Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/pU9qgoWg-NA1juZFOev41jd5DU8.roa
File: pU9qgoWg-NA1juZFOev41jd5DU8.roa (raw, json)
Hash identifier: bNkPXid3LtpqBF8BJcqTosFVDiDq+WZO3umWBLgLJwc=
Subject key identifier: A5:4F:6A:82:85:A0:F8:D0:35:8E:E6:45:39:EB:F8:D6:37:79:0D:4F
Certificate issuer: /CN=4f50a0dcc71c42923e407011bd212afa5c62e59d
Certificate serial: 018A3C251C44C81D53CCFA233410EE6D25DA
Authority key identifier: 4F:50:A0:DC:C7:1C:42:92:3E:40:70:11:BD:21:2A:FA:5C:62:E5:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T1Cg3MccQpI-QHARvSEq-lxi5Z0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/pU9qgoWg-NA1juZFOev41jd5DU8.roa
Signing time: Mon 28 Aug 2023 12:36:19 +0000
ROA not before: Mon 28 Aug 2023 12:36:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 33915
IP address blocks: 193.176.160.0/20 maxlen: 20
194.104.64.0/20 maxlen: 20
193.176.177.0/24 maxlen: 24
194.104.70.0/24 maxlen: 24
193.176.178.0/24 maxlen: 24
193.176.176.0/24 maxlen: 24
193.176.6.0/24 maxlen: 24
193.176.8.0/21 maxlen: 21
193.176.7.0/24 maxlen: 24
193.176.159.0/24 maxlen: 24
2a00:7740::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:3c:25:1c:44:c8:1d:53:cc:fa:23:34:10:ee:6d:25:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f50a0dcc71c42923e407011bd212afa5c62e59d
Validity
Not Before: Aug 28 12:36:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a54f6a8285a0f8d0358ee64539ebf8d637790d4f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:66:6b:a4:53:fc:f7:c7:67:79:13:37:fd:4c:
c6:e1:ef:57:a5:ed:a5:8d:cd:46:c6:62:b6:c7:30:
37:60:73:ae:34:5c:ab:82:a0:dd:18:47:8c:a1:3b:
a3:6a:7a:50:98:3b:d1:c9:b3:97:29:1e:d9:bc:68:
b0:02:e4:a6:f7:db:8a:53:f0:08:05:fe:bf:8e:9f:
cd:0d:e4:65:2f:6f:ce:2b:ad:e9:af:c5:c3:f9:08:
c2:ed:1d:5e:87:10:29:b6:04:33:1e:5b:a3:20:a1:
b7:2f:58:97:3f:ff:96:f5:a0:99:60:65:6d:28:d0:
61:45:87:84:52:50:17:7c:b6:d4:ed:32:cb:c3:ef:
a6:0f:d5:42:e4:7e:7d:2c:46:68:5c:bd:83:81:39:
07:46:fb:61:c2:3c:42:86:e4:79:7c:7e:33:f8:b3:
66:96:9f:2d:7a:d8:1e:bd:c5:88:34:ab:92:b4:71:
03:48:39:42:a2:07:3f:bc:b6:08:69:59:02:bd:c5:
28:cf:91:2a:68:f1:04:e4:c1:a5:fb:1a:18:3c:9f:
37:8d:bc:56:e5:10:51:ac:57:42:6e:91:f7:b2:9f:
35:78:b1:76:ff:3f:86:8a:3a:28:53:79:ed:ad:82:
88:26:08:d7:e7:c4:32:4e:6b:69:b6:25:15:e6:77:
61:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:4F:6A:82:85:A0:F8:D0:35:8E:E6:45:39:EB:F8:D6:37:79:0D:4F
X509v3 Authority Key Identifier:
keyid:4F:50:A0:DC:C7:1C:42:92:3E:40:70:11:BD:21:2A:FA:5C:62:E5:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T1Cg3MccQpI-QHARvSEq-lxi5Z0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/pU9qgoWg-NA1juZFOev41jd5DU8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/T1Cg3MccQpI-QHARvSEq-lxi5Z0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.176.6.0-193.176.15.255
193.176.159.0-193.176.178.255
194.104.64.0/20
IPv6:
2a00:7740::/32
Signature Algorithm: sha256WithRSAEncryption
29:a2:fe:85:e6:ab:0c:57:6c:5d:18:e9:33:c7:c7:97:42:f4:
b0:3b:84:65:78:53:0f:8e:fa:6b:65:f6:87:58:32:ec:b0:a3:
a4:da:31:7e:ea:0e:3f:79:4a:ef:04:54:4e:fb:08:32:d6:e6:
3c:0d:98:1c:00:e1:d7:d8:bf:66:ee:74:de:d3:c7:31:d5:47:
76:66:28:ae:8f:08:4f:b2:c5:e7:d7:c8:ff:af:b6:10:0d:79:
07:32:45:e7:90:ef:71:8b:d8:67:ee:57:45:15:cf:b5:1f:05:
1d:bd:5d:cc:35:83:6c:d4:e3:f2:f1:99:14:40:e9:f3:87:31:
fe:be:7f:b1:0c:ff:2e:45:7f:be:c3:bb:03:39:e6:56:61:c9:
95:58:f2:21:50:6d:8a:7a:58:b3:7e:93:16:80:f2:8e:ff:d9:
07:ce:ca:4b:7a:4f:6c:c1:93:3d:99:c3:21:cb:12:51:70:47:
ba:db:29:f7:04:9f:6d:ee:21:03:89:f9:87:af:ea:d6:db:1b:
c3:e3:34:2c:fb:c6:d9:9c:11:e1:57:d2:d2:ea:df:d8:e2:0a:
92:ef:c2:ca:02:b1:07:e5:29:9b:29:07:02:2e:07:5a:18:90:
2a:31:57:82:0c:bc:94:ab:ef:89:5e:35:c6:90:5f:a3:7e:2e:
b8:ae:b7:6d
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYo8JRxEyB1TzPojNBDubSXaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNTBhMGRjYzcxYzQyOTIzZTQwNzAxMWJkMjEyYWZhNWM2
MmU1OWQwHhcNMjMwODI4MTIzNjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTRmNmE4Mjg1YTBmOGQwMzU4ZWU2NDUzOWViZjhkNjM3NzkwZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWZrpFP898dneRM3/UzG4e9Xpe2l
jc1GxmK2xzA3YHOuNFyrgqDdGEeMoTujanpQmDvRybOXKR7ZvGiwAuSm99uKU/AI
Bf6/jp/NDeRlL2/OK63pr8XD+QjC7R1ehxAptgQzHlujIKG3L1iXP/+W9aCZYGVt
KNBhRYeEUlAXfLbU7TLLw++mD9VC5H59LEZoXL2DgTkHRvthwjxChuR5fH4z+LNm
lp8tetgevcWINKuStHEDSDlCogc/vLYIaVkCvcUoz5EqaPEE5MGl+xoYPJ83jbxW
5RBRrFdCbpH3sp81eLF2/z+GijooU3ntrYKIJgjX58QyTmtptiUV5ndh1wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFKVPaoKFoPjQNY7mRTnr+NY3eQ1PMB8GA1UdIwQY
MBaAFE9QoNzHHEKSPkBwEb0hKvpcYuWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDFDZzNNY2NRcEktUUhBUnZTRXEtbHhpNVowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zMGEyYmYtYjUxZS00ZDcyLWI0MDkt
Y2E4YjI3NThiZTE1LzEvcFU5cWdvV2ctTkExanVaRk9ldjQxamQ1RFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zMGEyYmYtYjUxZS00ZDcyLWI0MDktY2E4YjI3NThiZTE1
LzEvVDFDZzNNY2NRcEktUUhBUnZTRXEtbHhpNVowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAHBsAYD
BATBsAAwDAMEAMGwnwMEAMGwsgMEBMJoQDANBAIAAjAHAwUAKgB3QDANBgkqhkiG
9w0BAQsFAAOCAQEAKaL+hearDFdsXRjpM8fHl0L0sDuEZXhTD476a2X2h1gy7LCj
pNoxfuoOP3lK7wRUTvsIMtbmPA2YHADh19i/Zu503tPHMdVHdmYoro8IT7LF59fI
/6+2EA15BzJF55DvcYvYZ+5XRRXPtR8FHb1dzDWDbNTj8vGZFEDp84cx/r5/sQz/
LkV/vsO7AznmVmHJlVjyIVBtinpYs36TFoDyjv/ZB87KS3pPbMGTPZnDIcsSUXBH
utsp9wSfbe4hA4n5h6/q1tsbw+M0LPvG2ZwR4VfS0urf2OIKku/CygKxB+UpmykH
Ai4HWhiQKjFXggy8lKvviV41xpBfo34uuK63bQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:48:51 2025 by rpki-client