Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/2T4R6EbpRME4_qWLCnrgnpVroNE.roa
File: 2T4R6EbpRME4_qWLCnrgnpVroNE.roa (raw, json)
Hash identifier: Ic/FJFdsXTp9IYX+FBsZfsQbQPWSB04XE1dWZbNdQHA=
Subject key identifier: D9:3E:11:E8:46:E9:44:C1:38:FE:A5:8B:0A:7A:E0:9E:95:6B:A0:D1
Certificate issuer: /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial: 01856C6EE3C4267F145BC790297EFF03DAB1
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/2T4R6EbpRME4_qWLCnrgnpVroNE.roa
Signing time: Sun 01 Jan 2023 08:24:44 +0000
ROA not before: Sun 01 Jan 2023 08:24:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203
IP address blocks: 185.161.233.0/24 maxlen: 24
185.161.234.0/24 maxlen: 24
185.161.235.0/24 maxlen: 24
185.68.44.0/24 maxlen: 24
185.68.46.0/24 maxlen: 24
185.68.47.0/24 maxlen: 24
185.68.45.0/24 maxlen: 24
91.206.21.0/24 maxlen: 24
91.206.20.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:6e:e3:c4:26:7f:14:5b:c7:90:29:7e:ff:03:da:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
Validity
Not Before: Jan 1 08:24:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d93e11e846e944c138fea58b0a7ae09e956ba0d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:63:db:c9:71:94:0c:73:13:13:64:69:1a:5e:
1d:35:10:20:8c:ad:7d:2d:ab:1c:ab:1a:eb:6a:aa:
88:b9:03:9b:e5:4d:11:48:01:7c:e0:53:62:52:91:
04:00:2a:39:20:fb:2e:da:61:a7:33:6e:cc:ac:da:
e8:2e:9f:1f:ee:85:4c:bb:73:73:12:85:fa:d9:31:
e2:e0:7c:26:41:cb:f1:d4:b3:b1:5a:d2:c8:98:d1:
3c:91:45:6b:f6:8f:21:f7:d3:d5:04:d4:4f:44:bf:
dc:5d:91:8d:88:46:f3:00:d7:97:67:2a:b7:b1:8b:
cb:c0:cc:54:2a:c3:3f:27:d2:19:78:4c:ff:fe:7e:
b8:ae:a2:15:b5:c6:ad:f8:76:82:85:b4:2f:2b:6b:
51:fc:00:c3:94:b5:c8:17:7b:77:94:3d:dd:c1:9f:
2c:c5:9d:4e:29:3f:df:e0:a5:44:32:f4:1c:6a:4e:
dc:76:ce:d0:bc:27:14:ab:4d:e7:fd:c8:b0:f7:a5:
1b:15:c6:18:e9:0e:ad:93:ac:97:c6:94:38:2d:be:
5c:b1:ce:e8:a4:88:cb:ab:9e:f3:60:09:88:99:32:
89:b4:b5:c1:b4:42:06:5f:f6:73:6d:54:cf:b2:d8:
dc:57:ee:81:94:a7:b0:43:7c:ca:32:a1:72:2e:c9:
43:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:3E:11:E8:46:E9:44:C1:38:FE:A5:8B:0A:7A:E0:9E:95:6B:A0:D1
X509v3 Authority Key Identifier:
keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/2T4R6EbpRME4_qWLCnrgnpVroNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.206.20.0/23
185.68.44.0/22
185.161.233.0-185.161.235.255
Signature Algorithm: sha256WithRSAEncryption
a5:30:22:24:e7:ef:c8:68:e9:b3:ea:ef:d0:1c:e2:54:ad:35:
6c:e1:14:a6:ea:6f:b9:c9:ed:eb:e7:e3:54:a1:69:6b:ab:39:
9b:63:4c:ed:c7:31:94:1d:4d:62:29:77:49:88:6b:30:f2:2d:
a3:16:4c:7c:c3:43:39:4b:69:a0:e6:45:14:a3:be:e6:17:16:
2a:76:9b:21:0d:b5:72:3e:90:36:bf:a1:93:f8:69:0a:ca:be:
43:9e:c3:74:f6:1f:a6:dd:5a:02:1e:f5:6e:a5:ce:ff:69:92:
bf:b8:f8:8a:03:bf:56:40:ec:40:c4:61:8c:ef:3d:2f:19:5d:
b6:68:1f:1f:8a:a6:8a:04:a2:5a:be:32:95:0b:ef:e7:cf:40:
9d:c2:59:5c:91:2f:34:5e:04:f2:54:8a:12:23:07:44:3c:c2:
44:ff:ea:89:6f:4f:a9:8c:cc:5d:c7:8c:de:fb:02:07:01:3b:
82:6e:49:d4:fb:d5:23:2b:75:d4:18:43:29:e5:da:b6:f2:74:
75:2f:d5:04:fa:39:f8:f7:1e:1c:3a:bf:14:8c:af:87:88:6b:
d1:12:f1:1c:fb:8f:e3:7c:8c:e7:4f:80:47:dc:c6:63:b7:c9:
fc:29:34:d8:78:ae:1e:1d:28:15:25:21:48:79:11:2a:05:f4:
a9:83:b1:68
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVsbuPEJn8UW8eQKX7/A9qxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjMwMTAxMDgyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNlMTFlODQ2ZTk0NGMxMzhmZWE1OGIwYTdhZTA5ZTk1NmJhMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGPbyXGUDHMTE2RpGl4dNRAgjK19
LascqxrraqqIuQOb5U0RSAF84FNiUpEEACo5IPsu2mGnM27MrNroLp8f7oVMu3Nz
EoX62THi4HwmQcvx1LOxWtLImNE8kUVr9o8h99PVBNRPRL/cXZGNiEbzANeXZyq3
sYvLwMxUKsM/J9IZeEz//n64rqIVtcat+HaChbQvK2tR/ADDlLXIF3t3lD3dwZ8s
xZ1OKT/f4KVEMvQcak7cds7QvCcUq03n/ciw96UbFcYY6Q6tk6yXxpQ4Lb5csc7o
pIjLq57zYAmImTKJtLXBtEIGX/ZzbVTPstjcV+6BlKewQ3zKMqFyLslDpwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNk+EehG6UTBOP6liwp64J6Va6DRMB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEvMlQ0UjZFYnBSTUU0X3FXTENucmducFZyb05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBW84UAwQC
uUQsMAwDBAC5oekDBAK5oegwDQYJKoZIhvcNAQELBQADggEBAKUwIiTn78ho6bPq
79Ac4lStNWzhFKbqb7nJ7evn41ShaWurOZtjTO3HMZQdTWIpd0mIazDyLaMWTHzD
QzlLaaDmRRSjvuYXFip2myENtXI+kDa/oZP4aQrKvkOew3T2H6bdWgIe9W6lzv9p
kr+4+IoDv1ZA7EDEYYzvPS8ZXbZoHx+KpooEolq+MpUL7+fPQJ3CWVyRLzReBPJU
ihIjB0Q8wkT/6olvT6mMzF3HjN77AgcBO4JuSdT71SMrddQYQynl2rbydHUv1QT6
Ofj3Hhw6vxSMr4eIa9ES8Rz7j+N8jOdPgEfcxmO3yfwpNNh4rh4dKBUlIUh5ESoF
9KmDsWg=
-----END CERTIFICATE-----
Generated at Sat Apr 19 18:30:54 2025 by rpki-client