Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3Q8airnPw5bLMdhLqhsSNflzoMY.roa
File: 3Q8airnPw5bLMdhLqhsSNflzoMY.roa (raw, json)
Hash identifier: kOKydT1NAma4LEtjJ9qx1BPGom2gEf9+1VoDsE5NE/M=
Subject key identifier: DD:0F:1A:8A:B9:CF:C3:96:CB:31:D8:4B:AA:1B:12:35:F9:73:A0:C6
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0185A10877DF323FAB39B66A6275E83A220F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3Q8airnPw5bLMdhLqhsSNflzoMY.roa
Signing time: Wed 11 Jan 2023 13:32:44 +0000
ROA not before: Wed 11 Jan 2023 13:32:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12552
IP address blocks: 193.235.44.0/24 maxlen: 24
193.181.71.0/24 maxlen: 24
192.71.200.0/24 maxlen: 24
193.182.6.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a1:08:77:df:32:3f:ab:39:b6:6a:62:75:e8:3a:22:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Jan 11 13:32:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd0f1a8ab9cfc396cb31d84baa1b1235f973a0c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d6:3b:38:72:1a:a5:e6:42:e0:6b:17:64:4e:
21:59:9e:ea:fe:90:3c:9e:77:8b:95:52:52:5e:eb:
6f:1a:e5:11:78:b6:24:e2:b0:46:e1:6d:7e:7e:e5:
a7:20:a1:7f:b9:b9:35:16:85:88:e5:1f:fb:26:0a:
7f:a9:18:d1:c0:ca:96:1f:eb:6e:58:f5:82:21:55:
a9:4f:64:34:d8:70:22:84:d8:16:96:2d:5b:76:d0:
b0:b9:fe:8c:86:08:72:6d:a9:48:67:05:9d:83:b0:
50:03:53:68:8a:c0:c1:a9:ba:75:89:6e:a8:f1:c8:
3e:e4:47:05:4e:07:ea:87:62:06:f7:99:ff:6e:4d:
0e:2c:46:06:73:ba:cc:3f:75:1e:fc:59:9c:3f:e2:
08:f6:3e:fe:7d:3d:04:25:ee:2e:2d:38:4e:36:44:
a4:5b:96:75:78:ee:b9:b6:88:12:9f:d0:86:41:0e:
37:4b:34:d6:5a:04:e0:fd:68:32:c8:7b:9f:e3:81:
06:17:6a:8b:eb:c7:b1:97:20:ca:57:e8:3d:ba:ea:
d2:aa:34:f3:6a:c7:f5:42:e8:b3:9c:9c:59:ae:1b:
65:f4:1c:bd:53:87:9e:5f:ba:b3:fa:cf:6a:11:d8:
4e:58:7b:1a:82:c6:3f:e4:0a:4d:33:56:96:17:ac:
c5:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:0F:1A:8A:B9:CF:C3:96:CB:31:D8:4B:AA:1B:12:35:F9:73:A0:C6
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3Q8airnPw5bLMdhLqhsSNflzoMY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.71.200.0/24
193.181.71.0/24
193.182.6.0/24
193.235.44.0/24
Signature Algorithm: sha256WithRSAEncryption
18:28:a5:f2:d4:a0:90:c4:df:52:d6:3f:35:d6:d8:a9:3d:ed:
8e:3e:70:bf:4e:e6:9b:0b:4f:e3:fe:9c:ae:ec:12:f3:8b:43:
b3:83:1d:7d:ba:89:39:2e:48:62:40:a3:16:33:80:0c:cf:50:
9c:00:bb:60:e3:12:1f:48:55:37:a8:6c:6a:32:ea:12:52:86:
2b:16:c6:6d:8f:82:4a:69:1a:66:49:99:f0:c4:73:86:9e:36:
e8:b9:2c:ee:df:fb:26:0e:af:48:b1:16:68:fc:fc:95:48:b2:
c7:c4:2e:ac:12:3d:5d:b0:21:b7:be:c5:46:b1:1d:13:f4:b6:
8c:44:c6:37:e3:7b:4b:4b:d0:2d:79:30:78:2f:7a:cf:c7:00:
15:aa:6b:38:5a:33:bf:dc:d3:19:e7:6a:8b:4e:a0:41:a8:3b:
94:d2:6d:08:cf:a3:62:f6:95:ac:58:14:3a:69:ac:bb:2c:37:
32:42:6d:06:12:51:f5:0a:6e:27:e6:82:73:5b:28:7e:9a:69:
99:c2:a0:9b:cc:64:a1:48:84:f0:27:67:fb:d7:f8:2a:78:85:
7a:4e:f4:d1:46:ef:3a:2f:fa:27:c0:3a:b8:99:2c:14:6a:5a:
d3:f1:7c:cf:b0:78:42:93:c8:40:3c:97:fe:cd:ea:79:22:68:
cc:fd:26:cf
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYWhCHffMj+rObZqYnXoOiIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjMwMTExMTMzMjQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBmMWE4YWI5Y2ZjMzk2Y2IzMWQ4NGJhYTFiMTIzNWY5NzNhMGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNY7OHIapeZC4GsXZE4hWZ7q/pA8
nneLlVJSXutvGuUReLYk4rBG4W1+fuWnIKF/ubk1FoWI5R/7Jgp/qRjRwMqWH+tu
WPWCIVWpT2Q02HAihNgWli1bdtCwuf6MhghybalIZwWdg7BQA1NoisDBqbp1iW6o
8cg+5EcFTgfqh2IG95n/bk0OLEYGc7rMP3Ue/FmcP+II9j7+fT0EJe4uLThONkSk
W5Z1eO65togSn9CGQQ43SzTWWgTg/WgyyHuf44EGF2qL68exlyDKV+g9uurSqjTz
asf1QuiznJxZrhtl9By9U4eeX7qz+s9qEdhOWHsagsY/5ApNM1aWF6zF9QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN0PGoq5z8OWyzHYS6obEjX5c6DGMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvM1E4YWlyblB3NWJMTWRoTHFoc1NOZmx6b01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwEfIAwQA
wbVHAwQAwbYGAwQAwessMA0GCSqGSIb3DQEBCwUAA4IBAQAYKKXy1KCQxN9S1j81
1tipPe2OPnC/TuabC0/j/pyu7BLzi0Ozgx19uok5LkhiQKMWM4AMz1CcALtg4xIf
SFU3qGxqMuoSUoYrFsZtj4JKaRpmSZnwxHOGnjbouSzu3/smDq9IsRZo/PyVSLLH
xC6sEj1dsCG3vsVGsR0T9LaMRMY343tLS9AteTB4L3rPxwAVqms4WjO/3NMZ52qL
TqBBqDuU0m0Iz6Ni9pWsWBQ6aay7LDcyQm0GElH1Cm4n5oJzWyh+mmmZwqCbzGSh
SITwJ2f71/gqeIV6TvTRRu86L/onwDq4mSwUalrT8XzPsHhCk8hAPJf+zep5ImjM
/SbP
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:56:07 2025 by rpki-client