Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/709e07-47d5-4720-b777-c6bca01b2ff8/1/R449MCBtd68sAy_7icJfS-U-8X0.roa
File: R449MCBtd68sAy_7icJfS-U-8X0.roa (raw, json)
Hash identifier: nSX9Ruz6HponhLMwwGl0lA9e1VAhaOZBOOnLViJgHdg=
Subject key identifier: 47:8E:3D:30:20:6D:77:AF:2C:03:2F:FB:89:C2:5F:4B:E5:3E:F1:7D
Certificate issuer: /CN=a8c6f393350c77598c121acd3c92f7048576ef89
Certificate serial: 01856D788C98A3B785B60B56D2FCE0886013
Authority key identifier: A8:C6:F3:93:35:0C:77:59:8C:12:1A:CD:3C:92:F7:04:85:76:EF:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qMbzkzUMd1mMEhrNPJL3BIV274k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/709e07-47d5-4720-b777-c6bca01b2ff8/1/R449MCBtd68sAy_7icJfS-U-8X0.roa
Signing time: Sun 01 Jan 2023 13:14:54 +0000
ROA not before: Sun 01 Jan 2023 13:14:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49561
IP address blocks: 193.169.126.0/23 maxlen: 23
91.222.152.0/22 maxlen: 22
91.231.160.0/24 maxlen: 24
91.235.224.0/22 maxlen: 22
31.134.112.0/21 maxlen: 21
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:78:8c:98:a3:b7:85:b6:0b:56:d2:fc:e0:88:60:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a8c6f393350c77598c121acd3c92f7048576ef89
Validity
Not Before: Jan 1 13:14:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=478e3d30206d77af2c032ffb89c25f4be53ef17d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:f3:d0:88:d4:24:75:db:83:cb:a0:f5:e4:cb:
38:f6:3f:99:b7:b6:d3:81:d4:44:f2:ba:23:c5:9a:
b9:df:c1:c5:03:c5:8c:ac:64:e5:eb:c0:2d:d4:03:
84:27:76:ac:1d:5c:bc:74:a2:9a:cb:2a:11:7d:31:
31:a0:3b:80:1b:24:f3:9c:33:74:4c:e9:b7:54:82:
e3:86:4e:a4:9d:6d:f1:75:28:e2:2b:79:db:4b:4f:
5a:44:9a:56:56:04:22:d3:90:2e:80:dd:b6:9b:93:
f2:ff:f9:ef:18:33:4a:c2:ce:d4:e6:a9:03:7b:76:
29:f8:51:59:f5:98:f1:da:81:6d:40:08:9b:0a:44:
6e:96:19:d4:86:82:a6:3f:d4:bb:a3:32:29:22:88:
9b:a2:90:80:87:c4:b8:15:a5:14:0d:ac:ca:84:75:
00:69:8f:bb:fc:09:f5:93:6c:9d:41:a8:c6:fa:29:
d1:13:02:ef:0d:ff:30:2b:43:99:dd:4d:2c:83:2e:
a8:5f:12:f8:4a:17:70:1f:42:15:a0:b2:3b:d2:3d:
f9:38:b5:cd:61:74:70:09:1f:38:71:05:cd:e8:d2:
38:da:18:91:b8:85:14:26:45:f7:fe:b9:ab:38:9d:
c2:45:e9:32:e4:e2:fa:6e:d7:cd:8d:52:8d:09:a4:
bb:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:8E:3D:30:20:6D:77:AF:2C:03:2F:FB:89:C2:5F:4B:E5:3E:F1:7D
X509v3 Authority Key Identifier:
keyid:A8:C6:F3:93:35:0C:77:59:8C:12:1A:CD:3C:92:F7:04:85:76:EF:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qMbzkzUMd1mMEhrNPJL3BIV274k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/709e07-47d5-4720-b777-c6bca01b2ff8/1/R449MCBtd68sAy_7icJfS-U-8X0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/709e07-47d5-4720-b777-c6bca01b2ff8/1/qMbzkzUMd1mMEhrNPJL3BIV274k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.134.112.0/21
91.222.152.0/22
91.231.160.0/24
91.235.224.0/22
193.169.126.0/23
Signature Algorithm: sha256WithRSAEncryption
a1:e6:06:7f:63:18:9e:06:2c:62:19:80:f6:7f:f7:a2:21:a1:
c7:5e:04:68:5b:e8:51:98:b7:27:ad:38:dc:30:7b:39:d5:5a:
4e:4d:d9:3f:7d:35:c7:ef:8c:03:c3:65:69:e1:71:ac:db:0b:
bb:48:49:b1:bc:ef:86:55:78:1b:15:2d:20:64:29:7f:05:e5:
b4:fb:41:a6:c7:29:69:c0:a9:7f:79:6c:72:b0:c6:18:ce:1e:
d9:d4:a4:21:d6:17:a5:45:5c:c9:e8:b7:e5:ad:23:24:98:fb:
97:27:05:be:ea:3e:63:7f:bd:42:01:ad:cf:69:15:4b:e6:b1:
d8:b5:f0:94:fa:a3:c6:e9:1f:e6:dd:5d:a6:f7:91:56:1a:00:
cc:98:bd:a6:b7:c2:96:28:82:6d:c5:ec:e3:82:6a:55:9b:bf:
ae:37:e9:a7:5a:f9:e6:e2:68:7c:55:1d:ec:7d:58:69:c4:b3:
e9:0d:f7:85:fc:0d:a8:dd:60:bc:52:ae:6b:10:b7:a4:4d:d7:
2e:3b:65:43:52:c8:97:54:3d:b1:01:8d:2a:4d:86:be:b4:9d:
ba:69:58:16:47:ff:70:8a:dd:bf:38:35:b9:ca:bb:c4:37:68:
62:8b:04:ab:68:eb:92:8e:2f:11:b0:64:70:21:25:24:51:26:
22:64:65:17
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVteIyYo7eFtgtW0vzgiGATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YzZmMzkzMzUwYzc3NTk4YzEyMWFjZDNjOTJmNzA0ODU3
NmVmODkwHhcNMjMwMTAxMTMxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzhlM2QzMDIwNmQ3N2FmMmMwMzJmZmI4OWMyNWY0YmU1M2VmMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifPQiNQkdduDy6D15Ms49j+Zt7bT
gdRE8rojxZq538HFA8WMrGTl68At1AOEJ3asHVy8dKKayyoRfTExoDuAGyTznDN0
TOm3VILjhk6knW3xdSjiK3nbS09aRJpWVgQi05AugN22m5Py//nvGDNKws7U5qkD
e3Yp+FFZ9Zjx2oFtQAibCkRulhnUhoKmP9S7ozIpIoibopCAh8S4FaUUDazKhHUA
aY+7/An1k2ydQajG+inREwLvDf8wK0OZ3U0sgy6oXxL4ShdwH0IVoLI70j35OLXN
YXRwCR84cQXN6NI42hiRuIUUJkX3/rmrOJ3CReky5OL6btfNjVKNCaS7ZQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEeOPTAgbXevLAMv+4nCX0vlPvF9MB8GA1UdIwQY
MBaAFKjG85M1DHdZjBIazTyS9wSFdu+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU1iemt6VU1kMW1NRWhyTlBKTDNCSVYyNzRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS83MDllMDctNDdkNS00NzIwLWI3Nzct
YzZiY2EwMWIyZmY4LzEvUjQ0OU1DQnRkNjhzQXlfN2ljSmZTLVUtOFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS83MDllMDctNDdkNS00NzIwLWI3NzctYzZiY2EwMWIyZmY4
LzEvcU1iemt6VU1kMW1NRWhyTlBKTDNCSVYyNzRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDH4ZwAwQC
W96YAwQAW+egAwQCW+vgAwQBwal+MA0GCSqGSIb3DQEBCwUAA4IBAQCh5gZ/Yxie
BixiGYD2f/eiIaHHXgRoW+hRmLcnrTjcMHs51VpOTdk/fTXH74wDw2Vp4XGs2wu7
SEmxvO+GVXgbFS0gZCl/BeW0+0GmxylpwKl/eWxysMYYzh7Z1KQh1helRVzJ6Lfl
rSMkmPuXJwW+6j5jf71CAa3PaRVL5rHYtfCU+qPG6R/m3V2m95FWGgDMmL2mt8KW
KIJtxezjgmpVm7+uN+mnWvnm4mh8VR3sfVhpxLPpDfeF/A2o3WC8Uq5rELekTdcu
O2VDUsiXVD2xAY0qTYa+tJ26aVgWR/9wit2/ODW5yrvEN2hiiwSraOuSji8RsGRw
ISUkUSYiZGUX
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:14:46 2025 by rpki-client