Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa
File: 2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa (raw, json)
Hash identifier: 7YytHD0ujx8WCCF0VVvlI3T2qlhKk4AzfG8B4m0PLXY=
Subject key identifier: D9:7E:63:11:A1:CA:01:6E:32:21:75:AC:69:74:8B:99:C6:46:7E:AA
Certificate issuer: /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial: 018779D121432E3906A715CEF10336DD3AD0
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa
Signing time: Thu 13 Apr 2023 08:52:41 +0000
ROA not before: Thu 13 Apr 2023 08:52:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39835
IP address blocks: 81.20.112.0/20 maxlen: 20
5.34.224.0/21 maxlen: 21
188.74.32.0/22 maxlen: 22
188.74.32.0/20 maxlen: 24
188.74.36.0/24 maxlen: 24
188.74.37.0/24 maxlen: 24
188.74.38.0/24 maxlen: 24
188.74.44.0/22 maxlen: 22
185.75.150.0/24 maxlen: 24
185.75.148.0/24 maxlen: 24
185.75.149.0/24 maxlen: 24
2a03:4b20::/29 maxlen: 40
2a03:6880::/32 maxlen: 32
2a03:4b20:f000::/36 maxlen: 36
2a03:4b20::/32 maxlen: 32
2a03:4b21::/32 maxlen: 32
2a03:4b22::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:79:d1:21:43:2e:39:06:a7:15:ce:f1:03:36:dd:3a:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Validity
Not Before: Apr 13 08:52:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d97e6311a1ca016e322175ac69748b99c6467eaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:3f:ca:c6:20:34:6a:ff:1d:fb:86:97:40:72:
ff:57:2b:29:78:c1:51:58:97:d1:23:52:0e:5f:48:
7d:e9:3a:14:32:1c:7c:13:4a:84:ba:a3:28:2b:59:
71:e7:7b:9c:89:04:f7:65:01:10:1c:3c:96:c4:6f:
1c:8e:56:23:9e:70:c7:f9:49:56:10:99:03:19:31:
9e:2a:76:25:33:0a:f3:39:44:5e:9d:c7:01:91:f1:
31:0b:24:e3:f6:eb:ae:8c:18:c5:02:b7:d0:a1:33:
90:ab:c0:ae:15:2a:28:f8:5c:50:6c:b2:9b:99:cc:
da:de:3c:a3:3a:87:c7:af:99:c2:4f:7f:c3:53:28:
22:a8:1a:24:a1:2a:b4:82:72:42:f1:44:44:b6:c9:
2e:69:bf:5b:ac:f4:97:09:3b:7c:cf:3c:09:14:6a:
ee:18:eb:9f:00:e7:53:82:76:3a:a1:62:a2:6b:90:
2c:17:ac:36:69:b2:50:62:dd:79:e7:17:a0:ee:49:
75:7b:28:e1:e8:f4:c0:15:f1:8d:bf:cf:16:65:36:
e3:1f:53:e9:ab:c6:48:78:a4:6f:90:6f:bc:8d:ba:
01:61:0d:0d:77:b3:5f:0d:6a:e7:62:89:a9:92:a8:
50:86:09:35:27:d6:6d:1b:99:8c:dc:9f:8e:dd:31:
7c:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:7E:63:11:A1:CA:01:6E:32:21:75:AC:69:74:8B:99:C6:46:7E:AA
X509v3 Authority Key Identifier:
keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.224.0/21
81.20.112.0/20
185.75.148.0-185.75.150.255
188.74.32.0/20
IPv6:
2a03:4b20::/29
2a03:6880::/32
Signature Algorithm: sha256WithRSAEncryption
17:dc:a4:25:40:2e:4d:88:c4:49:c3:d2:d5:65:b8:8b:4e:6c:
d2:0f:c8:4b:10:4e:de:47:32:94:e6:f5:2e:39:51:60:83:37:
7b:11:c6:50:99:0e:55:5c:d1:d0:d4:25:5e:82:e3:ec:6e:2a:
0b:65:87:92:19:c2:9c:1d:58:35:0e:6e:70:8c:49:f4:9e:7f:
a9:71:66:d3:fb:99:24:56:cc:b3:d1:e0:f1:7f:d0:0d:c3:2b:
f9:a5:57:5f:49:d3:37:28:e1:28:ad:cb:9a:41:5b:d8:88:d2:
91:25:6e:2b:28:ce:bd:65:fd:ae:20:a5:03:2b:e1:96:f5:02:
14:a8:56:bc:50:f8:da:db:63:4c:b0:c5:77:ea:66:cc:f6:08:
6d:24:53:78:61:e0:60:e7:d9:0e:33:75:7e:7a:bd:7e:32:01:
6f:a3:6d:8e:70:8c:b6:e0:7b:58:10:30:89:e8:b8:76:e8:be:
02:5d:1e:38:98:17:a3:7b:fc:47:dd:09:d6:e3:5a:a2:2a:31:
e0:8c:12:bd:f0:89:3f:b8:35:d0:c1:a6:4d:c2:e5:2e:d3:a2:
ea:bd:e3:74:9c:da:f1:b4:ff:86:e8:23:20:12:d9:e4:c1:f0:
72:33:d4:4e:95:b0:e4:f4:e4:3a:49:cf:d1:79:1e:ca:e7:c3:
40:04:9e:39
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYd50SFDLjkGpxXO8QM23TrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjMwNDEzMDg1MjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTdlNjMxMWExY2EwMTZlMzIyMTc1YWM2OTc0OGI5OWM2NDY3ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD/KxiA0av8d+4aXQHL/VyspeMFR
WJfRI1IOX0h96ToUMhx8E0qEuqMoK1lx53uciQT3ZQEQHDyWxG8cjlYjnnDH+UlW
EJkDGTGeKnYlMwrzOURenccBkfExCyTj9uuujBjFArfQoTOQq8CuFSoo+FxQbLKb
mcza3jyjOofHr5nCT3/DUygiqBokoSq0gnJC8UREtskuab9brPSXCTt8zzwJFGru
GOufAOdTgnY6oWKia5AsF6w2abJQYt155xeg7kl1eyjh6PTAFfGNv88WZTbjH1Pp
q8ZIeKRvkG+8jboBYQ0Nd7NfDWrnYompkqhQhgk1J9ZtG5mM3J+O3TF8MwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNl+YxGhygFuMiF1rGl0i5nGRn6qMB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvMlg1akVhSEtBVzR5SVhXc2FYU0xtY1pHZnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgAwQDBSLgAwQE
URRwMAwDBAK5S5QDBAC5S5YDBAS8SiAwFAQCAAIwDgMFAyoDSyADBQAqA2iAMA0G
CSqGSIb3DQEBCwUAA4IBAQAX3KQlQC5NiMRJw9LVZbiLTmzSD8hLEE7eRzKU5vUu
OVFggzd7EcZQmQ5VXNHQ1CVeguPsbioLZYeSGcKcHVg1Dm5wjEn0nn+pcWbT+5kk
Vsyz0eDxf9ANwyv5pVdfSdM3KOEorcuaQVvYiNKRJW4rKM69Zf2uIKUDK+GW9QIU
qFa8UPja22NMsMV36mbM9ghtJFN4YeBg59kOM3V+er1+MgFvo22OcIy24HtYEDCJ
6Lh26L4CXR44mBeje/xH3QnW41qiKjHgjBK98Ik/uDXQwaZNwuUu06LqveN0nNrx
tP+G6CMgEtnkwfByM9ROlbDk9OQ6Sc/ReR7K58NABJ45
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:42:10 2025 by rpki-client