Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/mM4_8FnBS3wxjl04mzK91XFzpAA.roa
File: mM4_8FnBS3wxjl04mzK91XFzpAA.roa (raw, json)
Hash identifier: IlFsmH/MjOJ1+10QmmbL72HQV0wfnEUr/ObjdfEyjQg=
Subject key identifier: 98:CE:3F:F0:59:C1:4B:7C:31:8E:5D:38:9B:32:BD:D5:71:73:A4:00
Certificate issuer: /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial: 01865F42C7CAF73A5DF11D77C45FB8ED3DF2
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/mM4_8FnBS3wxjl04mzK91XFzpAA.roa
Signing time: Fri 17 Feb 2023 12:04:17 +0000
ROA not before: Fri 17 Feb 2023 12:04:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1921
IP address blocks: 2001:678:20::/48 maxlen: 48
2a02:850:ffe5::/48 maxlen: 48
2a02:850:ffe0::/48 maxlen: 48
2001:67c:1bc::/48 maxlen: 48
2a02:850:ffe6::/48 maxlen: 48
2a02:850:ffe7::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:5f:42:c7:ca:f7:3a:5d:f1:1d:77:c4:5f:b8:ed:3d:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Validity
Not Before: Feb 17 12:04:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=98ce3ff059c14b7c318e5d389b32bdd57173a400
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:6e:3d:80:a0:8d:d5:fa:3b:a6:22:f5:c0:67:
bd:01:44:b0:f4:66:38:e3:69:d8:7f:a1:f8:f5:3c:
84:1e:c1:17:02:49:99:cf:64:71:58:dd:af:2b:8f:
83:39:18:c4:3f:ac:d4:50:ae:af:e3:4c:04:4f:56:
d7:35:33:2b:61:40:85:a5:b5:f2:78:d8:2c:c7:e2:
cd:b2:74:6e:0b:ee:81:89:70:e8:7e:a9:9a:0f:49:
d2:f5:f7:d9:6c:60:34:f8:11:1b:5b:6e:e4:94:2d:
31:0f:73:2d:03:c5:31:66:e5:a9:8f:a7:18:42:94:
de:76:7b:81:35:37:a7:dd:e1:ac:04:ce:94:a2:87:
0f:a2:e3:ad:fd:ea:f8:cb:a4:e5:61:fc:41:8b:77:
ee:95:90:fa:b9:6c:1e:ca:7b:23:84:78:60:41:ed:
00:52:ba:f9:63:5c:84:25:a4:3d:f3:6f:b8:bb:d3:
cf:34:33:8e:ec:d8:c3:0b:f6:4a:75:80:8d:a3:57:
4e:28:ca:bc:85:c6:c7:1e:52:12:b0:ef:2a:8b:1a:
b1:61:f1:d5:b2:c9:08:02:1f:db:5e:2f:f1:45:de:
60:e9:22:a8:18:ed:e0:df:19:b8:ed:60:e6:30:61:
c3:7d:78:29:52:60:35:f0:8c:e2:7f:cc:23:09:e7:
e5:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:CE:3F:F0:59:C1:4B:7C:31:8E:5D:38:9B:32:BD:D5:71:73:A4:00
X509v3 Authority Key Identifier:
keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/mM4_8FnBS3wxjl04mzK91XFzpAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:20::/48
2001:67c:1bc::/48
2a02:850:ffe0::/48
2a02:850:ffe5::-2a02:850:ffe7:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8a:35:82:8c:b8:90:f2:43:37:dc:71:4a:6e:62:86:08:0a:57:
cd:c5:ae:41:29:12:96:73:59:d0:71:06:e9:f8:1a:82:76:b7:
23:2c:12:1e:c5:a0:6d:41:53:5b:f3:37:df:64:a7:b0:49:a2:
18:c8:91:4f:c0:53:cc:61:92:55:df:c6:c2:34:06:8d:98:fe:
77:7a:6a:d5:5c:2d:58:4e:9a:d1:2e:1d:bb:d4:17:50:6e:9d:
14:51:a1:04:16:56:87:36:13:3d:71:8f:d2:02:cd:ef:3a:ff:
75:24:06:2a:69:83:75:e2:ce:dd:56:b6:72:04:eb:4c:47:07:
94:41:68:71:59:e2:88:47:db:60:ca:83:1b:1b:95:e6:97:b4:
b5:e7:c2:e5:a2:93:48:23:28:78:9e:f3:06:ae:34:93:d9:cb:
05:3d:58:d1:0d:fc:c9:69:f4:df:ee:c2:b2:7e:c0:cd:86:5b:
7a:05:ad:4d:4b:93:10:1f:a0:4f:d9:f9:ca:4f:ec:a3:41:22:
a6:c0:b9:a8:58:f0:69:24:f5:d9:fd:95:83:3a:46:d9:77:04:
c3:03:b7:0a:8e:79:d9:e9:d8:4f:2b:1c:62:e8:55:7c:b0:61:
7e:25:4f:83:6b:6d:55:53:de:e1:91:e0:26:7d:02:2a:e3:f7:
07:1e:22:db
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYZfQsfK9zpd8R13xF+47T3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjMwMjE3MTIwNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGNlM2ZmMDU5YzE0YjdjMzE4ZTVkMzg5YjMyYmRkNTcxNzNhNDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm49gKCN1fo7piL1wGe9AUSw9GY4
42nYf6H49TyEHsEXAkmZz2RxWN2vK4+DORjEP6zUUK6v40wET1bXNTMrYUCFpbXy
eNgsx+LNsnRuC+6BiXDofqmaD0nS9ffZbGA0+BEbW27klC0xD3MtA8UxZuWpj6cY
QpTednuBNTen3eGsBM6UoocPouOt/er4y6TlYfxBi3fulZD6uWweynsjhHhgQe0A
Urr5Y1yEJaQ982+4u9PPNDOO7NjDC/ZKdYCNo1dOKMq8hcbHHlISsO8qixqxYfHV
sskIAh/bXi/xRd5g6SKoGO3g3xm47WDmMGHDfXgpUmA18Izif8wjCefl0wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJjOP/BZwUt8MY5dOJsyvdVxc6QAMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvbU00XzhGbkJTM3d4amwwNG16SzkxWEZ6cEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzA1BAIAAjAvAwcAIAEGeAAg
AwcAIAEGfAG8AwcAKgIIUP/gMBIDBwAqAghQ/+UDBwMqAghQ/+AwDQYJKoZIhvcN
AQELBQADggEBAIo1goy4kPJDN9xxSm5ihggKV83FrkEpEpZzWdBxBun4GoJ2tyMs
Eh7FoG1BU1vzN99kp7BJohjIkU/AU8xhklXfxsI0Bo2Y/nd6atVcLVhOmtEuHbvU
F1BunRRRoQQWVoc2Ez1xj9ICze86/3UkBippg3Xizt1WtnIE60xHB5RBaHFZ4ohH
22DKgxsbleaXtLXnwuWik0gjKHie8wauNJPZywU9WNEN/Mlp9N/uwrJ+wM2GW3oF
rU1LkxAfoE/Z+cpP7KNBIqbAuahY8Gkk9dn9lYM6Rtl3BMMDtwqOednp2E8rHGLo
VXywYX4lT4NrbVVT3uGR4CZ9Airj9wceIts=
-----END CERTIFICATE-----
Generated at Thu Jun 12 10:18:40 2025 by rpki-client