Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/qnmjbVyIhfM38UKT8wamZhhwyEk.roa
File: qnmjbVyIhfM38UKT8wamZhhwyEk.roa (raw, json)
Hash identifier: c1LCLVZPR7DDLOYaTH/zzkcK99GMnuWS2sfrQWOeV3s=
Subject key identifier: AA:79:A3:6D:5C:88:85:F3:37:F1:42:93:F3:06:A6:66:18:70:C8:49
Certificate issuer: /CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
Certificate serial: 01877ABE40CBD28A761F420A150E7F6A4EFB
Authority key identifier: A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/qnmjbVyIhfM38UKT8wamZhhwyEk.roa
Signing time: Thu 13 Apr 2023 13:11:41 +0000
ROA not before: Thu 13 Apr 2023 13:11:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1921
IP address blocks: 176.97.158.0/24 maxlen: 24
192.174.68.0/24 maxlen: 24
2001:67c:10b8::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7a:be:40:cb:d2:8a:76:1f:42:0a:15:0e:7f:6a:4e:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
Validity
Not Before: Apr 13 13:11:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aa79a36d5c8885f337f14293f306a6661870c849
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:08:d1:c8:e5:13:f4:41:aa:0e:e8:9e:b1:da:
0e:d0:5c:c3:94:b5:88:dc:de:17:44:dd:39:a3:67:
10:a8:f3:1b:75:4b:72:4f:0d:32:85:f2:c6:e3:81:
3b:66:cd:b4:18:ac:12:ae:d9:d3:29:5d:69:04:7d:
68:22:e3:61:2a:4d:71:80:81:32:1a:b8:6c:81:d2:
b7:d5:52:65:7c:a0:36:46:b6:3f:4f:59:f0:27:cb:
3d:6b:c9:58:d6:28:56:11:7f:69:8d:71:68:71:a1:
5c:45:80:2f:6d:00:cb:9f:61:e8:7c:67:4a:28:0b:
cf:da:e6:4a:18:ac:04:33:8a:c8:2c:11:c7:c7:c0:
2b:6a:78:25:f6:95:a3:50:fc:e6:07:a3:44:1a:3b:
22:a8:60:ba:7d:cb:4f:6e:e9:43:fb:a3:6e:ff:ba:
f9:eb:d8:4e:4a:e5:e7:f4:ff:27:37:61:59:22:d8:
68:fc:a8:6b:81:6b:fa:c6:3e:ad:2f:7e:eb:51:c6:
01:a1:5e:a5:c9:90:9b:9b:81:d9:c4:ab:2e:4b:13:
0f:4e:2f:e7:e2:3f:66:e2:83:66:38:f2:2b:e4:d3:
4b:9e:15:4b:08:70:14:fa:0d:6e:a4:c3:b3:73:eb:
5d:63:92:96:ff:45:3e:3f:af:c8:b2:a8:4f:8e:1c:
46:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:79:A3:6D:5C:88:85:F3:37:F1:42:93:F3:06:A6:66:18:70:C8:49
X509v3 Authority Key Identifier:
keyid:A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/qnmjbVyIhfM38UKT8wamZhhwyEk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.97.158.0/24
192.174.68.0/24
IPv6:
2001:67c:10b8::/48
Signature Algorithm: sha256WithRSAEncryption
15:b3:fd:30:c9:c9:3f:52:87:fd:64:67:e8:c8:5d:88:73:80:
76:9c:60:04:be:6f:19:ee:32:06:9d:54:59:11:57:e2:69:ce:
fc:7a:ea:8e:ef:d5:48:dc:e7:e8:d4:e2:ea:d0:63:8e:54:cd:
c6:05:47:5d:27:74:d9:8e:9e:3b:fd:1c:e8:b5:c5:66:55:4c:
f2:32:38:96:85:30:e1:2e:6f:83:eb:31:3c:61:5c:b8:69:38:
ee:f2:99:41:ff:95:51:bd:45:7b:4c:a2:98:3e:36:44:c0:43:
a8:8d:eb:55:f8:ce:d2:ad:6c:30:5c:3f:63:ef:88:4d:08:ea:
26:23:14:53:dc:2e:ed:9d:ae:8a:db:6a:16:1a:68:0e:7e:b6:
69:d0:83:97:66:5c:90:17:c9:4e:3c:c4:17:7c:52:ca:45:04:
a7:86:59:97:3b:7f:e8:bd:69:6e:1b:aa:ef:96:eb:8c:a4:52:
ab:e7:56:08:f6:83:5d:29:dd:de:52:96:91:ec:c6:b9:a7:4f:
64:e7:dd:ca:a8:a9:ec:d5:50:66:9c:45:cc:e7:07:58:dc:c0:
11:f2:30:c5:45:a4:a7:8d:30:1d:3c:27:f6:b0:09:8e:de:c6:
af:65:89:c6:44:ec:a8:0a:48:7a:8a:c2:00:3a:5f:ef:3d:32:
38:25:9c:03
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYd6vkDL0op2H0IKFQ5/ak77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MmZjNjBkMzZlMjhiYjhkZjE0NWM4NGFjYWIxOWNmYTUz
YjAyNWEwHhcNMjMwNDEzMTMxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc5YTM2ZDVjODg4NWYzMzdmMTQyOTNmMzA2YTY2NjE4NzBjODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAjRyOUT9EGqDuiesdoO0FzDlLWI
3N4XRN05o2cQqPMbdUtyTw0yhfLG44E7Zs20GKwSrtnTKV1pBH1oIuNhKk1xgIEy
GrhsgdK31VJlfKA2RrY/T1nwJ8s9a8lY1ihWEX9pjXFocaFcRYAvbQDLn2HofGdK
KAvP2uZKGKwEM4rILBHHx8Arangl9pWjUPzmB6NEGjsiqGC6fctPbulD+6Nu/7r5
69hOSuXn9P8nN2FZItho/KhrgWv6xj6tL37rUcYBoV6lyZCbm4HZxKsuSxMPTi/n
4j9m4oNmOPIr5NNLnhVLCHAU+g1upMOzc+tdY5KW/0U+P6/IsqhPjhxG3wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKp5o21ciIXzN/FCk/MGpmYYcMhJMB8GA1UdIwQY
MBaAFKUvxg024ou43xRchKyrGc+lOwJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTct
OWI0YTJkNWYzYTc2LzEvcW5tamJWeUloZk0zOFVLVDh3YW1aaGh3eUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTctOWI0YTJkNWYzYTc2
LzEvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsGGeAwQA
wK5EMA8EAgACMAkDBwAgAQZ8ELgwDQYJKoZIhvcNAQELBQADggEBABWz/TDJyT9S
h/1kZ+jIXYhzgHacYAS+bxnuMgadVFkRV+Jpzvx66o7v1Ujc5+jU4urQY45UzcYF
R10ndNmOnjv9HOi1xWZVTPIyOJaFMOEub4PrMTxhXLhpOO7ymUH/lVG9RXtMopg+
NkTAQ6iN61X4ztKtbDBcP2PviE0I6iYjFFPcLu2drorbahYaaA5+tmnQg5dmXJAX
yU48xBd8UspFBKeGWZc7f+i9aW4bqu+W64ykUqvnVgj2g10p3d5SlpHsxrmnT2Tn
3cqoqezVUGacRcznB1jcwBHyMMVFpKeNMB08J/awCY7exq9licZE7KgKSHqKwgA6
X+89MjglnAM=
-----END CERTIFICATE-----
Generated at Tue Apr 22 15:38:42 2025 by rpki-client