Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/0JufQ5kvJFSM-yjWhIUNhlzEC2k.roa
File: 0JufQ5kvJFSM-yjWhIUNhlzEC2k.roa (raw, json)
Hash identifier: /p6FaCJjYVHj8TRPnycizgkcNx/qfkjitVvPKczshuA=
Subject key identifier: D0:9B:9F:43:99:2F:24:54:8C:FB:28:D6:84:85:0D:86:5C:C4:0B:69
Certificate issuer: /CN=5d81d1ff45b1547c00a84b46ef99eca2dfbd45bc
Certificate serial: 018570CBD67EAA20E547B32BA32656AD939C
Authority key identifier: 5D:81:D1:FF:45:B1:54:7C:00:A8:4B:46:EF:99:EC:A2:DF:BD:45:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XYHR_0WxVHwAqEtG75nsot-9Rbw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/0JufQ5kvJFSM-yjWhIUNhlzEC2k.roa
Signing time: Mon 02 Jan 2023 04:44:44 +0000
ROA not before: Mon 02 Jan 2023 04:44:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48362
IP address blocks: 45.152.52.0/22 maxlen: 24
185.31.212.0/22 maxlen: 22
185.252.36.0/22 maxlen: 22
94.199.168.0/21 maxlen: 21
2a02:1688::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cb:d6:7e:aa:20:e5:47:b3:2b:a3:26:56:ad:93:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d81d1ff45b1547c00a84b46ef99eca2dfbd45bc
Validity
Not Before: Jan 2 04:44:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d09b9f43992f24548cfb28d684850d865cc40b69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:fb:27:19:08:55:58:04:78:99:0e:f7:6b:71:
98:22:2c:d7:5a:ba:db:6f:aa:d9:74:13:6f:b3:4b:
04:c0:37:71:0e:08:ef:ab:ee:bb:48:17:3f:07:b2:
80:51:55:db:fe:54:96:2a:57:d5:13:76:4e:9c:fa:
2f:85:87:a6:22:1d:78:34:dc:0b:01:e6:3f:83:4e:
ba:1f:81:9d:a7:df:fd:8f:a6:50:12:45:ce:6c:2b:
0b:e8:cc:df:6b:3d:15:86:df:2f:46:64:f8:4f:65:
7e:fe:57:18:83:40:42:b8:d1:2f:0c:2f:d2:2e:6e:
17:9c:cf:d2:23:fd:74:12:4d:52:7b:02:0f:06:29:
73:c8:d2:09:f4:d3:e2:40:37:32:36:94:6e:44:e2:
8a:01:f1:27:a4:7c:60:d6:27:ea:90:75:f7:f3:ee:
0f:de:52:81:d8:4a:04:28:b3:76:79:5c:6b:76:ee:
52:e1:82:19:a7:96:be:d8:23:11:4a:4e:e6:be:3a:
eb:5e:2a:6b:92:ed:1c:e1:97:b7:0c:31:80:65:ac:
c6:16:19:46:ec:93:05:aa:78:42:56:c4:c0:1c:dd:
80:58:82:e9:1f:4c:db:be:36:5c:72:05:4d:96:bc:
56:e6:47:c8:eb:d2:c5:b3:f8:d3:a6:48:60:08:ab:
13:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:9B:9F:43:99:2F:24:54:8C:FB:28:D6:84:85:0D:86:5C:C4:0B:69
X509v3 Authority Key Identifier:
keyid:5D:81:D1:FF:45:B1:54:7C:00:A8:4B:46:EF:99:EC:A2:DF:BD:45:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYHR_0WxVHwAqEtG75nsot-9Rbw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/0JufQ5kvJFSM-yjWhIUNhlzEC2k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/XYHR_0WxVHwAqEtG75nsot-9Rbw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.152.52.0/22
94.199.168.0/21
185.31.212.0/22
185.252.36.0/22
IPv6:
2a02:1688::/32
Signature Algorithm: sha256WithRSAEncryption
7d:21:38:92:0c:fa:c1:6e:fc:58:41:db:11:72:3e:43:a2:df:
a3:c3:76:95:5c:bf:9b:da:71:46:20:ba:d1:ce:35:83:9f:b1:
a0:c7:a1:00:76:b4:d7:20:df:e6:a3:86:55:7f:36:8a:66:cc:
63:ab:b4:92:5c:b7:c5:f9:5d:23:3e:3c:b1:52:4b:a1:19:3b:
5b:63:87:e1:12:83:d2:dc:54:47:58:d2:cd:ad:e0:b7:83:45:
c9:2d:70:ae:6c:75:7c:54:dd:2c:fe:a8:47:36:a0:5e:68:18:
fc:c4:05:47:78:b0:29:1f:18:71:09:44:e8:b6:a2:eb:97:66:
17:98:5c:71:e7:59:a4:bf:e1:09:67:07:62:c7:de:b7:83:d6:
7a:ab:81:46:63:0a:67:41:a8:0e:c8:dc:20:59:cc:23:a5:f5:
0a:60:19:77:de:ab:11:cd:2e:6a:df:e0:a5:5f:a3:1a:78:5b:
43:74:7b:13:56:65:11:6a:77:a2:4a:4a:86:dc:9c:18:f5:f1:
e0:ad:78:8a:a0:b8:c5:e3:c1:89:c1:c5:29:43:fb:02:4a:0d:
93:d5:9d:25:7a:19:8b:60:be:78:99:2c:b6:a3:51:6a:34:ee:
32:d8:8b:bd:8d:2f:92:2d:d3:db:78:43:8b:2c:2f:21:7e:2e:
90:8e:77:e0
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVwy9Z+qiDlR7MroyZWrZOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODFkMWZmNDViMTU0N2MwMGE4NGI0NmVmOTllY2EyZGZi
ZDQ1YmMwHhcNMjMwMTAyMDQ0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDliOWY0Mzk5MmYyNDU0OGNmYjI4ZDY4NDg1MGQ4NjVjYzQwYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfsnGQhVWAR4mQ73a3GYIizXWrrb
b6rZdBNvs0sEwDdxDgjvq+67SBc/B7KAUVXb/lSWKlfVE3ZOnPovhYemIh14NNwL
AeY/g066H4Gdp9/9j6ZQEkXObCsL6Mzfaz0Vht8vRmT4T2V+/lcYg0BCuNEvDC/S
Lm4XnM/SI/10Ek1SewIPBilzyNIJ9NPiQDcyNpRuROKKAfEnpHxg1ifqkHX38+4P
3lKB2EoEKLN2eVxrdu5S4YIZp5a+2CMRSk7mvjrrXiprku0c4Ze3DDGAZazGFhlG
7JMFqnhCVsTAHN2AWILpH0zbvjZccgVNlrxW5kfI69LFs/jTpkhgCKsTtQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNCbn0OZLyRUjPso1oSFDYZcxAtpMB8GA1UdIwQY
MBaAFF2B0f9FsVR8AKhLRu+Z7KLfvUW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlIUl8wV3hWSHdBcUV0Rzc1bnNvdC05UmJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9hY2Q3ZTMtOWM3Ni00ZmY2LWI1YWUt
ZWU4MGEyZDI5NTJkLzEvMEp1ZlE1a3ZKRlNNLXlqV2hJVU5obHpFQzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9hY2Q3ZTMtOWM3Ni00ZmY2LWI1YWUtZWU4MGEyZDI5NTJk
LzEvWFlIUl8wV3hWSHdBcUV0Rzc1bnNvdC05UmJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLZg0AwQD
XseoAwQCuR/UAwQCufwkMA0EAgACMAcDBQAqAhaIMA0GCSqGSIb3DQEBCwUAA4IB
AQB9ITiSDPrBbvxYQdsRcj5Dot+jw3aVXL+b2nFGILrRzjWDn7Ggx6EAdrTXIN/m
o4ZVfzaKZsxjq7SSXLfF+V0jPjyxUkuhGTtbY4fhEoPS3FRHWNLNreC3g0XJLXCu
bHV8VN0s/qhHNqBeaBj8xAVHeLApHxhxCUTotqLrl2YXmFxx51mkv+EJZwdix963
g9Z6q4FGYwpnQagOyNwgWcwjpfUKYBl33qsRzS5q3+ClX6MaeFtDdHsTVmURanei
SkqG3JwY9fHgrXiKoLjF48GJwcUpQ/sCSg2T1Z0lehmLYL54mSy2o1FqNO4y2Iu9
jS+SLdPbeEOLLC8hfi6Qjnfg
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:44:27 2025 by rpki-client