Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/Ma4cMDztFuy7QO5FHWs8NLIuAEM.roa
File: Ma4cMDztFuy7QO5FHWs8NLIuAEM.roa (raw, json)
Hash identifier: VrjO4tOGN/kiUc/01v1K9qCoLKgtDMZJsqkqAmSxNMs=
Subject key identifier: 31:AE:1C:30:3C:ED:16:EC:BB:40:EE:45:1D:6B:3C:34:B2:2E:00:43
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 018C554E8E8079DAEE4F17ADD416FC0B4BD6
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/Ma4cMDztFuy7QO5FHWs8NLIuAEM.roa
Signing time: Sun 10 Dec 2023 19:57:40 +0000
ROA not before: Sun 10 Dec 2023 19:57:40 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12679
IP address blocks: 109.203.164.0/22 maxlen: 24
109.203.160.0/22 maxlen: 24
37.49.146.0/24 maxlen: 24
37.49.151.0/24 maxlen: 24
94.74.173.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:55:4e:8e:80:79:da:ee:4f:17:ad:d4:16:fc:0b:4b:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Dec 10 19:57:40 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=31ae1c303ced16ecbb40ee451d6b3c34b22e0043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:e0:09:37:35:1e:ff:69:32:f6:0c:c3:23:65:
b7:25:48:d5:e3:45:b0:00:5e:bc:c5:40:64:0e:18:
6e:3a:95:6b:fb:7d:e9:4c:96:85:07:94:61:7f:b4:
d3:ec:ac:e2:b6:a0:40:d9:34:f7:07:8e:0c:f8:09:
8a:5c:a2:a6:78:c9:c0:6a:5b:4a:7d:33:e5:39:9b:
d7:93:3a:80:14:d5:bc:a1:dd:00:61:0e:34:41:b8:
b1:94:fc:83:c0:45:21:ad:18:d2:b9:b5:c5:47:41:
15:3d:16:66:15:44:ed:0e:1b:49:b4:96:ba:26:49:
e0:d0:e8:2f:c7:da:f5:47:c5:98:f5:c9:ac:a5:c9:
02:3c:85:7f:d5:b7:d1:fa:fa:40:ee:d2:71:24:e4:
ec:7f:79:29:39:d0:ff:1f:d6:30:fe:d9:ad:ed:2c:
67:a4:e3:41:e5:90:65:ae:6e:f8:ac:06:8e:82:70:
a0:78:dc:d6:69:9d:c2:f1:58:4d:04:43:1f:38:48:
8e:0b:b1:8c:3a:f9:b7:e1:3a:92:6f:8b:c5:19:c2:
ee:be:a7:99:28:88:53:a7:bf:88:09:6c:06:48:f8:
c8:60:e3:91:ba:2c:ee:c1:76:89:82:58:ce:1c:ad:
97:7a:53:3f:ed:ba:83:c6:a9:e7:66:3a:a5:c0:6f:
b8:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:AE:1C:30:3C:ED:16:EC:BB:40:EE:45:1D:6B:3C:34:B2:2E:00:43
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/Ma4cMDztFuy7QO5FHWs8NLIuAEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.146.0/24
37.49.151.0/24
94.74.173.0/24
109.203.160.0/21
Signature Algorithm: sha256WithRSAEncryption
a1:33:f4:0f:92:10:60:16:93:7a:15:dc:84:4b:17:6b:14:24:
54:23:5a:92:c5:18:7a:60:a8:3f:8f:a5:e7:f3:b3:75:5c:a1:
85:15:b0:7f:d8:81:f5:c8:8a:d0:90:7d:dd:31:ec:57:40:75:
8a:1d:3a:6a:cb:19:82:e4:e9:6b:05:52:1a:e2:d8:f1:b6:6e:
10:dc:8c:cd:b8:88:9d:ad:d9:ab:e8:98:27:67:f2:d3:51:b8:
00:54:4b:f5:86:2b:b2:72:c4:6c:7f:dc:e0:3c:c9:a7:f2:04:
c2:56:91:dc:51:26:72:9e:4a:52:ac:e1:27:53:b6:df:1e:ee:
5d:3b:73:df:0b:2d:66:a6:87:dc:ce:3d:93:3a:e7:c8:89:c0:
d8:4a:95:44:af:c5:5a:f5:57:d1:48:22:ce:7d:ea:0c:ee:f2:
ce:0e:82:a8:2d:94:b3:d2:70:42:42:91:d2:e6:05:83:8f:fc:
e0:fd:bc:4c:42:c8:7f:70:f1:6f:e9:38:dd:e6:14:54:95:32:
56:28:eb:0e:3e:7a:95:66:5e:77:de:5e:f2:9c:e9:f1:31:cc:
38:8e:a9:c4:b1:2c:26:ce:2e:31:fc:83:1d:4d:85:26:86:7d:
ad:36:db:ff:15:b7:bd:7a:06:f2:b1:98:f3:40:e4:96:e7:9d:
5a:97:ef:cb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYxVTo6AedruTxet1Bb8C0vWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjMxMjEwMTk1NzQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWFlMWMzMDNjZWQxNmVjYmI0MGVlNDUxZDZiM2MzNGIyMmUwMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOAJNzUe/2ky9gzDI2W3JUjV40Ww
AF68xUBkDhhuOpVr+33pTJaFB5Rhf7TT7KzitqBA2TT3B44M+AmKXKKmeMnAaltK
fTPlOZvXkzqAFNW8od0AYQ40QbixlPyDwEUhrRjSubXFR0EVPRZmFUTtDhtJtJa6
Jkng0Ogvx9r1R8WY9cmspckCPIV/1bfR+vpA7tJxJOTsf3kpOdD/H9Yw/tmt7Sxn
pONB5ZBlrm74rAaOgnCgeNzWaZ3C8VhNBEMfOEiOC7GMOvm34TqSb4vFGcLuvqeZ
KIhTp7+ICWwGSPjIYOORuizuwXaJgljOHK2XelM/7bqDxqnnZjqlwG+4LwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDGuHDA87Rbsu0DuRR1rPDSyLgBDMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvTWE0Y01EenRGdXk3UU81RkhXczhOTEl1QUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJTGSAwQA
JTGXAwQAXkqtAwQDbcugMA0GCSqGSIb3DQEBCwUAA4IBAQChM/QPkhBgFpN6FdyE
SxdrFCRUI1qSxRh6YKg/j6Xn87N1XKGFFbB/2IH1yIrQkH3dMexXQHWKHTpqyxmC
5OlrBVIa4tjxtm4Q3IzNuIidrdmr6JgnZ/LTUbgAVEv1hiuycsRsf9zgPMmn8gTC
VpHcUSZynkpSrOEnU7bfHu5dO3PfCy1mpofczj2TOufIicDYSpVEr8Va9VfRSCLO
feoM7vLODoKoLZSz0nBCQpHS5gWDj/zg/bxMQsh/cPFv6Tjd5hRUlTJWKOsOPnqV
Zl533l7ynOnxMcw4jqnEsSwmzi4x/IMdTYUmhn2tNtv/Fbe9egbysZjzQOSW551a
l+/L
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:05:23 2025 by rpki-client