Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/1spjRBQNmrwERt1cxzwkz1hquOY.roa
File: 1spjRBQNmrwERt1cxzwkz1hquOY.roa (raw, json)
Hash identifier: kj7+9kMSy/o+KJ5e6d7k5MSUrbDUCa/Y56CjvdMmTec=
Subject key identifier: D6:CA:63:44:14:0D:9A:BC:04:46:DD:5C:C7:3C:24:CF:58:6A:B8:E6
Certificate issuer: /CN=9c0aae6d45d06df7c4278ef4f218e42db807094c
Certificate serial: 01856F548EC54F27216FACD221EBAA6C0B31
Authority key identifier: 9C:0A:AE:6D:45:D0:6D:F7:C4:27:8E:F4:F2:18:E4:2D:B8:07:09:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nAqubUXQbffEJ4708hjkLbgHCUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/1spjRBQNmrwERt1cxzwkz1hquOY.roa
Signing time: Sun 01 Jan 2023 21:54:50 +0000
ROA not before: Sun 01 Jan 2023 21:54:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1942
IP address blocks: 160.103.0.0/16 maxlen: 16
45.149.140.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:54:8e:c5:4f:27:21:6f:ac:d2:21:eb:aa:6c:0b:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c0aae6d45d06df7c4278ef4f218e42db807094c
Validity
Not Before: Jan 1 21:54:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d6ca6344140d9abc0446dd5cc73c24cf586ab8e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:bb:55:a4:34:d5:1d:51:e3:19:57:08:bf:f5:
87:27:45:b0:b9:e9:f1:9b:4e:84:85:0f:bf:e5:2d:
ce:1f:f0:96:bc:83:29:91:97:55:81:93:d1:5b:e8:
63:c6:f2:fb:a8:6c:3e:3f:6e:41:8f:a7:66:dc:69:
d2:62:52:75:6e:63:fd:dd:16:6d:66:85:f3:b7:3b:
d0:1e:71:25:97:4a:08:ea:0c:a7:d7:af:40:14:15:
69:ce:bd:35:34:ff:32:ac:69:f3:01:dc:4e:57:6d:
de:29:4a:99:b2:bd:4b:6f:ca:72:7c:ad:58:a1:78:
b1:a4:80:ee:76:b2:ac:3b:9c:f7:44:b0:62:58:02:
2e:8b:f0:ec:f9:4d:22:0c:c3:7a:2c:0d:c5:a8:6a:
d2:56:a1:fd:52:29:25:14:a2:e0:c9:fe:b0:70:4e:
fa:71:68:61:0e:3a:11:18:d7:c9:bd:9f:98:d4:16:
40:1c:ab:be:e8:2a:9e:a8:99:81:25:9b:09:4f:ae:
60:16:76:e6:8d:c7:b4:83:6e:c4:6a:85:9d:56:a3:
71:52:bd:65:21:8e:5c:92:06:12:d5:e7:0d:0b:8b:
71:61:e3:20:d1:51:10:3f:d3:92:e4:d1:4b:94:ac:
ff:d0:cf:34:aa:79:c4:bb:1d:2e:9b:24:2d:42:88:
78:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:CA:63:44:14:0D:9A:BC:04:46:DD:5C:C7:3C:24:CF:58:6A:B8:E6
X509v3 Authority Key Identifier:
keyid:9C:0A:AE:6D:45:D0:6D:F7:C4:27:8E:F4:F2:18:E4:2D:B8:07:09:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nAqubUXQbffEJ4708hjkLbgHCUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/1spjRBQNmrwERt1cxzwkz1hquOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/nAqubUXQbffEJ4708hjkLbgHCUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.140.0/22
160.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
86:2b:e0:ca:38:94:76:fe:b0:64:7c:81:71:d2:2e:e7:95:37:
bb:a8:14:29:05:62:fe:be:87:bc:0a:c5:5b:e3:a8:74:e5:54:
c0:14:e0:bb:e9:72:b9:0a:8f:6b:70:c7:f9:59:d3:c4:ad:c5:
17:f2:ac:0a:e7:fc:f6:6b:e3:83:09:5f:43:24:51:ca:e1:26:
23:5c:0f:76:3c:d0:35:f4:87:63:59:b5:a6:c0:fc:a8:0c:f1:
1f:d5:04:b8:e7:3c:86:c0:92:37:57:46:4f:0c:cc:b0:a0:1c:
b8:fb:eb:ef:74:1c:36:88:91:eb:13:4c:27:d7:a1:4e:1c:64:
49:a4:b0:23:b6:96:25:57:b2:40:89:80:7a:c2:da:11:be:03:
4a:27:36:d0:30:72:63:62:65:26:7b:71:34:04:e5:21:ee:11:
6c:af:10:33:15:df:68:85:1f:58:5c:fc:4b:80:25:8a:a6:b0:
64:59:cf:e6:e6:07:6a:a3:e2:92:25:bf:80:19:5f:6b:43:39:
49:5b:05:82:19:86:10:c7:c7:0f:e5:bf:04:95:01:60:c8:3e:
24:51:68:29:ce:87:e8:bf:3a:25:7e:89:33:9c:69:f5:3d:77:
7e:33:5e:21:6c:82:ae:aa:8d:45:d8:57:5b:c1:c8:58:f3:6a:
3f:06:bf:d2
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYVvVI7FTychb6zSIeuqbAsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMGFhZTZkNDVkMDZkZjdjNDI3OGVmNGYyMThlNDJkYjgw
NzA5NGMwHhcNMjMwMTAxMjE1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNhNjM0NDE0MGQ5YWJjMDQ0NmRkNWNjNzNjMjRjZjU4NmFiOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLtVpDTVHVHjGVcIv/WHJ0Wwuenx
m06EhQ+/5S3OH/CWvIMpkZdVgZPRW+hjxvL7qGw+P25Bj6dm3GnSYlJ1bmP93RZt
ZoXztzvQHnEll0oI6gyn169AFBVpzr01NP8yrGnzAdxOV23eKUqZsr1Lb8pyfK1Y
oXixpIDudrKsO5z3RLBiWAIui/Ds+U0iDMN6LA3FqGrSVqH9UiklFKLgyf6wcE76
cWhhDjoRGNfJvZ+Y1BZAHKu+6CqeqJmBJZsJT65gFnbmjce0g27EaoWdVqNxUr1l
IY5ckgYS1ecNC4txYeMg0VEQP9OS5NFLlKz/0M80qnnEux0umyQtQoh4zwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFNbKY0QUDZq8BEbdXMc8JM9YarjmMB8GA1UdIwQY
MBaAFJwKrm1F0G33xCeO9PIY5C24BwlMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkFxdWJVWFFiZmZFSjQ3MDhoamtMYmdIQ1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9jOTIwZWMtMDdkYy00NjlkLWI4ODQt
Yjk4YmJiMTYzN2MwLzEvMXNwalJCUU5tcndFUnQxY3h6d2t6MWhxdU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9jOTIwZWMtMDdkYy00NjlkLWI4ODQtYjk4YmJiMTYzN2Mw
LzEvbkFxdWJVWFFiZmZFSjQ3MDhoamtMYmdIQ1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwQCLZWMAwMA
oGcwDQYJKoZIhvcNAQELBQADggEBAIYr4Mo4lHb+sGR8gXHSLueVN7uoFCkFYv6+
h7wKxVvjqHTlVMAU4LvpcrkKj2twx/lZ08StxRfyrArn/PZr44MJX0MkUcrhJiNc
D3Y80DX0h2NZtabA/KgM8R/VBLjnPIbAkjdXRk8MzLCgHLj76+90HDaIkesTTCfX
oU4cZEmksCO2liVXskCJgHrC2hG+A0onNtAwcmNiZSZ7cTQE5SHuEWyvEDMV32iF
H1hc/EuAJYqmsGRZz+bmB2qj4pIlv4AZX2tDOUlbBYIZhhDHxw/lvwSVAWDIPiRR
aCnOh+i/OiV+iTOcafU9d34zXiFsgq6qjUXYV1vByFjzaj8Gv9I=
-----END CERTIFICATE-----
Generated at Wed Apr 23 01:56:23 2025 by rpki-client