Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/Ax5wj-Ypy37DuPHQyshcSTuzaqQ.roa
File: Ax5wj-Ypy37DuPHQyshcSTuzaqQ.roa (raw, json)
Hash identifier: U5NSNJLN4OVNGuQVTLvbHjmyd62U6tyt+Ybpv36EDQw=
Subject key identifier: 03:1E:70:8F:E6:29:CB:7E:C3:B8:F1:D0:CA:C8:5C:49:3B:B3:6A:A4
Certificate issuer: /CN=c61333d0e8107886d0305c7bd81bdd35489527ae
Certificate serial: 018B5238CC7CD9722C0D69BC0FF5F4EEC976
Authority key identifier: C6:13:33:D0:E8:10:78:86:D0:30:5C:7B:D8:1B:DD:35:48:95:27:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhMz0OgQeIbQMFx72BvdNUiVJ64.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/Ax5wj-Ypy37DuPHQyshcSTuzaqQ.roa
Signing time: Sat 21 Oct 2023 12:32:15 +0000
ROA not before: Sat 21 Oct 2023 12:32:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43045
IP address blocks: 5.182.52.0/22 maxlen: 24
46.17.48.0/21 maxlen: 24
89.221.48.0/20 maxlen: 24
2a02:22c0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:52:38:cc:7c:d9:72:2c:0d:69:bc:0f:f5:f4:ee:c9:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c61333d0e8107886d0305c7bd81bdd35489527ae
Validity
Not Before: Oct 21 12:32:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=031e708fe629cb7ec3b8f1d0cac85c493bb36aa4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:69:9e:a5:90:fd:0c:c4:e8:75:ae:56:bb:d3:
b3:f8:0b:4a:c0:5f:8f:6e:dd:12:30:54:50:4b:1b:
d9:3f:c6:9e:49:8d:c1:16:f8:d1:41:71:c5:25:40:
03:f4:4c:b2:24:1d:7a:15:1e:42:90:f4:d0:61:5a:
cc:54:07:3e:b6:81:2a:27:59:57:a9:c4:c3:58:be:
24:c1:5e:e3:41:31:b8:10:f4:a2:99:1d:2c:bf:f3:
9b:87:a3:9c:32:4c:3c:b3:d0:33:57:2d:56:30:08:
5b:0c:29:c8:55:d1:ce:b2:ed:46:12:8e:8e:ac:96:
4d:fa:54:6b:65:17:b2:c1:49:c9:4c:4f:da:fd:8c:
25:32:60:74:bb:90:8a:09:c9:33:de:1a:0c:09:03:
70:ca:a4:dc:ec:02:da:a0:16:db:6d:39:6e:56:b4:
58:f9:a5:19:f0:79:83:5e:6b:73:34:2f:e7:1a:eb:
80:7f:fd:c3:91:39:00:a9:4c:3f:62:95:fb:a9:48:
47:29:47:89:06:39:cd:b5:e5:07:d4:f8:ad:06:27:
ce:bc:b7:6d:b9:c1:ca:7d:73:ae:31:22:14:d1:67:
27:94:84:73:da:3e:64:6d:6d:6c:bc:a1:6e:04:c3:
4e:b7:b3:56:18:68:b9:88:35:49:e5:fd:4e:b3:4c:
2b:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:1E:70:8F:E6:29:CB:7E:C3:B8:F1:D0:CA:C8:5C:49:3B:B3:6A:A4
X509v3 Authority Key Identifier:
keyid:C6:13:33:D0:E8:10:78:86:D0:30:5C:7B:D8:1B:DD:35:48:95:27:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhMz0OgQeIbQMFx72BvdNUiVJ64.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/Ax5wj-Ypy37DuPHQyshcSTuzaqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/xhMz0OgQeIbQMFx72BvdNUiVJ64.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.52.0/22
46.17.48.0/21
89.221.48.0/20
IPv6:
2a02:22c0::/32
Signature Algorithm: sha256WithRSAEncryption
62:2f:a3:1e:18:c2:fb:95:06:48:06:e9:33:8d:47:8c:a0:ed:
f1:2d:a3:a5:51:7d:91:42:36:ca:56:54:d5:9f:f9:bf:c8:4f:
5f:1d:47:f6:af:e7:d8:c5:15:a4:ab:b4:f6:99:f1:18:fc:60:
eb:19:fc:aa:01:bf:54:66:11:19:48:bf:e7:74:44:02:79:9e:
3d:fe:7f:dd:cc:67:bb:cb:e1:f2:23:fe:01:90:cc:ac:c4:d9:
15:71:3b:67:97:2c:6d:98:94:2a:c8:fe:19:16:dd:bc:52:25:
ba:16:ff:9b:aa:47:34:37:30:e1:bd:b8:bd:88:4c:89:e0:1f:
b0:97:93:98:24:4f:85:e7:56:64:82:fd:a7:c6:43:0e:f5:71:
44:fc:1e:b6:fa:db:e3:09:8b:f9:8c:54:02:02:50:e1:89:4c:
01:06:9d:92:97:33:82:c3:7a:66:f6:b2:d4:cb:a1:56:24:bb:
ea:21:12:49:ed:4a:00:32:f1:a7:7f:f9:e7:f3:a6:c4:47:19:
e0:2d:68:2b:59:3e:ea:ff:ee:ef:50:50:5e:49:b4:9a:f6:77:
a7:9d:ca:51:9f:15:f6:99:70:4c:29:9e:8f:f7:d6:f1:bb:3e:
1c:c6:9f:23:c6:5c:57:8a:86:76:c5:44:53:3e:c5:b0:62:c8:
98:0b:bc:4c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYtSOMx82XIsDWm8D/X07sl2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTMzM2QwZTgxMDc4ODZkMDMwNWM3YmQ4MWJkZDM1NDg5
NTI3YWUwHhcNMjMxMDIxMTIzMjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFlNzA4ZmU2MjljYjdlYzNiOGYxZDBjYWM4NWM0OTNiYjM2YWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GmepZD9DMToda5Wu9Oz+AtKwF+P
bt0SMFRQSxvZP8aeSY3BFvjRQXHFJUAD9EyyJB16FR5CkPTQYVrMVAc+toEqJ1lX
qcTDWL4kwV7jQTG4EPSimR0sv/Obh6OcMkw8s9AzVy1WMAhbDCnIVdHOsu1GEo6O
rJZN+lRrZReywUnJTE/a/YwlMmB0u5CKCckz3hoMCQNwyqTc7ALaoBbbbTluVrRY
+aUZ8HmDXmtzNC/nGuuAf/3DkTkAqUw/YpX7qUhHKUeJBjnNteUH1PitBifOvLdt
ucHKfXOuMSIU0WcnlIRz2j5kbW1svKFuBMNOt7NWGGi5iDVJ5f1Os0wraQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAMecI/mKct+w7jx0MrIXEk7s2qkMB8GA1UdIwQY
MBaAFMYTM9DoEHiG0DBce9gb3TVIlSeuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhNejBPZ1FlSWJRTUZ4NzJCdmROVWlWSjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9kZDMyYzMtZmU4Zi00MDQ3LWI2OGEt
OGVjNWYwZWVhMDQ1LzEvQXg1d2otWXB5MzdEdVBIUXlzaGNTVHV6YXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9kZDMyYzMtZmU4Zi00MDQ3LWI2OGEtOGVjNWYwZWVhMDQ1
LzEveGhNejBPZ1FlSWJRTUZ4NzJCdmROVWlWSjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCBbY0AwQD
LhEwAwQEWd0wMA0EAgACMAcDBQAqAiLAMA0GCSqGSIb3DQEBCwUAA4IBAQBiL6Me
GML7lQZIBukzjUeMoO3xLaOlUX2RQjbKVlTVn/m/yE9fHUf2r+fYxRWkq7T2mfEY
/GDrGfyqAb9UZhEZSL/ndEQCeZ49/n/dzGe7y+HyI/4BkMysxNkVcTtnlyxtmJQq
yP4ZFt28UiW6Fv+bqkc0NzDhvbi9iEyJ4B+wl5OYJE+F51Zkgv2nxkMO9XFE/B62
+tvjCYv5jFQCAlDhiUwBBp2SlzOCw3pm9rLUy6FWJLvqIRJJ7UoAMvGnf/nn86bE
RxngLWgrWT7q/+7vUFBeSbSa9nenncpRnxX2mXBMKZ6P99bxuz4cxp8jxlxXioZ2
xURTPsWwYsiYC7xM
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:34 2025 by rpki-client