Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/3aFNIxKDrQi2pVYMDD_3H_6mEMA.roa
File: 3aFNIxKDrQi2pVYMDD_3H_6mEMA.roa (raw, json)
Hash identifier: H+fexMtBFJRSsne8v9YVkZLXldC6U4KTc//EN9/JXS4=
Subject key identifier: DD:A1:4D:23:12:83:AD:08:B6:A5:56:0C:0C:3F:F7:1F:FE:A6:10:C0
Certificate issuer: /CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
Certificate serial: 018AF18EA612532DA15F0CF1009BB0C215FE
Authority key identifier: 7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/3aFNIxKDrQi2pVYMDD_3H_6mEMA.roa
Signing time: Mon 02 Oct 2023 18:02:52 +0000
ROA not before: Mon 02 Oct 2023 18:02:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29319
IP address blocks: 84.23.32.0/20 maxlen: 32
84.23.46.0/23 maxlen: 32
217.70.16.0/20 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f1:8e:a6:12:53:2d:a1:5f:0c:f1:00:9b:b0:c2:15:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
Validity
Not Before: Oct 2 18:02:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dda14d231283ad08b6a5560c0c3ff71ffea610c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:a4:3c:d7:76:62:32:68:bd:98:c6:68:c9:10:
af:12:c8:59:eb:95:31:65:12:2e:7b:f3:cf:3f:6e:
38:b4:01:bc:f5:9a:f3:8f:6f:96:f6:79:46:20:f1:
45:cd:5c:35:3f:f5:1c:d0:fc:99:1d:a1:06:13:47:
79:2d:ae:42:30:d2:1b:33:06:2b:1e:37:3b:80:8f:
58:a6:ba:80:c4:4d:8d:48:82:8a:c5:8d:cf:76:ed:
b5:c0:50:c6:52:ef:22:e0:16:72:08:b8:fa:ef:1c:
f1:d6:6c:38:91:b1:1a:25:92:9e:f8:78:d0:fe:8e:
38:f2:4b:aa:59:2f:d1:db:84:58:08:5d:98:2b:fa:
7f:49:7a:11:a4:9b:46:37:31:87:8b:66:6a:de:5e:
5f:f1:31:5e:97:76:30:3b:f1:11:97:ad:29:48:b3:
65:40:b9:2b:b8:77:0b:a5:23:7c:31:fa:36:0f:e0:
18:45:a2:42:b4:89:bb:8e:82:10:8b:90:5d:0a:05:
6a:4e:3a:ea:24:e5:b7:5e:92:47:cb:3e:ee:ea:d9:
de:46:cb:d8:85:f6:93:db:01:93:a1:f5:cb:a9:56:
aa:69:7d:67:d7:c7:b6:38:b0:19:1e:01:21:ba:51:
67:c3:98:d8:1b:3e:ec:e3:12:2b:53:41:ac:9e:83:
0e:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:A1:4D:23:12:83:AD:08:B6:A5:56:0C:0C:3F:F7:1F:FE:A6:10:C0
X509v3 Authority Key Identifier:
keyid:7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/3aFNIxKDrQi2pVYMDD_3H_6mEMA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.23.32.0/20
217.70.16.0/20
Signature Algorithm: sha256WithRSAEncryption
55:a1:18:fb:c4:fc:0e:07:a5:79:6b:cf:54:e0:01:02:29:04:
e6:dd:cb:76:3e:99:3d:4f:2d:f1:35:d9:fb:25:44:d9:57:83:
b3:33:f5:7b:5f:d4:40:19:92:82:d6:3a:ad:5a:e4:45:8a:57:
67:40:f3:42:53:4b:7d:0c:63:96:01:4c:57:5b:17:9e:fe:7b:
b7:07:b1:e6:a2:f2:ca:83:49:38:66:4d:24:bc:87:a8:f2:0d:
33:51:a7:07:ad:61:cd:07:ad:75:3a:8c:e7:32:c8:88:19:bf:
cc:e4:9d:4e:5a:b9:0d:aa:56:e5:d0:21:ca:63:04:a3:38:e8:
34:94:b4:b9:59:28:77:8c:9d:16:fc:a2:a1:ad:ac:8d:dc:70:
56:43:f4:a1:ed:b0:4d:aa:f1:0f:c6:9d:9b:f5:d4:59:65:18:
6d:55:5f:a1:46:7c:48:38:f9:8d:27:0b:0c:60:3c:95:ea:1d:
06:9a:35:3e:e2:3f:28:0c:64:14:de:99:03:e3:eb:8b:04:c5:
da:ef:31:34:fe:4b:e3:61:8d:98:10:c1:71:f2:86:91:da:7a:
ad:52:3a:10:9e:f1:85:64:b6:96:4c:32:46:06:cf:9a:d8:f0:
6f:ab:97:39:da:9b:fb:16:59:d7:6d:bc:4e:42:26:d7:92:ec:
3e:c7:c3:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYrxjqYSUy2hXwzxAJuwwhX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMGJjZGVlOGNlODM5YzRkMjA0MTNjODYyNDIzY2NhMDRm
ZGM2MGEwHhcNMjMxMDAyMTgwMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGExNGQyMzEyODNhZDA4YjZhNTU2MGMwYzNmZjcxZmZlYTYxMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKQ813ZiMmi9mMZoyRCvEshZ65Ux
ZRIue/PPP244tAG89Zrzj2+W9nlGIPFFzVw1P/Uc0PyZHaEGE0d5La5CMNIbMwYr
Hjc7gI9YprqAxE2NSIKKxY3Pdu21wFDGUu8i4BZyCLj67xzx1mw4kbEaJZKe+HjQ
/o448kuqWS/R24RYCF2YK/p/SXoRpJtGNzGHi2Zq3l5f8TFel3YwO/ERl60pSLNl
QLkruHcLpSN8Mfo2D+AYRaJCtIm7joIQi5BdCgVqTjrqJOW3XpJHyz7u6tneRsvY
hfaT2wGTofXLqVaqaX1n18e2OLAZHgEhulFnw5jYGz7s4xIrU0GsnoMOMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN2hTSMSg60ItqVWDAw/9x/+phDAMB8GA1UdIwQY
MBaAFHoLze6M6DnE0gQTyGJCPMoE/cYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMt
NGRlZjU3MzY1MTY5LzEvM2FGTkl4S0RyUWkycFZZTUREXzNIXzZtRU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMtNGRlZjU3MzY1MTY5
LzEvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEVBcgAwQE
2UYQMA0GCSqGSIb3DQEBCwUAA4IBAQBVoRj7xPwOB6V5a89U4AECKQTm3ct2Ppk9
Ty3xNdn7JUTZV4OzM/V7X9RAGZKC1jqtWuRFildnQPNCU0t9DGOWAUxXWxee/nu3
B7HmovLKg0k4Zk0kvIeo8g0zUacHrWHNB611OoznMsiIGb/M5J1OWrkNqlbl0CHK
YwSjOOg0lLS5WSh3jJ0W/KKhrayN3HBWQ/Sh7bBNqvEPxp2b9dRZZRhtVV+hRnxI
OPmNJwsMYDyV6h0GmjU+4j8oDGQU3pkD4+uLBMXa7zE0/kvjYY2YEMFx8oaR2nqt
UjoQnvGFZLaWTDJGBs+a2PBvq5c52pv7FlnXbbxOQibXkuw+x8MJ
-----END CERTIFICATE-----
Generated at Wed Apr 9 20:53:01 2025 by rpki-client