Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/uxHApTghp6qdmc_zK5GAjdOdZXg.roa
File: uxHApTghp6qdmc_zK5GAjdOdZXg.roa (raw, json)
Hash identifier: 3J+GNhBTHgpsxGl+eAvFLwd6sitC+AbN+xCD59rZ074=
Subject key identifier: BB:11:C0:A5:38:21:A7:AA:9D:99:CF:F3:2B:91:80:8D:D3:9D:65:78
Certificate issuer: /CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
Certificate serial: 018722899D0E5938A8F1D28548DD27C2FD13
Authority key identifier: F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/uxHApTghp6qdmc_zK5GAjdOdZXg.roa
Signing time: Mon 27 Mar 2023 10:07:36 +0000
ROA not before: Mon 27 Mar 2023 10:07:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 63473
IP address blocks: 45.91.95.0/24 maxlen: 24
45.91.92.0/24 maxlen: 24
45.91.93.0/24 maxlen: 24
45.91.94.0/24 maxlen: 24
109.205.61.0/24 maxlen: 24
2a0e:dc0:4::/48 maxlen: 48
2a0e:dc0:5::/48 maxlen: 48
2a0e:dc0:8::/48 maxlen: 48
2a0e:dc0:3::/48 maxlen: 48
2a0e:dc0:6::/48 maxlen: 48
2a0e:dc0:9::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:22:89:9d:0e:59:38:a8:f1:d2:85:48:dd:27:c2:fd:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
Validity
Not Before: Mar 27 10:07:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bb11c0a53821a7aa9d99cff32b91808dd39d6578
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:02:7f:9c:11:c8:b3:a3:0a:ee:ee:81:7c:3e:
f6:92:9b:ba:e8:94:e1:8e:08:73:af:04:3c:8e:1a:
34:b1:21:b3:d1:65:bf:0b:f9:0e:17:dc:0c:ed:7e:
18:ad:7c:7c:5b:9a:49:8f:c7:5b:e3:7e:c8:24:6e:
cc:92:6b:0c:d0:0f:d1:3c:ca:38:52:10:a0:df:0c:
98:80:3f:30:ae:c9:bb:33:aa:27:30:48:7e:23:c0:
c1:8f:4b:c4:70:51:7e:3d:1d:06:76:67:9e:b4:b6:
5c:b6:63:cb:23:06:af:ed:ef:5f:f9:3a:1b:7a:0f:
74:6a:4a:a1:13:43:65:32:da:b9:8b:71:10:5b:7c:
73:ba:58:16:68:ef:f6:f3:78:f8:df:ae:e6:9e:58:
3d:87:34:92:55:4b:c2:6e:89:c1:5a:19:33:35:49:
1f:d5:32:48:27:7f:b8:09:d0:e0:cf:ef:a0:58:02:
1a:56:e0:21:90:75:ed:97:b9:1e:44:a4:0a:83:ee:
87:9a:66:4d:1d:bf:58:ef:2e:4f:37:ec:56:14:5b:
13:d3:de:35:5c:7c:b4:60:70:94:a5:d2:b9:8d:f4:
e2:53:0e:1e:99:aa:d7:c2:eb:b1:80:55:40:ff:81:
72:48:08:bc:bd:6e:c1:50:2b:22:1a:64:4e:c5:a9:
c3:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:11:C0:A5:38:21:A7:AA:9D:99:CF:F3:2B:91:80:8D:D3:9D:65:78
X509v3 Authority Key Identifier:
keyid:F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/uxHApTghp6qdmc_zK5GAjdOdZXg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/97UMfoHYzyZNEgm2rVo8y4LBb90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.92.0/22
109.205.61.0/24
IPv6:
2a0e:dc0:3::-2a0e:dc0:6:ffff:ffff:ffff:ffff:ffff
2a0e:dc0:8::/47
Signature Algorithm: sha256WithRSAEncryption
64:2b:85:c2:26:f2:78:eb:e3:56:49:a5:c5:a8:20:cd:17:f5:
55:04:59:3e:f5:9f:fb:c9:eb:78:c0:5c:0a:53:18:df:67:f4:
7f:b3:5f:b2:ff:c9:7a:a6:51:4b:5f:4f:f7:67:ea:b3:ed:b9:
9b:80:40:2a:5b:e1:d1:a0:d8:15:b7:bb:d4:f8:b5:7c:66:db:
48:f7:85:ad:aa:74:23:79:8c:d6:fe:16:b5:94:f6:5c:33:bb:
57:7a:05:28:3c:ce:6a:ac:59:52:36:2d:fa:35:76:98:12:fd:
c9:a3:c7:98:64:54:1c:18:0a:49:e6:21:55:a7:9e:9b:89:48:
9c:a5:a1:74:74:15:b3:c7:1d:f5:a6:1f:d8:0f:e2:1c:f8:a6:
15:1d:ea:43:2b:08:70:8c:e3:02:99:6b:67:af:47:17:7b:83:
43:6e:7d:61:f7:ce:d9:80:1c:48:e1:59:a7:e9:df:7f:4c:87:
99:d7:05:56:49:79:63:30:85:6a:5a:ea:ba:6c:f0:9a:e6:aa:
e9:27:0d:53:41:83:07:40:f1:c4:36:98:45:84:69:d3:16:2d:
3e:5a:a6:0f:a5:75:b1:65:d1:bc:ba:b0:23:24:ed:9f:f8:df:
a2:dc:4e:17:d2:f8:d7:d8:70:78:16:23:f2:80:cc:40:26:a9:
6c:cd:8d:62
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYciiZ0OWTio8dKFSN0nwv0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjUwYzdlODFkOGNmMjY0ZDEyMDliNmFkNWEzY2NiODJj
MTZmZGQwHhcNMjMwMzI3MTAwNzM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjExYzBhNTM4MjFhN2FhOWQ5OWNmZjMyYjkxODA4ZGQzOWQ2NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQJ/nBHIs6MK7u6BfD72kpu66JTh
jghzrwQ8jho0sSGz0WW/C/kOF9wM7X4YrXx8W5pJj8db437IJG7MkmsM0A/RPMo4
UhCg3wyYgD8wrsm7M6onMEh+I8DBj0vEcFF+PR0GdmeetLZctmPLIwav7e9f+Tob
eg90akqhE0NlMtq5i3EQW3xzulgWaO/283j4367mnlg9hzSSVUvCbonBWhkzNUkf
1TJIJ3+4CdDgz++gWAIaVuAhkHXtl7keRKQKg+6HmmZNHb9Y7y5PN+xWFFsT0941
XHy0YHCUpdK5jfTiUw4emarXwuuxgFVA/4FySAi8vW7BUCsiGmROxanDHQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFLsRwKU4IaeqnZnP8yuRgI3TnWV4MB8GA1UdIwQY
MBaAFPe1DH6B2M8mTRIJtq1aPMuCwW/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmIt
YWM0MDE2MTIwY2I5LzEvdXhIQXBUZ2hwNnFkbWNfeks1R0FqZE9kWlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmItYWM0MDE2MTIwY2I5
LzEvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTASBAIAATAMAwQCLVtcAwQA
bc09MCMEAgACMB0wEgMHACoODcAAAwMHACoODcAABgMHASoODcAACDANBgkqhkiG
9w0BAQsFAAOCAQEAZCuFwibyeOvjVkmlxaggzRf1VQRZPvWf+8nreMBcClMY32f0
f7Nfsv/JeqZRS19P92fqs+25m4BAKlvh0aDYFbe71Pi1fGbbSPeFrap0I3mM1v4W
tZT2XDO7V3oFKDzOaqxZUjYt+jV2mBL9yaPHmGRUHBgKSeYhVaeem4lInKWhdHQV
s8cd9aYf2A/iHPimFR3qQysIcIzjAplrZ69HF3uDQ259YffO2YAcSOFZp+nff0yH
mdcFVkl5YzCFalrqumzwmuaq6ScNU0GDB0DxxDaYRYRp0xYtPlqmD6V1sWXRvLqw
IyTtn/jfotxOF9L419hweBYj8oDMQCapbM2NYg==
-----END CERTIFICATE-----
Generated at Sat Apr 12 20:03:43 2025 by rpki-client