Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/aDKMm9TC1lqD4sDQOpgSwFM7otA.roa
File: aDKMm9TC1lqD4sDQOpgSwFM7otA.roa (raw, json)
Hash identifier: nD93XRyiht8Rmmf19cnzcn8MzTvYOQBb7j2NKY8H7Dk=
Subject key identifier: 68:32:8C:9B:D4:C2:D6:5A:83:E2:C0:D0:3A:98:12:C0:53:3B:A2:D0
Certificate issuer: /CN=68cfe1aacb278c13231b310e45ee576932fe9b4e
Certificate serial: 01856B00CC1DD6654ED6419D832FC225F0EE
Authority key identifier: 68:CF:E1:AA:CB:27:8C:13:23:1B:31:0E:45:EE:57:69:32:FE:9B:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aM_hqssnjBMjGzEORe5XaTL-m04.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/aDKMm9TC1lqD4sDQOpgSwFM7otA.roa
Signing time: Sun 01 Jan 2023 01:44:52 +0000
ROA not before: Sun 01 Jan 2023 01:44:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12840
IP address blocks: 212.109.96.0/20 maxlen: 20
212.109.112.0/22 maxlen: 22
212.109.112.0/24 maxlen: 24
212.109.114.0/24 maxlen: 24
212.109.113.0/24 maxlen: 24
212.109.115.0/24 maxlen: 24
212.109.120.0/23 maxlen: 23
212.109.123.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:00:cc:1d:d6:65:4e:d6:41:9d:83:2f:c2:25:f0:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68cfe1aacb278c13231b310e45ee576932fe9b4e
Validity
Not Before: Jan 1 01:44:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=68328c9bd4c2d65a83e2c0d03a9812c0533ba2d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:b1:61:33:58:99:72:9f:ab:d6:29:45:ff:08:
ec:e7:13:d1:89:7d:7c:13:30:9b:bf:55:d8:9e:24:
03:81:35:eb:e2:c6:14:bf:b7:31:03:20:2e:86:af:
b7:55:88:b0:6e:e0:93:d1:19:91:a6:ba:48:97:69:
14:42:01:ce:cc:ec:d4:8e:94:8b:75:b7:cc:61:d9:
5b:1a:e0:04:ed:14:8c:49:df:eb:3d:ed:0b:0f:05:
42:cd:e0:75:28:59:0d:99:2b:ef:86:cf:03:71:48:
26:bd:af:78:d4:28:ba:5d:ea:85:f6:c0:73:47:78:
b6:31:33:25:ac:84:62:cf:07:95:2c:3d:60:e6:6f:
bf:27:4d:6e:a8:39:62:30:df:fa:b4:f9:a7:c1:c6:
d1:47:bc:91:87:e1:5a:17:ef:a5:88:71:7c:50:42:
35:4f:17:84:19:63:2f:f5:52:21:f4:61:f0:d6:a2:
5a:40:99:31:79:6b:41:3a:25:b4:62:f8:1f:75:e7:
07:39:bf:02:44:d5:7a:ff:02:c1:ae:f7:cf:dd:3b:
b2:da:f6:b3:42:50:48:74:9b:15:c5:c8:74:0c:34:
df:3d:e9:3a:3d:46:af:e8:57:0d:51:39:46:28:ed:
e8:38:4b:9b:03:0e:0d:e7:6e:d5:0a:b4:4d:6f:b5:
c5:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:32:8C:9B:D4:C2:D6:5A:83:E2:C0:D0:3A:98:12:C0:53:3B:A2:D0
X509v3 Authority Key Identifier:
keyid:68:CF:E1:AA:CB:27:8C:13:23:1B:31:0E:45:EE:57:69:32:FE:9B:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aM_hqssnjBMjGzEORe5XaTL-m04.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/aDKMm9TC1lqD4sDQOpgSwFM7otA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/aM_hqssnjBMjGzEORe5XaTL-m04.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.109.96.0-212.109.115.255
212.109.120.0/23
212.109.123.0/24
Signature Algorithm: sha256WithRSAEncryption
49:50:9a:ef:89:58:ea:82:91:04:e4:84:d8:59:d9:cb:68:b6:
9a:48:93:62:41:ce:11:5a:49:45:45:b2:61:6f:a1:60:7f:37:
a9:12:c4:a9:a5:0f:f3:97:4b:6f:da:55:42:cd:16:45:36:9e:
ab:d6:30:15:61:27:d6:02:1e:6a:bd:16:36:e8:6e:f0:f7:86:
40:0b:3d:fe:6a:08:59:7b:b3:96:43:f6:4c:36:f5:41:b3:29:
47:bd:17:52:65:eb:dc:56:05:9f:91:4d:bc:fe:12:8d:5d:86:
40:95:83:c0:29:5b:f1:54:a5:64:ed:80:96:b1:43:2d:fe:06:
21:fa:39:32:73:09:8b:26:0a:7f:dc:5e:e1:cb:0f:33:30:95:
55:cb:0d:8b:cb:c1:8e:6d:20:9c:c6:9a:f0:5b:d6:39:36:f6:
74:11:0c:93:c4:6d:84:70:43:c5:b4:71:41:af:a9:16:46:0d:
e3:7b:cd:96:04:54:65:24:0e:5d:a6:47:7a:cc:d8:89:58:ca:
0f:fb:a7:0d:c1:d0:31:77:1d:d0:54:ec:73:cd:8a:5c:88:31:
26:c1:c1:99:49:a1:a4:f9:aa:a2:02:51:37:27:73:a3:1f:61:
45:36:46:bf:9d:17:ff:40:c2:4a:6d:5a:90:15:1b:a0:a4:86:
b5:ad:03:51
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVrAMwd1mVO1kGdgy/CJfDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2ZlMWFhY2IyNzhjMTMyMzFiMzEwZTQ1ZWU1NzY5MzJm
ZTliNGUwHhcNMjMwMTAxMDE0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODMyOGM5YmQ0YzJkNjVhODNlMmMwZDAzYTk4MTJjMDUzM2JhMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bFhM1iZcp+r1ilF/wjs5xPRiX18
EzCbv1XYniQDgTXr4sYUv7cxAyAuhq+3VYiwbuCT0RmRprpIl2kUQgHOzOzUjpSL
dbfMYdlbGuAE7RSMSd/rPe0LDwVCzeB1KFkNmSvvhs8DcUgmva941Ci6XeqF9sBz
R3i2MTMlrIRizweVLD1g5m+/J01uqDliMN/6tPmnwcbRR7yRh+FaF++liHF8UEI1
TxeEGWMv9VIh9GHw1qJaQJkxeWtBOiW0YvgfdecHOb8CRNV6/wLBrvfP3Tuy2vaz
QlBIdJsVxch0DDTfPek6PUav6FcNUTlGKO3oOEubAw4N527VCrRNb7XFHwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGgyjJvUwtZag+LA0DqYEsBTO6LQMB8GA1UdIwQY
MBaAFGjP4arLJ4wTIxsxDkXuV2ky/ptOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1faHFzc25qQk1qR3pFT1JlNVhhVEwtbTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iZTllODgtNTEyZi00YjA2LWIxOTYt
ODljMmY2NjZlOTA1LzEvYURLTW05VEMxbHFENHNEUU9wZ1N3Rk03b3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iZTllODgtNTEyZi00YjA2LWIxOTYtODljMmY2NjZlOTA1
LzEvYU1faHFzc25qQk1qR3pFT1JlNVhhVEwtbTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAXUbWAD
BALUbXADBAHUbXgDBADUbXswDQYJKoZIhvcNAQELBQADggEBAElQmu+JWOqCkQTk
hNhZ2ctotppIk2JBzhFaSUVFsmFvoWB/N6kSxKmlD/OXS2/aVULNFkU2nqvWMBVh
J9YCHmq9FjbobvD3hkALPf5qCFl7s5ZD9kw29UGzKUe9F1Jl69xWBZ+RTbz+Eo1d
hkCVg8ApW/FUpWTtgJaxQy3+BiH6OTJzCYsmCn/cXuHLDzMwlVXLDYvLwY5tIJzG
mvBb1jk29nQRDJPEbYRwQ8W0cUGvqRZGDeN7zZYEVGUkDl2mR3rM2IlYyg/7pw3B
0DF3HdBU7HPNilyIMSbBwZlJoaT5qqICUTcnc6MfYUU2Rr+dF/9AwkptWpAVG6Ck
hrWtA1E=
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:32:49 2025 by rpki-client