Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/npANJBHsaeBNZYW5-4hCYzmsm9U.roa
File: npANJBHsaeBNZYW5-4hCYzmsm9U.roa (raw, json)
Hash identifier: El9YxKrLHn+8sVfOjLHwF1JIsJaLkK2XYyTgE+7YprE=
Subject key identifier: 9E:90:0D:24:11:EC:69:E0:4D:65:85:B9:FB:88:42:63:39:AC:9B:D5
Certificate issuer: /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial: 01892A91285BD0AE8BED4AEE16D630220AC6
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/npANJBHsaeBNZYW5-4hCYzmsm9U.roa
Signing time: Thu 06 Jul 2023 09:38:23 +0000
ROA not before: Thu 06 Jul 2023 09:38:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42065
IP address blocks: 91.108.0.0/22 maxlen: 24
91.108.24.0/21 maxlen: 24
91.108.32.0/23 maxlen: 24
94.124.178.0/23 maxlen: 24
94.124.176.0/22 maxlen: 23
185.51.60.0/22 maxlen: 24
91.108.52.0/24 maxlen: 24
95.161.88.0/22 maxlen: 24
95.161.96.0/23 maxlen: 24
95.161.102.0/23 maxlen: 24
95.161.104.0/23 maxlen: 24
95.140.92.0/24 maxlen: 24
95.140.94.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:2a:91:28:5b:d0:ae:8b:ed:4a:ee:16:d6:30:22:0a:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Validity
Not Before: Jul 6 09:38:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9e900d2411ec69e04d6585b9fb88426339ac9bd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:9b:35:19:fc:fd:05:dc:dc:ab:15:04:f3:86:
e5:df:43:f5:2a:16:54:83:40:84:92:07:67:83:46:
fd:0a:f2:a5:96:d3:be:8c:5e:5d:89:fd:67:ca:fe:
48:28:e5:41:22:3b:30:75:a3:f7:63:0d:7f:ee:58:
6f:d2:6b:56:d1:95:20:5a:1e:ae:bc:66:47:19:61:
97:3c:e3:2a:6c:68:db:bc:48:23:f3:22:4f:e3:21:
1c:21:58:78:e1:80:9f:a9:87:95:31:34:7c:72:78:
3c:98:d3:a0:d9:ab:95:4c:fc:4d:7d:21:2e:62:52:
00:7d:c1:6b:da:f4:e6:d3:49:83:04:54:bb:cb:74:
0e:c2:3e:63:7d:00:4f:3b:71:f7:c7:7c:ad:67:20:
e7:40:b8:18:64:16:5a:e3:a1:40:ba:4c:17:81:8c:
1c:55:d0:87:21:f8:36:87:47:18:35:e5:23:ff:d8:
b2:18:8e:ef:84:ea:27:20:88:cf:e3:23:e2:80:4a:
45:05:19:71:07:9f:8d:ef:c1:a4:d3:2f:ea:fb:e8:
5f:04:30:8b:26:41:06:73:b8:53:c7:3f:dd:f2:bc:
6e:f8:6d:f5:bf:8d:d5:09:a2:ef:73:17:4f:9a:cb:
94:75:b8:ce:28:7c:a0:e7:26:fe:93:dd:7e:af:90:
13:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:90:0D:24:11:EC:69:E0:4D:65:85:B9:FB:88:42:63:39:AC:9B:D5
X509v3 Authority Key Identifier:
keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/npANJBHsaeBNZYW5-4hCYzmsm9U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.0.0/22
91.108.24.0-91.108.33.255
91.108.52.0/24
94.124.176.0/22
95.140.92.0/24
95.140.94.0/24
95.161.88.0/22
95.161.96.0/23
95.161.102.0-95.161.105.255
185.51.60.0/22
Signature Algorithm: sha256WithRSAEncryption
4e:5e:f4:10:b4:b9:02:97:43:49:63:c1:75:3b:40:59:35:29:
99:e1:31:7e:22:ab:50:5b:20:0a:e5:57:74:e5:8f:e4:d5:ff:
17:08:e4:11:d3:4d:ef:c9:d6:dc:72:ef:55:6a:0b:e2:bb:ab:
19:f3:b8:8c:c0:5a:0a:10:8f:1f:9b:f0:7b:b1:95:93:57:ea:
58:1c:46:a7:ad:a6:d4:1b:1a:d2:39:e4:e0:c6:c4:90:3a:ac:
19:ab:01:6f:64:8a:6e:1c:e7:98:19:5f:d5:72:c1:0e:f0:96:
3d:91:1a:95:09:af:6f:b5:bf:b1:b0:07:3f:86:1e:ea:c4:37:
c2:ce:67:c8:6f:a3:92:1b:57:35:37:e8:18:83:44:03:56:a1:
1c:94:d2:7e:8b:dd:c5:97:c0:fd:30:10:07:95:3c:bb:0a:17:
ad:7c:54:3d:05:15:15:3e:9a:e7:60:96:dc:ff:4c:4b:26:53:
2c:fd:9e:f7:0d:ac:42:8a:10:b7:29:80:17:bf:42:70:9b:b9:
08:8c:a6:38:9b:37:7e:36:e9:f1:e5:09:12:e0:a4:42:f9:a0:
1c:47:2c:19:92:d7:e6:22:f2:12:cb:2e:4a:85:cf:33:56:3d:
b4:7a:5e:93:5f:d2:b3:74:5a:01:05:76:3a:c0:17:59:12:54:
4d:3c:62:f2
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYkqkShb0K6L7UruFtYwIgrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjMwNzA2MDkzODIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTkwMGQyNDExZWM2OWUwNGQ2NTg1YjlmYjg4NDI2MzM5YWM5YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5s1Gfz9BdzcqxUE84bl30P1KhZU
g0CEkgdng0b9CvKlltO+jF5dif1nyv5IKOVBIjswdaP3Yw1/7lhv0mtW0ZUgWh6u
vGZHGWGXPOMqbGjbvEgj8yJP4yEcIVh44YCfqYeVMTR8cng8mNOg2auVTPxNfSEu
YlIAfcFr2vTm00mDBFS7y3QOwj5jfQBPO3H3x3ytZyDnQLgYZBZa46FAukwXgYwc
VdCHIfg2h0cYNeUj/9iyGI7vhOonIIjP4yPigEpFBRlxB5+N78Gk0y/q++hfBDCL
JkEGc7hTxz/d8rxu+G31v43VCaLvcxdPmsuUdbjOKHyg5yb+k91+r5ATzwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJ6QDSQR7GngTWWFufuIQmM5rJvVMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvbnBBTkpCSHNhZUJOWllXNS00aENZem1zbTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCW2wAMAwD
BANbbBgDBAFbbCADBABbbDQDBAJefLADBABfjFwDBABfjF4DBAJfoVgDBAFfoWAw
DAMEAV+hZgMEAV+haAMEArkzPDANBgkqhkiG9w0BAQsFAAOCAQEATl70ELS5ApdD
SWPBdTtAWTUpmeExfiKrUFsgCuVXdOWP5NX/FwjkEdNN78nW3HLvVWoL4rurGfO4
jMBaChCPH5vwe7GVk1fqWBxGp62m1Bsa0jnk4MbEkDqsGasBb2SKbhznmBlf1XLB
DvCWPZEalQmvb7W/sbAHP4Ye6sQ3ws5nyG+jkhtXNTfoGINEA1ahHJTSfovdxZfA
/TAQB5U8uwoXrXxUPQUVFT6a52CW3P9MSyZTLP2e9w2sQooQtymAF79CcJu5CIym
OJs3fjbp8eUJEuCkQvmgHEcsGZLX5iLyEssuSoXPM1Y9tHpek1/Ss3RaAQV2OsAX
WRJUTTxi8g==
-----END CERTIFICATE-----
Generated at Sat Apr 19 08:27:29 2025 by rpki-client