Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/nMvJGa-7QvUa1e5E4yjsRaB1fXY.roa
File: nMvJGa-7QvUa1e5E4yjsRaB1fXY.roa (raw, json)
Hash identifier: 1Qtbnsqpl6e8dyhq8XoEtEj2wujLZPhBwRLuwkMip5I=
Subject key identifier: 9C:CB:C9:19:AF:BB:42:F5:1A:D5:EE:44:E3:28:EC:45:A0:75:7D:76
Certificate issuer: /CN=4a88f3ab94a07587220e3d716f7b717df1d9e6d6
Certificate serial: 0185704BCC38B01F64C5B61267919E08F52C
Authority key identifier: 4A:88:F3:AB:94:A0:75:87:22:0E:3D:71:6F:7B:71:7D:F1:D9:E6:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Sojzq5SgdYciDj1xb3txffHZ5tY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/nMvJGa-7QvUa1e5E4yjsRaB1fXY.roa
Signing time: Mon 02 Jan 2023 02:24:53 +0000
ROA not before: Mon 02 Jan 2023 02:24:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49567
IP address blocks: 84.252.108.0/22 maxlen: 22
185.76.224.0/22 maxlen: 22
31.217.240.0/21 maxlen: 21
45.154.100.0/22 maxlen: 22
185.213.132.0/22 maxlen: 22
45.155.24.0/22 maxlen: 22
94.198.120.0/21 maxlen: 21
2a03:7100::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:4b:cc:38:b0:1f:64:c5:b6:12:67:91:9e:08:f5:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4a88f3ab94a07587220e3d716f7b717df1d9e6d6
Validity
Not Before: Jan 2 02:24:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ccbc919afbb42f51ad5ee44e328ec45a0757d76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:07:e4:70:3f:e0:b1:ba:86:5b:d9:ef:52:82:
ef:db:d6:1c:71:bc:26:e5:e8:f7:43:e3:77:7b:bd:
a3:da:1e:eb:86:a0:99:8c:7e:11:31:7b:38:c2:2b:
0a:a4:6d:a6:0f:16:81:fe:16:97:3c:b8:8f:b2:94:
48:2f:cc:06:f6:6c:c6:4c:e3:45:29:c1:27:5a:9b:
b7:08:70:22:0a:70:ef:c9:75:d9:17:65:16:28:13:
ee:55:ac:67:20:95:7b:f7:62:c6:f7:60:1a:b8:e8:
db:08:cc:80:41:e0:ff:60:29:72:7a:18:34:92:a8:
f2:3a:44:69:a1:e1:be:ca:00:65:5f:38:53:e3:39:
d8:8c:49:39:ea:5c:26:0c:8a:d0:11:eb:32:37:57:
30:f2:d2:26:3e:26:4d:c1:8c:41:ab:86:ad:f8:de:
15:a4:81:03:a0:5c:85:e5:11:69:a3:b4:93:e5:9e:
f2:06:ff:98:35:8b:b4:2a:56:a2:9d:6b:3f:ba:72:
4e:94:62:d8:07:c3:41:54:cb:8c:f0:71:11:1b:fd:
7d:94:cd:69:07:e8:da:e7:a6:75:17:19:4f:ef:84:
e1:72:ef:8b:fb:39:69:23:01:ec:db:9a:f8:6e:14:
ef:84:07:62:4c:34:36:16:49:4a:40:0a:8a:cc:ef:
f0:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:CB:C9:19:AF:BB:42:F5:1A:D5:EE:44:E3:28:EC:45:A0:75:7D:76
X509v3 Authority Key Identifier:
keyid:4A:88:F3:AB:94:A0:75:87:22:0E:3D:71:6F:7B:71:7D:F1:D9:E6:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sojzq5SgdYciDj1xb3txffHZ5tY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/nMvJGa-7QvUa1e5E4yjsRaB1fXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/Sojzq5SgdYciDj1xb3txffHZ5tY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.240.0/21
45.154.100.0/22
45.155.24.0/22
84.252.108.0/22
94.198.120.0/21
185.76.224.0/22
185.213.132.0/22
IPv6:
2a03:7100::/29
Signature Algorithm: sha256WithRSAEncryption
95:75:45:8a:69:62:ff:2c:f9:af:3a:54:2c:6a:c1:13:87:fb:
4f:d8:9a:51:21:bd:ac:2d:4f:5d:d0:89:f0:a4:d9:a2:23:a9:
ee:95:d2:87:93:e1:41:4b:48:1c:cb:e4:01:42:94:3a:51:ae:
70:1e:af:fc:c1:f0:ca:27:2c:41:3f:97:36:d8:38:c9:a9:45:
cd:70:8d:b9:32:30:33:a1:b3:2f:f4:10:76:e5:0c:d8:fb:38:
af:ff:7b:f7:06:31:5f:47:5e:ce:6d:64:ae:5a:52:85:4b:32:
1e:6d:b8:7d:f0:49:f1:aa:7a:e0:12:4b:8e:6d:1f:d5:f7:bc:
3d:f9:a5:e1:8f:cf:c7:85:45:51:b6:39:72:bd:02:94:39:6d:
e2:40:32:fc:6f:fd:fa:4f:66:34:60:35:ab:a0:88:48:40:a8:
5b:a2:1f:cb:b1:80:24:0b:cf:ec:9e:95:33:63:cc:c4:e7:2b:
81:d3:1f:f8:0b:13:af:25:94:12:79:10:9e:eb:90:d0:1a:1b:
ca:16:dc:fe:f0:fd:89:ed:1c:6c:67:89:a0:33:75:21:ed:2a:
d0:64:fa:1d:b1:2d:54:11:7a:3a:b0:a0:e7:44:70:ea:c0:fe:
dc:8c:b3:5b:24:e3:34:57:5d:e2:1a:3a:2f:00:84:13:15:7b:
7c:b4:62:4a
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVwS8w4sB9kxbYSZ5GeCPUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhODhmM2FiOTRhMDc1ODcyMjBlM2Q3MTZmN2I3MTdkZjFk
OWU2ZDYwHhcNMjMwMTAyMDIyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2NiYzkxOWFmYmI0MmY1MWFkNWVlNDRlMzI4ZWM0NWEwNzU3ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgfkcD/gsbqGW9nvUoLv29Yccbwm
5ej3Q+N3e72j2h7rhqCZjH4RMXs4wisKpG2mDxaB/haXPLiPspRIL8wG9mzGTONF
KcEnWpu3CHAiCnDvyXXZF2UWKBPuVaxnIJV792LG92AauOjbCMyAQeD/YClyehg0
kqjyOkRpoeG+ygBlXzhT4znYjEk56lwmDIrQEesyN1cw8tImPiZNwYxBq4at+N4V
pIEDoFyF5RFpo7ST5Z7yBv+YNYu0KlainWs/unJOlGLYB8NBVMuM8HERG/19lM1p
B+ja56Z1FxlP74Thcu+L+zlpIwHs25r4bhTvhAdiTDQ2FklKQAqKzO/wTQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJzLyRmvu0L1GtXuROMo7EWgdX12MB8GA1UdIwQY
MBaAFEqI86uUoHWHIg49cW97cX3x2ebWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU29qenE1U2dkWWNpRGoxeGIzdHhmZkhaNXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS85MzZkZDItMGM5YS00OGU5LWFhNzEt
ZDQ1MTljNTM5YzlhLzEvbk12SkdhLTdRdlVhMWU1RTR5anNSYUIxZlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS85MzZkZDItMGM5YS00OGU5LWFhNzEtZDQ1MTljNTM5Yzlh
LzEvU29qenE1U2dkWWNpRGoxeGIzdHhmZkhaNXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDH9nwAwQC
LZpkAwQCLZsYAwQCVPxsAwQDXsZ4AwQCuUzgAwQCudWEMA0EAgACMAcDBQMqA3EA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVdUWKaWL/LPmvOlQsasETh/tP2JpRIb2sLU9d
0InwpNmiI6nuldKHk+FBS0gcy+QBQpQ6Ua5wHq/8wfDKJyxBP5c22DjJqUXNcI25
MjAzobMv9BB25QzY+ziv/3v3BjFfR17ObWSuWlKFSzIebbh98EnxqnrgEkuObR/V
97w9+aXhj8/HhUVRtjlyvQKUOW3iQDL8b/36T2Y0YDWroIhIQKhboh/LsYAkC8/s
npUzY8zE5yuB0x/4CxOvJZQSeRCe65DQGhvKFtz+8P2J7RxsZ4mgM3Uh7SrQZPod
sS1UEXo6sKDnRHDqwP7cjLNbJOM0V13iGjovAIQTFXt8tGJK
-----END CERTIFICATE-----
Generated at Sun Apr 6 05:50:26 2025 by rpki-client