Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Twc7Nked8LDsYzTpQmuJtXGcqYo.roa
File: Twc7Nked8LDsYzTpQmuJtXGcqYo.roa (raw, json)
Hash identifier: 37GLd4MI0kFE4UP3lvfZP4BZk+xXWiGO+hGulrOjVtk=
Subject key identifier: 4F:07:3B:36:47:9D:F0:B0:EC:63:34:E9:42:6B:89:B5:71:9C:A9:8A
Certificate issuer: /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial: 01878624C86236AD31586604EAD1C96403C7
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Twc7Nked8LDsYzTpQmuJtXGcqYo.roa
Signing time: Sat 15 Apr 2023 18:19:30 +0000
ROA not before: Sat 15 Apr 2023 18:19:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42337
IP address blocks: 2.188.225.0/24 maxlen: 24
2.188.224.0/20 maxlen: 20
2.188.232.0/23 maxlen: 23
2.188.234.0/24 maxlen: 24
2.188.236.0/23 maxlen: 23
2.188.240.0/20 maxlen: 20
2.188.164.0/22 maxlen: 22
2.188.160.0/22 maxlen: 22
2.188.165.0/24 maxlen: 24
2.188.161.0/24 maxlen: 24
2.188.176.0/23 maxlen: 23
2.188.192.0/19 maxlen: 19
2.189.160.0/21 maxlen: 21
2.189.168.0/21 maxlen: 21
2.188.212.0/23 maxlen: 23
2.189.80.0/21 maxlen: 21
2.189.88.0/21 maxlen: 21
2.188.60.0/22 maxlen: 22
2.188.72.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:86:24:c8:62:36:ad:31:58:66:04:ea:d1:c9:64:03:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Validity
Not Before: Apr 15 18:19:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4f073b36479df0b0ec6334e9426b89b5719ca98a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:ea:35:b8:1e:7b:42:db:93:50:70:7d:4d:fe:
54:a1:5f:2a:68:c2:67:aa:a4:d8:04:b8:04:db:55:
c5:4e:f3:b8:2e:02:03:5f:fa:1f:ee:26:13:bf:94:
b0:b8:31:b0:d0:8b:83:d5:32:b2:2a:8b:62:d0:8e:
0d:5a:e7:ea:e9:e2:c8:c2:aa:10:8f:41:f3:20:66:
2b:eb:33:91:54:53:7e:68:c3:75:44:7c:16:ae:3a:
4c:a5:b6:a6:5d:11:a8:8b:e9:48:d6:9b:38:ef:65:
89:0a:16:1c:c6:ca:07:f9:89:d0:c8:41:e6:37:ce:
79:9a:7a:f0:aa:d1:e6:4f:84:5d:2a:70:b5:ee:23:
6a:2f:af:d4:b8:03:bd:68:cc:a0:c2:5d:80:30:8f:
ae:a0:98:66:7f:f1:25:dd:36:38:ad:a2:25:a3:db:
f8:04:74:8a:5f:49:ca:9a:35:e3:9b:51:04:74:f8:
6e:05:a2:e3:d5:a5:60:9e:cc:71:6b:11:81:c4:4e:
88:3a:94:c5:47:95:72:1d:4b:1e:8a:d9:34:29:33:
67:86:27:4a:8a:3d:23:bc:ca:0c:42:00:1a:db:d1:
5d:42:8f:95:50:10:35:d0:aa:b7:8f:01:9d:ce:0b:
0f:c1:1f:48:82:2b:06:a8:47:4d:05:1f:0e:25:4d:
94:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:07:3B:36:47:9D:F0:B0:EC:63:34:E9:42:6B:89:B5:71:9C:A9:8A
X509v3 Authority Key Identifier:
keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Twc7Nked8LDsYzTpQmuJtXGcqYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.188.60.0/22
2.188.72.0/22
2.188.160.0/21
2.188.176.0/23
2.188.192.0/18
2.189.80.0/20
2.189.160.0/20
Signature Algorithm: sha256WithRSAEncryption
61:50:8f:67:15:cf:57:44:67:8e:b3:b1:26:d8:3b:dd:94:e5:
89:41:4f:53:91:8f:c7:71:08:12:88:a7:08:c4:ff:dc:41:02:
26:b8:1e:31:bf:aa:e0:3e:11:69:c6:33:d4:7d:f2:37:d6:d1:
c8:e0:e0:65:ec:24:3a:05:84:54:56:ba:36:fe:c7:d7:2d:9a:
2a:c2:b3:00:eb:17:60:48:0e:4c:65:48:c1:c3:b9:66:8c:ee:
d1:01:24:02:96:34:cf:0e:30:d9:b3:1a:13:dd:73:b8:35:66:
74:ad:9f:fd:c9:71:16:e5:bc:10:27:3e:40:d6:5c:52:d7:7f:
fe:d4:22:fd:bc:df:dc:76:4a:02:ad:f3:f8:d3:cb:29:52:75:
bb:f2:32:a4:33:a7:43:fa:9b:aa:6b:cd:b3:2e:60:29:16:e7:
9b:ea:b3:8b:4e:b9:35:31:78:59:ff:04:69:40:25:a0:f5:d8:
22:6d:3c:37:47:64:d6:00:f2:5a:8e:98:c4:09:93:db:ee:12:
9e:e1:d1:ef:e8:a5:0a:ee:dc:9c:5a:40:12:fe:a1:96:8e:af:
18:d7:7f:fa:cd:7d:ae:a6:78:4a:81:05:dc:d8:54:c5:8a:01:
41:23:0b:49:b0:98:05:5e:b8:61:3a:fa:de:98:8c:c4:4d:79:
30:7f:e3:f9
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYeGJMhiNq0xWGYE6tHJZAPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMwNDE1MTgxOTMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjA3M2IzNjQ3OWRmMGIwZWM2MzM0ZTk0MjZiODliNTcxOWNhOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+o1uB57QtuTUHB9Tf5UoV8qaMJn
qqTYBLgE21XFTvO4LgIDX/of7iYTv5SwuDGw0IuD1TKyKoti0I4NWufq6eLIwqoQ
j0HzIGYr6zORVFN+aMN1RHwWrjpMpbamXRGoi+lI1ps472WJChYcxsoH+YnQyEHm
N855mnrwqtHmT4RdKnC17iNqL6/UuAO9aMygwl2AMI+uoJhmf/El3TY4raIlo9v4
BHSKX0nKmjXjm1EEdPhuBaLj1aVgnsxxaxGBxE6IOpTFR5VyHUseitk0KTNnhidK
ij0jvMoMQgAa29FdQo+VUBA10Kq3jwGdzgsPwR9IgisGqEdNBR8OJU2U3QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFE8HOzZHnfCw7GM06UJribVxnKmKMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvVHdjN05rZWQ4TERzWXpUcFFtdUp0WEdjcVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCArw8AwQC
ArxIAwQDArygAwQBArywAwQGArzAAwQEAr1QAwQEAr2gMA0GCSqGSIb3DQEBCwUA
A4IBAQBhUI9nFc9XRGeOs7Em2DvdlOWJQU9TkY/HcQgSiKcIxP/cQQImuB4xv6rg
PhFpxjPUffI31tHI4OBl7CQ6BYRUVro2/sfXLZoqwrMA6xdgSA5MZUjBw7lmjO7R
ASQCljTPDjDZsxoT3XO4NWZ0rZ/9yXEW5bwQJz5A1lxS13/+1CL9vN/cdkoCrfP4
08spUnW78jKkM6dD+puqa82zLmApFueb6rOLTrk1MXhZ/wRpQCWg9dgibTw3R2TW
APJajpjECZPb7hKe4dHv6KUK7tycWkAS/qGWjq8Y13/6zX2upnhKgQXc2FTFigFB
IwtJsJgFXrhhOvremIzETXkwf+P5
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:21:20 2025 by rpki-client