Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/qVkI4J2PcjAjHNsySq0AcMF527Q.roa
File: qVkI4J2PcjAjHNsySq0AcMF527Q.roa (raw, json)
Hash identifier: mxKtX9j3rRJLWA6mBkA+aJXAhr1rouZI2wcioGUe1aA=
Subject key identifier: A9:59:08:E0:9D:8F:72:30:23:1C:DB:32:4A:AD:00:70:C1:79:DB:B4
Certificate issuer: /CN=b7151f194a3e524c82c677b8e132058143c8ebee
Certificate serial: 01856DDD2104FE0A90A18236E5D187ABE01E
Authority key identifier: B7:15:1F:19:4A:3E:52:4C:82:C6:77:B8:E1:32:05:81:43:C8:EB:EE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/txUfGUo-UkyCxne44TIFgUPI6-4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/qVkI4J2PcjAjHNsySq0AcMF527Q.roa
Signing time: Sun 01 Jan 2023 15:04:46 +0000
ROA not before: Sun 01 Jan 2023 15:04:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21293
IP address blocks: 160.68.0.0/16 maxlen: 16
185.97.188.0/22 maxlen: 24
160.67.0.0/16 maxlen: 16
2a00:f980::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:dd:21:04:fe:0a:90:a1:82:36:e5:d1:87:ab:e0:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b7151f194a3e524c82c677b8e132058143c8ebee
Validity
Not Before: Jan 1 15:04:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a95908e09d8f7230231cdb324aad0070c179dbb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:5a:fa:bd:08:10:1a:d4:48:ae:d9:c0:d1:3a:
f9:c4:ca:62:82:51:e0:5d:fe:8b:ae:eb:d4:dd:1d:
58:48:a1:0c:e9:50:ec:92:b0:44:45:80:e0:3c:59:
67:b5:93:b4:90:96:aa:d4:27:3c:5d:12:6f:12:45:
41:3a:ca:11:3c:67:b2:ef:a8:f9:b8:d2:71:c9:c9:
19:e5:b0:a0:78:5a:1f:87:40:f9:7a:b5:48:72:2a:
66:de:f0:31:bf:67:68:40:86:27:e0:26:6c:7d:d3:
53:aa:49:24:eb:b4:45:b1:31:1e:d0:de:bd:85:17:
b6:fb:85:d3:b6:09:f8:84:4d:7d:f3:cf:7a:ad:2b:
04:c8:d4:ee:26:16:f7:f3:97:11:56:4b:b8:dd:f8:
98:f5:e2:9c:05:6a:96:45:fd:4d:de:ed:3f:f7:0c:
ee:92:c4:0d:c8:97:e9:7c:f9:43:69:19:80:9a:a8:
6b:09:59:d7:27:bf:f3:a0:c6:75:22:7a:c5:36:9d:
71:63:cb:3d:01:8b:54:b1:f2:68:be:2e:d2:bb:a7:
cb:e5:4c:aa:34:f4:6d:94:50:68:8d:f1:b1:39:b5:
53:0f:5c:f5:12:c4:59:fb:d7:5f:8d:a2:a2:c7:88:
7e:24:bb:1d:bb:31:2c:b1:2f:31:a2:e9:58:b4:dc:
01:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:59:08:E0:9D:8F:72:30:23:1C:DB:32:4A:AD:00:70:C1:79:DB:B4
X509v3 Authority Key Identifier:
keyid:B7:15:1F:19:4A:3E:52:4C:82:C6:77:B8:E1:32:05:81:43:C8:EB:EE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txUfGUo-UkyCxne44TIFgUPI6-4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/qVkI4J2PcjAjHNsySq0AcMF527Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/txUfGUo-UkyCxne44TIFgUPI6-4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
160.67.0.0-160.68.255.255
185.97.188.0/22
IPv6:
2a00:f980::/32
Signature Algorithm: sha256WithRSAEncryption
18:5f:df:35:e9:bf:cd:77:56:e7:12:05:f8:7f:f9:b2:27:87:
7d:bd:cd:25:6b:4e:9d:c8:f5:48:50:41:b2:a5:2d:5e:e3:5e:
ef:8a:27:e4:89:76:dd:21:f2:28:b1:17:2b:99:44:7b:25:41:
e7:55:b2:96:23:60:41:08:a1:15:c7:08:6d:f7:ce:06:b7:b8:
34:d1:08:9d:2d:6e:45:20:66:7a:4d:b2:d6:fa:73:2f:c2:ba:
95:cd:d6:61:69:5e:6b:4b:3b:1c:df:c2:1b:a0:6c:90:de:9c:
78:e8:50:8d:4e:b0:4f:00:67:57:a2:ae:d9:4b:4e:62:c1:c6:
6d:58:bc:c6:d6:18:d8:98:02:d6:87:ea:35:89:ff:c3:5b:3e:
f0:7a:13:42:5b:20:30:53:09:87:85:48:68:96:2b:d0:bd:00:
1e:d8:e7:e3:cb:ab:8a:27:52:d9:d4:5c:27:26:fc:2d:6f:0b:
b4:80:3d:f4:9b:d6:b5:72:40:61:ac:ea:c7:9c:31:69:2d:8f:
3c:55:dc:32:88:d3:a2:a8:7e:68:b0:c8:3b:d7:9d:89:30:14:
c5:e3:df:ec:e4:ec:32:6d:ed:75:20:a4:0b:5b:c6:4c:e6:84:
14:10:05:8b:83:d5:d5:1e:f5:25:19:fb:11:74:de:29:a9:ef:
c6:18:bd:a3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVt3SEE/gqQoYI25dGHq+AeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTUxZjE5NGEzZTUyNGM4MmM2NzdiOGUxMzIwNTgxNDNj
OGViZWUwHhcNMjMwMTAxMTUwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTU5MDhlMDlkOGY3MjMwMjMxY2RiMzI0YWFkMDA3MGMxNzlkYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklr6vQgQGtRIrtnA0Tr5xMpiglHg
Xf6LruvU3R1YSKEM6VDskrBERYDgPFlntZO0kJaq1Cc8XRJvEkVBOsoRPGey76j5
uNJxyckZ5bCgeFofh0D5erVIcipm3vAxv2doQIYn4CZsfdNTqkkk67RFsTEe0N69
hRe2+4XTtgn4hE198896rSsEyNTuJhb385cRVku43fiY9eKcBWqWRf1N3u0/9wzu
ksQNyJfpfPlDaRmAmqhrCVnXJ7/zoMZ1InrFNp1xY8s9AYtUsfJovi7Su6fL5Uyq
NPRtlFBojfGxObVTD1z1EsRZ+9dfjaKix4h+JLsduzEssS8xoulYtNwBJwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKlZCOCdj3IwIxzbMkqtAHDBedu0MB8GA1UdIwQY
MBaAFLcVHxlKPlJMgsZ3uOEyBYFDyOvuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhVZkdVby1Va3lDeG5lNDRUSUZnVVBJNi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80OWEzMmQtZDBmMi00ODFhLTk3OTEt
YzlhNDlmNzBlMjNiLzEvcVZrSTRKMlBjakFqSE5zeVNxMEFjTUY1MjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80OWEzMmQtZDBmMi00ODFhLTk3OTEtYzlhNDlmNzBlMjNi
LzEvdHhVZkdVby1Va3lDeG5lNDRUSUZnVVBJNi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASMAoDAwCgQwMD
AKBEAwQCuWG8MA0EAgACMAcDBQAqAPmAMA0GCSqGSIb3DQEBCwUAA4IBAQAYX981
6b/Nd1bnEgX4f/myJ4d9vc0la06dyPVIUEGypS1e417viifkiXbdIfIosRcrmUR7
JUHnVbKWI2BBCKEVxwht984Gt7g00QidLW5FIGZ6TbLW+nMvwrqVzdZhaV5rSzsc
38IboGyQ3px46FCNTrBPAGdXoq7ZS05iwcZtWLzG1hjYmALWh+o1if/DWz7wehNC
WyAwUwmHhUholivQvQAe2Ofjy6uKJ1LZ1FwnJvwtbwu0gD30m9a1ckBhrOrHnDFp
LY88VdwyiNOiqH5osMg7152JMBTF49/s5Owybe11IKQLW8ZM5oQUEAWLg9XVHvUl
GfsRdN4pqe/GGL2j
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:31:14 2025 by rpki-client