Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/aRzC388vWhe3mBIk5dPKRfrKbH0.roa
File: aRzC388vWhe3mBIk5dPKRfrKbH0.roa (raw, json)
Hash identifier: 9KfM7VfrO9srskan6SmnO4XXi9cLlEe2+SJ34FuSWTI=
Subject key identifier: 69:1C:C2:DF:CF:2F:5A:17:B7:98:12:24:E5:D3:CA:45:FA:CA:6C:7D
Certificate issuer: /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial: 018708BE1130465836A879AE73AEE2373CF3
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/aRzC388vWhe3mBIk5dPKRfrKbH0.roa
Signing time: Wed 22 Mar 2023 09:54:46 +0000
ROA not before: Wed 22 Mar 2023 09:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15830
IP address blocks: 137.174.32.0/21 maxlen: 21
137.174.84.0/22 maxlen: 22
155.204.64.0/20 maxlen: 20
137.174.0.0/21 maxlen: 21
155.204.80.0/21 maxlen: 21
155.204.96.0/21 maxlen: 21
137.174.16.0/21 maxlen: 21
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:08:be:11:30:46:58:36:a8:79:ae:73:ae:e2:37:3c:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Validity
Not Before: Mar 22 09:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=691cc2dfcf2f5a17b7981224e5d3ca45faca6c7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c6:bb:c5:e6:f3:16:83:18:87:50:da:d5:47:
c4:7f:95:12:bc:8a:03:e6:4c:1c:91:ba:24:49:85:
e5:1b:cf:49:29:9e:19:d5:7e:ca:b7:8d:f7:e7:51:
22:ec:24:a6:10:75:ce:69:b4:06:68:d8:49:a1:c7:
4a:e1:3a:42:29:15:47:36:b7:7f:60:94:25:a2:e5:
de:51:a0:12:cb:a2:cc:75:0b:4a:2a:2d:3f:be:a9:
47:64:4e:6b:53:c4:a1:be:1c:53:83:97:fa:c7:63:
65:ce:9f:4a:0d:7d:ee:b9:2a:c5:35:d9:32:78:81:
9c:3a:1d:aa:4c:f3:7b:63:d3:ea:bf:fb:73:a0:56:
3b:22:c1:da:a7:c1:11:c5:c6:8c:69:35:3f:8c:83:
08:86:f5:f1:36:d0:86:09:bd:6a:5c:13:aa:5a:75:
e3:7e:38:21:33:fd:23:49:de:77:ce:ff:91:e7:d3:
8b:de:8e:94:a4:e8:03:5b:04:c7:1d:c0:24:9b:c0:
b5:af:9e:56:81:b6:1d:0b:ad:38:ea:b2:af:b5:bd:
59:8a:af:49:cd:f7:3c:2c:52:41:8f:62:40:e3:15:
e4:a7:3c:ee:cc:af:e4:26:f8:4b:cd:d8:4d:6a:9f:
ae:e1:b0:c3:93:3e:c3:60:a3:b4:eb:02:06:42:7c:
92:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:1C:C2:DF:CF:2F:5A:17:B7:98:12:24:E5:D3:CA:45:FA:CA:6C:7D
X509v3 Authority Key Identifier:
keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/aRzC388vWhe3mBIk5dPKRfrKbH0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.174.0.0/21
137.174.16.0/21
137.174.32.0/21
137.174.84.0/22
155.204.64.0-155.204.87.255
155.204.96.0/21
Signature Algorithm: sha256WithRSAEncryption
7f:bb:f5:02:7a:52:42:3b:39:70:90:5f:15:71:ec:88:ba:70:
3f:ec:8c:68:0c:a3:0f:a2:80:01:9a:18:10:bc:a3:1a:d8:1b:
e4:32:e0:1c:47:f3:8a:d4:47:d2:9e:4d:f9:86:e3:24:84:9b:
96:66:f5:b9:c0:8f:83:46:39:f0:87:4f:10:6e:6f:a9:34:bb:
fb:00:88:f1:11:38:49:6d:d0:9c:be:ef:85:21:a7:ba:94:ff:
67:74:5a:a3:b8:00:50:0c:48:1f:dd:74:b5:28:a2:7a:b0:d5:
4c:b8:71:58:8f:7d:44:a3:a0:5e:70:80:bb:ba:a6:69:52:99:
85:e0:12:10:da:49:96:07:4e:22:55:96:90:a2:76:01:10:60:
86:a8:4f:a7:cb:3c:ed:59:80:01:75:6e:ff:57:82:a4:87:02:
d2:d2:4a:f7:d3:df:fe:8f:a2:62:53:6a:66:21:94:0e:66:02:
b9:69:37:31:6a:d8:fb:e6:a3:de:4e:ff:d6:5d:df:34:b2:f7:
33:5e:67:92:56:b5:af:be:2f:c1:03:4e:fe:de:17:b3:21:8f:
e2:37:3d:9b:e3:1c:e8:d8:c1:ab:c1:93:41:24:20:c1:06:b9:
50:ea:f0:42:eb:d7:f2:b3:e4:06:87:bb:c5:66:04:f1:fe:82:
a3:5f:03:80
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYcIvhEwRlg2qHmuc67iNzzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjMwMzIyMDk1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTFjYzJkZmNmMmY1YTE3Yjc5ODEyMjRlNWQzY2E0NWZhY2E2YzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMa7xebzFoMYh1Da1UfEf5USvIoD
5kwckbokSYXlG89JKZ4Z1X7Kt43351Ei7CSmEHXOabQGaNhJocdK4TpCKRVHNrd/
YJQlouXeUaASy6LMdQtKKi0/vqlHZE5rU8ShvhxTg5f6x2Nlzp9KDX3uuSrFNdky
eIGcOh2qTPN7Y9Pqv/tzoFY7IsHap8ERxcaMaTU/jIMIhvXxNtCGCb1qXBOqWnXj
fjghM/0jSd53zv+R59OL3o6UpOgDWwTHHcAkm8C1r55WgbYdC6046rKvtb1Ziq9J
zfc8LFJBj2JA4xXkpzzuzK/kJvhLzdhNap+u4bDDkz7DYKO06wIGQnyS6wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFGkcwt/PL1oXt5gSJOXTykX6ymx9MB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEvYVJ6QzM4OHZXaGUzbUJJazVkUEtSZnJLYkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQDia4AAwQD
ia4QAwQDia4gAwQCia5UMAwDBAabzEADBAObzFADBAObzGAwDQYJKoZIhvcNAQEL
BQADggEBAH+79QJ6UkI7OXCQXxVx7Ii6cD/sjGgMow+igAGaGBC8oxrYG+Qy4BxH
84rUR9KeTfmG4ySEm5Zm9bnAj4NGOfCHTxBub6k0u/sAiPEROElt0Jy+74Uhp7qU
/2d0WqO4AFAMSB/ddLUoonqw1Uy4cViPfUSjoF5wgLu6pmlSmYXgEhDaSZYHTiJV
lpCidgEQYIaoT6fLPO1ZgAF1bv9XgqSHAtLSSvfT3/6PomJTamYhlA5mArlpNzFq
2Pvmo95O/9Zd3zSy9zNeZ5JWta++L8EDTv7eF7Mhj+I3PZvjHOjYwavBk0EkIMEG
uVDq8ELr1/Kz5AaHu8VmBPH+gqNfA4A=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:14:43 2025 by rpki-client