Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/9dOTUo1oS0Uv5XsIBbOo8aV4530.roa
File: 9dOTUo1oS0Uv5XsIBbOo8aV4530.roa (raw, json)
Hash identifier: 6LzEX7ORjt1f242tT8J8HFL43gSzz7mcLg5HWA0MEbw=
Subject key identifier: F5:D3:93:52:8D:68:4B:45:2F:E5:7B:08:05:B3:A8:F1:A5:78:E7:7D
Certificate issuer: /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial: 01856F1DC6BA36A5A9A75F9CD465BED2A30F
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/9dOTUo1oS0Uv5XsIBbOo8aV4530.roa
Signing time: Sun 01 Jan 2023 20:55:00 +0000
ROA not before: Sun 01 Jan 2023 20:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12414
IP address blocks: 217.26.96.0/20 maxlen: 20
82.139.64.0/18 maxlen: 24
185.117.108.0/22 maxlen: 22
5.199.144.0/20 maxlen: 20
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:1d:c6:ba:36:a5:a9:a7:5f:9c:d4:65:be:d2:a3:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Validity
Not Before: Jan 1 20:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f5d393528d684b452fe57b0805b3a8f1a578e77d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:3a:68:e5:99:87:f5:4f:23:ad:a8:6d:4e:39:
9f:60:12:7d:17:c9:a5:9d:41:ef:1f:c0:40:3b:05:
0d:8b:32:e5:e2:ea:ae:7b:7c:06:2d:8e:3c:78:b0:
73:af:30:f0:ff:a0:77:1a:99:c8:d1:49:72:22:87:
26:59:e4:ce:fd:61:a0:de:40:06:b4:5c:70:a6:d7:
6b:03:b9:7b:ce:69:32:ab:00:7a:5f:14:97:08:53:
e2:38:ee:94:ef:2d:1e:16:00:58:c7:29:f6:e4:30:
53:81:bc:d4:e2:01:8a:d3:8e:d6:74:de:f3:9c:82:
9f:7c:55:57:fb:4a:21:bd:bf:a8:cd:f4:07:f8:cc:
de:6d:0a:fb:90:20:ea:13:19:d8:e5:f1:00:89:ff:
59:27:51:17:9f:b4:98:e7:fc:cf:dc:01:b2:4d:66:
3f:33:b2:96:cc:53:85:18:e9:4b:e2:e3:8f:64:d9:
48:fc:6a:bc:51:c6:9f:b8:72:95:61:96:45:6b:49:
ef:3d:d9:85:40:f3:07:48:40:49:47:56:fc:7b:98:
7e:d3:f9:99:c9:79:d4:0d:fa:81:2f:46:1c:32:3e:
5f:b7:f5:18:8c:d2:78:6b:89:e3:e7:24:76:d8:b7:
12:9b:63:d2:b7:e0:f1:5b:82:95:4d:ce:b5:40:78:
06:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:D3:93:52:8D:68:4B:45:2F:E5:7B:08:05:B3:A8:F1:A5:78:E7:7D
X509v3 Authority Key Identifier:
keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/9dOTUo1oS0Uv5XsIBbOo8aV4530.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.199.144.0/20
82.139.64.0/18
185.117.108.0/22
217.26.96.0/20
Signature Algorithm: sha256WithRSAEncryption
9e:6f:4a:ef:23:54:6f:de:d0:6a:de:74:fe:4d:b8:66:7f:07:
b0:f9:a3:e4:a0:30:95:b4:14:ba:3f:df:35:76:f8:88:4c:00:
e9:3e:ee:f2:be:23:c9:b6:76:f2:4e:5b:24:70:16:74:54:11:
67:04:c8:8f:fe:a4:04:52:b7:74:27:19:a4:be:21:61:d5:c3:
47:e0:a8:85:00:8d:2c:e5:e1:4f:7d:58:85:31:c2:af:b7:11:
3d:b7:a9:21:24:66:03:96:c0:66:87:3e:00:29:de:b0:94:4c:
78:6f:eb:df:46:f4:34:3c:c2:f0:5d:87:5a:16:2f:b3:d6:3f:
fd:af:c4:82:06:c5:eb:a1:36:76:04:ba:28:71:b8:af:ec:17:
52:8a:01:bc:2c:e9:0f:4e:11:2c:bf:6d:e1:85:dd:7a:dc:50:
1f:58:57:d2:04:0b:8e:5d:11:f3:73:3c:5a:04:32:d0:ba:29:
fa:0e:79:21:dd:d0:5f:fd:57:5a:d4:6d:d8:fb:60:90:cc:b8:
74:3c:12:88:e3:72:60:0a:34:78:76:59:1c:65:76:95:21:3e:
d9:a8:41:98:95:76:1e:ea:f2:95:8b:eb:70:49:81:89:bd:02:
2e:a5:80:8f:28:6f:98:48:c7:77:bc:c2:01:6f:d4:fd:f0:e5:
2b:04:3e:07
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVvHca6NqWpp1+c1GW+0qMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjMwMTAxMjA1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWQzOTM1MjhkNjg0YjQ1MmZlNTdiMDgwNWIzYThmMWE1NzhlNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDpo5ZmH9U8jrahtTjmfYBJ9F8ml
nUHvH8BAOwUNizLl4uque3wGLY48eLBzrzDw/6B3GpnI0UlyIocmWeTO/WGg3kAG
tFxwptdrA7l7zmkyqwB6XxSXCFPiOO6U7y0eFgBYxyn25DBTgbzU4gGK047WdN7z
nIKffFVX+0ohvb+ozfQH+MzebQr7kCDqExnY5fEAif9ZJ1EXn7SY5/zP3AGyTWY/
M7KWzFOFGOlL4uOPZNlI/Gq8UcafuHKVYZZFa0nvPdmFQPMHSEBJR1b8e5h+0/mZ
yXnUDfqBL0YcMj5ft/UYjNJ4a4nj5yR22LcSm2PSt+DxW4KVTc61QHgGlwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPXTk1KNaEtFL+V7CAWzqPGleOd9MB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvOWRPVFVvMW9TMFV2NVhzSUJiT284YVY0NTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQEBceQAwQG
UotAAwQCuXVsAwQE2RpgMA0GCSqGSIb3DQEBCwUAA4IBAQCeb0rvI1Rv3tBq3nT+
Tbhmfwew+aPkoDCVtBS6P981dviITADpPu7yviPJtnbyTlskcBZ0VBFnBMiP/qQE
Urd0JxmkviFh1cNH4KiFAI0s5eFPfViFMcKvtxE9t6khJGYDlsBmhz4AKd6wlEx4
b+vfRvQ0PMLwXYdaFi+z1j/9r8SCBsXroTZ2BLoocbiv7BdSigG8LOkPThEsv23h
hd163FAfWFfSBAuOXRHzczxaBDLQuin6Dnkh3dBf/Vda1G3Y+2CQzLh0PBKI43Jg
CjR4dlkcZXaVIT7ZqEGYlXYe6vKVi+twSYGJvQIupYCPKG+YSMd3vMIBb9T98OUr
BD4H
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:09:27 2025 by rpki-client