Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/3orIoEN2NVCfc3_2oS8pxExpCfE.roa
File: 3orIoEN2NVCfc3_2oS8pxExpCfE.roa (raw, json)
Hash identifier: VIOMTBQgpBAE3tNZKvCJqgQf4qk46d3PubHs+Or99m0=
Subject key identifier: DE:8A:C8:A0:43:76:35:50:9F:73:7F:F6:A1:2F:29:C4:4C:69:09:F1
Certificate issuer: /CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Certificate serial: 018C82440A098DF82ECDAC1715141FDDEB1D
Authority key identifier: CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/3orIoEN2NVCfc3_2oS8pxExpCfE.roa
Signing time: Tue 19 Dec 2023 13:29:06 +0000
ROA not before: Tue 19 Dec 2023 13:29:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3221
IP address blocks: 171.22.244.0/22 maxlen: 22
193.40.0.0/16 maxlen: 16
2001:bb8::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:82:44:0a:09:8d:f8:2e:cd:ac:17:15:14:1f:dd:eb:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Validity
Not Before: Dec 19 13:29:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=de8ac8a0437635509f737ff6a12f29c44c6909f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:a6:6c:52:32:1e:3e:3f:79:eb:82:77:df:ea:
f1:cc:f5:ba:65:38:91:96:d0:61:92:f7:8b:16:bd:
6d:e3:e3:1a:a1:1a:0e:f4:94:4b:59:d6:f3:55:11:
3b:3c:9c:d4:29:e0:a1:4b:b7:33:a4:e2:72:94:aa:
fe:05:2f:5c:ec:aa:ce:4f:7b:a4:22:0a:b9:2c:4d:
7d:d0:8d:ce:e2:3c:b0:92:db:4d:3a:b3:92:b9:71:
d8:57:6a:09:73:d7:e0:6f:20:12:63:9a:26:ab:eb:
fc:2a:f1:7d:71:0c:09:09:a1:49:42:d9:c4:0f:b4:
13:86:2b:9f:46:f7:b1:f7:d8:8b:11:61:ae:54:6c:
b6:4c:23:f1:dc:99:e2:84:f2:98:f6:34:32:63:a5:
20:01:b2:15:98:e6:c5:cb:fa:f0:f9:d2:e2:ee:1a:
d1:01:26:43:9d:12:c6:81:39:ef:4a:04:27:e2:e3:
30:e6:55:88:82:cc:f0:c5:d0:60:eb:43:92:cd:dd:
cc:e7:36:e5:05:29:df:c4:a9:aa:35:60:b4:a9:0d:
44:be:63:4a:8a:bd:a8:14:97:b3:32:83:ea:bc:33:
aa:6e:40:19:f6:0b:61:33:94:10:20:d9:64:17:29:
69:d9:c1:12:84:b1:cf:7e:b9:23:56:11:b4:9f:dd:
77:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:8A:C8:A0:43:76:35:50:9F:73:7F:F6:A1:2F:29:C4:4C:69:09:F1
X509v3 Authority Key Identifier:
keyid:CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/3orIoEN2NVCfc3_2oS8pxExpCfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.244.0/22
193.40.0.0/16
IPv6:
2001:bb8::/32
Signature Algorithm: sha256WithRSAEncryption
37:6c:4c:12:8d:f8:6c:57:e9:6f:28:17:a6:0f:19:37:f4:74:
cd:2e:c4:79:76:f2:3f:d1:fd:8b:83:3d:ff:86:c7:ab:21:a8:
2f:90:52:7b:dc:2a:74:7d:ad:95:53:00:6e:f6:16:9d:aa:d4:
5e:e2:33:fb:ad:91:be:b0:ec:b2:e9:2b:29:28:cf:39:f9:79:
dd:1c:59:35:50:0f:2e:f4:dd:d9:70:c2:78:c0:9c:e6:2e:bf:
5e:f2:f3:54:59:48:6b:71:62:9d:44:65:01:c8:8b:2b:58:d8:
81:d5:5e:65:8b:a9:9a:69:7e:82:22:c2:38:7c:66:aa:98:8e:
0e:6f:03:63:a1:1b:e4:02:2e:a2:0b:37:07:a1:d5:74:43:2a:
43:6b:75:7b:a2:44:40:2c:cf:03:ee:1f:b9:13:f1:23:56:24:
71:43:ad:fd:a5:bb:fd:fb:db:69:ac:df:8d:84:d6:37:54:ba:
f9:fe:b7:4c:6a:87:10:79:8a:f0:49:46:2c:43:ff:b1:02:d1:
3a:f1:e3:23:25:c3:c3:7b:10:c7:4a:e0:dd:ab:e3:92:8b:3e:
78:d3:ca:59:ff:b3:04:1c:fa:50:1f:ce:c1:7b:2a:41:3f:9a:
92:25:db:bf:77:9d:b3:29:f9:92:9a:4b:68:41:f3:c1:0e:3a:
fa:51:6c:30
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYyCRAoJjfguzawXFRQf3esdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTBkZjgyMTIxNDM4MjcxYzkxM2MyNGZmNTBmZDNiNjJk
NDBkYzYwHhcNMjMxMjE5MTMyOTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThhYzhhMDQzNzYzNTUwOWY3MzdmZjZhMTJmMjljNDRjNjkwOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKZsUjIePj9564J33+rxzPW6ZTiR
ltBhkveLFr1t4+MaoRoO9JRLWdbzVRE7PJzUKeChS7czpOJylKr+BS9c7KrOT3uk
Igq5LE190I3O4jywkttNOrOSuXHYV2oJc9fgbyASY5omq+v8KvF9cQwJCaFJQtnE
D7QThiufRvex99iLEWGuVGy2TCPx3JnihPKY9jQyY6UgAbIVmObFy/rw+dLi7hrR
ASZDnRLGgTnvSgQn4uMw5lWIgszwxdBg60OSzd3M5zblBSnfxKmqNWC0qQ1EvmNK
ir2oFJezMoPqvDOqbkAZ9gthM5QQINlkFylp2cEShLHPfrkjVhG0n9137wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN6KyKBDdjVQn3N/9qEvKcRMaQnxMB8GA1UdIwQY
MBaAFM/g34ISFDgnHJE8JP9Q/Tti1A3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMt
ZjJjNzkyMmZhZjMyLzEvM29ySW9FTjJOVkNmYzNfMm9TOHB4RXhwQ2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMtZjJjNzkyMmZhZjMy
LzEvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwQCqxb0AwMA
wSgwDQQCAAIwBwMFACABC7gwDQYJKoZIhvcNAQELBQADggEBADdsTBKN+GxX6W8o
F6YPGTf0dM0uxHl28j/R/YuDPf+Gx6shqC+QUnvcKnR9rZVTAG72Fp2q1F7iM/ut
kb6w7LLpKykozzn5ed0cWTVQDy703dlwwnjAnOYuv17y81RZSGtxYp1EZQHIiytY
2IHVXmWLqZppfoIiwjh8ZqqYjg5vA2OhG+QCLqILNweh1XRDKkNrdXuiREAszwPu
H7kT8SNWJHFDrf2lu/3722ms342E1jdUuvn+t0xqhxB5ivBJRixD/7EC0Trx4yMl
w8N7EMdK4N2r45KLPnjTyln/swQc+lAfzsF7KkE/mpIl2793nbMp+ZKaS2hB88EO
OvpRbDA=
-----END CERTIFICATE-----
Generated at Mon Apr 14 23:49:10 2025 by rpki-client