Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/lffXuQuo4XO6awInjJzDIYnBiWw.roa
File: lffXuQuo4XO6awInjJzDIYnBiWw.roa (raw, json)
Hash identifier: 7K/qPvgtn+cNLBuhTdIZKrQ4yt4ff+RyJaxr963R3EI=
Subject key identifier: 95:F7:D7:B9:0B:A8:E1:73:BA:6B:02:27:8C:9C:C3:21:89:C1:89:6C
Certificate issuer: /CN=53b1a8ebc3ecf7f5db7f6cacd00e920af85ae8b4
Certificate serial: 01856D66188A34AC206CE37A00A8E23E3616
Authority key identifier: 53:B1:A8:EB:C3:EC:F7:F5:DB:7F:6C:AC:D0:0E:92:0A:F8:5A:E8:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/lffXuQuo4XO6awInjJzDIYnBiWw.roa
Signing time: Sun 01 Jan 2023 12:54:45 +0000
ROA not before: Sun 01 Jan 2023 12:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31078
IP address blocks: 31.220.136.0/21 maxlen: 21
193.34.24.0/22 maxlen: 22
217.115.0.0/20 maxlen: 20
2a00:1328::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:66:18:8a:34:ac:20:6c:e3:7a:00:a8:e2:3e:36:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b1a8ebc3ecf7f5db7f6cacd00e920af85ae8b4
Validity
Not Before: Jan 1 12:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=95f7d7b90ba8e173ba6b02278c9cc32189c1896c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:30:e9:41:06:eb:26:bb:ed:ad:18:92:d2:af:
25:2c:14:c8:28:77:be:f1:39:a4:5c:48:b2:1b:25:
e8:32:54:80:ea:06:1b:23:38:cc:32:98:b9:1c:45:
a9:b7:ae:35:be:4e:6b:c1:d7:c4:e8:8d:4c:6a:e4:
e6:a4:40:f0:62:3a:c6:f5:b5:23:d9:1d:d5:46:7f:
d9:a1:15:36:8f:ee:82:e6:57:8e:d8:84:88:1b:87:
fb:75:8a:bd:5e:18:88:81:7d:6a:2e:a3:73:88:b8:
46:e6:ed:7e:1c:f9:fe:60:49:03:d8:2b:d3:37:5c:
6c:99:f0:e6:8b:ae:19:2c:7f:31:c7:53:3d:14:87:
64:3a:d0:f2:12:6f:dc:6b:f7:8e:b5:9a:25:a9:d7:
fc:c5:c6:96:03:04:f0:18:96:18:b0:9e:5c:b9:f9:
44:d7:78:e2:28:4a:2e:24:f6:31:3c:e9:93:54:1a:
eb:b7:77:e8:86:50:89:2f:1e:7a:20:c2:96:a9:a4:
d1:87:bc:fe:a5:9a:ec:c6:8a:16:6f:d0:1c:3f:13:
a7:ea:3d:bf:0a:8f:cc:29:e8:53:0c:0b:09:7e:f6:
63:8e:82:89:2b:e1:af:9f:7b:2c:25:2f:d3:94:6c:
e8:47:bc:2a:98:1d:f0:49:ae:1d:6c:92:5f:07:dc:
69:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:F7:D7:B9:0B:A8:E1:73:BA:6B:02:27:8C:9C:C3:21:89:C1:89:6C
X509v3 Authority Key Identifier:
keyid:53:B1:A8:EB:C3:EC:F7:F5:DB:7F:6C:AC:D0:0E:92:0A:F8:5A:E8:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/lffXuQuo4XO6awInjJzDIYnBiWw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.136.0/21
193.34.24.0/22
217.115.0.0/20
IPv6:
2a00:1328::/32
Signature Algorithm: sha256WithRSAEncryption
91:d8:55:73:87:71:75:10:c0:ec:a2:aa:87:3a:66:17:33:28:
60:dc:f6:68:70:39:d1:9b:74:98:8c:0c:1d:7c:de:a1:5d:88:
17:13:bc:e3:70:64:cf:8a:91:90:ed:36:c6:9d:ec:48:8d:28:
b1:0f:c0:22:45:74:7a:a6:52:78:39:df:c2:20:66:cf:d7:b5:
b3:c3:71:bd:17:c6:e5:1f:e7:a7:eb:cd:ad:42:8e:3b:b5:19:
7e:72:d6:84:85:4f:7a:60:d7:b0:75:62:e9:27:ab:7c:c9:7f:
75:57:9b:84:16:26:64:0c:d5:3e:5c:fd:48:f8:a6:d2:19:a1:
b3:e9:98:0b:a4:83:8f:c3:fa:93:1b:b4:8d:58:52:fe:7c:e0:
53:10:c8:a4:10:f9:f3:ee:ca:c9:63:4b:14:1a:7c:67:3a:8a:
c5:b9:33:86:e6:1c:be:c2:4d:5e:8c:29:a7:7c:04:d3:a7:3a:
64:7c:2f:84:72:25:d1:89:4f:12:c9:fb:e9:37:25:1c:e8:68:
6b:be:bc:76:c6:9f:08:80:81:0c:a7:81:a4:e8:81:94:39:d3:
96:d9:fc:99:d1:c8:ba:9b:0f:8d:e3:09:f7:01:5c:bc:b1:47:
63:7a:9f:f5:4f:4c:57:3e:e3:9d:a3:c4:6d:6a:91:32:65:79:
39:ac:c0:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVtZhiKNKwgbON6AKjiPjYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjFhOGViYzNlY2Y3ZjVkYjdmNmNhY2QwMGU5MjBhZjg1
YWU4YjQwHhcNMjMwMTAxMTI1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWY3ZDdiOTBiYThlMTczYmE2YjAyMjc4YzljYzMyMTg5YzE4OTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDDpQQbrJrvtrRiS0q8lLBTIKHe+
8TmkXEiyGyXoMlSA6gYbIzjMMpi5HEWpt641vk5rwdfE6I1MauTmpEDwYjrG9bUj
2R3VRn/ZoRU2j+6C5leO2ISIG4f7dYq9XhiIgX1qLqNziLhG5u1+HPn+YEkD2CvT
N1xsmfDmi64ZLH8xx1M9FIdkOtDyEm/ca/eOtZolqdf8xcaWAwTwGJYYsJ5cuflE
13jiKEouJPYxPOmTVBrrt3fohlCJLx56IMKWqaTRh7z+pZrsxooWb9AcPxOn6j2/
Co/MKehTDAsJfvZjjoKJK+Gvn3ssJS/TlGzoR7wqmB3wSa4dbJJfB9xpGwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJX317kLqOFzumsCJ4ycwyGJwYlsMB8GA1UdIwQY
MBaAFFOxqOvD7Pf1239srNAOkgr4Wui0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdHbzY4UHM5X1hiZjJ5czBBNlNDdmhhNkxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wNzA2MzAtNTIzNC00OWM0LTg0ZmUt
MTViZGE2Yjg2N2NiLzEvbGZmWHVRdW80WE82YXdJbmpKekRJWW5CaVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wNzA2MzAtNTIzNC00OWM0LTg0ZmUtMTViZGE2Yjg2N2Ni
LzEvVTdHbzY4UHM5X1hiZjJ5czBBNlNDdmhhNkxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDH9yIAwQC
wSIYAwQE2XMAMA0EAgACMAcDBQAqABMoMA0GCSqGSIb3DQEBCwUAA4IBAQCR2FVz
h3F1EMDsoqqHOmYXMyhg3PZocDnRm3SYjAwdfN6hXYgXE7zjcGTPipGQ7TbGnexI
jSixD8AiRXR6plJ4Od/CIGbP17Wzw3G9F8blH+en682tQo47tRl+ctaEhU96YNew
dWLpJ6t8yX91V5uEFiZkDNU+XP1I+KbSGaGz6ZgLpIOPw/qTG7SNWFL+fOBTEMik
EPnz7srJY0sUGnxnOorFuTOG5hy+wk1ejCmnfATTpzpkfC+EciXRiU8SyfvpNyUc
6Ghrvrx2xp8IgIEMp4Gk6IGUOdOW2fyZ0ci6mw+N4wn3AVy8sUdjep/1T0xXPuOd
o8RtapEyZXk5rMCB
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:53 2025 by rpki-client