Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/s3YE-tqnRxRnI2i4uTbmnNYzFhA.roa
File: s3YE-tqnRxRnI2i4uTbmnNYzFhA.roa (raw, json)
Hash identifier: 4jXTVbDWuSs+R3XZBah0nGpRYxZ/RYtwgHhrtfZbNP8=
Subject key identifier: B3:76:04:FA:DA:A7:47:14:67:23:68:B8:B9:36:E6:9C:D6:33:16:10
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018B7F746484C0BA938918D0EB2837D51C0C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/s3YE-tqnRxRnI2i4uTbmnNYzFhA.roa
Signing time: Mon 30 Oct 2023 07:20:16 +0000
ROA not before: Mon 30 Oct 2023 07:20:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197992
IP address blocks: 194.33.32.0/24 maxlen: 24
2a0f:7f00::/29 maxlen: 29
2a0f:2100::/29 maxlen: 29
2a13:2cc0::/29 maxlen: 29
2a12:d6c0::/29 maxlen: 29
2a13:2b40::/29 maxlen: 29
2a13:d300::/29 maxlen: 29
2a13:200::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:7f:74:64:84:c0:ba:93:89:18:d0:eb:28:37:d5:1c:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Oct 30 07:20:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b37604fadaa74714672368b8b936e69cd6331610
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:80:5b:6c:d7:9a:2f:63:7c:07:28:ec:af:79:
16:10:c3:e3:7d:03:c1:17:52:4f:6e:27:7e:f2:c6:
9d:df:66:c5:50:ad:b9:e4:fd:6d:6c:db:62:42:c4:
12:d5:a7:6e:a6:e9:b7:d4:2e:48:1f:cc:3f:2e:e1:
40:66:02:74:34:92:0f:c8:67:62:07:42:17:0f:da:
7a:95:8f:22:35:a6:07:8e:60:37:e5:6f:55:cd:d4:
66:e1:7a:c3:28:f9:b7:69:1d:5e:04:e7:17:41:41:
1f:d9:a6:31:ed:8d:64:bb:b8:c1:4d:9c:af:ff:28:
d1:f1:f5:00:5f:74:6b:0f:5b:d0:bd:ae:15:67:6f:
86:2f:4a:df:a9:68:3a:79:7e:37:e9:38:67:da:9e:
0f:01:49:ea:d3:4e:df:34:16:69:4c:16:d1:9f:d6:
ad:67:ec:d0:52:c4:aa:db:fc:b0:fa:17:31:d3:ed:
18:d7:4f:9b:dc:5e:7c:f3:cb:5d:f9:33:81:e0:0c:
30:50:c3:b8:bb:7d:4b:9e:ec:fe:05:2d:62:b7:e1:
62:10:0b:08:cd:89:01:ff:bc:0a:14:b5:c1:b4:16:
a1:c3:3f:07:cd:32:5c:21:2e:df:80:53:b3:74:51:
c7:ae:aa:df:09:98:7d:71:e6:14:33:62:e9:05:9b:
d0:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:76:04:FA:DA:A7:47:14:67:23:68:B8:B9:36:E6:9C:D6:33:16:10
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/s3YE-tqnRxRnI2i4uTbmnNYzFhA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.33.32.0/24
IPv6:
2a0f:2100::/29
2a0f:7f00::/29
2a12:d6c0::/29
2a13:200::/29
2a13:2b40::/29
2a13:2cc0::/29
2a13:d300::/29
Signature Algorithm: sha256WithRSAEncryption
cc:6f:ac:67:9b:bc:b3:b6:94:ba:2c:ae:3c:92:1b:36:15:ae:
fb:7f:39:56:9b:5b:8d:2e:58:d9:38:c3:10:6b:a4:04:75:d0:
75:a6:c3:7e:b8:f8:f9:79:43:b2:30:dc:b3:02:3c:6e:c3:95:
ae:fc:3e:e2:5b:44:e3:4c:ba:8e:8c:2b:22:f3:41:d2:0a:9c:
60:cc:45:d8:a7:0a:23:de:2e:ea:d9:e2:a4:7c:67:ae:26:d8:
05:b0:ff:62:ff:7d:73:74:f2:dc:99:72:59:b4:f7:c9:b6:e5:
4b:b7:49:e3:db:87:af:f5:b7:92:62:69:d5:4c:b9:f6:6a:56:
2a:f4:0a:bd:88:f3:45:c6:c0:df:cf:d2:4d:78:70:20:b0:7a:
f5:52:90:10:e1:5e:ea:da:89:cf:ff:34:e7:30:f0:78:48:4c:
32:8a:6a:12:d3:d4:b4:c4:a5:38:02:af:15:c6:6a:0d:24:3c:
35:4c:0c:6a:a5:c7:9c:ab:1c:05:8f:5e:a3:22:68:9a:f6:6e:
ce:10:ab:43:84:1d:f3:f4:a3:69:b3:c0:69:f8:62:b6:30:ab:
7d:bf:b0:41:cc:36:94:8d:1f:1e:c0:78:8d:72:05:9b:95:24:
33:95:b0:f0:ec:b6:ea:d9:f6:83:db:5e:7a:d9:23:91:f3:5f:
c6:7c:e1:eb
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYt/dGSEwLqTiRjQ6yg31RwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMDMwMDcyMDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzc2MDRmYWRhYTc0NzE0NjcyMzY4YjhiOTM2ZTY5Y2Q2MzMxNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4BbbNeaL2N8Byjsr3kWEMPjfQPB
F1JPbid+8sad32bFUK255P1tbNtiQsQS1adupum31C5IH8w/LuFAZgJ0NJIPyGdi
B0IXD9p6lY8iNaYHjmA35W9VzdRm4XrDKPm3aR1eBOcXQUEf2aYx7Y1ku7jBTZyv
/yjR8fUAX3RrD1vQva4VZ2+GL0rfqWg6eX436Thn2p4PAUnq007fNBZpTBbRn9at
Z+zQUsSq2/yw+hcx0+0Y10+b3F5888td+TOB4AwwUMO4u31Lnuz+BS1it+FiEAsI
zYkB/7wKFLXBtBahwz8HzTJcIS7fgFOzdFHHrqrfCZh9ceYUM2LpBZvQKQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFLN2BPrap0cUZyNouLk25pzWMxYQMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvczNZRS10cW5SeFJuSTJpNHVUYm1uTll6RmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzAMBAIAATAGAwQAwiEgMDcE
AgACMDEDBQMqDyEAAwUDKg9/AAMFAyoS1sADBQMqEwIAAwUDKhMrQAMFAyoTLMAD
BQMqE9MAMA0GCSqGSIb3DQEBCwUAA4IBAQDMb6xnm7yztpS6LK48khs2Fa77fzlW
m1uNLljZOMMQa6QEddB1psN+uPj5eUOyMNyzAjxuw5Wu/D7iW0TjTLqOjCsi80HS
CpxgzEXYpwoj3i7q2eKkfGeuJtgFsP9i/31zdPLcmXJZtPfJtuVLt0nj24ev9beS
YmnVTLn2alYq9Aq9iPNFxsDfz9JNeHAgsHr1UpAQ4V7q2onP/zTnMPB4SEwyimoS
09S0xKU4Aq8VxmoNJDw1TAxqpcecqxwFj16jImia9m7OEKtDhB3z9KNps8Bp+GK2
MKt9v7BBzDaUjR8ewHiNcgWblSQzlbDw7Lbq2faD21562SOR81/GfOHr
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:09:45 2025 by rpki-client