Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/CrHYqnU9xbyU8Rdb29BlsNijtUk.roa
File: CrHYqnU9xbyU8Rdb29BlsNijtUk.roa (raw, json)
Hash identifier: JD28FXrib5bsWXjgdPfGzdmfy/Gn9+dMe7lu1Mirgw0=
Subject key identifier: 0A:B1:D8:AA:75:3D:C5:BC:94:F1:17:5B:DB:D0:65:B0:D8:A3:B5:49
Certificate issuer: /CN=239572ddfcab6291e6410ccd4e860ee36000e668
Certificate serial: 01856F0B7A12D754002FCBED0DEDCF43976D
Authority key identifier: 23:95:72:DD:FC:AB:62:91:E6:41:0C:CD:4E:86:0E:E3:60:00:E6:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I5Vy3fyrYpHmQQzNToYO42AA5mg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/CrHYqnU9xbyU8Rdb29BlsNijtUk.roa
Signing time: Sun 01 Jan 2023 20:35:01 +0000
ROA not before: Sun 01 Jan 2023 20:35:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201225
IP address blocks: 109.232.161.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:0b:7a:12:d7:54:00:2f:cb:ed:0d:ed:cf:43:97:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=239572ddfcab6291e6410ccd4e860ee36000e668
Validity
Not Before: Jan 1 20:35:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0ab1d8aa753dc5bc94f1175bdbd065b0d8a3b549
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d1:ff:4a:ed:a6:a6:67:d6:fd:39:b6:85:6f:
79:f3:bf:51:9b:05:80:8e:ef:27:32:cb:66:5f:44:
79:73:34:05:62:55:d2:0c:63:45:42:69:d4:8a:2f:
55:04:b1:b0:ab:7f:93:3b:d4:e5:ec:7c:6b:6d:95:
0a:58:d7:f1:88:bd:9c:f1:59:ee:b2:34:a1:c6:e5:
44:87:13:71:fe:d8:c1:17:4a:52:c9:ae:ea:1b:66:
7a:71:a7:c1:83:3b:d0:09:9c:3e:8c:44:3a:11:04:
54:6e:e2:43:46:49:92:e1:ab:0e:13:56:53:e0:a1:
a8:40:8c:7c:37:c5:ba:56:8a:04:37:8d:e3:fa:fc:
68:d0:5d:e1:3d:54:f1:ee:60:3c:f4:d3:67:1c:9e:
96:9d:cf:c8:07:c8:1f:ca:a1:49:df:58:bd:df:5c:
88:56:03:fc:44:53:e3:cf:30:cc:ec:ae:80:70:af:
57:2d:56:09:8e:1c:84:75:1f:2a:60:c3:88:98:a8:
b7:d1:db:b6:d3:e3:dc:41:4b:cf:1a:0b:a1:5f:25:
93:ed:12:70:02:fc:14:3b:65:c8:a9:d4:d1:db:fe:
f0:06:f1:e1:0f:10:3b:c4:5d:11:ff:b9:24:fe:a9:
72:27:e2:ff:37:e4:ff:45:b6:d8:98:95:a5:30:c8:
9c:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:B1:D8:AA:75:3D:C5:BC:94:F1:17:5B:DB:D0:65:B0:D8:A3:B5:49
X509v3 Authority Key Identifier:
keyid:23:95:72:DD:FC:AB:62:91:E6:41:0C:CD:4E:86:0E:E3:60:00:E6:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I5Vy3fyrYpHmQQzNToYO42AA5mg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/CrHYqnU9xbyU8Rdb29BlsNijtUk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/I5Vy3fyrYpHmQQzNToYO42AA5mg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.232.161.0/24
Signature Algorithm: sha256WithRSAEncryption
80:7b:04:66:b6:c5:f6:e6:aa:0d:74:83:5c:c2:aa:df:23:41:
d8:9b:2b:8a:e2:7a:ea:84:43:7b:c7:d7:fb:2b:82:6c:52:ac:
88:3b:c4:9f:4b:79:1c:26:e2:34:0d:35:08:57:9e:6f:a7:ab:
1a:20:80:65:28:25:8f:3a:09:2c:b1:f5:88:40:ad:21:ca:73:
bb:d6:4a:8d:a6:c5:30:e7:ef:94:3b:20:1e:d7:39:4b:d7:d5:
90:e9:79:64:11:9d:7c:32:7e:89:20:15:6f:98:ac:0d:f7:a9:
c5:74:49:d8:5c:a3:cf:c6:57:b0:8e:d2:2a:9e:2a:99:41:47:
ab:96:1e:77:1e:c1:09:b6:19:66:fa:f6:cd:3b:9d:b8:51:73:
e6:02:7b:f7:d0:bf:56:ff:d1:36:f9:bf:a0:0a:c8:16:c7:36:
a6:f4:21:32:49:db:1e:cb:4d:68:a6:74:b3:ad:0b:f2:50:e1:
2f:10:10:45:89:bf:f6:a3:52:76:41:13:a5:94:b7:08:07:a8:
ee:8f:ea:0b:51:6c:bd:48:a5:ef:24:7d:3a:c7:1e:98:a2:70:
9a:8e:83:04:f1:63:16:06:31:f1:8f:60:18:ec:10:65:48:61:
d8:f3:60:70:e0:84:0e:5e:03:23:74:0d:a0:0a:cd:f0:4c:cf:
bd:30:05:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvC3oS11QAL8vtDe3PQ5dtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOTU3MmRkZmNhYjYyOTFlNjQxMGNjZDRlODYwZWUzNjAw
MGU2NjgwHhcNMjMwMTAxMjAzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIxZDhhYTc1M2RjNWJjOTRmMTE3NWJkYmQwNjViMGQ4YTNiNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9H/Su2mpmfW/Tm2hW95879RmwWA
ju8nMstmX0R5czQFYlXSDGNFQmnUii9VBLGwq3+TO9Tl7HxrbZUKWNfxiL2c8Vnu
sjShxuVEhxNx/tjBF0pSya7qG2Z6cafBgzvQCZw+jEQ6EQRUbuJDRkmS4asOE1ZT
4KGoQIx8N8W6VooEN43j+vxo0F3hPVTx7mA89NNnHJ6Wnc/IB8gfyqFJ31i931yI
VgP8RFPjzzDM7K6AcK9XLVYJjhyEdR8qYMOImKi30du20+PcQUvPGguhXyWT7RJw
AvwUO2XIqdTR2/7wBvHhDxA7xF0R/7kk/qlyJ+L/N+T/RbbYmJWlMMicowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqx2Kp1PcW8lPEXW9vQZbDYo7VJMB8GA1UdIwQY
MBaAFCOVct38q2KR5kEMzU6GDuNgAOZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTVWeTNmeXJZcEhtUVF6TlRvWU80MkFBNW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xZDdmMDgtZTc3Yy00MzM4LTlhMzkt
OGUxOWMwZGI4NmMyLzEvQ3JIWXFuVTl4YnlVOFJkYjI5QmxzTmlqdFVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xZDdmMDgtZTc3Yy00MzM4LTlhMzktOGUxOWMwZGI4NmMy
LzEvSTVWeTNmeXJZcEhtUVF6TlRvWU80MkFBNW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeihMA0G
CSqGSIb3DQEBCwUAA4IBAQCAewRmtsX25qoNdINcwqrfI0HYmyuK4nrqhEN7x9f7
K4JsUqyIO8SfS3kcJuI0DTUIV55vp6saIIBlKCWPOgkssfWIQK0hynO71kqNpsUw
5++UOyAe1zlL19WQ6XlkEZ18Mn6JIBVvmKwN96nFdEnYXKPPxlewjtIqniqZQUer
lh53HsEJthlm+vbNO524UXPmAnv30L9W/9E2+b+gCsgWxzam9CEySdsey01opnSz
rQvyUOEvEBBFib/2o1J2QROllLcIB6juj+oLUWy9SKXvJH06xx6YonCajoME8WMW
BjHxj2AY7BBlSGHY82Bw4IQOXgMjdA2gCs3wTM+9MAVF
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:31:29 2025 by rpki-client