Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/XSzk67UP3Qqf-fH5ZODSxFujuxI.roa
File: XSzk67UP3Qqf-fH5ZODSxFujuxI.roa (raw, json)
Hash identifier: 5rKY90CvywyPwUwHOvvBMxD4bCrVfVI0RhbGAAPl5ts=
Subject key identifier: 5D:2C:E4:EB:B5:0F:DD:0A:9F:F9:F1:F9:64:E0:D2:C4:5B:A3:BB:12
Certificate issuer: /CN=c2fca944458606b1017e26c3ca17430f7ff924b3
Certificate serial: 018571DE7DB3A74C778819C93FE8297A851D
Authority key identifier: C2:FC:A9:44:45:86:06:B1:01:7E:26:C3:CA:17:43:0F:7F:F9:24:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wvypREWGBrEBfibDyhdDD3_5JLM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/XSzk67UP3Qqf-fH5ZODSxFujuxI.roa
Signing time: Mon 02 Jan 2023 09:44:44 +0000
ROA not before: Mon 02 Jan 2023 09:44:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2107
IP address blocks: 178.172.0.0/17 maxlen: 17
163.159.128.0/17 maxlen: 17
193.2.0.0/16 maxlen: 16
92.244.64.0/19 maxlen: 19
95.87.128.0/18 maxlen: 18
149.62.64.0/18 maxlen: 18
153.5.0.0/16 maxlen: 16
88.200.0.0/17 maxlen: 17
212.235.128.0/17 maxlen: 17
185.13.52.0/22 maxlen: 22
141.255.192.0/18 maxlen: 18
109.127.192.0/18 maxlen: 18
194.249.0.0/16 maxlen: 16
2001:1470::/29 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:de:7d:b3:a7:4c:77:88:19:c9:3f:e8:29:7a:85:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2fca944458606b1017e26c3ca17430f7ff924b3
Validity
Not Before: Jan 2 09:44:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d2ce4ebb50fdd0a9ff9f1f964e0d2c45ba3bb12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:eb:5a:86:3b:0b:cd:18:45:5a:8f:85:76:ba:
6e:c0:3b:a9:7f:46:ac:db:b4:3d:c6:0e:4a:86:93:
9f:ff:b2:0a:fe:16:64:01:f7:47:20:a1:be:19:fa:
48:05:00:da:23:55:8f:6f:37:2b:c7:24:74:ee:77:
b4:37:b2:52:a5:7c:d9:75:53:56:fe:08:02:12:5a:
7f:5c:91:d2:2f:be:94:af:f9:f5:1f:a5:29:47:59:
44:a9:0e:c4:cd:9a:9e:ed:59:57:08:72:00:c0:31:
d8:dc:85:44:07:f7:d4:58:79:cb:40:90:36:7d:62:
51:6b:8f:ba:04:b8:b3:8c:4e:05:74:31:07:f7:69:
f4:07:2f:98:db:81:31:3c:c1:06:a7:27:77:3d:7f:
d2:d3:37:56:64:6d:4b:b3:94:16:7f:6f:ba:95:0b:
93:2a:2f:34:18:f3:88:fd:54:31:5f:e9:c0:9b:fc:
44:bb:bf:eb:51:a3:6a:1b:85:a5:3b:3c:5e:c8:e4:
52:8c:f3:f9:76:58:8e:c7:36:9a:3d:8e:80:c8:1a:
cc:72:7a:bb:ae:c0:b2:92:0d:0b:df:af:30:b5:3e:
1c:4e:7d:d1:11:ac:c8:17:fc:67:de:e3:01:68:95:
a9:34:28:56:c7:ef:8f:25:c4:15:7f:e0:b4:92:37:
f8:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:2C:E4:EB:B5:0F:DD:0A:9F:F9:F1:F9:64:E0:D2:C4:5B:A3:BB:12
X509v3 Authority Key Identifier:
keyid:C2:FC:A9:44:45:86:06:B1:01:7E:26:C3:CA:17:43:0F:7F:F9:24:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wvypREWGBrEBfibDyhdDD3_5JLM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/XSzk67UP3Qqf-fH5ZODSxFujuxI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/wvypREWGBrEBfibDyhdDD3_5JLM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.200.0.0/17
92.244.64.0/19
95.87.128.0/18
109.127.192.0/18
141.255.192.0/18
149.62.64.0/18
153.5.0.0/16
163.159.128.0/17
178.172.0.0/17
185.13.52.0/22
193.2.0.0/16
194.249.0.0/16
212.235.128.0/17
IPv6:
2001:1470::/29
Signature Algorithm: sha256WithRSAEncryption
98:31:ae:fc:dc:8f:80:ba:2e:07:e3:2e:49:88:72:8a:05:6f:
28:29:53:fb:bc:1d:83:01:bc:13:55:c3:c9:43:41:35:df:f4:
a9:43:92:91:49:1c:f9:53:38:63:71:bb:83:e1:78:ed:f2:0b:
b9:0d:a2:de:51:19:5c:20:ec:f7:a9:05:ef:32:83:7d:1c:3b:
a3:81:71:34:a5:17:e8:9c:2b:d2:c9:48:cf:e9:ca:68:da:3a:
15:ae:4a:a3:04:60:9c:46:c2:a9:f2:62:3d:5f:2a:22:53:6f:
84:c2:af:31:2e:70:82:5e:e4:c9:a3:8c:14:2a:67:cd:39:e3:
3b:06:d4:cb:d8:00:18:1f:b1:ab:d2:fc:7b:bf:20:06:f7:02:
fb:72:d9:fc:f4:3d:e1:98:6d:bc:b1:c3:a6:a1:0c:7a:43:e6:
4a:41:41:8c:16:12:c4:28:44:2c:b4:ab:7e:27:b7:4f:a9:24:
a0:34:f8:8c:9c:d9:eb:6b:a4:8a:c9:6e:d9:14:be:59:4f:84:
57:6c:60:0c:1f:7b:92:e2:fd:93:ee:3d:ac:e4:d7:25:26:dc:
4e:e4:f1:f9:5d:51:1b:b4:83:d3:ec:ba:ae:d3:e5:6a:91:54:
a1:a6:ae:93:2f:60:c6:43:c6:9a:7b:46:19:77:95:9e:76:e7:
e3:b9:ca:1f
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYVx3n2zp0x3iBnJP+gpeoUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZmNhOTQ0NDU4NjA2YjEwMTdlMjZjM2NhMTc0MzBmN2Zm
OTI0YjMwHhcNMjMwMTAyMDk0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDJjZTRlYmI1MGZkZDBhOWZmOWYxZjk2NGUwZDJjNDViYTNiYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOtahjsLzRhFWo+FdrpuwDupf0as
27Q9xg5KhpOf/7IK/hZkAfdHIKG+GfpIBQDaI1WPbzcrxyR07ne0N7JSpXzZdVNW
/ggCElp/XJHSL76Ur/n1H6UpR1lEqQ7EzZqe7VlXCHIAwDHY3IVEB/fUWHnLQJA2
fWJRa4+6BLizjE4FdDEH92n0By+Y24ExPMEGpyd3PX/S0zdWZG1Ls5QWf2+6lQuT
Ki80GPOI/VQxX+nAm/xEu7/rUaNqG4WlOzxeyORSjPP5dliOxzaaPY6AyBrMcnq7
rsCykg0L368wtT4cTn3REazIF/xn3uMBaJWpNChWx++PJcQVf+C0kjf40QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFF0s5Ou1D90Kn/nx+WTg0sRbo7sSMB8GA1UdIwQY
MBaAFML8qURFhgaxAX4mw8oXQw9/+SSzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Z5cFJFV0dCckVCZmliRHloZEREM181SkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MDAzM2MtNWIwMy00NzA5LWI2ZDMt
YTg2NWUxODllZDhhLzEvWFN6azY3VVAzUXFmLWZINVpPRFN4RnVqdXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MDAzM2MtNWIwMy00NzA5LWI2ZDMtYTg2NWUxODllZDhh
LzEvd3Z5cFJFV0dCckVCZmliRHloZEREM181SkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBRBAIAATBLAwQHWMgAAwQF
XPRAAwQGX1eAAwQGbX/AAwQGjf/AAwQGlT5AAwMAmQUDBAejn4ADBAeyrAADBAK5
DTQDAwDBAgMDAML5AwQH1OuAMA0EAgACMAcDBQMgARRwMA0GCSqGSIb3DQEBCwUA
A4IBAQCYMa783I+Aui4H4y5JiHKKBW8oKVP7vB2DAbwTVcPJQ0E13/SpQ5KRSRz5
UzhjcbuD4Xjt8gu5DaLeURlcIOz3qQXvMoN9HDujgXE0pRfonCvSyUjP6cpo2joV
rkqjBGCcRsKp8mI9XyoiU2+Ewq8xLnCCXuTJo4wUKmfNOeM7BtTL2AAYH7Gr0vx7
vyAG9wL7ctn89D3hmG28scOmoQx6Q+ZKQUGMFhLEKEQstKt+J7dPqSSgNPiMnNnr
a6SKyW7ZFL5ZT4RXbGAMH3uS4v2T7j2s5NclJtxO5PH5XVEbtIPT7Lqu0+VqkVSh
pq6TL2DGQ8aae0YZd5Wedufjucof
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:05:00 2025 by rpki-client