Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/decde3-277a-4956-bf92-f0a8123e70f9/1/aQGUnSM7wWYRXT6jWRBpFGskCYQ.roa
File: aQGUnSM7wWYRXT6jWRBpFGskCYQ.roa (raw, json)
Hash identifier: asxpRVS62/2UAPE9G+hOS70h/VHnL2+j5hKwNoMvLzY=
Subject key identifier: 69:01:94:9D:23:3B:C1:66:11:5D:3E:A3:59:10:69:14:6B:24:09:84
Certificate issuer: /CN=60bf373620146e6f298ae82d2c8a8371cacb7b1b
Certificate serial: 01856E78F1ECE7660FB5C026213FAA75991D
Authority key identifier: 60:BF:37:36:20:14:6E:6F:29:8A:E8:2D:2C:8A:83:71:CA:CB:7B:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YL83NiAUbm8piugtLIqDccrLexs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/decde3-277a-4956-bf92-f0a8123e70f9/1/aQGUnSM7wWYRXT6jWRBpFGskCYQ.roa
Signing time: Sun 01 Jan 2023 17:54:58 +0000
ROA not before: Sun 01 Jan 2023 17:54:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48522
IP address blocks: 193.36.229.0/24 maxlen: 24
194.13.238.0/23 maxlen: 23
185.70.232.0/22 maxlen: 24
2a03:3620::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:78:f1:ec:e7:66:0f:b5:c0:26:21:3f:aa:75:99:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60bf373620146e6f298ae82d2c8a8371cacb7b1b
Validity
Not Before: Jan 1 17:54:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6901949d233bc166115d3ea3591069146b240984
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:35:28:2f:8c:b7:5a:cf:aa:5e:a5:51:e8:35:
7c:5a:33:54:65:98:f7:3d:6d:fb:ae:ef:f6:11:94:
08:b8:0b:1f:15:84:40:c0:28:6c:d6:52:76:8b:0a:
f7:01:5e:e8:cd:af:26:cb:01:77:2f:82:49:75:0e:
ae:aa:af:f3:03:08:64:30:97:79:98:03:ed:05:bc:
78:20:e9:01:32:00:b9:2c:ff:c3:e8:a0:e5:2b:c9:
d5:b0:39:f2:77:93:28:81:85:3b:a6:55:5f:73:c5:
3b:2d:47:0e:f3:28:c8:15:40:0c:0f:da:12:a2:2c:
fe:19:c4:8a:80:4d:37:a0:a0:13:27:8c:b4:7c:77:
a4:8e:d3:5a:13:3f:4d:92:15:82:97:98:cd:a7:63:
6b:7c:a9:19:e4:91:36:12:8f:b1:0f:19:dd:49:69:
db:f5:a7:a9:01:eb:4d:f7:ae:b3:e4:86:c1:c1:5a:
59:af:b0:06:8d:b1:57:96:a3:c6:b2:e3:70:b7:d7:
30:f3:ee:d3:a7:53:f2:2e:63:fd:8b:c4:37:8d:5c:
94:a4:8a:fe:5c:d6:77:37:22:9c:cb:21:6d:56:76:
3f:8f:20:03:2d:d2:66:d0:61:e5:17:bb:ae:67:44:
80:17:cf:0e:3a:17:90:8c:7e:9f:8c:1e:ac:28:1b:
d2:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:01:94:9D:23:3B:C1:66:11:5D:3E:A3:59:10:69:14:6B:24:09:84
X509v3 Authority Key Identifier:
keyid:60:BF:37:36:20:14:6E:6F:29:8A:E8:2D:2C:8A:83:71:CA:CB:7B:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YL83NiAUbm8piugtLIqDccrLexs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/decde3-277a-4956-bf92-f0a8123e70f9/1/aQGUnSM7wWYRXT6jWRBpFGskCYQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/decde3-277a-4956-bf92-f0a8123e70f9/1/YL83NiAUbm8piugtLIqDccrLexs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.70.232.0/22
193.36.229.0/24
194.13.238.0/23
IPv6:
2a03:3620::/32
Signature Algorithm: sha256WithRSAEncryption
5e:30:0b:c6:6e:70:11:0c:86:19:94:be:a4:70:34:66:3d:6e:
4e:17:28:e2:7c:aa:5c:87:c2:a3:5f:0b:18:31:bf:de:0b:68:
52:ad:b9:5c:b8:30:78:4b:79:8d:a5:c2:c4:38:9a:9c:6d:da:
d2:a4:5e:c1:ed:9c:53:92:ed:99:a1:c3:0d:99:bc:83:e5:e5:
93:df:57:ef:db:b5:2f:04:84:ec:70:1f:98:ac:19:84:01:cd:
2c:ee:24:7d:55:c5:ff:74:82:0c:62:2c:66:2a:4b:0d:a3:d9:
ce:db:95:38:4b:af:33:05:10:8e:79:69:c0:d0:06:27:d1:28:
45:fa:20:91:52:2d:b0:90:67:77:49:39:18:ac:7c:d9:7b:c5:
dc:14:d0:25:06:50:73:51:a0:f3:ad:aa:d9:4e:65:55:d7:08:
a1:e7:f9:d1:38:94:0e:27:fb:ec:6e:ca:ec:e6:e6:f6:27:85:
c2:fc:93:27:a8:9d:e8:05:23:a0:11:f4:dc:32:cd:d0:e8:b7:
6d:a5:6c:a7:44:27:c8:63:c0:a3:f4:0c:d5:c2:92:f9:93:ea:
ef:d1:e7:31:4c:dd:4b:6a:e3:c7:52:cb:24:64:b0:2b:74:c7:
e8:aa:93:32:c0:74:17:b9:36:fd:18:fd:18:54:f8:78:e0:ed:
b6:84:fc:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVuePHs52YPtcAmIT+qdZkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYmYzNzM2MjAxNDZlNmYyOThhZTgyZDJjOGE4MzcxY2Fj
YjdiMWIwHhcNMjMwMTAxMTc1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAxOTQ5ZDIzM2JjMTY2MTE1ZDNlYTM1OTEwNjkxNDZiMjQwOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjUoL4y3Ws+qXqVR6DV8WjNUZZj3
PW37ru/2EZQIuAsfFYRAwChs1lJ2iwr3AV7oza8mywF3L4JJdQ6uqq/zAwhkMJd5
mAPtBbx4IOkBMgC5LP/D6KDlK8nVsDnyd5MogYU7plVfc8U7LUcO8yjIFUAMD9oS
oiz+GcSKgE03oKATJ4y0fHekjtNaEz9NkhWCl5jNp2NrfKkZ5JE2Eo+xDxndSWnb
9aepAetN966z5IbBwVpZr7AGjbFXlqPGsuNwt9cw8+7Tp1PyLmP9i8Q3jVyUpIr+
XNZ3NyKcyyFtVnY/jyADLdJm0GHlF7uuZ0SAF88OOheQjH6fjB6sKBvS2wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGkBlJ0jO8FmEV0+o1kQaRRrJAmEMB8GA1UdIwQY
MBaAFGC/NzYgFG5vKYroLSyKg3HKy3sbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUw4M05pQVVibThwaXVndExJcURjY3JMZXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kZWNkZTMtMjc3YS00OTU2LWJmOTIt
ZjBhODEyM2U3MGY5LzEvYVFHVW5TTTd3V1lSWFQ2aldSQnBGR3NrQ1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kZWNkZTMtMjc3YS00OTU2LWJmOTItZjBhODEyM2U3MGY5
LzEvWUw4M05pQVVibThwaXVndExJcURjY3JMZXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuUboAwQA
wSTlAwQBwg3uMA0EAgACMAcDBQAqAzYgMA0GCSqGSIb3DQEBCwUAA4IBAQBeMAvG
bnARDIYZlL6kcDRmPW5OFyjifKpch8KjXwsYMb/eC2hSrblcuDB4S3mNpcLEOJqc
bdrSpF7B7ZxTku2ZocMNmbyD5eWT31fv27UvBITscB+YrBmEAc0s7iR9VcX/dIIM
YixmKksNo9nO25U4S68zBRCOeWnA0AYn0ShF+iCRUi2wkGd3STkYrHzZe8XcFNAl
BlBzUaDzrarZTmVV1wih5/nROJQOJ/vsbsrs5ub2J4XC/JMnqJ3oBSOgEfTcMs3Q
6LdtpWynRCfIY8Cj9AzVwpL5k+rv0ecxTN1LauPHUsskZLArdMfoqpMywHQXuTb9
GP0YVPh44O22hPz+
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:15:56 2025 by rpki-client