Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/7_UfKtPuVjrdt2FYotpLlmndzh0.roa
File: 7_UfKtPuVjrdt2FYotpLlmndzh0.roa (raw, json)
Hash identifier: DiTokNosccJpwewgLiDrZVzbMmrLVZ7Ucmnq5/nPiGs=
Subject key identifier: EF:F5:1F:2A:D3:EE:56:3A:DD:B7:61:58:A2:DA:4B:96:69:DD:CE:1D
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 018655125FAEDE2AF84F8495F8268EDBFC58
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/7_UfKtPuVjrdt2FYotpLlmndzh0.roa
Signing time: Wed 15 Feb 2023 12:35:12 +0000
ROA not before: Wed 15 Feb 2023 12:35:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44477
IP address blocks: 94.131.96.0/24 maxlen: 24
94.131.98.0/24 maxlen: 24
94.131.97.0/24 maxlen: 24
94.131.99.0/24 maxlen: 24
94.131.102.0/24 maxlen: 24
94.131.100.0/24 maxlen: 24
94.131.105.0/24 maxlen: 24
94.131.106.0/24 maxlen: 24
94.131.108.0/24 maxlen: 24
94.131.107.0/24 maxlen: 24
94.131.2.0/24 maxlen: 24
94.131.3.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:55:12:5f:ae:de:2a:f8:4f:84:95:f8:26:8e:db:fc:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Feb 15 12:35:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eff51f2ad3ee563addb76158a2da4b9669ddce1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:ea:ca:c8:01:a2:ca:48:5a:2f:88:61:c7:45:
e4:52:92:8c:95:06:f7:50:bb:f3:81:56:e5:8e:f7:
3e:9c:72:3e:17:34:c3:4b:6c:ee:36:2a:a1:b1:d1:
6d:55:4c:82:c7:d7:11:92:fc:32:34:8d:e0:e2:80:
ad:15:32:17:ef:56:a8:d3:69:1b:b5:e3:fc:5e:f6:
6b:b2:79:25:79:66:ae:ba:6f:c4:68:ad:11:c4:0e:
a3:d7:15:14:ec:a0:d1:0e:bb:96:24:03:80:f3:9b:
6a:45:d5:14:1c:db:11:e3:21:a3:c2:02:be:ea:a9:
ec:76:8a:d0:25:af:e9:35:c6:48:02:91:13:37:93:
be:a7:7e:4c:6e:f3:be:a5:d0:21:ee:10:2d:c6:d9:
39:f7:fc:f4:bf:c6:44:85:f4:8b:58:75:46:d0:e5:
e5:75:26:a8:dd:b1:7e:fb:53:91:1b:fc:14:33:96:
3c:7f:eb:c2:74:41:b0:9f:cf:d5:62:2e:9a:9d:b3:
b7:ff:5d:3e:53:7a:f6:ef:0b:a1:cc:98:f3:c1:46:
b8:f7:c3:3d:54:3d:57:32:e8:2a:2e:0c:96:78:17:
20:4b:2f:f4:2f:91:5c:7b:81:27:cc:c4:ae:d8:d4:
2f:28:06:a3:ee:f7:94:47:e0:4f:a1:b3:2f:82:13:
8b:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:F5:1F:2A:D3:EE:56:3A:DD:B7:61:58:A2:DA:4B:96:69:DD:CE:1D
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/7_UfKtPuVjrdt2FYotpLlmndzh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.2.0/23
94.131.96.0-94.131.100.255
94.131.102.0/24
94.131.105.0-94.131.108.255
Signature Algorithm: sha256WithRSAEncryption
34:d5:5f:08:fb:b8:dc:a1:37:f9:ac:d4:87:4a:4a:77:02:81:
b2:cc:a1:a5:93:20:8e:c0:0e:0a:0f:2c:a5:e7:20:75:de:f0:
ae:c4:c8:1f:b4:85:e8:6a:7f:2b:82:4d:cd:14:7a:17:f3:47:
93:12:e6:d8:5c:e4:d0:07:9c:73:df:89:8d:d3:35:87:b0:b7:
38:c0:d3:57:24:71:6f:e2:97:a1:57:a1:22:72:56:87:ad:f8:
e5:97:2b:86:5e:13:e2:8e:a7:43:08:3b:eb:cb:af:7a:61:84:
ee:75:0b:d9:4b:78:b4:84:50:8f:55:6e:1d:9d:a6:c5:0e:9c:
91:6a:c3:94:00:ff:1e:fa:33:34:82:76:0d:97:fe:24:b1:40:
84:3b:8c:29:e5:a0:fd:20:e0:07:ca:c4:89:44:f4:95:dd:9d:
6b:08:0e:a7:ce:b2:77:57:1e:8a:59:9d:21:f2:3d:d1:bd:42:
82:d0:78:1e:18:fc:d1:e1:47:b9:7a:d8:ca:32:75:a1:29:45:
ed:c3:78:55:42:36:3d:c1:fc:bd:4f:62:5f:89:2b:1a:20:7a:
cc:3b:e3:e3:24:a9:41:18:d2:2a:d7:98:28:28:e6:6b:55:62:
5c:3d:de:8d:cd:3f:d0:87:b0:20:3f:73:4c:b1:ac:14:d7:5a:
c6:84:db:bc
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYZVEl+u3ir4T4SV+CaO2/xYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwMjE1MTIzNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmY1MWYyYWQzZWU1NjNhZGRiNzYxNThhMmRhNGI5NjY5ZGRjZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOrKyAGiykhaL4hhx0XkUpKMlQb3
ULvzgVbljvc+nHI+FzTDS2zuNiqhsdFtVUyCx9cRkvwyNI3g4oCtFTIX71ao02kb
teP8XvZrsnkleWauum/EaK0RxA6j1xUU7KDRDruWJAOA85tqRdUUHNsR4yGjwgK+
6qnsdorQJa/pNcZIApETN5O+p35MbvO+pdAh7hAtxtk59/z0v8ZEhfSLWHVG0OXl
dSao3bF++1ORG/wUM5Y8f+vCdEGwn8/VYi6anbO3/10+U3r27wuhzJjzwUa498M9
VD1XMugqLgyWeBcgSy/0L5Fce4EnzMSu2NQvKAaj7veUR+BPobMvghOLTwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFO/1HyrT7lY63bdhWKLaS5Zp3c4dMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvN19VZkt0UHVWanJkdDJGWW90cExsbW5kemgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQBXoMCMAwD
BAVeg2ADBABeg2QDBABeg2YwDAMEAF6DaQMEAF6DbDANBgkqhkiG9w0BAQsFAAOC
AQEANNVfCPu43KE3+azUh0pKdwKBssyhpZMgjsAOCg8specgdd7wrsTIH7SF6Gp/
K4JNzRR6F/NHkxLm2Fzk0Aecc9+JjdM1h7C3OMDTVyRxb+KXoVehInJWh6345Zcr
hl4T4o6nQwg768uvemGE7nUL2Ut4tIRQj1VuHZ2mxQ6ckWrDlAD/HvozNIJ2DZf+
JLFAhDuMKeWg/SDgB8rEiUT0ld2dawgOp86yd1ceilmdIfI90b1CgtB4Hhj80eFH
uXrYyjJ1oSlF7cN4VUI2PcH8vU9iX4krGiB6zDvj4ySpQRjSKteYKCjma1ViXD3e
jc0/0IewID9zTLGsFNdaxoTbvA==
-----END CERTIFICATE-----
Generated at Sat Apr 5 22:31:02 2025 by rpki-client