Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/2GHCMTlJGiPpWRrL0s9RCHR_Yvw.roa
File: 2GHCMTlJGiPpWRrL0s9RCHR_Yvw.roa (raw, json)
Hash identifier: WryduvngG1s11YIzF2N1L955Tizpm6YWGAtbfEIpk6s=
Subject key identifier: D8:61:C2:31:39:49:1A:23:E9:59:1A:CB:D2:CF:51:08:74:7F:62:FC
Certificate issuer: /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial: 38107D7D
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/2GHCMTlJGiPpWRrL0s9RCHR_Yvw.roa
Signing time: Fri 18 Mar 2022 19:51:17 +0000
ROA not before: Fri 18 Mar 2022 19:51:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34700
IP address blocks: 31.202.0.0/17 maxlen: 24
46.160.88.0/21 maxlen: 21
178.165.0.0/17 maxlen: 18
31.202.128.0/18 maxlen: 18
185.147.96.0/22 maxlen: 22
5.255.160.0/20 maxlen: 20
79.171.120.0/21 maxlen: 21
2a00:1210::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 940604797 (0x38107d7d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Validity
Not Before: Mar 18 19:51:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d861c23139491a23e9591acbd2cf5108747f62fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:e0:95:a5:20:f0:b2:0a:16:6e:ab:e4:cd:ef:
0c:f3:03:35:42:18:3e:ec:fe:c8:16:05:b8:7c:02:
ca:38:b1:37:68:2b:08:5e:10:ed:b2:8d:11:ad:8d:
6d:f4:29:cd:43:ea:f7:74:fc:fe:76:fe:0b:da:da:
9c:89:75:8e:6a:34:fb:19:e1:72:0e:4e:31:35:ec:
5a:c4:56:f5:3b:10:bf:54:10:bf:1c:49:bf:13:94:
f7:44:7f:17:95:42:a8:3d:4f:bd:a4:e6:ac:dd:e7:
7b:0d:09:e1:86:a1:d9:54:52:87:26:b7:90:e5:fc:
2d:f6:48:08:e9:06:41:0f:92:b2:0e:d7:e5:90:ee:
1a:c6:72:ff:04:a2:13:b7:24:0d:2d:8f:01:a8:aa:
b5:a1:19:9f:7e:02:4c:3e:d5:6f:0f:51:ce:c7:b5:
b2:40:fa:d2:df:e4:0a:04:af:80:de:2c:bd:3d:04:
85:08:2e:ed:76:33:84:7d:18:4d:a0:bf:10:93:07:
9a:ba:ff:91:8f:bb:3d:3c:5a:35:56:f5:a5:b4:73:
8a:04:dd:b2:36:87:e2:10:1f:a0:07:59:cb:33:bb:
37:a3:c5:bc:b3:64:20:c3:5c:c7:7a:a6:5c:c9:4c:
26:d2:c2:80:6b:96:5a:d7:d7:fc:fa:7f:55:09:dc:
47:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:61:C2:31:39:49:1A:23:E9:59:1A:CB:D2:CF:51:08:74:7F:62:FC
X509v3 Authority Key Identifier:
keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/2GHCMTlJGiPpWRrL0s9RCHR_Yvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.255.160.0/20
31.202.0.0-31.202.191.255
46.160.88.0/21
79.171.120.0/21
178.165.0.0/17
185.147.96.0/22
IPv6:
2a00:1210::/32
Signature Algorithm: sha256WithRSAEncryption
66:42:62:b7:95:eb:9a:03:48:d3:e6:2d:42:e3:01:bf:0d:93:
d7:f7:87:62:71:ce:3c:28:8b:a9:4f:0b:9e:b9:ba:e2:7b:17:
c6:f0:4b:72:df:b8:fa:57:e5:ba:e6:8f:31:69:e2:db:cd:0f:
73:45:3c:1d:8d:50:50:12:2a:69:b9:7a:13:a6:3d:e0:75:cb:
ef:44:fb:f9:c5:cf:60:df:ad:af:7b:60:09:f3:3e:42:85:09:
10:81:f8:80:34:aa:12:81:52:5e:85:70:00:5e:8a:e2:0d:b7:
8f:c3:0c:79:bd:d4:d8:13:91:76:3c:92:02:ab:37:34:da:00:
32:e7:22:75:f1:1c:d5:92:e5:3a:64:1c:55:be:db:04:1c:10:
d1:0a:6a:bc:da:03:fc:68:cd:47:fd:d4:02:8a:2b:ba:15:df:
0a:e8:8e:f8:45:97:11:ef:ba:90:4c:38:8a:0c:33:2d:b9:27:
20:2d:6f:a5:bf:f3:3d:fd:85:de:8e:3d:65:51:e4:58:6b:cb:
78:37:89:58:b8:f1:84:f1:ac:58:6a:f0:1f:30:36:f4:d8:53:
7b:b5:5a:12:f6:49:da:58:98:f6:98:a1:f6:c0:1e:28:01:5b:
f4:7e:bd:f8:e8:8a:80:bf:a3:34:e4:18:18:32:1d:b7:0b:a8:
0c:40:74:fc
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIEOBB9fTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZTdhOWIxNzQ1YTVhNzBjM2JmN2JjYzJjMmVlMTY2NDYwYWZmN2E4MB4XDTIyMDMx
ODE5NTExN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDg2MWMyMzEzOTQ5
MWEyM2U5NTkxYWNiZDJjZjUxMDg3NDdmNjJmYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKDglaUg8LIKFm6r5M3vDPMDNUIYPuz+yBYFuHwCyjixN2gr
CF4Q7bKNEa2NbfQpzUPq93T8/nb+C9ranIl1jmo0+xnhcg5OMTXsWsRW9TsQv1QQ
vxxJvxOU90R/F5VCqD1PvaTmrN3new0J4Yah2VRShya3kOX8LfZICOkGQQ+Ssg7X
5ZDuGsZy/wSiE7ckDS2PAaiqtaEZn34CTD7Vbw9Rzse1skD60t/kCgSvgN4svT0E
hQgu7XYzhH0YTaC/EJMHmrr/kY+7PTxaNVb1pbRzigTdsjaH4hAfoAdZyzO7N6PF
vLNkIMNcx3qmXMlMJtLCgGuWWtfX/Pp/VQncRzECAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBTYYcIxOUkaI+lZGsvSz1EIdH9i/DAfBgNVHSMEGDAWgBSuepsXRaWnDDv3
vMLC7hZkYK/3qDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JucWJGMFdscHd3Nzk3ekN3dTRXWkdDdjk2Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWMvNmU5MDlkLWQzMjUtNDhhMS05NDQzLWNjOWE3NThjOTkxNi8x
LzJHSENNVGxKR2lQcFdSckwwczlSQ0hSX1l2dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMv
NmU5MDlkLWQzMjUtNDhhMS05NDQzLWNjOWE3NThjOTkxNi8xL3JucWJGMFdscHd3
Nzk3ekN3dTRXWkdDdjk2Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwMQQCAAEwKwMEBAX/oDALAwMBH8oDBAYfyoADBAMu
oFgDBANPq3gDBAeypQADBAK5k2AwDQQCAAIwBwMFACoAEhAwDQYJKoZIhvcNAQEL
BQADggEBAGZCYreV65oDSNPmLULjAb8Nk9f3h2Jxzjwoi6lPC565uuJ7F8bwS3Lf
uPpX5brmjzFp4tvND3NFPB2NUFASKmm5ehOmPeB1y+9E+/nFz2Dfra97YAnzPkKF
CRCB+IA0qhKBUl6FcABeiuINt4/DDHm91NgTkXY8kgKrNzTaADLnInXxHNWS5Tpk
HFW+2wQcENEKarzaA/xozUf91AKKK7oV3wrojvhFlxHvupBMOIoMMy25JyAtb6W/
8z39hd6OPWVR5Fhry3g3iVi48YTxrFhq8B8wNvTYU3u1WhL2SdpYmPaYofbAHigB
W/R+vfjoioC/ozTkGBgyHbcLqAxAdPw=
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:02:55 2025 by rpki-client