Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/accde8-f46f-4ef9-94af-8dd81e4b3e33/1/lgAIfR7_iWvGFPP4eNFDt-ZHKNY.roa
File: lgAIfR7_iWvGFPP4eNFDt-ZHKNY.roa (raw, json)
Hash identifier: u/PPRzMIJ18Akv0SXY9MHVuNaL9b08Antb6qguanzwg=
Subject key identifier: 96:00:08:7D:1E:FF:89:6B:C6:14:F3:F8:78:D1:43:B7:E6:47:28:D6
Certificate issuer: /CN=2e6b33413faa5e5e1d279a2a25ff81d8d15325df
Certificate serial: 01856F4B7C76A5A85EFDECFC9EB535356899
Authority key identifier: 2E:6B:33:41:3F:AA:5E:5E:1D:27:9A:2A:25:FF:81:D8:D1:53:25:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmszQT-qXl4dJ5oqJf-B2NFTJd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/accde8-f46f-4ef9-94af-8dd81e4b3e33/1/lgAIfR7_iWvGFPP4eNFDt-ZHKNY.roa
Signing time: Sun 01 Jan 2023 21:44:56 +0000
ROA not before: Sun 01 Jan 2023 21:44:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2614
IP address blocks: 217.73.160.0/20 maxlen: 20
37.128.224.0/20 maxlen: 20
185.118.200.0/22 maxlen: 22
46.243.112.0/21 maxlen: 24
176.126.208.0/21 maxlen: 21
178.23.64.0/21 maxlen: 21
2001:b30::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:4b:7c:76:a5:a8:5e:fd:ec:fc:9e:b5:35:35:68:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6b33413faa5e5e1d279a2a25ff81d8d15325df
Validity
Not Before: Jan 1 21:44:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9600087d1eff896bc614f3f878d143b7e64728d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:07:b5:b5:aa:58:ed:f2:20:c9:38:56:67:e3:
fc:62:7a:58:a0:c2:13:49:e6:89:c8:b1:b6:ec:ed:
54:9f:58:0e:5f:f2:b1:ff:91:5f:68:46:6e:ee:a6:
0f:10:ca:6c:b9:a0:cb:79:ff:0f:d4:11:87:16:e2:
2e:13:f3:f6:ee:fb:db:82:6e:95:a1:d1:96:ef:7d:
04:48:e3:b9:b3:97:81:0b:c9:9a:90:54:e3:5e:41:
44:2c:41:ec:7a:bf:cc:a6:72:ca:f0:4b:07:54:fa:
6e:bb:a8:b3:39:17:7a:29:98:ee:a2:1e:90:ec:99:
60:cc:ca:ba:24:51:2a:94:94:be:00:9f:5e:33:94:
56:5c:65:a9:47:b1:70:25:00:d6:e0:be:5a:20:16:
21:22:55:71:b6:e9:dc:f6:e2:7e:fb:46:97:6d:f4:
02:88:7b:4d:2b:37:e0:f6:62:e9:15:ec:72:ad:98:
89:c9:56:41:dd:37:ba:40:b7:80:2a:74:cf:7f:19:
f1:95:6c:1d:51:fa:0f:e2:52:28:c2:e5:7f:8c:55:
e8:c0:08:01:87:60:e9:d2:92:31:57:21:dc:81:5b:
44:e7:97:8c:e9:b6:43:13:00:f0:6d:26:99:c2:9c:
5f:71:2f:8a:db:c7:a7:b1:58:26:5e:c6:3f:b6:9f:
b7:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:00:08:7D:1E:FF:89:6B:C6:14:F3:F8:78:D1:43:B7:E6:47:28:D6
X509v3 Authority Key Identifier:
keyid:2E:6B:33:41:3F:AA:5E:5E:1D:27:9A:2A:25:FF:81:D8:D1:53:25:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmszQT-qXl4dJ5oqJf-B2NFTJd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/accde8-f46f-4ef9-94af-8dd81e4b3e33/1/lgAIfR7_iWvGFPP4eNFDt-ZHKNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/accde8-f46f-4ef9-94af-8dd81e4b3e33/1/LmszQT-qXl4dJ5oqJf-B2NFTJd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.224.0/20
46.243.112.0/21
176.126.208.0/21
178.23.64.0/21
185.118.200.0/22
217.73.160.0/20
IPv6:
2001:b30::/29
Signature Algorithm: sha256WithRSAEncryption
62:f5:55:06:6b:4f:bd:86:6f:bc:cd:de:0e:95:88:ad:df:68:
cd:d4:d8:45:6b:4e:d8:e1:f6:ee:26:83:c0:08:df:a2:65:be:
67:98:12:b1:52:be:4f:31:2e:98:77:34:d9:9d:14:99:f9:79:
be:69:6b:fd:05:02:26:1f:b9:1c:f2:f4:d0:77:da:89:b5:2f:
77:42:af:b6:bc:e5:19:44:3f:27:63:8e:49:44:23:d6:9b:16:
3d:53:7a:b9:c4:5a:ad:54:e8:19:d8:78:af:85:d1:dc:a2:56:
12:0c:8c:f3:7b:aa:70:1d:7e:d5:f1:89:de:db:4f:ab:e5:4f:
97:a3:8f:9f:88:2d:a1:f0:3a:d9:80:3a:65:e2:1b:a2:30:7b:
9f:df:96:a7:56:e5:f4:49:f0:89:ad:f6:de:4d:62:1c:01:7f:
4e:40:05:03:7d:ad:66:bb:c9:a5:b9:b1:d0:b4:b1:21:80:65:
ba:7a:60:c1:fd:84:bb:5b:d3:e2:13:f9:b0:f4:2f:57:31:5b:
c6:46:f7:e7:6f:3d:6e:0a:8a:db:3c:a8:f6:75:1e:b3:06:50:
b2:2c:0b:0c:7b:71:0c:6a:17:2a:9f:e9:b0:47:5f:ba:25:ff:
a4:0a:30:87:64:b5:7b:a4:f9:6e:62:ce:94:fa:37:bf:4f:80:
7a:d2:04:21
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVvS3x2pahe/ez8nrU1NWiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmIzMzQxM2ZhYTVlNWUxZDI3OWEyYTI1ZmY4MWQ4ZDE1
MzI1ZGYwHhcNMjMwMTAxMjE0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjAwMDg3ZDFlZmY4OTZiYzYxNGYzZjg3OGQxNDNiN2U2NDcyOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Qe1tapY7fIgyThWZ+P8YnpYoMIT
SeaJyLG27O1Un1gOX/Kx/5FfaEZu7qYPEMpsuaDLef8P1BGHFuIuE/P27vvbgm6V
odGW730ESOO5s5eBC8makFTjXkFELEHser/MpnLK8EsHVPpuu6izORd6KZjuoh6Q
7JlgzMq6JFEqlJS+AJ9eM5RWXGWpR7FwJQDW4L5aIBYhIlVxtunc9uJ++0aXbfQC
iHtNKzfg9mLpFexyrZiJyVZB3Te6QLeAKnTPfxnxlWwdUfoP4lIowuV/jFXowAgB
h2Dp0pIxVyHcgVtE55eM6bZDEwDwbSaZwpxfcS+K28ensVgmXsY/tp+3LwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJYACH0e/4lrxhTz+HjRQ7fmRyjWMB8GA1UdIwQY
MBaAFC5rM0E/ql5eHSeaKiX/gdjRUyXfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1zelFULXFYbDRkSjVvcUpmLUIyTkZUSmQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hY2NkZTgtZjQ2Zi00ZWY5LTk0YWYt
OGRkODFlNGIzZTMzLzEvbGdBSWZSN19pV3ZHRlBQNGVORkR0LVpIS05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hY2NkZTgtZjQ2Zi00ZWY5LTk0YWYtOGRkODFlNGIzZTMz
LzEvTG1zelFULXFYbDRkSjVvcUpmLUIyTkZUSmQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEJYDgAwQD
LvNwAwQDsH7QAwQDshdAAwQCuXbIAwQE2UmgMA0EAgACMAcDBQMgAQswMA0GCSqG
SIb3DQEBCwUAA4IBAQBi9VUGa0+9hm+8zd4OlYit32jN1NhFa07Y4fbuJoPACN+i
Zb5nmBKxUr5PMS6YdzTZnRSZ+Xm+aWv9BQImH7kc8vTQd9qJtS93Qq+2vOUZRD8n
Y45JRCPWmxY9U3q5xFqtVOgZ2HivhdHcolYSDIzze6pwHX7V8Yne20+r5U+Xo4+f
iC2h8DrZgDpl4huiMHuf35anVuX0SfCJrfbeTWIcAX9OQAUDfa1mu8mlubHQtLEh
gGW6emDB/YS7W9PiE/mw9C9XMVvGRvfnbz1uCorbPKj2dR6zBlCyLAsMe3EMahcq
n+mwR1+6Jf+kCjCHZLV7pPluYs6U+je/T4B60gQh
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:49:47 2025 by rpki-client