Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/qTzrUd4M38q3D7VsLTl3NdocDQQ.roa
File: qTzrUd4M38q3D7VsLTl3NdocDQQ.roa (raw, json)
Hash identifier: wvywWFC6iQ+9zuWg0KtIPzFP2mK9ygnIEK3DJDjpxDs=
Subject key identifier: A9:3C:EB:51:DE:0C:DF:CA:B7:0F:B5:6C:2D:39:77:35:DA:1C:0D:04
Certificate issuer: /CN=5ee004befa553ddb35564fb7762b05eb222ecf93
Certificate serial: 01856DC1B1068A9BC9A81E8135971B6AA057
Authority key identifier: 5E:E0:04:BE:FA:55:3D:DB:35:56:4F:B7:76:2B:05:EB:22:2E:CF:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuAEvvpVPds1Vk-3disF6yIuz5M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/qTzrUd4M38q3D7VsLTl3NdocDQQ.roa
Signing time: Sun 01 Jan 2023 14:34:48 +0000
ROA not before: Sun 01 Jan 2023 14:34:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29014
IP address blocks: 81.28.224.0/20 maxlen: 24
2a00:1c39::/32 maxlen: 48
2a00:1c38::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:b1:06:8a:9b:c9:a8:1e:81:35:97:1b:6a:a0:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee004befa553ddb35564fb7762b05eb222ecf93
Validity
Not Before: Jan 1 14:34:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a93ceb51de0cdfcab70fb56c2d397735da1c0d04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:a2:32:9e:66:8e:fc:c0:f6:94:72:0c:45:56:
58:ab:33:65:28:50:82:c5:16:af:02:2d:e7:2e:aa:
d7:59:12:23:37:67:08:f3:51:86:56:a7:fe:f6:80:
2d:5c:6d:87:00:74:bb:0e:f4:17:5d:b7:ed:41:29:
7a:fe:59:88:66:61:90:e5:b5:e2:58:f9:28:f0:69:
30:7d:c6:21:cb:7f:83:79:ea:f5:4f:78:e3:2c:4f:
be:15:60:98:ee:dd:92:4a:1a:76:ca:fe:d1:c1:ce:
8f:3d:83:6e:bf:33:71:b2:0f:ca:3c:45:c6:d6:65:
e1:0f:84:94:f4:a6:3d:a5:bd:e9:95:ff:8a:3f:c1:
82:ce:4a:49:4d:21:c7:0f:2c:62:79:81:d0:13:e5:
42:e4:b1:4e:b5:c3:97:50:37:2b:06:29:6b:98:f9:
c6:da:ff:57:d8:2c:b1:11:02:17:35:c3:7a:23:5f:
62:c6:47:2c:b9:af:ed:8d:b9:9d:a3:1a:bd:e7:eb:
6f:f5:df:1f:e9:94:49:d4:0e:5c:fa:40:af:66:d2:
04:a6:5e:46:5d:84:57:e7:c7:bf:3d:57:37:d6:b2:
72:ba:c6:52:f8:19:65:95:af:4f:9f:18:c2:d2:dd:
f8:1d:38:04:75:0f:f2:e6:24:ba:7f:19:a7:c8:dd:
8d:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:3C:EB:51:DE:0C:DF:CA:B7:0F:B5:6C:2D:39:77:35:DA:1C:0D:04
X509v3 Authority Key Identifier:
keyid:5E:E0:04:BE:FA:55:3D:DB:35:56:4F:B7:76:2B:05:EB:22:2E:CF:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuAEvvpVPds1Vk-3disF6yIuz5M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/qTzrUd4M38q3D7VsLTl3NdocDQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/XuAEvvpVPds1Vk-3disF6yIuz5M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.28.224.0/20
IPv6:
2a00:1c38::/31
Signature Algorithm: sha256WithRSAEncryption
7e:48:dd:b6:dc:3f:6e:3b:c6:4d:f3:ac:05:73:f1:6e:08:0f:
f8:c1:87:b6:f5:8b:be:49:1f:46:47:2b:b2:57:a7:f3:0c:07:
58:8f:d6:4b:ef:08:30:f4:3d:5e:b3:60:43:6e:7a:70:62:4f:
a9:a2:48:88:02:a7:15:cd:e3:3c:b9:97:0c:97:57:d8:d0:1f:
be:a6:69:ac:2c:aa:db:71:0c:f1:d0:cf:5b:e8:8f:f8:de:8f:
b9:58:a2:8c:52:96:97:27:d4:c1:83:5d:7f:d5:85:ba:8e:70:
b4:5b:f4:32:c3:c6:c3:42:d3:81:f1:1e:9b:0f:c5:91:d9:f8:
10:bf:db:03:44:4d:87:a7:7d:5a:f8:7b:98:c5:14:c3:19:95:
de:d4:e4:34:36:4b:bf:35:54:d6:17:8d:4a:ed:73:7a:27:b3:
5d:5b:e6:5f:64:f3:10:51:71:c3:e9:b8:c4:89:c0:3e:06:76:
b0:0b:0c:62:93:dd:a6:32:fb:28:12:4f:cc:bb:39:cb:97:e6:
17:8c:59:38:e4:d2:56:59:67:eb:55:e4:67:ac:b2:04:22:7d:
d7:28:ea:1f:ec:48:7d:78:f2:3f:a1:fd:51:1c:7c:c2:b1:0e:
a1:3c:14:77:f8:1f:fc:32:a4:8a:23:96:87:72:39:ee:e6:05:
cf:46:cb:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtwbEGipvJqB6BNZcbaqBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTAwNGJlZmE1NTNkZGIzNTU2NGZiNzc2MmIwNWViMjIy
ZWNmOTMwHhcNMjMwMTAxMTQzNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTNjZWI1MWRlMGNkZmNhYjcwZmI1NmMyZDM5NzczNWRhMWMwZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaIynmaO/MD2lHIMRVZYqzNlKFCC
xRavAi3nLqrXWRIjN2cI81GGVqf+9oAtXG2HAHS7DvQXXbftQSl6/lmIZmGQ5bXi
WPko8GkwfcYhy3+Deer1T3jjLE++FWCY7t2SShp2yv7Rwc6PPYNuvzNxsg/KPEXG
1mXhD4SU9KY9pb3plf+KP8GCzkpJTSHHDyxieYHQE+VC5LFOtcOXUDcrBilrmPnG
2v9X2CyxEQIXNcN6I19ixkcsua/tjbmdoxq95+tv9d8f6ZRJ1A5c+kCvZtIEpl5G
XYRX58e/PVc31rJyusZS+Bllla9PnxjC0t34HTgEdQ/y5iS6fxmnyN2N+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKk861HeDN/Ktw+1bC05dzXaHA0EMB8GA1UdIwQY
MBaAFF7gBL76VT3bNVZPt3YrBesiLs+TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVBRXZ2cFZQZHMxVmstM2Rpc0Y2eUl1ejVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zYzM1ZWEtN2M5YS00OGUyLWIzYjIt
ZTIyOGFhYjQ1MDE0LzEvcVR6clVkNE0zOHEzRDdWc0xUbDNOZG9jRFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zYzM1ZWEtN2M5YS00OGUyLWIzYjItZTIyOGFhYjQ1MDE0
LzEvWHVBRXZ2cFZQZHMxVmstM2Rpc0Y2eUl1ejVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEURzgMA0E
AgACMAcDBQEqABw4MA0GCSqGSIb3DQEBCwUAA4IBAQB+SN223D9uO8ZN86wFc/Fu
CA/4wYe29Yu+SR9GRyuyV6fzDAdYj9ZL7wgw9D1es2BDbnpwYk+pokiIAqcVzeM8
uZcMl1fY0B++pmmsLKrbcQzx0M9b6I/43o+5WKKMUpaXJ9TBg11/1YW6jnC0W/Qy
w8bDQtOB8R6bD8WR2fgQv9sDRE2Hp31a+HuYxRTDGZXe1OQ0Nku/NVTWF41K7XN6
J7NdW+ZfZPMQUXHD6bjEicA+BnawCwxik92mMvsoEk/MuznLl+YXjFk45NJWWWfr
VeRnrLIEIn3XKOof7Eh9ePI/of1RHHzCsQ6hPBR3+B/8MqSKI5aHcjnu5gXPRssM
-----END CERTIFICATE-----
Generated at Sun Apr 20 19:13:12 2025 by rpki-client