Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/rU-dqZPr1T0tgL2QY3dCczQkzMs.roa
File: rU-dqZPr1T0tgL2QY3dCczQkzMs.roa (raw, json)
Hash identifier: I1seKqiGeON1JvkUUenMm7Qv1bKs73ZiCilf/O4v228=
Subject key identifier: AD:4F:9D:A9:93:EB:D5:3D:2D:80:BD:90:63:77:42:73:34:24:CC:CB
Certificate issuer: /CN=4ca13bdea54f76b8a85712afdb615186b33838c1
Certificate serial: 01856BDC789FB1EA81AF2B86AA57382666DF
Authority key identifier: 4C:A1:3B:DE:A5:4F:76:B8:A8:57:12:AF:DB:61:51:86:B3:38:38:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/rU-dqZPr1T0tgL2QY3dCczQkzMs.roa
Signing time: Sun 01 Jan 2023 05:44:48 +0000
ROA not before: Sun 01 Jan 2023 05:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20676
IP address blocks: 212.84.192.0/20 maxlen: 32
212.99.128.0/18 maxlen: 32
2a02:e240::/29 maxlen: 128
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:dc:78:9f:b1:ea:81:af:2b:86:aa:57:38:26:66:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ca13bdea54f76b8a85712afdb615186b33838c1
Validity
Not Before: Jan 1 05:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ad4f9da993ebd53d2d80bd90637742733424cccb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:03:23:7b:b2:f1:72:63:92:8b:0b:45:6e:31:
97:a7:22:c2:02:22:58:07:b0:7b:0e:7e:23:d8:bd:
d5:2b:dc:a6:19:c7:fa:b1:24:1d:1f:85:2b:09:87:
76:e9:44:71:26:3b:37:7b:6d:ae:94:70:6b:ea:46:
86:b2:e7:41:8d:7c:1a:e0:59:b6:e6:0e:a4:84:af:
c9:62:a5:e3:06:c8:c7:00:f9:a4:5d:7e:ed:6c:6d:
11:86:5d:ac:4e:36:9b:90:64:59:a5:10:ae:1b:7f:
71:5e:f4:b6:af:61:18:08:e7:b2:f8:56:ed:66:a2:
cb:52:69:5a:0e:0d:9c:3e:a6:1d:d1:43:ce:af:d6:
c3:72:6c:92:22:10:b3:8a:6f:51:42:c6:9d:ca:c6:
57:06:3f:25:1b:af:04:70:8a:4c:f8:80:0b:7d:02:
31:6f:a2:51:be:68:09:05:cd:14:04:87:2c:2d:a4:
11:19:53:68:9e:ad:1f:45:54:26:04:b2:41:b4:79:
c5:cb:b5:a5:b0:d0:d2:17:55:83:2c:00:bb:5f:95:
1a:f7:2f:d2:a7:06:77:97:8a:50:17:a3:ae:83:7e:
f6:a8:af:df:12:7f:7b:18:36:69:95:10:7f:8a:99:
a9:62:1d:f6:4e:03:95:57:24:6e:d1:7e:73:f2:d3:
82:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:4F:9D:A9:93:EB:D5:3D:2D:80:BD:90:63:77:42:73:34:24:CC:CB
X509v3 Authority Key Identifier:
keyid:4C:A1:3B:DE:A5:4F:76:B8:A8:57:12:AF:DB:61:51:86:B3:38:38:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/rU-dqZPr1T0tgL2QY3dCczQkzMs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.84.192.0/20
212.99.128.0/18
IPv6:
2a02:e240::/29
Signature Algorithm: sha256WithRSAEncryption
75:06:fa:03:49:28:ea:a3:ee:75:41:bf:00:13:e5:1d:87:52:
18:b5:91:e1:0c:65:00:0b:15:50:3d:bb:e6:a3:cb:b0:57:be:
97:8d:d9:f2:af:43:b8:dc:e7:1c:1b:be:4c:f5:46:0a:77:0b:
e9:5d:69:53:92:f4:5c:bf:db:e0:b3:ed:31:99:65:2c:9d:d1:
7f:b0:f1:2e:50:86:60:be:c5:82:dd:6d:f1:d1:e8:18:18:ac:
b0:1d:fd:77:46:ba:8e:20:59:22:32:f8:74:b7:d7:19:db:6a:
63:84:36:36:0e:24:e2:8b:32:37:dc:f7:f2:92:93:1d:3f:be:
7a:d7:1b:25:84:43:33:e6:e5:f8:1b:67:47:77:f5:6e:36:58:
6c:2e:ca:e5:1f:64:dc:ad:df:ab:a9:88:49:af:de:38:e1:df:
d3:e3:71:9f:0d:6a:1a:5e:cd:db:d5:da:e3:6b:96:63:48:b8:
8a:20:7d:0a:31:8e:73:0a:05:fe:91:71:22:ad:1d:e0:5e:c0:
74:60:6a:78:21:de:34:49:2c:b4:b8:7b:f4:53:16:5c:42:8e:
1e:c3:5d:ca:b2:3e:57:b2:8e:0b:c7:9a:7b:84:60:57:c2:e1:
c7:02:1a:79:01:63:8e:ca:39:8a:f4:a3:e5:09:3c:f0:fb:3f:
8f:63:42:38
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVr3HifseqBryuGqlc4JmbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTEzYmRlYTU0Zjc2YjhhODU3MTJhZmRiNjE1MTg2YjMz
ODM4YzEwHhcNMjMwMTAxMDU0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDRmOWRhOTkzZWJkNTNkMmQ4MGJkOTA2Mzc3NDI3MzM0MjRjY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwMje7LxcmOSiwtFbjGXpyLCAiJY
B7B7Dn4j2L3VK9ymGcf6sSQdH4UrCYd26URxJjs3e22ulHBr6kaGsudBjXwa4Fm2
5g6khK/JYqXjBsjHAPmkXX7tbG0Rhl2sTjabkGRZpRCuG39xXvS2r2EYCOey+Fbt
ZqLLUmlaDg2cPqYd0UPOr9bDcmySIhCzim9RQsadysZXBj8lG68EcIpM+IALfQIx
b6JRvmgJBc0UBIcsLaQRGVNonq0fRVQmBLJBtHnFy7WlsNDSF1WDLAC7X5Ua9y/S
pwZ3l4pQF6Oug372qK/fEn97GDZplRB/ipmpYh32TgOVVyRu0X5z8tOC1QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK1PnamT69U9LYC9kGN3QnM0JMzLMB8GA1UdIwQY
MBaAFEyhO96lT3a4qFcSr9thUYazODjBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtFNzNxVlBkcmlvVnhLdjIyRlJock00T01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNjJkMTMtN2YwMy00ZDE5LThiNDYt
ZmM5MTQzM2QzNjdkLzEvclUtZHFaUHIxVDB0Z0wyUVkzZENjelFrek1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNjJkMTMtN2YwMy00ZDE5LThiNDYtZmM5MTQzM2QzNjdk
LzEvVEtFNzNxVlBkcmlvVnhLdjIyRlJock00T01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQE1FTAAwQG
1GOAMA0EAgACMAcDBQMqAuJAMA0GCSqGSIb3DQEBCwUAA4IBAQB1BvoDSSjqo+51
Qb8AE+Udh1IYtZHhDGUACxVQPbvmo8uwV76Xjdnyr0O43OccG75M9UYKdwvpXWlT
kvRcv9vgs+0xmWUsndF/sPEuUIZgvsWC3W3x0egYGKywHf13RrqOIFkiMvh0t9cZ
22pjhDY2DiTiizI33PfykpMdP7561xslhEMz5uX4G2dHd/VuNlhsLsrlH2Tcrd+r
qYhJr9444d/T43GfDWoaXs3b1drja5ZjSLiKIH0KMY5zCgX+kXEirR3gXsB0YGp4
Id40SSy0uHv0UxZcQo4ew13Ksj5Xso4Lx5p7hGBXwuHHAhp5AWOOyjmK9KPlCTzw
+z+PY0I4
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:24:35 2025 by rpki-client