Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/5fc80e-a095-4c20-90e4-2c0f98a74966/1/x3fSmIsf9guwbOoSgXa_GtUMyD4.roa
File: x3fSmIsf9guwbOoSgXa_GtUMyD4.roa (raw, json)
Hash identifier: P5mzn0XGrahegniiVPNOkTIfPrzZhQrqxqsPwUdka20=
Subject key identifier: C7:77:D2:98:8B:1F:F6:0B:B0:6C:EA:12:81:76:BF:1A:D5:0C:C8:3E
Certificate issuer: /CN=b37910da1f3a43f96b58f21905eb58f643d0267e
Certificate serial: 01856D78936D7A74C0A277BF3E835414921B
Authority key identifier: B3:79:10:DA:1F:3A:43:F9:6B:58:F2:19:05:EB:58:F6:43:D0:26:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s3kQ2h86Q_lrWPIZBetY9kPQJn4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/5fc80e-a095-4c20-90e4-2c0f98a74966/1/x3fSmIsf9guwbOoSgXa_GtUMyD4.roa
Signing time: Sun 01 Jan 2023 13:14:56 +0000
ROA not before: Sun 01 Jan 2023 13:14:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203315
IP address blocks: 92.53.240.0/24 maxlen: 24
92.53.243.0/24 maxlen: 24
92.53.241.0/24 maxlen: 24
92.53.244.0/24 maxlen: 24
185.64.12.0/24 maxlen: 24
92.53.242.0/24 maxlen: 24
2a00:85c0:4::/48 maxlen: 48
2a00:85c0:5::/48 maxlen: 48
2a00:85c0:3::/48 maxlen: 48
2a00:85c0:1::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:78:93:6d:7a:74:c0:a2:77:bf:3e:83:54:14:92:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b37910da1f3a43f96b58f21905eb58f643d0267e
Validity
Not Before: Jan 1 13:14:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c777d2988b1ff60bb06cea128176bf1ad50cc83e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:63:90:9e:22:b5:04:19:54:ce:e0:1e:ba:67:
4a:db:63:1e:2c:40:72:c9:8e:a9:32:2a:7f:1a:28:
eb:fa:79:8a:1c:7a:7f:58:5a:94:8e:4a:1b:2d:6b:
3a:cf:bf:2a:41:d1:37:6b:45:0e:c4:ef:6e:11:c4:
b8:93:6b:4e:8f:d1:3e:c0:d2:16:7b:34:17:cb:ed:
87:8d:be:d2:3e:3a:88:43:e5:11:7a:be:0b:ee:cc:
f2:60:a9:8c:17:4d:89:4f:de:45:01:c0:e3:f6:74:
40:b3:9a:ec:67:88:77:2f:b2:eb:a4:18:ea:1a:1a:
89:d8:88:86:60:55:fa:77:9d:42:e4:0b:ea:1f:75:
ed:ac:43:89:c3:14:50:62:83:f8:4e:ec:46:ce:06:
f8:58:62:61:2c:db:70:f0:18:7d:5d:12:c4:81:1c:
3a:8a:f2:1c:8f:6d:99:8c:51:14:09:22:37:39:b0:
2d:09:22:84:17:33:0f:fb:c2:c6:87:e6:66:21:9d:
4d:f4:59:aa:74:48:09:21:54:46:0f:a7:ce:79:34:
3b:64:fb:7e:15:53:53:73:ed:15:8b:1e:f2:f2:5e:
ee:f2:3b:04:59:c6:d3:fd:e7:04:c9:52:14:e5:1d:
be:ab:29:92:4d:ce:c6:a9:b1:f8:ca:e9:2b:e3:ad:
e6:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:77:D2:98:8B:1F:F6:0B:B0:6C:EA:12:81:76:BF:1A:D5:0C:C8:3E
X509v3 Authority Key Identifier:
keyid:B3:79:10:DA:1F:3A:43:F9:6B:58:F2:19:05:EB:58:F6:43:D0:26:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s3kQ2h86Q_lrWPIZBetY9kPQJn4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/5fc80e-a095-4c20-90e4-2c0f98a74966/1/x3fSmIsf9guwbOoSgXa_GtUMyD4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/5fc80e-a095-4c20-90e4-2c0f98a74966/1/s3kQ2h86Q_lrWPIZBetY9kPQJn4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.240.0-92.53.244.255
185.64.12.0/24
IPv6:
2a00:85c0:1::/48
2a00:85c0:3::-2a00:85c0:5:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
63:68:24:03:d2:42:eb:c9:22:c9:7a:e7:70:2c:f6:ce:d4:58:
93:d5:f2:d1:17:60:c3:f5:6a:92:79:06:6e:e9:b6:f5:9a:70:
dd:22:65:e0:d8:a9:1d:15:d5:a8:40:a3:6b:cd:01:89:4d:24:
e8:98:00:ca:11:f4:24:ff:85:a3:e4:65:29:4d:b6:8f:32:c1:
10:14:04:67:c3:dc:bf:d0:bf:b0:01:9e:12:83:ac:68:1a:6e:
34:27:86:12:33:1e:78:87:a9:a7:6f:9f:34:76:d6:1d:bb:77:
d4:00:40:93:3e:24:5f:9c:1c:fd:a5:ef:e1:a9:48:aa:10:16:
f0:f0:d3:6a:1d:c8:c9:51:79:08:11:5f:17:d0:56:3b:66:fb:
f6:12:bb:2d:f4:9b:bb:8d:94:25:dd:68:56:64:f6:da:10:08:
32:72:90:57:7c:f8:e3:c8:f9:27:ff:01:ef:32:19:70:6c:d2:
0c:a9:49:93:41:a5:45:41:38:62:49:99:20:4a:76:f1:d9:d0:
05:86:ab:ca:6d:01:f4:0c:1c:99:d4:ba:74:49:ca:d9:97:f2:
ce:85:b5:f6:6f:1f:c7:de:e0:85:da:de:75:82:54:d8:f9:9c:
7a:11:24:e3:1f:ad:82:60:7e:fa:0e:a2:c1:0d:89:7a:8f:16:
bb:c6:bf:96
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVteJNtenTAone/PoNUFJIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNzkxMGRhMWYzYTQzZjk2YjU4ZjIxOTA1ZWI1OGY2NDNk
MDI2N2UwHhcNMjMwMTAxMTMxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzc3ZDI5ODhiMWZmNjBiYjA2Y2VhMTI4MTc2YmYxYWQ1MGNjODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmOQniK1BBlUzuAeumdK22MeLEBy
yY6pMip/Gijr+nmKHHp/WFqUjkobLWs6z78qQdE3a0UOxO9uEcS4k2tOj9E+wNIW
ezQXy+2Hjb7SPjqIQ+URer4L7szyYKmMF02JT95FAcDj9nRAs5rsZ4h3L7LrpBjq
GhqJ2IiGYFX6d51C5AvqH3XtrEOJwxRQYoP4TuxGzgb4WGJhLNtw8Bh9XRLEgRw6
ivIcj22ZjFEUCSI3ObAtCSKEFzMP+8LGh+ZmIZ1N9FmqdEgJIVRGD6fOeTQ7ZPt+
FVNTc+0Vix7y8l7u8jsEWcbT/ecEyVIU5R2+qymSTc7GqbH4yukr463maQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFMd30piLH/YLsGzqEoF2vxrVDMg+MB8GA1UdIwQY
MBaAFLN5ENofOkP5a1jyGQXrWPZD0CZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczNrUTJoODZRX2xyV1BJWkJldFk5a1BRSm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi81ZmM4MGUtYTA5NS00YzIwLTkwZTQt
MmMwZjk4YTc0OTY2LzEveDNmU21Jc2Y5Z3V3Yk9vU2dYYV9HdFVNeUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi81ZmM4MGUtYTA5NS00YzIwLTkwZTQtMmMwZjk4YTc0OTY2
LzEvczNrUTJoODZRX2xyV1BJWkJldFk5a1BRSm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAaBAIAATAUMAwDBARcNfAD
BABcNfQDBAC5QAwwIwQCAAIwHQMHACoAhcAAATASAwcAKgCFwAADAwcBKgCFwAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBjaCQD0kLrySLJeudwLPbO1FiT1fLRF2DD9WqS
eQZu6bb1mnDdImXg2KkdFdWoQKNrzQGJTSTomADKEfQk/4Wj5GUpTbaPMsEQFARn
w9y/0L+wAZ4Sg6xoGm40J4YSMx54h6mnb580dtYdu3fUAECTPiRfnBz9pe/hqUiq
EBbw8NNqHcjJUXkIEV8X0FY7Zvv2Erst9Ju7jZQl3WhWZPbaEAgycpBXfPjjyPkn
/wHvMhlwbNIMqUmTQaVFQThiSZkgSnbx2dAFhqvKbQH0DByZ1Lp0ScrZl/LOhbX2
bx/H3uCF2t51glTY+Zx6ESTjH62CYH76DqLBDYl6jxa7xr+W
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:29:49 2025 by rpki-client