Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/ipXhne3pwBXt7I5E5OiOR2mUGG0.roa
File: ipXhne3pwBXt7I5E5OiOR2mUGG0.roa (raw, json)
Hash identifier: GggYHFTVaEZttc6fawwUzWdZMSLlLN9VUlaOHvJ2L4o=
Subject key identifier: 8A:95:E1:9D:ED:E9:C0:15:ED:EC:8E:44:E4:E8:8E:47:69:94:18:6D
Certificate issuer: /CN=a00995a87bf64dc4949b819dfe02f8a586aaa4de
Certificate serial: 01856F390E15BA3FFB4342AD508FB43FB90C
Authority key identifier: A0:09:95:A8:7B:F6:4D:C4:94:9B:81:9D:FE:02:F8:A5:86:AA:A4:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/ipXhne3pwBXt7I5E5OiOR2mUGG0.roa
Signing time: Sun 01 Jan 2023 21:24:48 +0000
ROA not before: Sun 01 Jan 2023 21:24:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210731
IP address blocks: 2001:67c:89c::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:39:0e:15:ba:3f:fb:43:42:ad:50:8f:b4:3f:b9:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a00995a87bf64dc4949b819dfe02f8a586aaa4de
Validity
Not Before: Jan 1 21:24:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8a95e19dede9c015edec8e44e4e88e476994186d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:40:45:63:62:56:d9:77:e9:af:07:94:4f:e5:
a9:09:27:85:72:2d:6c:91:3a:60:67:b4:bf:a4:d5:
83:61:65:81:fa:f6:cd:4b:7d:86:8e:63:5b:fd:d3:
13:37:62:54:b4:d6:f8:c1:70:22:d4:22:05:6c:c7:
63:eb:02:f5:f9:9c:72:f6:45:1d:5e:3d:82:a1:09:
ed:ea:db:25:14:28:73:06:9c:22:e6:56:63:d2:08:
1a:49:2a:e5:f6:03:8a:97:63:9a:6e:4b:90:94:e8:
0b:b2:ed:d1:7e:01:9f:cb:e8:55:eb:c3:82:51:43:
6a:6c:7b:7a:ff:6b:9f:55:0b:bc:0c:c5:b1:7e:f8:
87:c0:1b:ac:d8:a3:0e:f0:91:c0:9a:69:f5:38:42:
76:37:5c:6e:1c:fe:38:9b:ee:22:ea:a7:2a:bd:51:
20:db:47:4d:fd:f3:68:6a:4d:a3:0e:3e:49:9a:99:
7e:c7:80:46:0e:c3:5b:6b:09:98:d8:5d:da:72:96:
0b:da:76:3d:87:11:67:ed:73:c8:ea:05:59:ed:6e:
af:e9:bb:31:b7:4e:43:f2:4d:e2:2a:a8:c1:0e:d6:
be:61:4b:22:36:5e:4e:48:dc:86:2f:c0:d0:98:7f:
a0:f3:0e:17:c5:0e:0c:a4:e0:0f:df:98:4c:21:6a:
3d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:95:E1:9D:ED:E9:C0:15:ED:EC:8E:44:E4:E8:8E:47:69:94:18:6D
X509v3 Authority Key Identifier:
keyid:A0:09:95:A8:7B:F6:4D:C4:94:9B:81:9D:FE:02:F8:A5:86:AA:A4:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/ipXhne3pwBXt7I5E5OiOR2mUGG0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:89c::/48
Signature Algorithm: sha256WithRSAEncryption
89:4f:8d:e1:db:c2:0f:87:be:ee:af:6b:ee:5f:df:c6:ec:9a:
04:d2:95:a2:4f:bc:a5:f9:4c:76:51:de:cf:68:e9:09:b7:3a:
73:71:0c:57:68:83:30:69:68:27:2b:2e:eb:43:35:8e:a3:9f:
60:cd:63:af:e5:a5:c6:3f:dc:cc:32:17:c3:96:7c:90:b4:ea:
ce:7c:25:9b:ef:72:6d:25:4c:14:66:c8:9f:ef:5c:ae:29:73:
8a:2d:56:ee:5e:1e:17:67:3b:92:48:5f:f1:bb:cb:3c:b0:64:
49:e8:d4:12:b5:e9:ed:fd:39:49:85:20:bf:ba:13:e9:39:a6:
d4:61:ed:8f:16:45:e7:a7:9f:45:e1:62:47:f5:ec:13:59:1f:
ff:99:38:7b:d0:18:b2:e3:c6:b0:da:17:b5:94:75:eb:20:a6:
e4:b7:be:18:d7:0a:40:6d:8f:35:84:5a:79:dd:4a:a7:ef:f7:
74:8f:51:5f:1b:2c:27:21:09:cb:eb:1a:48:f1:c4:20:5c:bf:
d9:de:88:31:8a:ff:ef:33:48:c5:da:ca:fd:1a:fc:c1:7e:33:
b2:31:53:86:7c:21:9b:ac:80:ca:12:69:1b:85:fe:da:07:53:
ab:fa:30:1d:01:46:ee:32:ac:aa:3f:6f:b2:c0:ce:a9:1a:1c:
81:e9:d3:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVvOQ4Vuj/7Q0KtUI+0P7kMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMDk5NWE4N2JmNjRkYzQ5NDliODE5ZGZlMDJmOGE1ODZh
YWE0ZGUwHhcNMjMwMTAxMjEyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk1ZTE5ZGVkZTljMDE1ZWRlYzhlNDRlNGU4OGU0NzY5OTQxODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUBFY2JW2XfprweUT+WpCSeFci1s
kTpgZ7S/pNWDYWWB+vbNS32GjmNb/dMTN2JUtNb4wXAi1CIFbMdj6wL1+Zxy9kUd
Xj2CoQnt6tslFChzBpwi5lZj0ggaSSrl9gOKl2OabkuQlOgLsu3RfgGfy+hV68OC
UUNqbHt6/2ufVQu8DMWxfviHwBus2KMO8JHAmmn1OEJ2N1xuHP44m+4i6qcqvVEg
20dN/fNoak2jDj5Jmpl+x4BGDsNbawmY2F3acpYL2nY9hxFn7XPI6gVZ7W6v6bsx
t05D8k3iKqjBDta+YUsiNl5OSNyGL8DQmH+g8w4XxQ4MpOAP35hMIWo9zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIqV4Z3t6cAV7eyOROTojkdplBhtMB8GA1UdIwQY
MBaAFKAJlah79k3ElJuBnf4C+KWGqqTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0FtVnFIdjJUY1NVbTRHZF9nTDRwWWFxcE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9mZWE1YzQtZGRlMS00NTQ4LWE1OGIt
ODkzOGU5NTU2MzQyLzEvaXBYaG5lM3B3Qlh0N0k1RTVPaU9SMm1VR0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9mZWE1YzQtZGRlMS00NTQ4LWE1OGItODkzOGU5NTU2MzQy
LzEvb0FtVnFIdjJUY1NVbTRHZF9nTDRwWWFxcE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAic
MA0GCSqGSIb3DQEBCwUAA4IBAQCJT43h28IPh77ur2vuX9/G7JoE0pWiT7yl+Ux2
Ud7PaOkJtzpzcQxXaIMwaWgnKy7rQzWOo59gzWOv5aXGP9zMMhfDlnyQtOrOfCWb
73JtJUwUZsif71yuKXOKLVbuXh4XZzuSSF/xu8s8sGRJ6NQStent/TlJhSC/uhPp
OabUYe2PFkXnp59F4WJH9ewTWR//mTh70Biy48aw2he1lHXrIKbkt74Y1wpAbY81
hFp53Uqn7/d0j1FfGywnIQnL6xpI8cQgXL/Z3ogxiv/vM0jF2sr9GvzBfjOyMVOG
fCGbrIDKEmkbhf7aB1Or+jAdAUbuMqyqP2+ywM6pGhyB6dMM
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:47:14 2025 by rpki-client