Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/upfm45GXfo13IA76HfECzOf9hwo.roa
File: upfm45GXfo13IA76HfECzOf9hwo.roa (raw, json)
Hash identifier: U34ilWcfEyBD5C1M2JVx9Ex3UhnG5FAAuoZJ4fBXtnk=
Subject key identifier: BA:97:E6:E3:91:97:7E:8D:77:20:0E:FA:1D:F1:02:CC:E7:FD:87:0A
Certificate issuer: /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial: 01856E2FD506234122AD33C34D95E3C53E76
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/upfm45GXfo13IA76HfECzOf9hwo.roa
Signing time: Sun 01 Jan 2023 16:35:06 +0000
ROA not before: Sun 01 Jan 2023 16:35:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208136
IP address blocks: 2a01:b960:230d::/48 maxlen: 64
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:d5:06:23:41:22:ad:33:c3:4d:95:e3:c5:3e:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Validity
Not Before: Jan 1 16:35:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ba97e6e391977e8d77200efa1df102cce7fd870a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:57:0a:73:76:e6:5a:b6:2a:7d:51:c2:07:d5:
bc:1c:9b:7e:c0:a7:bf:4b:53:ac:95:1b:e2:8e:78:
00:3d:47:5e:b4:26:33:a4:cb:77:cf:16:1b:5f:1f:
e6:30:7e:b5:07:f8:52:6d:36:7a:2e:fa:59:43:57:
d5:94:23:e6:67:86:0c:25:52:c7:a4:65:b8:c7:aa:
71:8b:72:13:d3:e2:d6:14:43:8a:7a:e5:9a:9a:a2:
0b:81:f3:25:c4:93:7f:aa:ec:93:9a:2a:26:1b:18:
fe:45:e2:f6:0e:34:77:06:66:d5:f1:0f:8c:9d:ac:
8c:2d:ae:8b:2d:c9:8c:d9:af:e3:ec:92:57:b4:02:
92:34:95:ae:68:fb:5d:7d:aa:c2:f0:56:d0:6d:5e:
4f:20:88:98:83:b3:78:5a:dc:4a:a6:c7:d6:60:ce:
14:e0:ad:7e:74:c4:80:37:78:ef:b8:ea:f4:ce:e8:
6d:ef:11:55:4f:c8:4f:81:dc:63:fe:97:fc:c7:b1:
3f:2c:94:71:4e:33:b5:f8:84:72:97:ee:de:f8:2b:
a2:b6:b8:c8:01:3c:cc:7c:2a:1e:eb:ce:56:f4:8e:
9b:bf:3b:60:5c:c4:53:b0:fe:cf:77:0d:40:2f:58:
a6:e5:8f:43:24:a1:18:6f:8a:9e:16:f3:3f:59:8b:
98:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:97:E6:E3:91:97:7E:8D:77:20:0E:FA:1D:F1:02:CC:E7:FD:87:0A
X509v3 Authority Key Identifier:
keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/upfm45GXfo13IA76HfECzOf9hwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:b960:230d::/48
Signature Algorithm: sha256WithRSAEncryption
94:ee:a5:db:9a:38:87:5d:e0:3c:33:e9:f4:b1:ba:ab:2a:7a:
d4:ed:3b:b6:35:0a:b6:ab:55:7a:45:04:98:62:44:fb:f0:39:
e1:5c:6b:a9:93:0f:7d:f2:8c:a9:5b:e8:86:7d:0f:7f:4a:23:
84:b1:fc:f3:7f:4e:b2:c8:d9:ac:72:b0:80:ea:a7:fa:b2:0b:
4b:40:24:84:fb:75:8d:75:e9:79:7c:78:2a:a9:06:42:87:de:
af:09:3a:88:f3:c6:f9:94:62:4b:b8:ef:9d:d9:4e:7d:d5:1c:
76:57:6b:c5:e1:48:a5:09:33:d4:e7:89:24:50:59:2b:22:4f:
e3:0b:71:a9:9c:5e:eb:cd:32:82:fe:75:bf:14:f1:51:fd:95:
7a:06:fd:79:90:3d:ce:57:f5:44:0d:33:64:a2:b5:30:17:cc:
bd:33:2b:7b:af:e9:de:99:e0:5e:63:b1:39:a4:d0:de:f0:6d:
00:89:f4:f5:93:62:8e:a4:42:c9:9a:60:9c:d4:ce:1f:fe:01:
68:e7:35:2e:e3:1d:d0:ca:29:7e:0c:0d:74:dc:f3:0f:7c:cc:
f4:f4:7e:58:dc:ee:89:07:cb:04:28:76:98:35:71:66:09:07:
7d:97:ea:ae:4a:24:d8:2c:f9:b4:32:1a:e5:de:bb:60:75:15:
3f:28:d0:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVuL9UGI0EirTPDTZXjxT52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjMwMTAxMTYzNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTk3ZTZlMzkxOTc3ZThkNzcyMDBlZmExZGYxMDJjY2U3ZmQ4NzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1cKc3bmWrYqfVHCB9W8HJt+wKe/
S1OslRvijngAPUdetCYzpMt3zxYbXx/mMH61B/hSbTZ6LvpZQ1fVlCPmZ4YMJVLH
pGW4x6pxi3IT0+LWFEOKeuWamqILgfMlxJN/quyTmiomGxj+ReL2DjR3BmbV8Q+M
nayMLa6LLcmM2a/j7JJXtAKSNJWuaPtdfarC8FbQbV5PIIiYg7N4WtxKpsfWYM4U
4K1+dMSAN3jvuOr0zuht7xFVT8hPgdxj/pf8x7E/LJRxTjO1+IRyl+7e+CuitrjI
ATzMfCoe685W9I6bvztgXMRTsP7Pdw1AL1im5Y9DJKEYb4qeFvM/WYuY5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLqX5uORl36NdyAO+h3xAszn/YcKMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvdXBmbTQ1R1hmbzEzSUE3NkhmRUN6T2Y5aHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMN
MA0GCSqGSIb3DQEBCwUAA4IBAQCU7qXbmjiHXeA8M+n0sbqrKnrU7Tu2NQq2q1V6
RQSYYkT78DnhXGupkw998oypW+iGfQ9/SiOEsfzzf06yyNmscrCA6qf6sgtLQCSE
+3WNdel5fHgqqQZCh96vCTqI88b5lGJLuO+d2U591Rx2V2vF4UilCTPU54kkUFkr
Ik/jC3GpnF7rzTKC/nW/FPFR/ZV6Bv15kD3OV/VEDTNkorUwF8y9Myt7r+nemeBe
Y7E5pNDe8G0AifT1k2KOpELJmmCc1M4f/gFo5zUu4x3Qyil+DA103PMPfMz09H5Y
3O6JB8sEKHaYNXFmCQd9l+quSiTYLPm0Mhrl3rtgdRU/KNAi
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:59:49 2025 by rpki-client