Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ce24e2-68be-47d7-950b-c6b8800aa858/1/AxqU0KKbTXY8D-u1Kp12HYB8DLM.roa
File: AxqU0KKbTXY8D-u1Kp12HYB8DLM.roa (raw, json)
Hash identifier: JaLRiWtb6DPyE5PRtDD+GTxghxpWMsVVJNB+ow/RDQ0=
Subject key identifier: 03:1A:94:D0:A2:9B:4D:76:3C:0F:EB:B5:2A:9D:76:1D:80:7C:0C:B3
Certificate issuer: /CN=81696a81372357b5f1ed7c82ccaa993a980d54e7
Certificate serial: 0185D5492019FB8D095A546F4B671E646BE6
Authority key identifier: 81:69:6A:81:37:23:57:B5:F1:ED:7C:82:CC:AA:99:3A:98:0D:54:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gWlqgTcjV7Xx7XyCzKqZOpgNVOc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/ce24e2-68be-47d7-950b-c6b8800aa858/1/AxqU0KKbTXY8D-u1Kp12HYB8DLM.roa
Signing time: Sat 21 Jan 2023 17:03:37 +0000
ROA not before: Sat 21 Jan 2023 17:03:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200697
IP address blocks: 45.134.241.0/24 maxlen: 24
45.134.242.0/24 maxlen: 24
45.134.243.0/24 maxlen: 24
45.134.240.0/24 maxlen: 24
2a07:4680::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:d5:49:20:19:fb:8d:09:5a:54:6f:4b:67:1e:64:6b:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81696a81372357b5f1ed7c82ccaa993a980d54e7
Validity
Not Before: Jan 21 17:03:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=031a94d0a29b4d763c0febb52a9d761d807c0cb3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:91:18:7c:31:ed:4b:c8:63:0c:0c:2e:de:c6:
de:83:83:5b:03:c8:ca:9b:a9:23:12:0a:2c:0a:ae:
c3:88:fe:96:b2:47:66:c3:c5:d9:b6:a3:85:8a:2e:
69:1f:cb:21:b8:f2:32:e2:94:36:fb:9c:f3:39:03:
4c:3b:49:d4:44:d4:0e:74:35:35:c8:65:4e:28:fc:
c2:3c:9d:92:87:d9:44:7c:30:c5:20:57:b1:8b:47:
ba:bb:25:36:b1:ff:79:06:96:3c:55:8d:9c:fe:cb:
55:37:9d:ad:42:f8:b0:00:c1:92:f7:1d:61:c3:35:
a5:f4:f1:b7:30:77:5e:5d:e0:46:76:6b:eb:39:43:
23:23:31:04:ab:2a:a1:57:dd:88:f3:ea:6f:10:65:
67:df:0f:71:7d:83:16:49:00:d7:47:31:7b:82:1e:
b3:aa:5a:5f:1e:11:31:cd:82:15:9b:98:cd:31:e6:
33:0a:b1:ba:9c:cc:ea:45:f3:de:32:cb:29:a6:17:
a8:90:96:f4:da:89:0a:67:3b:84:8b:d2:4c:c7:2a:
35:8c:1b:c1:bb:d6:be:91:55:d9:d8:d9:14:e1:30:
2c:e3:e0:e5:dd:4e:5e:46:29:34:05:3b:03:34:7b:
8b:b3:30:1c:89:fb:fc:a7:73:74:22:5d:ae:3f:3e:
d9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:1A:94:D0:A2:9B:4D:76:3C:0F:EB:B5:2A:9D:76:1D:80:7C:0C:B3
X509v3 Authority Key Identifier:
keyid:81:69:6A:81:37:23:57:B5:F1:ED:7C:82:CC:AA:99:3A:98:0D:54:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gWlqgTcjV7Xx7XyCzKqZOpgNVOc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ce24e2-68be-47d7-950b-c6b8800aa858/1/AxqU0KKbTXY8D-u1Kp12HYB8DLM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ce24e2-68be-47d7-950b-c6b8800aa858/1/gWlqgTcjV7Xx7XyCzKqZOpgNVOc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.240.0/22
IPv6:
2a07:4680::/32
Signature Algorithm: sha256WithRSAEncryption
ba:39:0d:14:2e:d8:27:ee:86:29:3d:7a:c7:30:3e:50:f5:0f:
09:9c:73:5c:cb:62:4d:76:fe:a4:92:a2:68:57:a0:4f:d2:4e:
59:34:32:60:bf:2e:e1:e5:e4:e0:a3:74:62:e8:9a:23:3a:6b:
2a:e2:ff:69:9d:3c:4a:4f:bc:32:67:32:12:75:bd:25:42:66:
6a:31:7f:7d:01:f5:9f:c7:38:6c:ba:85:17:66:37:5c:b3:fe:
5a:51:45:54:89:a5:87:50:5e:cd:51:a7:0e:4c:c1:d0:a6:24:
2f:7b:e8:7a:02:48:b9:4a:d2:a8:7e:5a:2a:32:05:bf:dd:7c:
f4:a1:98:54:18:30:d6:ea:2f:09:a0:0e:8d:13:2b:24:35:47:
5f:53:0a:25:82:25:ae:88:fe:35:09:75:10:e8:24:c3:0f:5a:
c7:8a:39:ac:73:95:9b:12:eb:12:fd:fa:ca:26:fd:4a:f4:4e:
44:a5:89:0d:75:9d:d4:bf:ee:3c:a4:30:a7:00:a2:96:e1:7d:
be:3d:9e:59:84:2e:f6:97:fa:7b:ff:b8:aa:37:98:8b:be:7f:
02:d8:4e:4c:44:44:9c:0c:16:94:24:5c:e7:30:a6:44:60:a3:
5c:c7:d0:72:63:ec:8c:cb:41:c2:db:71:81:f6:65:22:a9:35:
23:ba:a0:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYXVSSAZ+40JWlRvS2ceZGvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNjk2YTgxMzcyMzU3YjVmMWVkN2M4MmNjYWE5OTNhOTgw
ZDU0ZTcwHhcNMjMwMTIxMTcwMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFhOTRkMGEyOWI0ZDc2M2MwZmViYjUyYTlkNzYxZDgwN2MwY2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJEYfDHtS8hjDAwu3sbeg4NbA8jK
m6kjEgosCq7DiP6Wskdmw8XZtqOFii5pH8shuPIy4pQ2+5zzOQNMO0nURNQOdDU1
yGVOKPzCPJ2Sh9lEfDDFIFexi0e6uyU2sf95BpY8VY2c/stVN52tQviwAMGS9x1h
wzWl9PG3MHdeXeBGdmvrOUMjIzEEqyqhV92I8+pvEGVn3w9xfYMWSQDXRzF7gh6z
qlpfHhExzYIVm5jNMeYzCrG6nMzqRfPeMssppheokJb02okKZzuEi9JMxyo1jBvB
u9a+kVXZ2NkU4TAs4+Dl3U5eRik0BTsDNHuLszAcifv8p3N0Il2uPz7ZvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAMalNCim012PA/rtSqddh2AfAyzMB8GA1UdIwQY
MBaAFIFpaoE3I1e18e18gsyqmTqYDVTnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1dscWdUY2pWN1h4N1h5Q3pLcVpPcGdOVk9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jZTI0ZTItNjhiZS00N2Q3LTk1MGIt
YzZiODgwMGFhODU4LzEvQXhxVTBLS2JUWFk4RC11MUtwMTJIWUI4RExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jZTI0ZTItNjhiZS00N2Q3LTk1MGItYzZiODgwMGFhODU4
LzEvZ1dscWdUY2pWN1h4N1h5Q3pLcVpPcGdOVk9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYbwMA0E
AgACMAcDBQAqB0aAMA0GCSqGSIb3DQEBCwUAA4IBAQC6OQ0ULtgn7oYpPXrHMD5Q
9Q8JnHNcy2JNdv6kkqJoV6BP0k5ZNDJgvy7h5eTgo3Ri6JojOmsq4v9pnTxKT7wy
ZzISdb0lQmZqMX99AfWfxzhsuoUXZjdcs/5aUUVUiaWHUF7NUacOTMHQpiQve+h6
Aki5StKofloqMgW/3Xz0oZhUGDDW6i8JoA6NEyskNUdfUwolgiWuiP41CXUQ6CTD
D1rHijmsc5WbEusS/frKJv1K9E5EpYkNdZ3Uv+48pDCnAKKW4X2+PZ5ZhC72l/p7
/7iqN5iLvn8C2E5MREScDBaUJFznMKZEYKNcx9ByY+yMy0HC23GB9mUiqTUjuqAM
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:29:14 2025 by rpki-client