Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/MU-5oFh0V5nHUtkuoJ6LRSbHjm8.roa
File: MU-5oFh0V5nHUtkuoJ6LRSbHjm8.roa (raw, json)
Hash identifier: j0dQOjyVaQmp9x8r2eqrFERBocUOoZAAY1UePoXyFs0=
Subject key identifier: 31:4F:B9:A0:58:74:57:99:C7:52:D9:2E:A0:9E:8B:45:26:C7:8E:6F
Certificate issuer: /CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
Certificate serial: 01856EC2012502105CAC2E0798B61604DD2C
Authority key identifier: E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/MU-5oFh0V5nHUtkuoJ6LRSbHjm8.roa
Signing time: Sun 01 Jan 2023 19:14:46 +0000
ROA not before: Sun 01 Jan 2023 19:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204896
IP address blocks: 185.143.148.0/22 maxlen: 22
91.142.112.0/20 maxlen: 20
2a00:17b0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:c2:01:25:02:10:5c:ac:2e:07:98:b6:16:04:dd:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
Validity
Not Before: Jan 1 19:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=314fb9a058745799c752d92ea09e8b4526c78e6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:07:89:e3:1a:5f:ff:93:c3:12:1f:5b:81:57:
81:6b:66:23:21:e4:68:5b:e2:ba:69:9d:d4:3b:fb:
a2:5d:8d:58:63:32:be:26:7a:ef:c8:7a:17:ac:91:
81:3a:68:ba:14:fa:b2:97:03:08:ac:a0:8c:58:eb:
7a:60:98:f2:7d:95:ca:30:36:53:5c:d2:f2:96:fb:
e6:b1:d0:93:fa:97:a6:fc:35:c7:a7:18:99:eb:5e:
92:8e:70:10:68:77:97:dc:76:31:71:9b:d9:6b:66:
dd:47:33:67:c3:98:20:f4:fa:5d:e9:c1:62:c7:da:
1a:13:17:b1:92:16:a9:64:4c:b4:d3:ef:22:51:f9:
ac:28:92:92:68:79:ad:a8:5c:a0:91:b4:c9:0c:2d:
c9:c4:6f:d7:92:3f:33:5d:06:1a:67:d6:fc:00:20:
57:10:cd:a3:f1:6a:19:13:13:29:bd:e0:fc:32:9c:
00:c5:92:f6:af:d6:15:98:4e:2e:44:8a:87:e9:a7:
b1:77:9a:6a:d8:e3:4b:d3:4b:6c:1b:7a:ac:ad:7c:
fc:70:bb:c8:d9:d8:2f:1a:ae:5c:dc:98:8a:24:60:
63:28:2d:3c:7f:d5:50:df:a0:09:53:a8:3c:84:52:
1d:da:ac:de:5a:3b:a4:4c:68:1e:e1:d9:21:f0:4c:
01:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:4F:B9:A0:58:74:57:99:C7:52:D9:2E:A0:9E:8B:45:26:C7:8E:6F
X509v3 Authority Key Identifier:
keyid:E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/MU-5oFh0V5nHUtkuoJ6LRSbHjm8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.142.112.0/20
185.143.148.0/22
IPv6:
2a00:17b0::/32
Signature Algorithm: sha256WithRSAEncryption
25:1e:80:bf:97:d0:cf:88:c0:97:e6:07:1a:32:28:20:61:ed:
9f:59:1e:67:ca:44:16:51:13:84:11:d3:e0:08:85:12:4c:c6:
02:65:58:3d:58:9a:63:e8:b8:5a:45:7b:0b:b9:39:07:de:00:
87:55:36:c4:78:78:8d:a0:c5:05:51:94:c9:72:b6:33:ea:a3:
bb:d1:10:26:53:52:af:0d:59:40:a8:e1:ef:49:ec:e1:ed:33:
b0:79:b0:30:9f:e5:a2:52:e2:83:d2:27:75:67:6a:d3:dd:25:
3c:20:c0:ad:ce:ab:11:6c:41:66:fc:f3:e1:91:75:a3:62:35:
e3:29:42:7d:92:48:fe:e1:76:15:da:7f:65:db:66:03:b1:3d:
6e:68:b6:f4:a2:fa:77:f6:84:12:7b:0b:fc:c4:e6:73:80:23:
e2:52:d0:21:58:7b:b0:92:cc:c9:81:48:72:c0:3a:8f:ba:38:
e8:71:0c:97:ef:f6:b1:f8:75:27:cc:97:21:ad:5a:c8:f4:3a:
81:44:f8:3a:ea:59:33:0a:53:e4:85:17:84:7f:f4:df:87:18:
ec:dd:da:b8:52:5e:7e:e9:24:61:c9:c1:d5:eb:eb:22:7a:a3:
7e:33:a9:40:a7:ef:bd:42:b6:df:4c:88:0b:3c:41:9c:09:90:
93:31:13:94
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVuwgElAhBcrC4HmLYWBN0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTMyZThhNmFjNmY2ZWMzNzg2MGVlN2MwN2ViOGRmOTMx
NDc3NzkwHhcNMjMwMTAxMTkxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRmYjlhMDU4NzQ1Nzk5Yzc1MmQ5MmVhMDllOGI0NTI2Yzc4ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygeJ4xpf/5PDEh9bgVeBa2YjIeRo
W+K6aZ3UO/uiXY1YYzK+JnrvyHoXrJGBOmi6FPqylwMIrKCMWOt6YJjyfZXKMDZT
XNLylvvmsdCT+pem/DXHpxiZ616SjnAQaHeX3HYxcZvZa2bdRzNnw5gg9Ppd6cFi
x9oaExexkhapZEy00+8iUfmsKJKSaHmtqFygkbTJDC3JxG/Xkj8zXQYaZ9b8ACBX
EM2j8WoZExMpveD8MpwAxZL2r9YVmE4uRIqH6aexd5pq2ONL00tsG3qsrXz8cLvI
2dgvGq5c3JiKJGBjKC08f9VQ36AJU6g8hFId2qzeWjukTGge4dkh8EwBkwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDFPuaBYdFeZx1LZLqCei0Umx45vMB8GA1UdIwQY
MBaAFOijLopqxvbsN4YO58B+uN+TFHd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktNdWltckc5dXczaGc3bndINjQzNU1VZDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jNGJmZDQtYTBhMS00MzM0LTg2MGEt
NGZhNTM3ZGJlMmU5LzEvTVUtNW9GaDBWNW5IVXRrdW9KNkxSU2JIam04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jNGJmZDQtYTBhMS00MzM0LTg2MGEtNGZhNTM3ZGJlMmU5
LzEvNktNdWltckc5dXczaGc3bndINjQzNU1VZDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEW45wAwQC
uY+UMA0EAgACMAcDBQAqABewMA0GCSqGSIb3DQEBCwUAA4IBAQAlHoC/l9DPiMCX
5gcaMiggYe2fWR5nykQWUROEEdPgCIUSTMYCZVg9WJpj6LhaRXsLuTkH3gCHVTbE
eHiNoMUFUZTJcrYz6qO70RAmU1KvDVlAqOHvSezh7TOwebAwn+WiUuKD0id1Z2rT
3SU8IMCtzqsRbEFm/PPhkXWjYjXjKUJ9kkj+4XYV2n9l22YDsT1uaLb0ovp39oQS
ewv8xOZzgCPiUtAhWHuwkszJgUhywDqPujjocQyX7/ax+HUnzJchrVrI9DqBRPg6
6lkzClPkhReEf/Tfhxjs3dq4Ul5+6SRhycHV6+sieqN+M6lAp++9QrbfTIgLPEGc
CZCTMROU
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:02 2025 by rpki-client