Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/2CETpLiPirECgtSskwK6ROBbi5c.roa
File: 2CETpLiPirECgtSskwK6ROBbi5c.roa (raw, json)
Hash identifier: k4Kd2sEqhqtJJ9FtXlMuvk4/qccKl401Y5DcQybKIrA=
Subject key identifier: D8:21:13:A4:B8:8F:8A:B1:02:82:D4:AC:93:02:BA:44:E0:5B:8B:97
Certificate issuer: /CN=2ad2fe6466d07094a4256da2cc847083c5006b1a
Certificate serial: 0186BDE3619DBBF3B2A0ADD5607780185540
Authority key identifier: 2A:D2:FE:64:66:D0:70:94:A4:25:6D:A2:CC:84:70:83:C5:00:6B:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KtL-ZGbQcJSkJW2izIRwg8UAaxo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/2CETpLiPirECgtSskwK6ROBbi5c.roa
Signing time: Tue 07 Mar 2023 21:04:00 +0000
ROA not before: Tue 07 Mar 2023 21:04:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49720
IP address blocks: 91.236.224.0/24 maxlen: 24
91.236.226.0/24 maxlen: 24
91.236.225.0/24 maxlen: 24
91.236.227.0/24 maxlen: 24
185.168.129.0/24 maxlen: 24
185.168.128.0/24 maxlen: 24
185.168.128.0/22 maxlen: 22
185.168.130.0/23 maxlen: 23
185.250.20.0/22 maxlen: 22
185.250.20.0/24 maxlen: 24
185.250.22.0/24 maxlen: 24
185.250.21.0/24 maxlen: 24
185.250.23.0/24 maxlen: 24
2a0a:701::/32 maxlen: 32
2a0a:704::/32 maxlen: 32
2a0a:700::/32 maxlen: 32
2a0a:702::/32 maxlen: 32
2a0a:705::/32 maxlen: 32
2a0a:706::/32 maxlen: 32
2a0a:703::/32 maxlen: 32
2a0a:707::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:bd:e3:61:9d:bb:f3:b2:a0:ad:d5:60:77:80:18:55:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ad2fe6466d07094a4256da2cc847083c5006b1a
Validity
Not Before: Mar 7 21:04:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d82113a4b88f8ab10282d4ac9302ba44e05b8b97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:17:d5:56:68:94:89:57:b9:d0:11:5f:d3:63:
e1:8c:1e:37:44:da:db:18:a8:29:e0:61:70:5d:f2:
35:47:26:27:01:28:c5:d2:a9:6a:27:64:06:75:8a:
d7:10:da:9b:c0:fe:e7:03:cc:18:e3:a0:00:c5:4d:
ad:f6:70:61:86:23:c0:22:9b:6c:2d:c9:58:e5:1f:
aa:95:7b:25:61:ab:72:ad:29:17:4d:71:09:e6:25:
d1:20:75:b3:7f:ff:6b:79:cb:4c:b9:c3:8a:61:1d:
9c:9f:4a:ba:a0:fd:f9:16:69:5d:eb:39:e7:42:b5:
fb:a9:96:eb:81:7e:ec:c0:e1:5e:5d:4c:2c:59:4f:
d2:c1:9d:d8:b7:95:ba:f9:bb:c3:f4:01:9a:1c:0a:
ab:fd:3c:eb:df:08:fa:5c:91:b8:05:76:df:ab:a6:
8d:26:81:16:20:32:54:cf:2a:ea:3e:36:a2:14:10:
6b:34:e8:eb:45:fb:ed:53:1b:14:7d:b9:f2:d4:55:
d2:69:60:31:95:6e:be:75:da:5d:4b:6f:5c:c7:6e:
50:89:34:d8:1f:0e:f6:19:69:f8:e8:cd:e5:54:66:
da:8b:8d:86:a5:5d:69:71:2f:73:52:e5:3a:46:1b:
98:6b:19:a3:30:96:fe:25:f2:52:10:af:74:33:79:
eb:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:21:13:A4:B8:8F:8A:B1:02:82:D4:AC:93:02:BA:44:E0:5B:8B:97
X509v3 Authority Key Identifier:
keyid:2A:D2:FE:64:66:D0:70:94:A4:25:6D:A2:CC:84:70:83:C5:00:6B:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KtL-ZGbQcJSkJW2izIRwg8UAaxo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/2CETpLiPirECgtSskwK6ROBbi5c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/KtL-ZGbQcJSkJW2izIRwg8UAaxo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.236.224.0/22
185.168.128.0/22
185.250.20.0/22
IPv6:
2a0a:700::/29
Signature Algorithm: sha256WithRSAEncryption
b5:80:79:ee:19:26:ac:84:5f:53:aa:68:38:bd:28:8f:18:c8:
8e:04:c0:5a:0d:0f:f3:20:28:b0:b9:8d:59:f3:ba:02:96:4e:
9b:11:2a:82:2d:6c:74:3d:9b:c3:91:53:43:7b:b5:0c:d9:cc:
67:ef:00:6b:65:b3:f8:cd:cb:af:9d:f3:3b:af:e6:75:75:65:
ba:c0:82:2c:f4:c4:8c:df:66:cc:5b:f2:34:3a:5e:14:60:ba:
c0:22:0f:d0:25:0b:5f:a8:a4:bc:13:c6:50:ee:6f:4c:c8:4f:
4b:28:c3:ba:41:cb:d3:35:a1:3f:ee:5f:9d:a8:9e:ca:f0:c3:
14:70:34:51:41:c6:6b:a3:4c:40:7b:1d:22:21:c5:70:80:4d:
48:04:b5:96:e6:58:ec:12:c8:e3:15:0c:11:02:7a:93:31:96:
d5:e7:48:46:35:f2:54:a5:83:1c:db:cd:e8:e5:60:2d:8b:fe:
f2:2c:69:82:c6:5c:67:34:4f:2f:13:7d:b1:3e:db:a5:ae:06:
e6:3f:9f:46:e4:37:2e:a6:9b:56:bd:f7:67:3b:5d:d5:b6:b1:
57:09:91:9b:6d:a9:8d:d0:42:0c:0d:b6:43:5d:e4:ca:16:3e:
49:b4:96:70:a1:5e:85:ff:1d:50:a2:e3:a1:1f:86:15:58:7b:
7a:3d:d0:25
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYa942Gdu/OyoK3VYHeAGFVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZDJmZTY0NjZkMDcwOTRhNDI1NmRhMmNjODQ3MDgzYzUw
MDZiMWEwHhcNMjMwMzA3MjEwNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODIxMTNhNGI4OGY4YWIxMDI4MmQ0YWM5MzAyYmE0NGUwNWI4Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixfVVmiUiVe50BFf02PhjB43RNrb
GKgp4GFwXfI1RyYnASjF0qlqJ2QGdYrXENqbwP7nA8wY46AAxU2t9nBhhiPAIpts
LclY5R+qlXslYatyrSkXTXEJ5iXRIHWzf/9rectMucOKYR2cn0q6oP35Fmld6znn
QrX7qZbrgX7swOFeXUwsWU/SwZ3Yt5W6+bvD9AGaHAqr/Tzr3wj6XJG4BXbfq6aN
JoEWIDJUzyrqPjaiFBBrNOjrRfvtUxsUfbny1FXSaWAxlW6+ddpdS29cx25QiTTY
Hw72GWn46M3lVGbai42GpV1pcS9zUuU6RhuYaxmjMJb+JfJSEK90M3nrhQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNghE6S4j4qxAoLUrJMCukTgW4uXMB8GA1UdIwQY
MBaAFCrS/mRm0HCUpCVtosyEcIPFAGsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3RMLVpHYlFjSlNrSlcyaXpJUndnOFVBYXhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84YTMxZjMtN2FjZi00N2I0LWI5N2It
ZmEzMWUyZGM2YWJiLzEvMkNFVHBMaVBpckVDZ3RTc2t3SzZST0JiaTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84YTMxZjMtN2FjZi00N2I0LWI5N2ItZmEzMWUyZGM2YWJi
LzEvS3RMLVpHYlFjSlNrSlcyaXpJUndnOFVBYXhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCW+zgAwQC
uaiAAwQCufoUMA0EAgACMAcDBQMqCgcAMA0GCSqGSIb3DQEBCwUAA4IBAQC1gHnu
GSashF9Tqmg4vSiPGMiOBMBaDQ/zICiwuY1Z87oClk6bESqCLWx0PZvDkVNDe7UM
2cxn7wBrZbP4zcuvnfM7r+Z1dWW6wIIs9MSM32bMW/I0Ol4UYLrAIg/QJQtfqKS8
E8ZQ7m9MyE9LKMO6QcvTNaE/7l+dqJ7K8MMUcDRRQcZro0xAex0iIcVwgE1IBLWW
5ljsEsjjFQwRAnqTMZbV50hGNfJUpYMc283o5WAti/7yLGmCxlxnNE8vE32xPtul
rgbmP59G5DcupptWvfdnO13VtrFXCZGbbamN0EIMDbZDXeTKFj5JtJZwoV6F/x1Q
ouOhH4YVWHt6PdAl
-----END CERTIFICATE-----
Generated at Sat Apr 12 18:36:54 2025 by rpki-client