Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/dTlRwxXooiJkzcZymuJn3UbED1Q.roa
File: dTlRwxXooiJkzcZymuJn3UbED1Q.roa (raw, json)
Hash identifier: baJjRkAbLOEp+Vlkexj9jbg2LhtsCxirePf7tZa6pvE=
Subject key identifier: 75:39:51:C3:15:E8:A2:22:64:CD:C6:72:9A:E2:67:DD:46:C4:0F:54
Certificate issuer: /CN=aa2a58c697a1449976b0d11d6f126025e14089c6
Certificate serial: 018571277B1E49ED1CA60D43EACB02074512
Authority key identifier: AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/dTlRwxXooiJkzcZymuJn3UbED1Q.roa
Signing time: Mon 02 Jan 2023 06:24:50 +0000
ROA not before: Mon 02 Jan 2023 06:24:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50477
IP address blocks: 178.57.56.0/21 maxlen: 21
194.58.168.0/22 maxlen: 22
194.58.172.0/22 maxlen: 22
194.58.184.0/21 maxlen: 21
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:27:7b:1e:49:ed:1c:a6:0d:43:ea:cb:02:07:45:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa2a58c697a1449976b0d11d6f126025e14089c6
Validity
Not Before: Jan 2 06:24:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=753951c315e8a22264cdc6729ae267dd46c40f54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f2:57:04:b4:fd:6e:46:0a:37:12:7a:c9:49:
51:d8:12:a3:b3:66:e8:a1:cc:26:54:a6:3f:1d:f5:
bd:65:12:51:b7:40:ab:28:c7:96:49:45:9d:7d:5c:
7b:b3:62:81:2a:5d:51:bb:a0:33:ae:bb:64:e4:6e:
80:9d:44:c2:64:f9:01:27:9b:54:4e:e9:7f:e2:1b:
f3:2d:38:6e:cb:aa:61:57:1f:37:07:f9:06:3f:9a:
9b:41:04:d9:3e:92:f4:3b:f9:aa:9d:d9:37:9e:80:
ea:90:ab:9e:64:68:99:a1:50:d8:77:cc:8e:f1:41:
a0:8b:5b:e6:a7:69:be:35:b1:bb:ca:de:80:47:2d:
e6:60:ac:a9:a1:09:c3:5c:79:a7:fc:f9:e3:25:18:
ba:9c:cd:a2:ac:e2:c1:7a:a3:63:55:4a:32:dd:4b:
6c:e5:b6:3f:06:c2:9d:1c:d3:b0:72:f2:96:ba:ea:
20:bd:2d:ca:fb:6a:d9:2c:10:94:f9:0e:0c:9b:55:
35:b8:65:82:e2:68:75:01:ab:85:9b:87:31:f1:b3:
12:90:bb:98:1f:38:af:44:b4:6f:7f:e8:60:73:3e:
67:59:46:bd:22:79:ac:8d:8b:7e:2b:e6:a5:06:ec:
9b:39:68:9f:7f:b3:73:eb:63:7f:14:20:08:af:45:
44:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:39:51:C3:15:E8:A2:22:64:CD:C6:72:9A:E2:67:DD:46:C4:0F:54
X509v3 Authority Key Identifier:
keyid:AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/dTlRwxXooiJkzcZymuJn3UbED1Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/qipYxpehRJl2sNEdbxJgJeFAicY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.57.56.0/21
194.58.168.0/21
194.58.184.0/21
Signature Algorithm: sha256WithRSAEncryption
50:e1:13:90:b7:a6:69:1c:1f:5c:af:ae:5f:56:f3:e0:71:de:
11:99:81:23:1a:68:9e:64:48:8a:61:9c:9f:81:cd:4b:55:7f:
a9:2a:64:f9:9d:36:0d:b7:f1:bc:fe:69:4f:49:03:2c:60:da:
c6:b2:24:96:87:e0:12:5a:38:5f:9f:d3:78:e2:5a:ff:16:49:
9d:d1:6f:26:ca:0a:fc:00:da:72:96:b4:20:7f:71:56:2d:bd:
80:6d:ff:0e:29:0b:33:aa:11:53:ea:56:89:42:de:db:31:c4:
2b:5e:4f:6e:3a:28:65:02:86:99:ab:90:d9:f6:68:12:27:1d:
4a:6d:d3:9b:e1:40:db:91:80:6d:45:cc:d7:58:23:2c:fd:58:
49:2d:73:3c:b8:7a:ac:81:2e:1a:de:20:90:41:2f:6a:ab:6f:
4c:92:f9:30:93:93:35:97:64:f1:9e:58:52:b8:ac:b5:51:1c:
7b:3a:10:0c:21:00:7e:8f:b9:e5:22:54:14:ed:a7:51:62:da:
20:8d:fd:5a:61:a4:f7:db:54:b3:9a:ee:b0:93:13:4f:0b:a4:
d0:b8:a4:46:56:cf:a5:08:5e:c7:e8:e2:97:b3:8a:78:cf:05:
e0:80:b2:7e:3f:38:6f:a9:bd:24:8c:71:33:1b:bf:a1:45:45:
7e:b8:f9:d6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVxJ3seSe0cpg1D6ssCB0USMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMmE1OGM2OTdhMTQ0OTk3NmIwZDExZDZmMTI2MDI1ZTE0
MDg5YzYwHhcNMjMwMTAyMDYyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTM5NTFjMzE1ZThhMjIyNjRjZGM2NzI5YWUyNjdkZDQ2YzQwZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPJXBLT9bkYKNxJ6yUlR2BKjs2bo
ocwmVKY/HfW9ZRJRt0CrKMeWSUWdfVx7s2KBKl1Ru6Azrrtk5G6AnUTCZPkBJ5tU
Tul/4hvzLThuy6phVx83B/kGP5qbQQTZPpL0O/mqndk3noDqkKueZGiZoVDYd8yO
8UGgi1vmp2m+NbG7yt6ARy3mYKypoQnDXHmn/PnjJRi6nM2irOLBeqNjVUoy3Uts
5bY/BsKdHNOwcvKWuuogvS3K+2rZLBCU+Q4Mm1U1uGWC4mh1AauFm4cx8bMSkLuY
HzivRLRvf+hgcz5nWUa9InmsjYt+K+alBuybOWiff7Nz62N/FCAIr0VEYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHU5UcMV6KIiZM3GcpriZ91GxA9UMB8GA1UdIwQY
MBaAFKoqWMaXoUSZdrDRHW8SYCXhQInGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgt
YmU2MjJjMzEzMmRmLzEvZFRsUnd4WG9vaUpremNaeW11Sm4zVWJFRDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgtYmU2MjJjMzEzMmRm
LzEvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDsjk4AwQD
wjqoAwQDwjq4MA0GCSqGSIb3DQEBCwUAA4IBAQBQ4ROQt6ZpHB9cr65fVvPgcd4R
mYEjGmieZEiKYZyfgc1LVX+pKmT5nTYNt/G8/mlPSQMsYNrGsiSWh+ASWjhfn9N4
4lr/Fkmd0W8mygr8ANpylrQgf3FWLb2Abf8OKQszqhFT6laJQt7bMcQrXk9uOihl
AoaZq5DZ9mgSJx1KbdOb4UDbkYBtRczXWCMs/VhJLXM8uHqsgS4a3iCQQS9qq29M
kvkwk5M1l2TxnlhSuKy1URx7OhAMIQB+j7nlIlQU7adRYtogjf1aYaT321Szmu6w
kxNPC6TQuKRGVs+lCF7H6OKXs4p4zwXggLJ+Pzhvqb0kjHEzG7+hRUV+uPnW
-----END CERTIFICATE-----
Generated at Tue Apr 22 15:59:46 2025 by rpki-client