA==
-----END CERTIFICATE-----
Generated at Fri Apr 18 10:09:34 2025 by rpki-client