Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/RRD3tZJctgF5kqxFaeCTMq7VOOY.roa
File: RRD3tZJctgF5kqxFaeCTMq7VOOY.roa (raw, json)
Hash identifier: 1xUqbsiQFwYbOsiFDtItdylnh8f8jqYleHRLQjc+stg=
Subject key identifier: 45:10:F7:B5:92:5C:B6:01:79:92:AC:45:69:E0:93:32:AE:D5:38:E6
Certificate issuer: /CN=2631166de785a3531bdc8361f1190a8369a7ed6a
Certificate serial: 018571C3051955F0E6D19258B40E8637858C
Authority key identifier: 26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/RRD3tZJctgF5kqxFaeCTMq7VOOY.roa
Signing time: Mon 02 Jan 2023 09:14:44 +0000
ROA not before: Mon 02 Jan 2023 09:14:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212477
IP address blocks: 2a03:3f40:d::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:c3:05:19:55:f0:e6:d1:92:58:b4:0e:86:37:85:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2631166de785a3531bdc8361f1190a8369a7ed6a
Validity
Not Before: Jan 2 09:14:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4510f7b5925cb6017992ac4569e09332aed538e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:4a:02:cd:f2:85:8a:53:e4:22:d4:87:28:19:
d5:f6:9b:bf:c1:62:f7:29:dd:26:d7:26:a0:41:c1:
c6:83:cf:24:1c:d8:32:ae:4f:d5:da:df:79:15:7d:
f4:97:f0:42:21:35:72:7f:8f:30:0e:f0:d8:c3:97:
60:f9:b6:e2:d5:58:1c:02:94:f3:59:75:b4:f2:47:
6e:27:e8:bc:e4:18:c6:ba:f2:3a:2b:2d:08:e3:f4:
b2:b9:b5:1d:63:24:b0:85:1f:bd:fd:25:55:ca:ce:
fa:bd:b5:05:36:ae:55:3a:17:d1:8d:aa:59:19:23:
c8:40:8f:da:f2:a5:84:4c:22:ef:7f:bb:64:8c:5a:
e6:9f:41:6f:a5:a0:88:60:67:dc:f7:d3:2c:c3:30:
c4:95:72:48:2a:ee:2d:bc:fe:59:f3:f8:9f:ee:41:
b9:ad:a1:f5:49:23:f8:15:0a:8a:55:2e:9a:65:34:
aa:71:50:87:9b:58:26:d7:62:b1:1d:83:36:02:71:
80:27:1a:ea:b4:21:95:ca:25:9b:99:f8:3b:53:82:
e8:f5:8e:ce:e0:a4:b8:8c:cc:7a:e5:24:93:8c:fc:
76:88:ce:26:12:3a:1b:73:5b:06:c2:33:92:ad:3c:
13:ae:a1:a3:36:e8:f2:41:86:0a:41:ae:34:c1:df:
05:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:10:F7:B5:92:5C:B6:01:79:92:AC:45:69:E0:93:32:AE:D5:38:E6
X509v3 Authority Key Identifier:
keyid:26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/RRD3tZJctgF5kqxFaeCTMq7VOOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a03:3f40:d::/48
Signature Algorithm: sha256WithRSAEncryption
3a:ab:32:8d:9e:e9:cf:c8:e6:90:76:03:9f:2e:8d:a1:f4:c9:
57:5c:c7:8d:ee:ce:d7:17:7a:b8:fc:1e:de:fd:47:f1:98:ec:
bd:02:5f:06:c4:c0:8c:38:3e:ef:20:d0:27:20:30:74:80:86:
4d:9b:79:8f:bf:a8:5b:bb:5a:eb:60:67:a2:8c:af:07:35:b7:
b3:ff:99:61:fb:2a:96:15:35:5d:e8:1b:d6:fc:41:56:c7:d2:
10:dd:3a:3f:4f:59:95:20:34:78:05:e0:aa:76:1d:51:4e:1f:
29:24:44:c2:29:3b:25:3b:5f:d7:5c:d8:44:0c:b8:d3:8f:19:
25:d4:30:94:90:f7:26:3a:59:15:16:0c:ed:d6:43:1d:19:16:
39:9d:b7:df:58:4f:a4:c2:7e:37:f5:8e:5a:6a:01:4f:ec:63:
eb:30:f8:a2:bf:b0:b0:1d:b9:cd:79:4b:d8:f0:77:28:aa:b3:
36:58:3e:80:d9:8b:60:ed:3d:f8:3a:a3:68:3b:3b:94:83:df:
a1:b6:10:5d:60:4a:ea:ac:89:ca:a9:1b:3d:2b:97:cc:00:a3:
d6:95:76:cd:fa:e3:af:ee:75:f3:79:8b:99:15:2f:2f:70:38:
8d:b8:a4:40:f7:4e:5c:5a:e8:b9:df:e9:8e:d0:d0:5c:b7:c7:
e9:1f:1f:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVxwwUZVfDm0ZJYtA6GN4WMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MzExNjZkZTc4NWEzNTMxYmRjODM2MWYxMTkwYTgzNjlh
N2VkNmEwHhcNMjMwMTAyMDkxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTEwZjdiNTkyNWNiNjAxNzk5MmFjNDU2OWUwOTMzMmFlZDUzOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUoCzfKFilPkItSHKBnV9pu/wWL3
Kd0m1yagQcHGg88kHNgyrk/V2t95FX30l/BCITVyf48wDvDYw5dg+bbi1VgcApTz
WXW08kduJ+i85BjGuvI6Ky0I4/SyubUdYySwhR+9/SVVys76vbUFNq5VOhfRjapZ
GSPIQI/a8qWETCLvf7tkjFrmn0FvpaCIYGfc99MswzDElXJIKu4tvP5Z8/if7kG5
raH1SSP4FQqKVS6aZTSqcVCHm1gm12KxHYM2AnGAJxrqtCGVyiWbmfg7U4Lo9Y7O
4KS4jMx65SSTjPx2iM4mEjobc1sGwjOSrTwTrqGjNujyQYYKQa40wd8FvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEUQ97WSXLYBeZKsRWngkzKu1TjmMB8GA1UdIwQY
MBaAFCYxFm3nhaNTG9yDYfEZCoNpp+1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUt
Yjg5YTI2MTk5OTc2LzEvUlJEM3RaSmN0Z0Y1a3F4RmFlQ1RNcTdWT09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUtYjg5YTI2MTk5OTc2
LzEvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgM/QAAN
MA0GCSqGSIb3DQEBCwUAA4IBAQA6qzKNnunPyOaQdgOfLo2h9MlXXMeN7s7XF3q4
/B7e/UfxmOy9Al8GxMCMOD7vINAnIDB0gIZNm3mPv6hbu1rrYGeijK8HNbez/5lh
+yqWFTVd6BvW/EFWx9IQ3To/T1mVIDR4BeCqdh1RTh8pJETCKTslO1/XXNhEDLjT
jxkl1DCUkPcmOlkVFgzt1kMdGRY5nbffWE+kwn439Y5aagFP7GPrMPiiv7CwHbnN
eUvY8HcoqrM2WD6A2Ytg7T34OqNoOzuUg9+hthBdYErqrInKqRs9K5fMAKPWlXbN
+uOv7nXzeYuZFS8vcDiNuKRA905cWui53+mO0NBct8fpHx9w
-----END CERTIFICATE-----
Generated at Wed Apr 9 18:50:29 2025 by rpki-client