Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/rrfMfU-70RpVp8jao7gaWv14cmE.roa
File: rrfMfU-70RpVp8jao7gaWv14cmE.roa (raw, json)
Hash identifier: m+GmTImtgBSqQ5RRsyQkgt6uwTRJtMUOdNq5yzQIm+0=
Subject key identifier: AE:B7:CC:7D:4F:BB:D1:1A:55:A7:C8:DA:A3:B8:1A:5A:FD:78:72:61
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 01856ED4E9F894C5CA5948EA90D83941E2E8
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/rrfMfU-70RpVp8jao7gaWv14cmE.roa
Signing time: Sun 01 Jan 2023 19:35:25 +0000
ROA not before: Sun 01 Jan 2023 19:35:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41976
IP address blocks: 109.74.112.0/21 maxlen: 21
109.74.112.0/20 maxlen: 20
213.168.54.0/24 maxlen: 24
213.168.56.0/21 maxlen: 21
213.168.53.0/24 maxlen: 24
213.168.60.0/24 maxlen: 24
213.168.62.0/24 maxlen: 24
213.168.61.0/24 maxlen: 24
213.168.36.0/24 maxlen: 24
213.168.34.0/24 maxlen: 24
213.168.32.0/21 maxlen: 21
213.168.32.0/19 maxlen: 19
213.168.43.0/24 maxlen: 24
213.168.40.0/21 maxlen: 21
213.168.47.0/24 maxlen: 24
213.168.46.0/24 maxlen: 24
213.168.49.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:d4:e9:f8:94:c5:ca:59:48:ea:90:d8:39:41:e2:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Jan 1 19:35:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aeb7cc7d4fbbd11a55a7c8daa3b81a5afd787261
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:fd:a8:c8:b1:69:2d:28:df:c9:83:ed:0d:43:
f5:05:48:f6:b0:7f:95:f1:26:b7:2e:82:17:92:1d:
9b:bb:34:9c:a5:f7:1d:48:e7:58:99:f9:32:70:27:
67:71:a6:80:70:6c:d3:b9:6e:04:eb:00:f0:1d:1b:
23:7a:0f:10:bf:d0:8f:c4:e6:62:e2:7d:d2:80:01:
5f:d4:a2:c4:a9:fb:8c:96:7d:da:38:7e:94:fb:71:
28:85:b4:a1:6c:2d:78:54:18:01:c4:0e:fe:44:d4:
dd:74:39:a3:22:fa:1f:85:92:58:bb:7e:d2:90:03:
e4:86:9a:fc:16:7c:c7:8d:60:24:84:01:e3:ee:dc:
51:92:91:dd:49:58:42:9e:d3:2b:67:59:95:57:44:
44:65:e0:56:62:bb:8c:72:93:9a:76:a1:19:31:62:
60:50:83:46:97:f2:1c:57:91:88:5d:f8:cb:fe:96:
4b:b9:11:93:fd:b2:cd:a5:9f:96:11:49:a7:bc:a7:
12:31:d1:66:b4:9f:a4:33:62:37:76:d9:52:c2:9f:
fe:8d:a2:7f:23:bb:ec:1c:2e:0a:19:9f:d1:85:a6:
74:75:41:a4:14:b1:8f:df:16:9c:80:60:7d:91:32:
2b:10:27:ae:79:bf:29:29:3b:fc:e3:31:97:03:88:
91:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:B7:CC:7D:4F:BB:D1:1A:55:A7:C8:DA:A3:B8:1A:5A:FD:78:72:61
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/rrfMfU-70RpVp8jao7gaWv14cmE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.74.112.0/20
213.168.32.0/19
Signature Algorithm: sha256WithRSAEncryption
4d:87:cf:fe:89:4a:62:72:63:f3:ae:05:cb:66:14:7b:1e:7c:
c2:79:ec:3a:c4:8b:35:a9:59:98:c3:22:27:73:88:a9:1f:2c:
36:34:70:e3:93:fa:f1:91:52:70:5a:01:59:db:9e:8c:56:4a:
a9:36:e3:62:ce:a1:14:43:d2:cd:d9:f5:71:a9:a1:fe:a0:84:
22:9f:c4:60:f1:8b:09:ee:4f:81:6b:32:4a:78:6e:f3:1b:dd:
2a:04:67:ea:93:68:72:98:d3:d9:ac:ee:04:df:b4:3b:83:01:
38:37:c5:11:0c:23:a2:7b:70:3d:62:47:80:23:12:b4:e7:cd:
08:79:b1:63:e9:4f:86:77:a3:14:81:8b:9a:25:a4:8d:06:93:
03:69:cf:8e:72:7f:18:9e:e1:cb:81:9a:47:a4:e4:f6:ef:27:
33:b4:6c:70:fe:6c:c9:af:7a:a4:2e:1e:a2:64:11:7d:9c:de:
f1:58:e6:b3:e5:81:a9:2f:19:99:9a:73:bb:8c:04:13:38:31:
b5:24:e1:c5:15:a9:0e:60:24:df:34:4b:21:3f:83:fe:46:29:
37:a3:79:76:14:9c:d4:51:4e:a9:bd:c4:c0:27:16:52:95:82:
ef:b8:3f:5e:88:ad:bc:ea:5e:05:1f:11:21:08:5c:a9:88:7e:
95:51:71:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVu1On4lMXKWUjqkNg5QeLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjMwMTAxMTkzNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI3Y2M3ZDRmYmJkMTFhNTVhN2M4ZGFhM2I4MWE1YWZkNzg3MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv2oyLFpLSjfyYPtDUP1BUj2sH+V
8Sa3LoIXkh2buzScpfcdSOdYmfkycCdncaaAcGzTuW4E6wDwHRsjeg8Qv9CPxOZi
4n3SgAFf1KLEqfuMln3aOH6U+3EohbShbC14VBgBxA7+RNTddDmjIvofhZJYu37S
kAPkhpr8FnzHjWAkhAHj7txRkpHdSVhCntMrZ1mVV0REZeBWYruMcpOadqEZMWJg
UINGl/IcV5GIXfjL/pZLuRGT/bLNpZ+WEUmnvKcSMdFmtJ+kM2I3dtlSwp/+jaJ/
I7vsHC4KGZ/RhaZ0dUGkFLGP3xacgGB9kTIrECeueb8pKTv84zGXA4iRXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK63zH1Pu9EaVafI2qO4Glr9eHJhMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvcnJmTWZVLTcwUnBWcDhqYW83Z2FXdjE0Y21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEbUpwAwQF
1aggMA0GCSqGSIb3DQEBCwUAA4IBAQBNh8/+iUpicmPzrgXLZhR7HnzCeew6xIs1
qVmYwyInc4ipHyw2NHDjk/rxkVJwWgFZ256MVkqpNuNizqEUQ9LN2fVxqaH+oIQi
n8Rg8YsJ7k+BazJKeG7zG90qBGfqk2hymNPZrO4E37Q7gwE4N8URDCOie3A9YkeA
IxK0580IebFj6U+Gd6MUgYuaJaSNBpMDac+Ocn8YnuHLgZpHpOT27ycztGxw/mzJ
r3qkLh6iZBF9nN7xWOaz5YGpLxmZmnO7jAQTODG1JOHFFakOYCTfNEshP4P+Rik3
o3l2FJzUUU6pvcTAJxZSlYLvuD9eiK286l4FHxEhCFypiH6VUXHu
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:41:00 2025 by rpki-client