Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/A-FG-qJLah4gHZWedRHzNaahU-c.roa
File: A-FG-qJLah4gHZWedRHzNaahU-c.roa (raw, json)
Hash identifier: DmzAfT41IivuP6oc7CknevHdaq/LjeCSuqDDKe+IQmA=
Subject key identifier: 03:E1:46:FA:A2:4B:6A:1E:20:1D:95:9E:75:11:F3:35:A6:A1:53:E7
Certificate issuer: /CN=9a3ce5c5a730cd8e2ff1f55d180f1a81b3000cc8
Certificate serial: 29C78DCD
Authority key identifier: 9A:3C:E5:C5:A7:30:CD:8E:2F:F1:F5:5D:18:0F:1A:81:B3:00:0C:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/A-FG-qJLah4gHZWedRHzNaahU-c.roa
Signing time: Sat 01 Jan 2022 10:55:07 +0000
ROA not before: Sat 01 Jan 2022 10:55:07 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 6774
IP address blocks: 213.137.128.0/21 maxlen: 21
213.137.135.0/24 maxlen: 24
213.137.134.0/24 maxlen: 24
213.137.137.0/24 maxlen: 24
213.137.136.0/24 maxlen: 24
213.137.138.0/24 maxlen: 24
213.137.139.0/24 maxlen: 24
213.137.158.0/24 maxlen: 24
80.84.16.0/20 maxlen: 20
80.84.31.0/24 maxlen: 24
80.84.30.0/24 maxlen: 24
94.102.160.0/20 maxlen: 20
80.84.29.0/24 maxlen: 24
94.102.175.0/24 maxlen: 24
195.234.24.0/24 maxlen: 24
2001:9b8::/32 maxlen: 32
2001:9b8:2::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 700943821 (0x29c78dcd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a3ce5c5a730cd8e2ff1f55d180f1a81b3000cc8
Validity
Not Before: Jan 1 10:55:07 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=03e146faa24b6a1e201d959e7511f335a6a153e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:c8:f0:cc:c7:0a:da:c5:be:da:41:70:48:0a:
b4:5f:97:32:20:5e:b7:89:ba:fc:97:57:c1:38:3e:
21:32:67:ae:b7:c0:6f:d6:fd:d3:c4:f2:79:f8:34:
18:1d:50:db:cb:36:87:92:a7:66:0c:a8:f5:22:79:
f2:7f:cc:65:c6:b9:21:e3:1d:b4:8c:e0:c1:47:3a:
a1:a0:f4:ac:52:10:f4:4d:85:7f:2d:1a:8f:65:4b:
ec:68:35:78:4e:74:04:7c:3a:1b:dd:d1:34:7a:55:
a2:97:c1:b6:af:e9:a4:51:0a:1f:4d:e0:f7:b2:e4:
ec:49:90:50:cc:d1:13:50:dd:22:69:a6:65:61:46:
a9:a6:ce:eb:61:3e:f3:06:e9:b9:96:e3:8b:48:c9:
2a:61:cd:66:83:be:d3:7c:cc:1a:6a:45:fb:0b:dc:
09:87:6b:b4:5a:a8:c4:b0:b5:58:a4:ff:ac:90:2f:
c7:2a:07:64:72:93:35:44:c1:c1:be:6a:f1:b0:3a:
20:ee:aa:64:b0:5c:79:54:54:bb:59:13:89:0a:55:
a1:7e:a6:de:cb:bd:29:f0:60:0b:ce:b1:e7:95:44:
7c:0f:79:e3:5d:c1:13:32:4a:a4:6f:1d:08:1d:1e:
10:4a:63:ff:fe:5e:57:ad:6f:00:ff:8c:be:3f:da:
69:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:E1:46:FA:A2:4B:6A:1E:20:1D:95:9E:75:11:F3:35:A6:A1:53:E7
X509v3 Authority Key Identifier:
keyid:9A:3C:E5:C5:A7:30:CD:8E:2F:F1:F5:5D:18:0F:1A:81:B3:00:0C:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/A-FG-qJLah4gHZWedRHzNaahU-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/mjzlxacwzY4v8fVdGA8agbMADMg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.84.16.0/20
94.102.160.0/20
195.234.24.0/24
213.137.128.0-213.137.139.255
213.137.158.0/24
IPv6:
2001:9b8::/32
Signature Algorithm: sha256WithRSAEncryption
30:85:31:48:02:e9:4a:30:5c:6e:e3:dc:33:cf:54:a9:76:28:
fe:a0:0e:80:0b:65:7a:ed:1d:ec:38:e9:a4:63:ff:da:59:0d:
88:bc:a4:85:4d:69:69:d4:e5:38:24:17:70:cc:6b:04:86:2a:
33:ae:ff:c1:7c:7f:dc:af:10:8e:50:53:47:4f:75:b4:22:81:
67:d0:38:40:ca:8e:0e:45:f7:5f:fe:04:21:6c:f2:f7:c8:ad:
fa:aa:35:4e:5b:53:a0:e9:ef:f8:80:b4:7c:9b:cb:1b:22:55:
22:60:70:ff:21:86:d2:53:e6:f1:3e:f9:42:a1:ab:60:3f:5b:
fa:ce:2b:7e:fd:a5:4b:ea:6b:fe:56:7f:b5:d0:d3:1b:25:cc:
c1:d3:19:2a:f0:a0:ee:e4:ca:a2:d3:c8:8f:63:31:46:37:14:
fe:67:5a:0c:df:3a:f7:e6:8f:bf:83:ac:72:85:86:44:69:44:
b4:3e:2b:69:50:a9:57:1a:5e:c2:0e:57:a2:35:88:90:36:49:
ef:28:df:fb:75:3e:47:ca:d8:99:89:59:a2:5f:72:9b:95:9c:
10:76:5a:fe:9d:e2:11:23:23:e0:fa:c2:4c:30:e6:77:f5:83:
23:21:58:00:d5:b0:56:f3:14:62:53:a1:20:12:42:b7:11:ac:
5a:6b:4f:e5
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIEKceNzTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YTNjZTVjNWE3MzBjZDhlMmZmMWY1NWQxODBmMWE4MWIzMDAwY2M4MB4XDTIyMDEw
MTEwNTUwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDNlMTQ2ZmFhMjRi
NmExZTIwMWQ5NTllNzUxMWYzMzVhNmExNTNlNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKPI8MzHCtrFvtpBcEgKtF+XMiBet4m6/JdXwTg+ITJnrrfA
b9b908Tyefg0GB1Q28s2h5KnZgyo9SJ58n/MZca5IeMdtIzgwUc6oaD0rFIQ9E2F
fy0aj2VL7Gg1eE50BHw6G93RNHpVopfBtq/ppFEKH03g97Lk7EmQUMzRE1DdImmm
ZWFGqabO62E+8wbpuZbji0jJKmHNZoO+03zMGmpF+wvcCYdrtFqoxLC1WKT/rJAv
xyoHZHKTNUTBwb5q8bA6IO6qZLBceVRUu1kTiQpVoX6m3su9KfBgC86x55VEfA95
413BEzJKpG8dCB0eEEpj//5eV61vAP+Mvj/aaXUCAwEAAaOCAjgwggI0MB0GA1Ud
DgQWBBQD4Ub6oktqHiAdlZ51EfM1pqFT5zAfBgNVHSMEGDAWgBSaPOXFpzDNji/x
9V0YDxqBswAMyDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21qemx4YWN3elk0djhmVmRHQThhZ2JNQURNZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvMDU4MGIyLWY2YTQtNGRlNi05MTAzLWEwMWQ3MjliMGEyMS8x
L0EtRkctcUpMYWg0Z0haV2VkUkh6TmFhaFUtYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
MDU4MGIyLWY2YTQtNGRlNi05MTAzLWEwMWQ3MjliMGEyMS8xL21qemx4YWN3elk0
djhmVmRHQThhZ2JNQURNZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBO
BggrBgEFBQcBBwEB/wQ/MD0wLAQCAAEwJgMEBFBUEAMEBF5moAMEAMPqGDAMAwQH
1YmAAwQC1YmIAwQA1YmeMA0EAgACMAcDBQAgAQm4MA0GCSqGSIb3DQEBCwUAA4IB
AQAwhTFIAulKMFxu49wzz1Spdij+oA6AC2V67R3sOOmkY//aWQ2IvKSFTWlp1OU4
JBdwzGsEhiozrv/BfH/crxCOUFNHT3W0IoFn0DhAyo4ORfdf/gQhbPL3yK36qjVO
W1Og6e/4gLR8m8sbIlUiYHD/IYbSU+bxPvlCoatgP1v6zit+/aVL6mv+Vn+10NMb
JczB0xkq8KDu5Mqi08iPYzFGNxT+Z1oM3zr35o+/g6xyhYZEaUS0PitpUKlXGl7C
DleiNYiQNknvKN/7dT5HytiZiVmiX3KblZwQdlr+neIRIyPg+sJMMOZ39YMjIVgA
1bBW8xRiU6EgEkK3Eaxaa0/l
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:30:06 2025 by rpki-client