Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/UUFTyzcIkSuYFVQOJOxg15zrfHo.roa
File: UUFTyzcIkSuYFVQOJOxg15zrfHo.roa (raw, json)
Hash identifier: ZhSr+Fvv1XlcMZaXbZ0V7uZJRZ1gK5vMiGZN0CxHguY=
Subject key identifier: 51:41:53:CB:37:08:91:2B:98:15:54:0E:24:EC:60:D7:9C:EB:7C:7A
Certificate issuer: /CN=3948869ce54b9d3b2f3e39aee2c9c8eb19cb5b0f
Certificate serial: 018572C37E477813C24740B0282C4E0F9258
Authority key identifier: 39:48:86:9C:E5:4B:9D:3B:2F:3E:39:AE:E2:C9:C8:EB:19:CB:5B:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OUiGnOVLnTsvPjmu4snI6xnLWw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/UUFTyzcIkSuYFVQOJOxg15zrfHo.roa
Signing time: Mon 02 Jan 2023 13:54:52 +0000
ROA not before: Mon 02 Jan 2023 13:54:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201503
IP address blocks: 185.72.210.0/24 maxlen: 24
185.72.208.0/24 maxlen: 24
185.72.208.0/22 maxlen: 22
82.163.120.0/22 maxlen: 22
82.163.132.0/22 maxlen: 22
2a05:3950::/31 maxlen: 31
2a05:3950:f000::/36 maxlen: 36
2a05:3950:8660::/48 maxlen: 48
2a05:3950:8000::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:c3:7e:47:78:13:c2:47:40:b0:28:2c:4e:0f:92:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3948869ce54b9d3b2f3e39aee2c9c8eb19cb5b0f
Validity
Not Before: Jan 2 13:54:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=514153cb3708912b9815540e24ec60d79ceb7c7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:b3:99:79:7a:24:b4:5f:12:df:2a:27:91:94:
f4:30:30:c2:69:27:83:ef:73:40:72:da:c1:79:81:
32:1b:d5:93:4e:b2:2b:39:9e:57:b2:73:3f:f4:b7:
71:dd:9c:f9:27:ff:95:ea:e2:68:e7:20:66:0b:63:
43:f2:cd:7c:e6:c0:c0:75:20:ae:c7:02:c7:1e:8b:
db:2c:77:ca:35:c9:24:a8:eb:8d:40:f7:59:a9:41:
1c:d1:c7:c7:2b:47:1a:8b:84:a8:06:de:e3:39:fa:
71:88:a0:ee:bf:3d:88:b0:6b:fc:c0:53:98:c0:c5:
72:aa:11:b5:8c:65:ed:4b:0c:bc:19:2b:f2:ce:61:
4a:32:91:cb:dc:20:bc:3d:bb:d6:1c:d5:86:9a:0d:
3e:24:28:08:59:70:ce:5c:65:3c:b6:42:94:b5:65:
62:38:aa:c5:d2:14:d6:2d:52:59:56:33:3d:fc:df:
7d:b3:75:ba:00:9e:c1:f6:c9:98:3a:62:98:5c:39:
fa:77:37:77:f3:cb:bf:74:94:74:30:a4:f2:65:20:
9c:8e:16:13:0f:63:e8:75:4b:3f:35:f6:8e:84:b6:
a0:90:05:be:b9:78:8d:35:cf:18:b5:45:86:52:98:
15:cb:8f:a2:2f:d9:b7:9a:88:ed:2e:09:cd:f2:9c:
af:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:41:53:CB:37:08:91:2B:98:15:54:0E:24:EC:60:D7:9C:EB:7C:7A
X509v3 Authority Key Identifier:
keyid:39:48:86:9C:E5:4B:9D:3B:2F:3E:39:AE:E2:C9:C8:EB:19:CB:5B:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OUiGnOVLnTsvPjmu4snI6xnLWw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/UUFTyzcIkSuYFVQOJOxg15zrfHo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/OUiGnOVLnTsvPjmu4snI6xnLWw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.163.120.0/22
82.163.132.0/22
185.72.208.0/22
IPv6:
2a05:3950::/31
Signature Algorithm: sha256WithRSAEncryption
70:d1:b1:30:d3:00:82:5d:8b:3a:b9:cb:d8:51:3b:2d:9c:24:
8e:11:d5:23:8c:5c:c3:a5:fa:98:da:72:37:7c:4c:2c:3e:b7:
66:63:f8:cd:59:1e:94:c0:bf:dd:58:bf:50:55:f2:54:2e:42:
d9:9f:7b:2b:18:db:54:c9:0a:e9:4b:cb:b7:d2:65:bc:16:4f:
d3:93:ee:69:77:a7:af:df:bd:35:11:3a:d9:16:ca:d9:b7:23:
de:c1:e6:4e:8c:20:4b:3c:d4:d7:fa:61:ca:0e:80:bf:4f:56:
e4:1b:38:06:53:41:00:cb:ba:1c:99:6d:38:41:a6:04:e0:d8:
7c:89:58:17:5b:0e:78:28:bf:f1:15:ba:99:fb:f7:f4:e4:78:
b2:8c:7d:7b:c5:4f:59:6d:2c:aa:b3:51:93:d8:af:f8:1b:91:
88:7e:18:36:91:49:80:fb:5f:82:0f:29:b5:75:b1:e1:92:a8:
e6:13:07:af:30:11:17:ee:45:f1:1c:9d:77:a4:76:e9:ec:d5:
8f:6b:4e:14:f2:cf:03:0c:4b:7d:17:34:9c:c5:a3:17:d9:f9:
5f:15:cf:d4:a8:45:d4:e0:64:f4:50:a1:1f:d7:11:19:d1:be:
32:f0:7a:79:e6:8a:4a:78:84:12:0b:ca:d9:d4:50:bd:a1:48:
fb:90:09:56
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVyw35HeBPCR0CwKCxOD5JYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NDg4NjljZTU0YjlkM2IyZjNlMzlhZWUyYzljOGViMTlj
YjViMGYwHhcNMjMwMTAyMTM1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTQxNTNjYjM3MDg5MTJiOTgxNTU0MGUyNGVjNjBkNzljZWI3YzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbOZeXoktF8S3yonkZT0MDDCaSeD
73NActrBeYEyG9WTTrIrOZ5XsnM/9Ldx3Zz5J/+V6uJo5yBmC2ND8s185sDAdSCu
xwLHHovbLHfKNckkqOuNQPdZqUEc0cfHK0cai4SoBt7jOfpxiKDuvz2IsGv8wFOY
wMVyqhG1jGXtSwy8GSvyzmFKMpHL3CC8PbvWHNWGmg0+JCgIWXDOXGU8tkKUtWVi
OKrF0hTWLVJZVjM9/N99s3W6AJ7B9smYOmKYXDn6dzd388u/dJR0MKTyZSCcjhYT
D2PodUs/NfaOhLagkAW+uXiNNc8YtUWGUpgVy4+iL9m3mojtLgnN8pyv1QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFFBU8s3CJErmBVUDiTsYNec63x6MB8GA1UdIwQY
MBaAFDlIhpzlS507Lz45ruLJyOsZy1sPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1VpR25PVkxuVHN2UGptdTRzbkk2eG5MV3c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9kZDAxODktNzk2OS00ZmQ1LTk3NDct
MjhiZGFiY2E3MGNiLzEvVVVGVHl6Y0lrU3VZRlZRT0pPeGcxNXpyZkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9kZDAxODktNzk2OS00ZmQ1LTk3NDctMjhiZGFiY2E3MGNi
LzEvT1VpR25PVkxuVHN2UGptdTRzbkk2eG5MV3c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCUqN4AwQC
UqOEAwQCuUjQMA0EAgACMAcDBQEqBTlQMA0GCSqGSIb3DQEBCwUAA4IBAQBw0bEw
0wCCXYs6ucvYUTstnCSOEdUjjFzDpfqY2nI3fEwsPrdmY/jNWR6UwL/dWL9QVfJU
LkLZn3srGNtUyQrpS8u30mW8Fk/Tk+5pd6ev3701ETrZFsrZtyPeweZOjCBLPNTX
+mHKDoC/T1bkGzgGU0EAy7ocmW04QaYE4Nh8iVgXWw54KL/xFbqZ+/f05HiyjH17
xU9ZbSyqs1GT2K/4G5GIfhg2kUmA+1+CDym1dbHhkqjmEwevMBEX7kXxHJ13pHbp
7NWPa04U8s8DDEt9FzScxaMX2flfFc/UqEXU4GT0UKEf1xEZ0b4y8Hp55opKeIQS
C8rZ1FC9oUj7kAlW
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:39:29 2025 by rpki-client