Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/r-UgeYr1fWIijFTjC-J_2TCqaB0.roa
File: r-UgeYr1fWIijFTjC-J_2TCqaB0.roa (raw, json)
Hash identifier: PufPxL03DFOZF6LjY2zWy0+6mjxnmsRIrHUSk/nhOnQ=
Subject key identifier: AF:E5:20:79:8A:F5:7D:62:22:8C:54:E3:0B:E2:7F:D9:30:AA:68:1D
Certificate issuer: /CN=b35a20a86939c8de8aedc305243b0fd4ad8654d0
Certificate serial: 01872857671A8F2F5AC56FA9564B9DEADD5D
Authority key identifier: B3:5A:20:A8:69:39:C8:DE:8A:ED:C3:05:24:3B:0F:D4:AD:86:54:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s1ogqGk5yN6K7cMFJDsP1K2GVNA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/r-UgeYr1fWIijFTjC-J_2TCqaB0.roa
Signing time: Tue 28 Mar 2023 13:10:29 +0000
ROA not before: Tue 28 Mar 2023 13:10:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210558
IP address blocks: 194.26.192.0/24 maxlen: 24
2.58.56.0/24 maxlen: 24
2a12:a800:1::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:28:57:67:1a:8f:2f:5a:c5:6f:a9:56:4b:9d:ea:dd:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b35a20a86939c8de8aedc305243b0fd4ad8654d0
Validity
Not Before: Mar 28 13:10:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=afe520798af57d62228c54e30be27fd930aa681d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:d9:84:9e:60:be:28:7d:e6:1e:b4:e4:44:6a:
aa:53:b9:1d:27:64:c5:ce:9c:78:e3:9b:ba:c4:29:
b5:9f:38:f3:cd:f1:a6:d6:a6:db:97:d2:d5:af:08:
9b:36:78:cb:8d:76:31:6a:cd:a3:7e:82:5b:65:e9:
6f:37:5e:93:e7:97:35:e0:14:3f:04:20:5a:3e:bc:
c4:44:f7:15:09:3e:e8:6d:7a:b8:11:e0:5f:c9:a3:
74:69:4a:e0:b0:50:a8:10:3e:de:20:00:7e:67:6e:
61:0d:b4:bd:b8:f8:26:b3:4b:3f:a2:4a:96:c1:58:
dd:93:01:fb:3e:9a:ad:d3:e8:e6:56:fb:e9:e3:08:
22:bd:5b:b8:68:ea:ab:c1:7f:ca:dc:2a:b8:ef:cc:
2b:87:ec:4d:ca:e3:6f:b3:8f:dd:f3:2c:4e:d0:b2:
a7:ad:37:ad:e8:b9:ee:97:f0:41:ca:a0:db:2b:77:
8c:ae:c2:17:af:2e:3d:52:70:90:e6:b0:e5:4c:45:
9c:33:7f:3b:ad:5f:46:4b:94:c2:ad:4f:d6:de:51:
6c:47:ff:31:c6:23:a9:c3:e5:70:eb:5a:27:6b:ac:
51:35:52:2b:71:21:af:6c:90:50:c0:eb:98:57:52:
0b:35:cb:ff:92:1f:68:9a:0e:d5:2b:d0:58:9b:43:
c9:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:E5:20:79:8A:F5:7D:62:22:8C:54:E3:0B:E2:7F:D9:30:AA:68:1D
X509v3 Authority Key Identifier:
keyid:B3:5A:20:A8:69:39:C8:DE:8A:ED:C3:05:24:3B:0F:D4:AD:86:54:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ogqGk5yN6K7cMFJDsP1K2GVNA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/r-UgeYr1fWIijFTjC-J_2TCqaB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/s1ogqGk5yN6K7cMFJDsP1K2GVNA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.56.0/24
194.26.192.0/24
IPv6:
2a12:a800:1::/48
Signature Algorithm: sha256WithRSAEncryption
02:57:6d:f0:ef:07:bb:4e:44:28:be:e5:d4:c3:e6:91:82:36:
48:43:7d:f7:59:61:e8:4b:d3:69:17:13:0e:7a:c0:b7:65:d8:
79:ca:e1:35:c2:d4:d3:21:97:cc:94:95:8a:2a:96:40:8a:8b:
47:05:db:c2:a4:dc:e5:d3:b5:b7:f7:82:c1:67:d1:89:5c:08:
a3:0c:6c:8c:a4:eb:5a:c0:de:85:45:3f:96:4d:73:ef:47:74:
e1:bf:db:17:c8:26:b1:23:6b:f0:7e:99:b0:e6:28:0d:0d:6c:
4f:14:f8:06:ea:3e:31:eb:ea:ba:8f:75:e7:2d:91:bb:8a:73:
e3:32:1f:fc:45:5d:d8:70:8b:76:69:ec:be:98:5c:4f:76:17:
06:f6:97:13:6f:dc:f9:52:61:83:19:4e:0e:e4:9e:55:de:fa:
a3:a0:68:a7:cb:fd:97:70:8c:ef:e6:50:b8:e5:aa:2e:82:23:
97:c5:b4:b4:6f:2a:ca:b3:7c:e6:a0:cd:ba:27:f4:fa:a5:84:
fc:6f:5b:54:8b:34:f8:70:97:41:3b:f7:df:e3:ff:cb:61:89:
3e:64:f6:a7:7d:63:7c:98:96:d1:a8:60:7e:0c:bf:66:1c:8e:
bb:44:63:16:c7:b9:d9:fc:13:bf:3d:b8:47:94:3c:b1:80:20:
5d:f3:da:c3
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYcoV2cajy9axW+pVkud6t1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNWEyMGE4NjkzOWM4ZGU4YWVkYzMwNTI0M2IwZmQ0YWQ4
NjU0ZDAwHhcNMjMwMzI4MTMxMDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmU1MjA3OThhZjU3ZDYyMjI4YzU0ZTMwYmUyN2ZkOTMwYWE2ODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtmEnmC+KH3mHrTkRGqqU7kdJ2TF
zpx445u6xCm1nzjzzfGm1qbbl9LVrwibNnjLjXYxas2jfoJbZelvN16T55c14BQ/
BCBaPrzERPcVCT7obXq4EeBfyaN0aUrgsFCoED7eIAB+Z25hDbS9uPgms0s/okqW
wVjdkwH7Ppqt0+jmVvvp4wgivVu4aOqrwX/K3Cq478wrh+xNyuNvs4/d8yxO0LKn
rTet6Lnul/BByqDbK3eMrsIXry49UnCQ5rDlTEWcM387rV9GS5TCrU/W3lFsR/8x
xiOpw+Vw61ona6xRNVIrcSGvbJBQwOuYV1ILNcv/kh9omg7VK9BYm0PJQQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFK/lIHmK9X1iIoxU4wvif9kwqmgdMB8GA1UdIwQY
MBaAFLNaIKhpOcjeiu3DBSQ7D9SthlTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFvZ3FHazV5TjZLN2NNRkpEc1AxSzJHVk5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8xNjIxODYtNTBkMS00NzYxLWFhZjAt
YTU0MjU4OTc5OWJjLzEvci1VZ2VZcjFmV0lpakZUakMtSl8yVENxYUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8xNjIxODYtNTBkMS00NzYxLWFhZjAtYTU0MjU4OTc5OWJj
LzEvczFvZ3FHazV5TjZLN2NNRkpEc1AxSzJHVk5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAAjo4AwQA
whrAMA8EAgACMAkDBwAqEqgAAAEwDQYJKoZIhvcNAQELBQADggEBAAJXbfDvB7tO
RCi+5dTD5pGCNkhDffdZYehL02kXEw56wLdl2HnK4TXC1NMhl8yUlYoqlkCKi0cF
28Kk3OXTtbf3gsFn0YlcCKMMbIyk61rA3oVFP5ZNc+9HdOG/2xfIJrEja/B+mbDm
KA0NbE8U+AbqPjHr6rqPdectkbuKc+MyH/xFXdhwi3Zp7L6YXE92Fwb2lxNv3PlS
YYMZTg7knlXe+qOgaKfL/ZdwjO/mULjlqi6CI5fFtLRvKsqzfOagzbon9PqlhPxv
W1SLNPhwl0E799/j/8thiT5k9qd9Y3yYltGoYH4Mv2YcjrtEYxbHudn8E789uEeU
PLGAIF3z2sM=
-----END CERTIFICATE-----
Generated at Wed Apr 9 06:25:35 2025 by rpki-client