Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/10346e-1504-43dd-ab28-66858bc8eb77/1/mfXETfFuVbHDEMaFjlKhzD588N0.roa
File: mfXETfFuVbHDEMaFjlKhzD588N0.roa (raw, json)
Hash identifier: KpfycJM2ZxjJOw2eWMo1f1TvEb5E1q3EjcOa9xHlI6U=
Subject key identifier: 99:F5:C4:4D:F1:6E:55:B1:C3:10:C6:85:8E:52:A1:CC:3E:7C:F0:DD
Certificate issuer: /CN=2aa24e5812fcc3106b9eb0aeb00e627ba235d056
Certificate serial: 0189DA76FD0EC79099E6C03F6B38101C4F6A
Authority key identifier: 2A:A2:4E:58:12:FC:C3:10:6B:9E:B0:AE:B0:0E:62:7B:A2:35:D0:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KqJOWBL8wxBrnrCusA5ie6I10FY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/10346e-1504-43dd-ab28-66858bc8eb77/1/mfXETfFuVbHDEMaFjlKhzD588N0.roa
Signing time: Wed 09 Aug 2023 13:22:58 +0000
ROA not before: Wed 09 Aug 2023 13:22:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50538
IP address blocks: 37.110.240.0/21 maxlen: 21
109.235.216.0/21 maxlen: 21
2a03:dcc0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:da:76:fd:0e:c7:90:99:e6:c0:3f:6b:38:10:1c:4f:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2aa24e5812fcc3106b9eb0aeb00e627ba235d056
Validity
Not Before: Aug 9 13:22:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=99f5c44df16e55b1c310c6858e52a1cc3e7cf0dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e7:8b:44:f4:ec:4d:9d:4a:41:59:52:ae:c8:
0d:a6:b9:71:65:dc:22:38:86:3f:a9:8e:25:63:e5:
1a:dc:d5:4f:8d:58:f1:39:2b:d7:2e:54:58:cf:6c:
7d:71:60:a5:ca:bf:08:04:ce:0e:bb:e4:c6:bd:eb:
80:f7:02:f5:31:62:9b:9e:0c:92:e3:cf:7d:f4:83:
96:14:4c:03:8c:99:a3:1b:78:e8:02:23:f9:fa:26:
83:43:50:76:c5:03:b8:46:57:59:b2:b7:1c:1a:59:
06:47:35:bc:82:b1:4e:04:24:3b:f5:9c:80:67:bd:
91:69:15:85:22:11:38:6c:c5:fc:3c:28:02:a2:01:
cd:35:21:52:ad:47:a8:4a:a1:56:93:1a:f1:c0:2c:
af:af:66:8c:7c:7d:6c:ec:42:20:a9:1a:9d:5d:05:
ab:02:ae:39:dc:92:78:68:5b:35:aa:f8:ae:87:b9:
75:67:28:02:23:e6:b8:b4:02:f5:c5:26:28:5f:db:
9b:39:97:4c:b7:c8:bb:67:29:71:2e:98:6d:14:b5:
6c:1a:c1:ba:22:cc:6b:13:02:78:e1:c1:f1:22:b9:
d0:fa:b6:71:b2:c9:40:68:dc:1b:df:85:e2:b5:ba:
5a:20:a2:9b:dd:15:77:32:59:0d:14:fb:eb:fe:5e:
2b:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:F5:C4:4D:F1:6E:55:B1:C3:10:C6:85:8E:52:A1:CC:3E:7C:F0:DD
X509v3 Authority Key Identifier:
keyid:2A:A2:4E:58:12:FC:C3:10:6B:9E:B0:AE:B0:0E:62:7B:A2:35:D0:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqJOWBL8wxBrnrCusA5ie6I10FY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/10346e-1504-43dd-ab28-66858bc8eb77/1/mfXETfFuVbHDEMaFjlKhzD588N0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/10346e-1504-43dd-ab28-66858bc8eb77/1/KqJOWBL8wxBrnrCusA5ie6I10FY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.110.240.0/21
109.235.216.0/21
IPv6:
2a03:dcc0::/32
Signature Algorithm: sha256WithRSAEncryption
16:2e:b4:8e:71:b1:6b:f2:8a:39:df:db:69:12:ae:40:cc:44:
4c:8e:7c:06:2c:59:96:6f:46:26:d6:b8:87:c6:7e:7e:eb:42:
22:b6:aa:a6:18:b5:7d:b4:85:1b:e6:6b:45:32:f2:c6:a1:d2:
b3:1b:6a:35:02:51:6a:c3:12:16:d9:6b:35:63:91:4e:8d:5f:
dd:d4:52:60:4a:82:f3:e8:14:02:72:84:58:83:de:ef:0d:2f:
9c:dd:59:74:bd:91:a6:d5:4b:17:9a:3b:cb:cb:9a:17:1e:8e:
c6:af:4b:7e:a9:88:03:74:ab:5c:43:6e:2b:26:64:59:44:96:
05:0f:ea:f5:ce:b3:20:9d:d5:ff:dc:5e:b3:f7:9c:78:f8:77:
14:77:ff:02:03:e2:a9:81:94:3a:35:c9:29:ef:30:66:72:77:
58:55:03:62:03:4b:fe:09:0e:83:03:6f:26:29:be:98:4d:cb:
2f:83:d5:a3:56:d5:2a:8c:f1:10:b3:ee:1e:fe:8e:01:34:da:
04:4d:f8:4f:0a:99:6e:0d:12:1b:26:8e:c2:33:48:41:de:84:
d5:7d:74:08:f0:52:c2:82:75:42:d4:ab:35:37:1b:e1:b8:6f:
a3:5d:5b:55:16:19:85:54:47:cc:98:ce:b6:a4:2d:2f:f4:6e:
8f:84:23:64
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYnadv0Ox5CZ5sA/azgQHE9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTI0ZTU4MTJmY2MzMTA2YjllYjBhZWIwMGU2MjdiYTIz
NWQwNTYwHhcNMjMwODA5MTMyMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWY1YzQ0ZGYxNmU1NWIxYzMxMGM2ODU4ZTUyYTFjYzNlN2NmMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+eLRPTsTZ1KQVlSrsgNprlxZdwi
OIY/qY4lY+Ua3NVPjVjxOSvXLlRYz2x9cWClyr8IBM4Ou+TGveuA9wL1MWKbngyS
48999IOWFEwDjJmjG3joAiP5+iaDQ1B2xQO4RldZsrccGlkGRzW8grFOBCQ79ZyA
Z72RaRWFIhE4bMX8PCgCogHNNSFSrUeoSqFWkxrxwCyvr2aMfH1s7EIgqRqdXQWr
Aq453JJ4aFs1qviuh7l1ZygCI+a4tAL1xSYoX9ubOZdMt8i7ZylxLphtFLVsGsG6
IsxrEwJ44cHxIrnQ+rZxsslAaNwb34XitbpaIKKb3RV3MlkNFPvr/l4rQQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJn1xE3xblWxwxDGhY5Socw+fPDdMB8GA1UdIwQY
MBaAFCqiTlgS/MMQa56wrrAOYnuiNdBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FKT1dCTDh3eEJybnJDdXNBNWllNkkxMEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xMDM0NmUtMTUwNC00M2RkLWFiMjgt
NjY4NThiYzhlYjc3LzEvbWZYRVRmRnVWYkhERU1hRmpsS2h6RDU4OE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xMDM0NmUtMTUwNC00M2RkLWFiMjgtNjY4NThiYzhlYjc3
LzEvS3FKT1dCTDh3eEJybnJDdXNBNWllNkkxMEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJW7wAwQD
bevYMA0EAgACMAcDBQAqA9zAMA0GCSqGSIb3DQEBCwUAA4IBAQAWLrSOcbFr8oo5
39tpEq5AzERMjnwGLFmWb0Ym1riHxn5+60IitqqmGLV9tIUb5mtFMvLGodKzG2o1
AlFqwxIW2Ws1Y5FOjV/d1FJgSoLz6BQCcoRYg97vDS+c3Vl0vZGm1UsXmjvLy5oX
Ho7Gr0t+qYgDdKtcQ24rJmRZRJYFD+r1zrMgndX/3F6z95x4+HcUd/8CA+KpgZQ6
Nckp7zBmcndYVQNiA0v+CQ6DA28mKb6YTcsvg9WjVtUqjPEQs+4e/o4BNNoETfhP
CpluDRIbJo7CM0hB3oTVfXQI8FLCgnVC1Ks1NxvhuG+jXVtVFhmFVEfMmM62pC0v
9G6PhCNk
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:24:51 2025 by rpki-client