Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AOTclR1aabGodLmofwvoXa9kWj8.roa
File: AOTclR1aabGodLmofwvoXa9kWj8.roa (raw, json)
Hash identifier: UGNYXLXuNzPJJchy5JYiaFvWlh0XDPvfurzeqaZsVHw=
Subject key identifier: 00:E4:DC:95:1D:5A:69:B1:A8:74:B9:A8:7F:0B:E8:5D:AF:64:5A:3F
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01860C25A947A827C10E63FF4A2AA2830BD6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AOTclR1aabGodLmofwvoXa9kWj8.roa
Signing time: Wed 01 Feb 2023 08:44:00 +0000
ROA not before: Wed 01 Feb 2023 08:44:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 81.168.41.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:0c:25:a9:47:a8:27:c1:0e:63:ff:4a:2a:a2:83:0b:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Feb 1 08:44:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=00e4dc951d5a69b1a874b9a87f0be85daf645a3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:15:9f:aa:a2:db:f6:c6:90:52:d9:6d:24:ea:
83:f4:c8:74:e8:48:b8:57:82:16:61:ed:62:35:f6:
63:09:c7:a8:64:2b:81:02:83:5f:df:7a:15:9c:48:
ec:6b:8c:0b:d8:5a:95:12:1f:30:bb:9d:85:ba:f4:
6f:2f:fa:19:ac:66:6e:7b:27:17:be:30:17:b6:39:
ef:3e:f4:f1:09:c0:af:6e:06:7e:7e:9b:b6:0b:32:
59:3e:97:c0:95:73:e1:cc:41:a5:ca:7b:62:60:5a:
85:f0:fd:0d:a2:a6:bb:91:49:fd:c9:5e:da:8b:9d:
71:98:1e:64:95:70:58:4a:41:6d:ac:a3:07:66:92:
44:07:6f:c9:7c:77:a5:c4:ce:a3:23:59:35:aa:a0:
e1:98:54:ab:22:f5:55:77:9b:53:77:91:b3:ec:95:
87:e2:da:b0:7e:22:4a:4b:c8:46:26:bc:3a:a6:f9:
ad:0f:df:82:21:e9:63:8c:23:c9:02:9c:f0:f1:02:
a5:08:06:a5:17:03:fb:58:9e:fb:b7:7f:cb:5f:d2:
1b:9e:c1:1b:e7:6d:70:0a:98:0c:37:e5:07:ef:87:
5a:4e:3a:69:13:89:7c:54:97:6c:31:24:cb:be:43:
20:eb:92:b9:3f:04:50:be:e0:f8:c4:7a:a6:8c:61:
53:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:E4:DC:95:1D:5A:69:B1:A8:74:B9:A8:7F:0B:E8:5D:AF:64:5A:3F
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AOTclR1aabGodLmofwvoXa9kWj8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.41.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:e8:c1:7b:33:9b:da:46:e2:63:5c:54:fe:43:7a:e6:53:be:
d6:82:65:7f:e5:a8:79:5a:9f:86:94:d0:88:ba:6d:ad:75:d9:
32:7e:d7:b6:a1:98:77:43:df:26:88:b2:47:e5:80:cb:92:b7:
e0:67:a0:ee:dc:72:04:39:5d:16:e5:61:47:f0:76:d2:ac:34:
bd:48:94:c4:69:10:c4:69:24:81:58:70:52:cf:5d:4e:49:ee:
a9:ef:d9:82:b0:23:c5:90:65:f5:71:9e:72:c3:05:19:2a:57:
92:09:0c:e0:09:27:9a:34:68:54:58:60:cc:75:3c:31:6b:a7:
35:c6:3b:53:f7:15:48:b7:8e:fc:cf:fd:6d:48:6a:c5:96:81:
9e:3b:93:ef:bb:63:40:f5:34:d5:04:f8:78:94:b0:7b:2a:77:
8f:8f:ed:1a:7d:8a:3e:25:6c:99:0a:05:31:ef:c2:62:e8:39:
5f:4b:6b:4b:cc:be:42:d7:55:cc:41:39:d9:d5:64:22:1e:86:
e1:bc:ac:45:c6:73:11:94:2d:06:87:12:80:2f:17:a0:17:7f:
6b:8c:77:36:06:52:2d:2b:55:f8:1d:e9:43:1c:d8:da:f1:5d:
2e:48:63:c5:b8:ff:70:5d:d4:7b:19:ab:62:92:9f:a3:1c:b2:
bc:aa:39:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYMJalHqCfBDmP/SiqigwvWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMjAxMDg0NDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGU0ZGM5NTFkNWE2OWIxYTg3NGI5YTg3ZjBiZTg1ZGFmNjQ1YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRWfqqLb9saQUtltJOqD9Mh06Ei4
V4IWYe1iNfZjCceoZCuBAoNf33oVnEjsa4wL2FqVEh8wu52FuvRvL/oZrGZueycX
vjAXtjnvPvTxCcCvbgZ+fpu2CzJZPpfAlXPhzEGlyntiYFqF8P0Noqa7kUn9yV7a
i51xmB5klXBYSkFtrKMHZpJEB2/JfHelxM6jI1k1qqDhmFSrIvVVd5tTd5Gz7JWH
4tqwfiJKS8hGJrw6pvmtD9+CIeljjCPJApzw8QKlCAalFwP7WJ77t3/LX9IbnsEb
521wCpgMN+UH74daTjppE4l8VJdsMSTLvkMg65K5PwRQvuD4xHqmjGFTFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADk3JUdWmmxqHS5qH8L6F2vZFo/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQU9UY2xSMWFhYkdvZExtb2Z3dm9YYTlrV2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUagpMA0G
CSqGSIb3DQEBCwUAA4IBAQBr6MF7M5vaRuJjXFT+Q3rmU77WgmV/5ah5Wp+GlNCI
um2tddkyfte2oZh3Q98miLJH5YDLkrfgZ6Du3HIEOV0W5WFH8HbSrDS9SJTEaRDE
aSSBWHBSz11OSe6p79mCsCPFkGX1cZ5ywwUZKleSCQzgCSeaNGhUWGDMdTwxa6c1
xjtT9xVIt478z/1tSGrFloGeO5Pvu2NA9TTVBPh4lLB7KnePj+0afYo+JWyZCgUx
78Ji6DlfS2tLzL5C11XMQTnZ1WQiHobhvKxFxnMRlC0GhxKALxegF39rjHc2BlIt
K1X4HelDHNja8V0uSGPFuP9wXdR7Gatikp+jHLK8qjkj
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:04:47 2025 by rpki-client