Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/KXcaG0UdNIYunCfOFMzIR1AcvDs.roa
File: KXcaG0UdNIYunCfOFMzIR1AcvDs.roa (raw, json)
Hash identifier: WTb5q71EsidWbhvTGRr2Q151+nAhbLFj7QLPtXtmnKI=
Subject key identifier: 29:77:1A:1B:45:1D:34:86:2E:9C:27:CE:14:CC:C8:47:50:1C:BC:3B
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 01854368D528B5CADCEC6784A1C14390DA7E
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/KXcaG0UdNIYunCfOFMzIR1AcvDs.roa
Signing time: Sat 24 Dec 2022 09:13:41 +0000
ROA not before: Sat 24 Dec 2022 09:13:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 203236
IP address blocks: 2a12:3fc2:aa10::/44 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:43:68:d5:28:b5:ca:dc:ec:67:84:a1:c1:43:90:da:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Dec 24 09:13:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=29771a1b451d34862e9c27ce14ccc847501cbc3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:f1:6b:7b:7b:28:b3:bc:64:7d:02:aa:8e:d7:
4b:0a:dd:b1:50:41:79:4c:0f:f0:f3:76:06:e4:50:
25:56:b6:e1:fd:5c:0c:f6:94:21:c4:c1:81:ba:48:
eb:6f:e6:fd:db:5f:7a:03:d8:5b:fe:31:4e:da:6e:
ef:f3:48:b5:54:16:d9:79:b2:18:17:67:9f:a1:15:
7d:d6:66:62:a2:82:d5:c1:b6:c8:8d:a4:40:cc:7b:
4a:fe:8c:ae:67:8b:fb:21:fd:07:0a:fe:b3:9f:a0:
af:38:a0:6d:64:2d:1e:56:65:4c:58:12:7e:dd:a0:
25:dc:de:86:0f:87:09:b1:4f:8f:55:3c:59:65:76:
cb:44:2b:f9:32:53:f2:d6:ca:4c:bf:da:ad:57:10:
dd:24:dd:39:01:26:e2:06:f6:60:28:bc:89:af:3d:
4f:41:76:2d:6e:e7:4b:e5:ad:eb:23:e1:b2:0e:b1:
58:48:b9:c7:be:da:59:40:98:4e:9b:1c:3c:e8:2a:
57:52:20:7b:31:60:6f:7a:9b:65:69:5f:5e:fd:b9:
df:43:b4:d4:57:82:5e:5c:ee:6d:b3:3b:10:59:f6:
1d:bd:c4:e5:06:05:67:90:2a:28:ff:b8:3a:f6:0d:
d3:87:3c:ef:d3:36:3f:20:86:01:5f:52:f8:74:6a:
16:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:77:1A:1B:45:1D:34:86:2E:9C:27:CE:14:CC:C8:47:50:1C:BC:3B
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/KXcaG0UdNIYunCfOFMzIR1AcvDs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:3fc2:aa10::/44
Signature Algorithm: sha256WithRSAEncryption
67:0b:f1:df:c5:97:95:2e:04:ed:7d:51:62:9e:e9:e7:94:e7:
7d:7c:c4:0d:9b:82:93:2e:47:33:34:34:5c:76:4d:b8:df:26:
d8:70:57:1f:61:5e:1c:1c:37:1e:5a:e1:de:01:7a:43:82:62:
bd:c0:b2:b3:9e:df:7d:6f:56:7c:ae:ad:5a:6b:58:1f:12:78:
15:63:38:4c:7c:81:b8:8c:94:10:97:e3:c4:ec:ee:12:9f:a6:
6f:42:ae:0d:f8:fc:87:75:45:eb:18:55:9d:f9:c3:11:2a:0a:
5c:7b:79:2b:c8:3a:43:35:7a:c0:e5:05:39:a6:86:e8:4c:1a:
f4:1e:8e:d1:e2:90:b6:0f:ad:51:b7:d0:86:cd:d9:a9:10:8f:
67:a1:5e:09:53:19:da:6a:39:f8:bc:1b:90:b5:10:b4:4e:3a:
5d:c4:31:de:5f:2a:9f:27:8f:9f:9e:56:1a:b5:ee:47:fd:cf:
e7:69:dc:5c:13:34:09:f5:0a:9f:b8:19:ad:0a:15:ce:a7:89:
08:33:31:19:5a:a8:48:f9:28:24:a0:ad:32:cc:cd:15:05:43:
f3:32:05:16:88:10:26:c1:b1:63:4f:7c:5c:fa:20:92:e4:67:
cc:d0:85:ce:2a:70:31:97:1c:56:ae:1c:c1:3b:4c:27:19:99:
b8:ea:10:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVDaNUotcrc7GeEocFDkNp+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjIxMjI0MDkxMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc3MWExYjQ1MWQzNDg2MmU5YzI3Y2UxNGNjYzg0NzUwMWNiYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvFre3sos7xkfQKqjtdLCt2xUEF5
TA/w83YG5FAlVrbh/VwM9pQhxMGBukjrb+b92196A9hb/jFO2m7v80i1VBbZebIY
F2efoRV91mZiooLVwbbIjaRAzHtK/oyuZ4v7If0HCv6zn6CvOKBtZC0eVmVMWBJ+
3aAl3N6GD4cJsU+PVTxZZXbLRCv5MlPy1spMv9qtVxDdJN05ASbiBvZgKLyJrz1P
QXYtbudL5a3rI+GyDrFYSLnHvtpZQJhOmxw86CpXUiB7MWBveptlaV9e/bnfQ7TU
V4JeXO5tszsQWfYdvcTlBgVnkCoo/7g69g3Thzzv0zY/IIYBX1L4dGoWFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCl3GhtFHTSGLpwnzhTMyEdQHLw7MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvS1hjYUcwVWROSVl1bkNmT0ZNeklSMUFjdkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBnC/HfxZeVLgTtfVFinunnlOd9fMQNm4KTLkcz
NDRcdk243ybYcFcfYV4cHDceWuHeAXpDgmK9wLKznt99b1Z8rq1aa1gfEngVYzhM
fIG4jJQQl+PE7O4Sn6ZvQq4N+PyHdUXrGFWd+cMRKgpce3kryDpDNXrA5QU5pobo
TBr0Ho7R4pC2D61Rt9CGzdmpEI9noV4JUxnaajn4vBuQtRC0TjpdxDHeXyqfJ4+f
nlYate5H/c/nadxcEzQJ9QqfuBmtChXOp4kIMzEZWqhI+SgkoK0yzM0VBUPzMgUW
iBAmwbFjT3xc+iCS5GfM0IXOKnAxlxxWrhzBO0wnGZm46hBd
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:59:56 2025 by rpki-client