Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/RD5SQT2oDS-43EKZntfp6X8nrig.roa
File: RD5SQT2oDS-43EKZntfp6X8nrig.roa (raw, json)
Hash identifier: /zkhA5ecWJlOSvpk1WGseH/1BmWvpFl8i388+a2o8Mw=
Subject key identifier: 44:3E:52:41:3D:A8:0D:2F:B8:DC:42:99:9E:D7:E9:E9:7F:27:AE:28
Certificate issuer: /CN=3144e609e361913e3c3b0a78d7486aa45b562401
Certificate serial: 0185712779BF4A20F321996249ACEDC53393
Authority key identifier: 31:44:E6:09:E3:61:91:3E:3C:3B:0A:78:D7:48:6A:A4:5B:56:24:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/RD5SQT2oDS-43EKZntfp6X8nrig.roa
Signing time: Mon 02 Jan 2023 06:24:50 +0000
ROA not before: Mon 02 Jan 2023 06:24:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39279
IP address blocks: 185.108.136.0/22 maxlen: 24
89.32.226.0/24 maxlen: 24
89.32.224.0/20 maxlen: 24
185.108.182.0/24 maxlen: 24
185.108.181.0/24 maxlen: 24
185.108.180.0/22 maxlen: 24
185.33.105.0/24 maxlen: 24
185.33.104.0/22 maxlen: 22
2a00:c5a0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:27:79:bf:4a:20:f3:21:99:62:49:ac:ed:c5:33:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3144e609e361913e3c3b0a78d7486aa45b562401
Validity
Not Before: Jan 2 06:24:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=443e52413da80d2fb8dc42999ed7e9e97f27ae28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:0e:9b:15:0a:08:4c:0d:e5:5d:6d:cd:5a:3a:
ea:d5:d0:b3:26:e5:a9:d6:c6:e2:62:7c:be:62:9e:
e1:6b:45:3b:31:a0:04:e1:3d:1a:00:08:07:b5:af:
09:43:ff:8c:68:c3:0d:2b:f9:1f:19:c5:df:17:81:
2f:b2:d8:77:75:75:9e:5a:15:aa:2d:fc:93:00:d3:
e5:42:55:0a:e3:20:cd:66:f0:3e:94:04:6a:26:a2:
29:2f:08:73:1c:ee:ec:e8:16:0c:b1:fd:46:d2:c7:
db:c0:c1:c5:ce:c7:ef:c9:22:ef:48:c5:dc:db:e5:
39:ff:19:e5:91:9b:2b:65:11:6e:91:77:ba:6c:88:
90:d3:61:38:e1:f0:19:bb:ee:69:c2:45:e9:70:5d:
76:82:4c:ad:84:a5:a4:8c:44:e3:12:66:c8:f9:7e:
5c:a4:50:06:20:fd:47:a8:19:f1:34:ae:d8:69:8b:
3a:f6:ac:93:31:8c:bd:9f:88:51:eb:d7:a5:35:76:
8c:3a:90:21:1c:7f:77:d5:e5:fb:d5:00:c7:41:0f:
cc:14:bf:df:54:40:d0:63:4e:9b:05:40:a5:ad:0f:
2e:8f:96:4d:d7:d2:22:24:37:7f:07:ea:d0:4a:af:
a6:36:54:78:4a:23:bd:71:5d:b8:01:a8:91:3d:9a:
d3:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:3E:52:41:3D:A8:0D:2F:B8:DC:42:99:9E:D7:E9:E9:7F:27:AE:28
X509v3 Authority Key Identifier:
keyid:31:44:E6:09:E3:61:91:3E:3C:3B:0A:78:D7:48:6A:A4:5B:56:24:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/RD5SQT2oDS-43EKZntfp6X8nrig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.32.224.0/20
185.33.104.0/22
185.108.136.0/22
185.108.180.0/22
IPv6:
2a00:c5a0::/32
Signature Algorithm: sha256WithRSAEncryption
67:ae:76:8a:31:78:d5:2f:d5:50:0c:00:4f:da:8f:97:33:ae:
9f:9a:45:f9:7b:1d:c1:5a:c5:9c:c6:66:14:2c:ed:16:d9:92:
27:c3:74:49:eb:e5:e3:83:af:84:30:49:1a:a8:0c:fd:d2:d7:
d9:03:0c:19:5f:54:c1:23:ba:b9:b2:94:51:13:7a:de:be:74:
55:81:aa:42:15:de:df:3b:81:06:e4:30:1b:37:82:a6:b7:b9:
14:1b:05:82:51:c9:2f:05:fe:08:c0:a2:0e:34:64:d6:c9:a6:
49:93:a5:c3:86:0c:7a:51:7b:78:03:fa:72:ec:2f:33:a2:24:
0f:75:51:f8:54:a6:b1:29:28:58:e4:9e:30:79:1e:d4:24:54:
51:d8:48:2d:5d:e3:13:3b:76:96:ec:62:8c:8c:1a:b1:87:0b:
11:68:f4:2a:17:a5:1e:a7:14:16:30:34:d7:4b:11:37:76:8e:
03:80:65:69:63:7c:b0:cf:ff:af:3e:76:cd:79:dc:d1:fd:16:
14:fe:bf:99:31:4b:54:45:ea:e8:31:61:a5:dd:4f:b4:fd:af:
1a:63:45:92:70:5d:8f:de:fe:03:5d:62:5a:ef:b7:32:90:d5:
1f:d9:17:b2:13:da:ed:b5:aa:e2:87:2e:f1:da:2f:d6:ed:9f:
20:d1:6b:c6
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVxJ3m/SiDzIZliSaztxTOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNDRlNjA5ZTM2MTkxM2UzYzNiMGE3OGQ3NDg2YWE0NWI1
NjI0MDEwHhcNMjMwMTAyMDYyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDNlNTI0MTNkYTgwZDJmYjhkYzQyOTk5ZWQ3ZTllOTdmMjdhZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgg6bFQoITA3lXW3NWjrq1dCzJuWp
1sbiYny+Yp7ha0U7MaAE4T0aAAgHta8JQ/+MaMMNK/kfGcXfF4Evsth3dXWeWhWq
LfyTANPlQlUK4yDNZvA+lARqJqIpLwhzHO7s6BYMsf1G0sfbwMHFzsfvySLvSMXc
2+U5/xnlkZsrZRFukXe6bIiQ02E44fAZu+5pwkXpcF12gkythKWkjETjEmbI+X5c
pFAGIP1HqBnxNK7YaYs69qyTMYy9n4hR69elNXaMOpAhHH931eX71QDHQQ/MFL/f
VEDQY06bBUClrQ8uj5ZN19IiJDd/B+rQSq+mNlR4SiO9cV24AaiRPZrT6wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFEQ+UkE9qA0vuNxCmZ7X6el/J64oMB8GA1UdIwQY
MBaAFDFE5gnjYZE+PDsKeNdIaqRbViQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVVUbUNlTmhrVDQ4T3dwNDEwaHFwRnRXSkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYWEyYjYtODdlOC00ZTI0LWE0NDYt
Nzc1ODg4YTg3MTk0LzEvUkQ1U1FUMm9EUy00M0VLWm50ZnA2WDhucmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYWEyYjYtODdlOC00ZTI0LWE0NDYtNzc1ODg4YTg3MTk0
LzEvTVVUbUNlTmhrVDQ4T3dwNDEwaHFwRnRXSkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEWSDgAwQC
uSFoAwQCuWyIAwQCuWy0MA0EAgACMAcDBQAqAMWgMA0GCSqGSIb3DQEBCwUAA4IB
AQBnrnaKMXjVL9VQDABP2o+XM66fmkX5ex3BWsWcxmYULO0W2ZInw3RJ6+Xjg6+E
MEkaqAz90tfZAwwZX1TBI7q5spRRE3revnRVgapCFd7fO4EG5DAbN4Kmt7kUGwWC
UckvBf4IwKIONGTWyaZJk6XDhgx6UXt4A/py7C8zoiQPdVH4VKaxKShY5J4weR7U
JFRR2EgtXeMTO3aW7GKMjBqxhwsRaPQqF6UepxQWMDTXSxE3do4DgGVpY3ywz/+v
PnbNedzR/RYU/r+ZMUtUReroMWGl3U+0/a8aY0WScF2P3v4DXWJa77cykNUf2Rey
E9rttarihy7x2i/W7Z8g0WvG
-----END CERTIFICATE-----
Generated at Tue Apr 22 19:35:20 2025 by rpki-client