Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/c4mqxhPodG3lCFpXTRLE_q2DkzI.roa
File: c4mqxhPodG3lCFpXTRLE_q2DkzI.roa (raw, json)
Hash identifier: r7v6zVefhMNDMsGu8+RIgemoyD+8PCVvPIAMdlskjmg=
Subject key identifier: 73:89:AA:C6:13:E8:74:6D:E5:08:5A:57:4D:12:C4:FE:AD:83:93:32
Certificate issuer: /CN=9770bf2375d59ba81a9955c07a2f0a23264b61a8
Certificate serial: 018B42CA270A991B9F69B789F0B635AFD5EB
Authority key identifier: 97:70:BF:23:75:D5:9B:A8:1A:99:55:C0:7A:2F:0A:23:26:4B:61:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l3C_I3XVm6gamVXAei8KIyZLYag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/c4mqxhPodG3lCFpXTRLE_q2DkzI.roa
Signing time: Wed 18 Oct 2023 12:37:06 +0000
ROA not before: Wed 18 Oct 2023 12:37:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50964
IP address blocks: 194.59.39.0/24 maxlen: 24
91.205.76.0/22 maxlen: 22
194.76.38.0/23 maxlen: 23
194.59.38.0/24 maxlen: 24
194.59.36.0/24 maxlen: 24
194.59.36.0/22 maxlen: 22
194.59.37.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:42:ca:27:0a:99:1b:9f:69:b7:89:f0:b6:35:af:d5:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9770bf2375d59ba81a9955c07a2f0a23264b61a8
Validity
Not Before: Oct 18 12:37:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7389aac613e8746de5085a574d12c4fead839332
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d8:87:a0:75:c3:77:2e:1e:40:4b:30:2e:23:
72:db:32:44:b1:67:cf:fb:d6:fd:a4:99:81:f9:e3:
ac:09:e9:cf:37:00:b5:f9:d8:a4:2a:d4:d6:ae:c5:
64:06:3f:77:03:9f:ed:f5:8f:bb:2e:54:28:c6:23:
a7:76:19:be:1d:4f:1c:68:ec:7d:86:b1:94:15:7d:
19:e7:b7:92:b1:d5:15:f0:2a:c7:77:3b:72:e6:29:
70:9c:05:7f:54:0c:2b:d2:54:36:0d:33:c3:5d:b9:
59:93:5a:5f:a1:68:0a:5d:0e:e8:f6:b9:4e:d3:a1:
f5:b0:22:88:3f:11:7a:ff:b3:2d:0a:e6:5a:8a:52:
f0:68:3a:98:53:b8:8e:89:06:68:93:be:1a:72:6d:
41:64:c7:de:b3:f6:23:4f:0a:b3:87:78:17:59:89:
13:a9:f6:90:26:4b:0c:16:89:2b:42:41:2a:bc:62:
a0:1c:3a:c9:63:49:7b:1e:89:9a:7c:23:b1:27:3a:
56:3c:57:5b:6e:b8:86:46:bb:56:eb:b8:48:41:e9:
7c:d8:9c:38:86:f2:75:86:11:d4:c5:5a:40:d1:70:
75:7f:51:5d:e6:79:17:0f:15:36:64:3d:68:7f:78:
99:f0:82:a0:fc:05:84:be:f2:3d:45:09:39:35:f5:
c4:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:89:AA:C6:13:E8:74:6D:E5:08:5A:57:4D:12:C4:FE:AD:83:93:32
X509v3 Authority Key Identifier:
keyid:97:70:BF:23:75:D5:9B:A8:1A:99:55:C0:7A:2F:0A:23:26:4B:61:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l3C_I3XVm6gamVXAei8KIyZLYag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/c4mqxhPodG3lCFpXTRLE_q2DkzI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/l3C_I3XVm6gamVXAei8KIyZLYag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.205.76.0/22
194.59.36.0/22
194.76.38.0/23
Signature Algorithm: sha256WithRSAEncryption
58:50:d4:4e:96:25:77:6c:1a:01:fe:b8:b8:c5:be:6d:20:4b:
c2:c3:de:fd:6b:61:8e:4f:58:5b:57:73:81:e6:10:e4:f0:26:
e0:53:25:19:24:87:74:cb:be:a1:60:3d:6f:86:2e:e0:f9:e1:
a7:43:37:0c:4e:fe:d2:4d:a3:30:af:18:b8:35:56:36:e6:5e:
e4:c3:e8:f7:45:ba:b0:fb:9d:3b:d3:f3:b4:14:be:5f:79:ef:
20:82:dd:ab:95:10:bd:00:d2:66:43:7c:8e:17:47:bc:22:8b:
e2:74:24:d0:a4:47:e9:fc:bb:64:15:44:7f:be:b6:3f:cf:cf:
7c:7c:bb:e0:9c:a0:74:6e:0f:b6:9a:f9:22:0c:a4:10:b6:f4:
07:01:2d:8b:9d:2c:75:e5:9a:cf:44:68:81:70:9e:af:b6:e7:
b3:75:97:20:b1:45:7b:00:8a:00:08:92:f9:90:23:bc:d5:07:
dd:5c:eb:18:c6:4a:94:dc:d7:9b:d5:f8:ee:1a:81:66:72:3a:
99:97:f3:dd:21:d5:ed:67:29:fd:37:ab:0f:fb:f4:4b:9c:a8:
81:85:a6:73:51:80:ed:29:3d:55:98:b0:b0:fe:92:d6:24:ff:
36:28:2e:57:bd:c2:f3:a9:5f:9b:a3:4e:3d:1e:c5:60:55:df:
50:61:b6:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYtCyicKmRufabeJ8LY1r9XrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NzBiZjIzNzVkNTliYTgxYTk5NTVjMDdhMmYwYTIzMjY0
YjYxYTgwHhcNMjMxMDE4MTIzNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzg5YWFjNjEzZTg3NDZkZTUwODVhNTc0ZDEyYzRmZWFkODM5MzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9iHoHXDdy4eQEswLiNy2zJEsWfP
+9b9pJmB+eOsCenPNwC1+dikKtTWrsVkBj93A5/t9Y+7LlQoxiOndhm+HU8caOx9
hrGUFX0Z57eSsdUV8CrHdzty5ilwnAV/VAwr0lQ2DTPDXblZk1pfoWgKXQ7o9rlO
06H1sCKIPxF6/7MtCuZailLwaDqYU7iOiQZok74acm1BZMfes/YjTwqzh3gXWYkT
qfaQJksMFokrQkEqvGKgHDrJY0l7HomafCOxJzpWPFdbbriGRrtW67hIQel82Jw4
hvJ1hhHUxVpA0XB1f1Fd5nkXDxU2ZD1of3iZ8IKg/AWEvvI9RQk5NfXEIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHOJqsYT6HRt5QhaV00SxP6tg5MyMB8GA1UdIwQY
MBaAFJdwvyN11ZuoGplVwHovCiMmS2GoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDNDX0kzWFZtNmdhbVZYQWVpOEtJeVpMWWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9iZWVmMmYtZWM1YS00OWZmLTk3NWIt
OGQzNGY1NTc4MjJhLzEvYzRtcXhoUG9kRzNsQ0ZwWFRSTEVfcTJEa3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9iZWVmMmYtZWM1YS00OWZmLTk3NWItOGQzNGY1NTc4MjJh
LzEvbDNDX0kzWFZtNmdhbVZYQWVpOEtJeVpMWWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW81MAwQC
wjskAwQBwkwmMA0GCSqGSIb3DQEBCwUAA4IBAQBYUNROliV3bBoB/ri4xb5tIEvC
w979a2GOT1hbV3OB5hDk8CbgUyUZJId0y76hYD1vhi7g+eGnQzcMTv7STaMwrxi4
NVY25l7kw+j3Rbqw+5070/O0FL5fee8ggt2rlRC9ANJmQ3yOF0e8IovidCTQpEfp
/LtkFUR/vrY/z898fLvgnKB0bg+2mvkiDKQQtvQHAS2LnSx15ZrPRGiBcJ6vtuez
dZcgsUV7AIoACJL5kCO81QfdXOsYxkqU3Neb1fjuGoFmcjqZl/PdIdXtZyn9N6sP
+/RLnKiBhaZzUYDtKT1VmLCw/pLWJP82KC5XvcLzqV+bo049HsVgVd9QYbZN
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:49:43 2025 by rpki-client