Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/WN-OKeSIz_Fnz1VfA2QSWEpjgf4.roa
File: WN-OKeSIz_Fnz1VfA2QSWEpjgf4.roa (raw, json)
Hash identifier: MTv1VjsVYFX+oZ4kS5+3Yfq4BdIIxVqpjQph2uATwfQ=
Subject key identifier: 58:DF:8E:29:E4:88:CF:F1:67:CF:55:5F:03:64:12:58:4A:63:81:FE
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 018C87DCB8017A8CDBCBEE319B6EE936CEFF
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/WN-OKeSIz_Fnz1VfA2QSWEpjgf4.roa
Signing time: Wed 20 Dec 2023 15:33:58 +0000
ROA not before: Wed 20 Dec 2023 15:33:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211286
IP address blocks: 2a0d:8d04:71a::/48 maxlen: 48
2a0d:8d04:71d::/48 maxlen: 48
2a0d:8d04::/32 maxlen: 48
2a0d:8d04:71b::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:87:dc:b8:01:7a:8c:db:cb:ee:31:9b:6e:e9:36:ce:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Dec 20 15:33:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=58df8e29e488cff167cf555f036412584a6381fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:37:95:fa:66:47:36:31:d7:46:b7:25:81:94:
21:78:e5:13:ad:23:bb:7e:7a:ff:71:1e:5b:d1:96:
27:a8:17:7e:4a:8a:c9:37:ea:0c:1a:88:49:d2:cd:
df:eb:d0:d1:ab:d3:7f:31:22:20:ac:f2:ec:d6:fc:
ee:b1:0a:f7:b0:a8:fd:e0:a1:f8:91:e0:33:07:96:
55:63:a6:36:7c:d5:25:ad:ca:a8:b9:ce:14:de:47:
5e:21:42:d6:da:55:dc:93:42:03:9f:1d:eb:ed:cd:
12:67:66:88:c4:dd:7f:3d:d1:82:e2:9d:2d:54:6e:
bc:5d:2b:da:4a:dc:5d:02:00:8e:c5:a1:bf:e3:3b:
56:5b:79:01:4b:88:be:39:74:0a:09:2c:ee:0d:79:
7d:8c:4a:f7:8d:de:71:a3:44:d0:49:e9:d6:53:2b:
02:30:52:60:b0:41:71:5f:67:9e:64:17:b9:c3:e6:
2d:ee:cf:e0:10:b2:5e:d4:1b:29:7c:18:2c:71:1c:
7b:7b:01:fa:5f:19:6b:d5:8a:78:07:6c:8c:35:93:
e4:67:21:85:02:28:0b:a0:38:81:c8:cd:dd:80:da:
3e:eb:8f:05:53:8e:ee:0d:4d:1c:f8:fb:b7:8b:40:
ea:ce:23:98:55:1d:64:79:aa:c8:8c:cf:91:28:57:
b6:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:DF:8E:29:E4:88:CF:F1:67:CF:55:5F:03:64:12:58:4A:63:81:FE
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/WN-OKeSIz_Fnz1VfA2QSWEpjgf4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:8d04::/32
Signature Algorithm: sha256WithRSAEncryption
29:5f:21:49:11:0b:ba:c3:22:41:07:7e:20:1a:4e:b2:0b:80:
2b:36:35:7c:5b:31:7c:76:8c:6e:55:55:43:53:8d:25:10:78:
06:08:49:1d:72:67:ae:22:65:35:60:56:25:f2:0d:30:d7:05:
07:23:6e:04:9d:ad:1d:f6:c4:60:32:1d:c5:f8:ab:3b:e1:94:
b3:27:3c:78:36:0d:a8:fd:2c:2e:6f:31:79:03:0b:6f:06:9c:
01:0f:a4:9f:ef:e0:72:3e:f0:f8:ab:71:7b:d6:e8:20:62:32:
7b:4e:31:3a:64:5c:59:f1:4d:d1:ee:da:87:b2:4f:fb:f9:e0:
20:59:65:f5:1c:7e:92:7f:3a:63:02:bf:87:65:57:a8:01:bd:
7f:7c:55:07:ea:fe:dc:05:ab:57:57:a7:fa:cc:2c:5e:83:fc:
e8:8e:8a:97:25:5d:3d:83:8d:05:c5:5d:9d:05:9f:0b:11:d2:
6f:97:75:66:00:14:2f:e1:36:f3:ec:cb:94:35:f5:9f:5b:9e:
ae:e8:d7:e3:2c:65:30:38:5a:c0:dd:bc:ff:c2:95:1d:7a:ef:
76:e9:ad:b5:96:76:3e:ca:1b:aa:19:3d:65:b0:7c:0b:aa:db:
5b:f4:2e:68:fa:ce:b4:76:68:33:17:4f:1f:2a:e6:77:d2:05:
d2:5c:36:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYyH3LgBeozby+4xm27pNs7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjMxMjIwMTUzMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGRmOGUyOWU0ODhjZmYxNjdjZjU1NWYwMzY0MTI1ODRhNjM4MWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTeV+mZHNjHXRrclgZQheOUTrSO7
fnr/cR5b0ZYnqBd+SorJN+oMGohJ0s3f69DRq9N/MSIgrPLs1vzusQr3sKj94KH4
keAzB5ZVY6Y2fNUlrcqouc4U3kdeIULW2lXck0IDnx3r7c0SZ2aIxN1/PdGC4p0t
VG68XSvaStxdAgCOxaG/4ztWW3kBS4i+OXQKCSzuDXl9jEr3jd5xo0TQSenWUysC
MFJgsEFxX2eeZBe5w+Yt7s/gELJe1BspfBgscRx7ewH6Xxlr1Yp4B2yMNZPkZyGF
AigLoDiByM3dgNo+648FU47uDU0c+Pu3i0DqziOYVR1kearIjM+RKFe2HwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFjfjinkiM/xZ89VXwNkElhKY4H+MB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvV04tT0tlU0l6X0ZuejFWZkEyUVNXRXBqZ2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2NBDAN
BgkqhkiG9w0BAQsFAAOCAQEAKV8hSRELusMiQQd+IBpOsguAKzY1fFsxfHaMblVV
Q1ONJRB4BghJHXJnriJlNWBWJfINMNcFByNuBJ2tHfbEYDIdxfirO+GUsyc8eDYN
qP0sLm8xeQMLbwacAQ+kn+/gcj7w+Ktxe9boIGIye04xOmRcWfFN0e7ah7JP+/ng
IFll9Rx+kn86YwK/h2VXqAG9f3xVB+r+3AWrV1en+swsXoP86I6KlyVdPYONBcVd
nQWfCxHSb5d1ZgAUL+E28+zLlDX1n1uerujX4yxlMDhawN28/8KVHXrvdumttZZ2
Psobqhk9ZbB8C6rbW/QuaPrOtHZoMxdPHyrmd9IF0lw2ZA==
-----END CERTIFICATE-----
Generated at Sun Jun 8 20:29:38 2025 by rpki-client