Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/0SRuKibL1OWqSdoPjPcjjZWQ1pk.roa
File: 0SRuKibL1OWqSdoPjPcjjZWQ1pk.roa (raw, json)
Hash identifier: iFI2m45ax1wvHac2k/avLP+3pPvNaG8pngpAgOqT5Fs=
Subject key identifier: D1:24:6E:2A:26:CB:D4:E5:AA:49:DA:0F:8C:F7:23:8D:95:90:D6:99
Certificate issuer: /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial: 036E3182
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/0SRuKibL1OWqSdoPjPcjjZWQ1pk.roa
Signing time: Mon 20 Jun 2022 10:24:46 +0000
ROA not before: Mon 20 Jun 2022 10:24:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 196925
IP address blocks: 149.126.112.0/20 maxlen: 20
149.126.118.0/24 maxlen: 24
149.126.117.0/24 maxlen: 24
149.126.116.0/24 maxlen: 24
149.126.119.0/24 maxlen: 24
185.138.12.0/22 maxlen: 22
109.235.192.0/21 maxlen: 21
109.235.193.0/24 maxlen: 24
109.235.199.0/24 maxlen: 24
5.133.224.0/20 maxlen: 20
134.19.208.0/20 maxlen: 20
131.117.128.0/20 maxlen: 20
134.19.217.0/24 maxlen: 24
134.19.216.0/24 maxlen: 24
2a00:9100::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 57553282 (0x36e3182)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Validity
Not Before: Jun 20 10:24:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d1246e2a26cbd4e5aa49da0f8cf7238d9590d699
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:0b:ab:1b:0d:da:42:a6:f4:f4:f1:44:6d:e5:
f4:09:28:d8:c3:37:77:7e:6d:4e:ca:37:0f:ec:a1:
5d:83:74:8f:88:16:9b:47:ba:bc:6a:0b:49:9b:be:
9e:14:b5:f6:f3:9e:6c:83:5e:f4:b5:64:6b:3c:62:
2c:92:4e:2b:52:bf:41:30:bb:0b:13:6a:6d:a5:66:
12:da:14:53:34:f8:9d:fc:26:de:a5:0a:9e:6d:3c:
f3:25:d4:85:55:46:2c:3d:be:b6:e4:b8:b4:25:6b:
20:0a:7e:b3:57:17:21:eb:59:d1:da:36:0c:c4:ec:
81:2e:33:f8:d5:84:28:a9:e1:90:99:d7:6b:d2:de:
76:95:56:a7:4a:d6:39:df:e5:8d:02:79:55:f1:a5:
0c:d2:15:c9:34:8b:5d:22:28:4b:d7:c2:55:5b:da:
ef:4a:df:a3:d4:63:10:ca:a9:be:3f:d5:27:35:7a:
54:92:ca:c0:93:65:3f:5a:93:26:85:34:5e:c9:85:
f8:18:80:cd:df:b0:8d:1b:b6:59:04:db:bd:cd:87:
90:e2:02:9c:29:18:df:69:06:96:a7:91:7d:3d:fb:
3d:d6:2d:b8:ed:d3:f8:5a:46:21:5f:94:02:08:ec:
66:0b:3f:46:a3:50:fd:3b:dd:ec:89:06:fe:ed:86:
61:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:24:6E:2A:26:CB:D4:E5:AA:49:DA:0F:8C:F7:23:8D:95:90:D6:99
X509v3 Authority Key Identifier:
keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/0SRuKibL1OWqSdoPjPcjjZWQ1pk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.224.0/20
109.235.192.0/21
131.117.128.0/20
134.19.208.0/20
149.126.112.0/20
185.138.12.0/22
IPv6:
2a00:9100::/32
Signature Algorithm: sha256WithRSAEncryption
16:a3:51:0e:97:c5:03:5e:fe:f7:5c:7e:72:0d:1b:97:69:d4:
c6:e2:8f:39:de:7e:de:c9:9a:4f:82:c5:63:e5:e4:ca:3e:e3:
96:cb:3d:b9:f2:ac:9f:de:75:21:14:30:c4:7a:1b:64:9a:ac:
f7:91:f2:52:59:36:5c:44:cf:40:ac:e1:a8:d3:cf:98:eb:b1:
42:32:c4:cc:5b:77:77:5e:c5:a1:c2:05:73:c1:59:2d:2d:32:
83:ab:21:a6:d5:f5:20:1a:b7:57:3c:d0:64:d3:32:e6:fa:3d:
99:ed:cc:e2:62:0b:5c:45:81:19:46:ff:ff:a7:46:d4:7d:2b:
1d:f2:a4:63:ee:ca:46:87:d5:06:8c:d9:32:4e:45:2f:10:ff:
aa:c6:6b:95:c9:f2:ba:a4:73:f3:c2:6e:24:e8:f2:37:77:59:
2e:d7:bc:43:57:66:59:65:a2:72:a9:6c:e1:cd:21:c6:27:28:
e7:82:e8:5c:ea:1f:7e:ba:24:84:e3:ed:0b:d6:84:8c:a4:57:
4d:81:7a:8f:d1:65:95:dc:94:44:47:b5:73:18:83:1c:7d:9f:
e9:a1:c6:71:a2:b4:ad:bd:9d:19:ba:d0:d9:55:b0:04:c4:89:
1c:f3:ed:55:0d:28:6f:76:1d:47:b1:85:b3:d9:a4:80:74:a0:
0e:2a:d8:da
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEA24xgjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YmVkMzZhZjEzZGE0ODJmZGY3OWZiNTQwM2U1MDc0ODYwZWVjZDBkMB4XDTIyMDYy
MDEwMjQ0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDEyNDZlMmEyNmNi
ZDRlNWFhNDlkYTBmOGNmNzIzOGQ5NTkwZDY5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALoLqxsN2kKm9PTxRG3l9Ako2MM3d35tTso3D+yhXYN0j4gW
m0e6vGoLSZu+nhS19vOebINe9LVkazxiLJJOK1K/QTC7CxNqbaVmEtoUUzT4nfwm
3qUKnm088yXUhVVGLD2+tuS4tCVrIAp+s1cXIetZ0do2DMTsgS4z+NWEKKnhkJnX
a9LedpVWp0rWOd/ljQJ5VfGlDNIVyTSLXSIoS9fCVVva70rfo9RjEMqpvj/VJzV6
VJLKwJNlP1qTJoU0XsmF+BiAzd+wjRu2WQTbvc2HkOICnCkY32kGlqeRfT37PdYt
uO3T+FpGIV+UAgjsZgs/RqNQ/Tvd7IkG/u2GYaUCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBTRJG4qJsvU5apJ2g+M9yONlZDWmTAfBgNVHSMEGDAWgBSb7TavE9pIL995
+1QD5QdIYO7NDTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L20tMDJyeFBhU0NfZmVmdFVBLVVIU0dEdXpRMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODYvNGIwMjgzLWE5MGMtNGQ2NC04MzAxLWQyMjFlYmQwODE4ZC8x
LzBTUnVLaWJMMU9XcVNkb1BqUGNqalpXUTFway5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYv
NGIwMjgzLWE5MGMtNGQ2NC04MzAxLWQyMjFlYmQwODE4ZC8xL20tMDJyeFBhU0Nf
ZmVmdFVBLVVIU0dEdXpRMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEBAWF4AMEA23rwAMEBIN1gAMEBIYT
0AMEBJV+cAMEArmKDDANBAIAAjAHAwUAKgCRADANBgkqhkiG9w0BAQsFAAOCAQEA
FqNRDpfFA17+91x+cg0bl2nUxuKPOd5+3smaT4LFY+Xkyj7jlss9ufKsn951IRQw
xHobZJqs95HyUlk2XETPQKzhqNPPmOuxQjLEzFt3d17FocIFc8FZLS0yg6shptX1
IBq3VzzQZNMy5vo9me3M4mILXEWBGUb//6dG1H0rHfKkY+7KRofVBozZMk5FLxD/
qsZrlcnyuqRz88JuJOjyN3dZLte8Q1dmWWWicqls4c0hxico54LoXOoffrokhOPt
C9aEjKRXTYF6j9FlldyUREe1cxiDHH2f6aHGcaK0rb2dGbrQ2VWwBMSJHPPtVQ0o
b3YdR7GFs9mkgHSgDirY2g==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:49:39 2025 by rpki-client