Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/IKWJbaKCOYS9E6HbOnLW7SSsGdQ.roa
File: IKWJbaKCOYS9E6HbOnLW7SSsGdQ.roa (raw, json)
Hash identifier: 7EmCftfS59vhv5g+zJzyQ9pMO38G0zO+FmC4XtQwhUY=
Subject key identifier: 20:A5:89:6D:A2:82:39:84:BD:13:A1:DB:3A:72:D6:ED:24:AC:19:D4
Certificate issuer: /CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
Certificate serial: 01856DC1B5F942121215CD1A7904F420B1BE
Authority key identifier: 27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/IKWJbaKCOYS9E6HbOnLW7SSsGdQ.roa
Signing time: Sun 01 Jan 2023 14:34:49 +0000
ROA not before: Sun 01 Jan 2023 14:34:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39308
IP address blocks: 95.81.72.0/22 maxlen: 24
95.81.76.0/22 maxlen: 24
95.81.96.0/20 maxlen: 21
95.81.96.0/22 maxlen: 22
95.81.96.0/19 maxlen: 21
95.81.100.0/22 maxlen: 22
95.81.112.0/20 maxlen: 20
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:b5:f9:42:12:12:15:cd:1a:79:04:f4:20:b1:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
Validity
Not Before: Jan 1 14:34:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20a5896da2823984bd13a1db3a72d6ed24ac19d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:33:45:03:e9:9b:58:b0:67:6a:93:be:94:d8:
e3:f7:fe:70:40:e2:20:09:eb:fd:7e:f3:67:8d:7e:
6c:11:5f:32:26:cd:36:85:e8:d0:2f:e3:8d:f0:ec:
70:d1:53:a7:2e:9f:01:eb:06:8f:21:01:fe:90:fa:
26:d2:9e:37:6c:83:b4:f7:b3:a0:22:34:e2:f8:18:
2f:15:74:24:09:a4:94:11:e0:61:5d:63:f8:08:e1:
f0:a7:1d:5e:66:e0:90:35:3c:93:70:56:ac:cd:60:
06:cf:8d:ac:50:e1:c4:d2:1a:78:14:72:b2:52:35:
51:89:bd:39:d6:19:b9:e1:7a:e0:ed:e7:4e:57:62:
dd:d7:76:b6:bc:a3:e5:ec:42:74:d0:70:15:e8:37:
b3:43:ab:d0:ba:d4:60:7f:61:51:30:21:5f:0b:c7:
28:f8:f7:75:24:e6:7a:47:70:0f:90:48:c8:11:5f:
60:bd:70:14:f1:2c:18:7b:f7:fc:86:92:06:66:57:
d0:9a:d1:55:69:97:94:ed:8f:c9:04:07:f5:4e:17:
4a:1a:c4:08:11:0e:13:e8:5e:30:1b:7c:80:38:70:
da:07:f6:74:c3:21:83:0b:f2:85:af:e8:06:ba:9d:
af:1f:bc:aa:fe:62:62:60:60:dc:13:30:64:39:c4:
6b:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:A5:89:6D:A2:82:39:84:BD:13:A1:DB:3A:72:D6:ED:24:AC:19:D4
X509v3 Authority Key Identifier:
keyid:27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/IKWJbaKCOYS9E6HbOnLW7SSsGdQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.81.72.0/21
95.81.96.0/19
Signature Algorithm: sha256WithRSAEncryption
56:27:38:36:93:52:a0:51:b0:8f:60:3b:48:c4:af:64:b5:a0:
cf:e0:e4:f7:1a:ae:06:4b:07:2b:33:a0:c2:eb:d6:5c:d8:1e:
7d:ed:14:ab:6b:ab:68:ef:1f:ed:eb:43:f4:c9:0b:9c:8f:e6:
b9:dc:50:a6:2f:74:49:e1:f8:17:fb:33:9d:ce:47:e0:27:42:
19:2f:8c:6b:9e:e0:2a:33:a0:3e:e8:d1:2f:a0:37:95:71:1c:
8a:bf:86:24:96:9e:31:23:23:49:89:d7:db:bf:8a:01:e6:bc:
60:b8:a3:3f:a1:7f:15:d0:4b:39:0f:5f:0c:18:ee:3c:86:8d:
0f:68:c3:ec:78:63:92:fe:d3:f8:b0:3b:66:b3:3f:17:80:9e:
26:bb:52:26:1c:65:3f:32:c5:67:90:18:85:3f:d4:7c:b5:84:
9b:5b:f2:9b:17:a5:33:c0:d6:d7:e2:5d:4b:35:13:8c:ba:26:
61:b3:9c:9a:13:a9:26:fc:f6:c5:6a:72:9e:22:fa:a4:f5:bf:
c2:a0:d5:01:f5:d2:8c:a7:9c:87:ac:2f:04:67:b4:3f:87:eb:
11:59:7b:cc:94:86:f0:31:41:57:07:d2:9b:3f:79:84:db:c9:
16:cc:6d:6b:84:c2:88:ea:2c:87:ea:6b:bd:6e:b7:01:46:60:
5c:10:f4:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtwbX5QhISFc0aeQT0ILG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MmVkMDkwYWNmN2M4MjlhMjJiYmZiZTJiMGU5OThjZDIw
YWQ4MjYwHhcNMjMwMTAxMTQzNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE1ODk2ZGEyODIzOTg0YmQxM2ExZGIzYTcyZDZlZDI0YWMxOWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjNFA+mbWLBnapO+lNjj9/5wQOIg
Cev9fvNnjX5sEV8yJs02hejQL+ON8Oxw0VOnLp8B6waPIQH+kPom0p43bIO097Og
IjTi+BgvFXQkCaSUEeBhXWP4COHwpx1eZuCQNTyTcFaszWAGz42sUOHE0hp4FHKy
UjVRib051hm54Xrg7edOV2Ld13a2vKPl7EJ00HAV6DezQ6vQutRgf2FRMCFfC8co
+Pd1JOZ6R3APkEjIEV9gvXAU8SwYe/f8hpIGZlfQmtFVaZeU7Y/JBAf1ThdKGsQI
EQ4T6F4wG3yAOHDaB/Z0wyGDC/KFr+gGup2vH7yq/mJiYGDcEzBkOcRrJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCCliW2igjmEvROh2zpy1u0krBnUMB8GA1UdIwQY
MBaAFCcu0JCs98gpoiu/visOmYzSCtgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMt
YWNjMjJiYjRkY2VkLzEvSUtXSmJhS0NPWVM5RTZIYk9uTFc3U1NzR2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMtYWNjMjJiYjRkY2Vk
LzEvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX1FIAwQF
X1FgMA0GCSqGSIb3DQEBCwUAA4IBAQBWJzg2k1KgUbCPYDtIxK9ktaDP4OT3Gq4G
SwcrM6DC69Zc2B597RSra6to7x/t60P0yQucj+a53FCmL3RJ4fgX+zOdzkfgJ0IZ
L4xrnuAqM6A+6NEvoDeVcRyKv4Yklp4xIyNJidfbv4oB5rxguKM/oX8V0Es5D18M
GO48ho0PaMPseGOS/tP4sDtmsz8XgJ4mu1ImHGU/MsVnkBiFP9R8tYSbW/KbF6Uz
wNbX4l1LNROMuiZhs5yaE6km/PbFanKeIvqk9b/CoNUB9dKMp5yHrC8EZ7Q/h+sR
WXvMlIbwMUFXB9KbP3mE28kWzG1rhMKI6iyH6mu9brcBRmBcEPRV
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:17:01 2025 by rpki-client