Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/0SCIbqSalEAiG71Vr9wBI6uRvbY.roa
File: 0SCIbqSalEAiG71Vr9wBI6uRvbY.roa (raw, json)
Hash identifier: ATO4wIubMW/pkvWdtIgnmpPKEO8cLEQ8Cgc1eFtBiGs=
Subject key identifier: D1:20:88:6E:A4:9A:94:40:22:1B:BD:55:AF:DC:01:23:AB:91:BD:B6
Certificate issuer: /CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Certificate serial: 018571832463BD4AE25D2ADB0EA4A83610A8
Authority key identifier: 1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/0SCIbqSalEAiG71Vr9wBI6uRvbY.roa
Signing time: Mon 02 Jan 2023 08:04:58 +0000
ROA not before: Mon 02 Jan 2023 08:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 55002
IP address blocks: 94.125.72.0/21 maxlen: 24
130.255.104.0/21 maxlen: 24
109.70.192.0/21 maxlen: 24
185.35.208.0/22 maxlen: 24
88.133.240.0/21 maxlen: 24
109.235.224.0/21 maxlen: 24
5.199.176.0/21 maxlen: 24
212.237.168.0/21 maxlen: 24
2a02:778::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:83:24:63:bd:4a:e2:5d:2a:db:0e:a4:a8:36:10:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Validity
Not Before: Jan 2 08:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d120886ea49a9440221bbd55afdc0123ab91bdb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:19:2d:db:80:d3:6b:27:c9:f3:fa:48:ae:4c:
89:7f:c1:10:5a:f3:55:7b:96:ba:ff:1a:f7:8c:66:
99:ad:0a:a0:41:c2:7f:ec:18:40:39:56:fb:35:d2:
e2:6c:50:d3:be:16:46:d1:7c:c1:f1:21:f0:c8:1b:
4b:8f:de:bc:80:d8:1e:16:e5:e9:91:9c:97:e5:0d:
f3:7b:b9:64:b1:51:64:b8:50:a9:b5:e4:5e:23:94:
eb:29:f2:85:c4:32:57:98:cd:22:e5:8f:84:e3:24:
d3:a8:50:f4:89:13:c0:73:0d:40:c2:5e:e9:d7:5a:
9c:3b:0d:21:4f:e0:51:67:60:9b:ea:ed:8b:56:7c:
22:12:e3:d7:b1:42:cd:9f:b5:bd:22:f2:e2:5d:83:
fc:44:39:04:cb:e1:56:60:16:72:4e:82:c5:43:03:
76:f6:d0:c0:9a:52:16:9d:05:d3:86:e8:b5:db:c5:
08:af:08:a1:05:57:27:0f:69:4d:97:9e:25:2a:4e:
79:45:5f:af:51:17:6b:e0:b0:0d:c6:53:2a:eb:4b:
99:e9:a9:3e:46:cc:63:37:5d:72:33:e6:15:7f:40:
c6:9c:4c:2b:04:b0:89:5c:07:8d:1b:29:73:dd:35:
20:c2:72:51:32:df:7e:57:90:f8:0c:f9:39:d5:74:
1e:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:20:88:6E:A4:9A:94:40:22:1B:BD:55:AF:DC:01:23:AB:91:BD:B6
X509v3 Authority Key Identifier:
keyid:1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/0SCIbqSalEAiG71Vr9wBI6uRvbY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.199.176.0/21
88.133.240.0/21
94.125.72.0/21
109.70.192.0/21
109.235.224.0/21
130.255.104.0/21
185.35.208.0/22
212.237.168.0/21
IPv6:
2a02:778::/32
Signature Algorithm: sha256WithRSAEncryption
e8:d9:8d:62:6f:28:65:0e:af:ec:55:96:21:e1:63:02:9a:8b:
26:a6:ac:2a:a4:59:56:a6:ba:fc:c6:93:0b:7b:74:fa:16:11:
14:de:d7:b8:90:3f:8c:87:07:a9:06:9b:b8:b4:11:93:c7:15:
5a:4d:46:c5:68:a4:6e:75:17:43:04:f3:1a:2a:0d:90:5d:b4:
e9:09:e7:77:23:af:02:15:ff:1d:4a:80:2e:f8:84:5f:90:5d:
92:2d:56:6c:2b:8b:01:60:8c:7d:d2:07:69:24:78:65:66:6b:
1c:f5:6e:39:79:a5:57:4d:92:cd:dd:b0:00:6c:f9:19:e6:03:
58:2d:4d:69:09:5e:b2:96:06:c3:bc:83:5c:d9:cd:bd:55:ee:
4c:aa:db:52:23:72:72:af:2a:df:c2:dd:b5:de:93:f7:08:fb:
f1:d0:37:47:9e:ca:7e:85:a1:ea:94:10:97:ea:fd:a8:6b:ce:
7c:15:86:c9:f5:61:e7:9d:d6:67:e4:32:ec:28:2d:84:21:63:
6a:81:67:69:48:f4:ce:b7:e3:57:d8:bc:7d:7f:67:1c:c8:1c:
3a:8e:57:91:64:04:1e:3f:1f:6a:17:b3:e3:db:98:e1:95:cb:
52:fc:c7:47:0b:3e:4b:63:19:02:b6:27:82:8d:20:c6:89:df:
d1:4e:83:c5
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVxgyRjvUriXSrbDqSoNhCoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzlkNTc5MzZkZDJkMTUyMTQ0M2U2OGRhZGQ5ZDA5NDlj
ZGUzM2YwHhcNMjMwMTAyMDgwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTIwODg2ZWE0OWE5NDQwMjIxYmJkNTVhZmRjMDEyM2FiOTFiZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxkt24DTayfJ8/pIrkyJf8EQWvNV
e5a6/xr3jGaZrQqgQcJ/7BhAOVb7NdLibFDTvhZG0XzB8SHwyBtLj968gNgeFuXp
kZyX5Q3ze7lksVFkuFCpteReI5TrKfKFxDJXmM0i5Y+E4yTTqFD0iRPAcw1Awl7p
11qcOw0hT+BRZ2Cb6u2LVnwiEuPXsULNn7W9IvLiXYP8RDkEy+FWYBZyToLFQwN2
9tDAmlIWnQXThui128UIrwihBVcnD2lNl54lKk55RV+vURdr4LANxlMq60uZ6ak+
RsxjN11yM+YVf0DGnEwrBLCJXAeNGylz3TUgwnJRMt9+V5D4DPk51XQe/wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNEgiG6kmpRAIhu9Va/cASOrkb22MB8GA1UdIwQY
MBaAFBw51Xk23S0VIUQ+aNrdnQlJzeM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2Qt
ZDdjNWRhN2MxNjc2LzEvMFNDSWJxU2FsRUFpRzcxVnI5d0JJNnVSdmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2QtZDdjNWRhN2MxNjc2
LzEvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBcewAwQD
WIXwAwQDXn1IAwQDbUbAAwQDbevgAwQDgv9oAwQCuSPQAwQD1O2oMA0EAgACMAcD
BQAqAgd4MA0GCSqGSIb3DQEBCwUAA4IBAQDo2Y1ibyhlDq/sVZYh4WMCmosmpqwq
pFlWprr8xpMLe3T6FhEU3te4kD+MhwepBpu4tBGTxxVaTUbFaKRudRdDBPMaKg2Q
XbTpCed3I68CFf8dSoAu+IRfkF2SLVZsK4sBYIx90gdpJHhlZmsc9W45eaVXTZLN
3bAAbPkZ5gNYLU1pCV6ylgbDvINc2c29Ve5MqttSI3Jyryrfwt213pP3CPvx0DdH
nsp+haHqlBCX6v2oa858FYbJ9WHnndZn5DLsKC2EIWNqgWdpSPTOt+NX2Lx9f2cc
yBw6jleRZAQePx9qF7Pj25jhlctS/MdHCz5LYxkCtieCjSDGid/RToPF
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:46:25 2025 by rpki-client