Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/rAQsCZuOcEWRq21UOmCETggyJ68.roa
File: rAQsCZuOcEWRq21UOmCETggyJ68.roa (raw, json)
Hash identifier: sJ/D6FifKVPoepOQAQKGEbBN+vOypbZqBpN+VfxoJbM=
Subject key identifier: AC:04:2C:09:9B:8E:70:45:91:AB:6D:54:3A:60:84:4E:08:32:27:AF
Certificate issuer: /CN=e50c22c66b85fac98de83d761ef4243437ab0393
Certificate serial: 01847A0B7FBCC130BB7E2FA59EC7DE55B837
Authority key identifier: E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/rAQsCZuOcEWRq21UOmCETggyJ68.roa
Signing time: Tue 15 Nov 2022 06:48:04 +0000
ROA not before: Tue 15 Nov 2022 06:48:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 13170
IP address blocks: 213.255.163.0/24 maxlen: 24
213.255.164.0/24 maxlen: 24
213.255.184.0/24 maxlen: 24
213.255.183.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:7a:0b:7f:bc:c1:30:bb:7e:2f:a5:9e:c7:de:55:b8:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e50c22c66b85fac98de83d761ef4243437ab0393
Validity
Not Before: Nov 15 06:48:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ac042c099b8e704591ab6d543a60844e083227af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:63:2f:9d:8e:aa:e9:31:24:a9:cc:61:31:d9:
42:cf:19:2e:a6:04:0a:8d:a6:38:0a:eb:27:bb:cf:
61:6a:5a:3a:62:f0:08:5d:37:ff:92:64:f5:98:2b:
80:f3:90:62:4a:e0:2f:05:1d:c1:52:9c:49:75:b3:
ed:26:23:c7:7e:ba:92:e0:9d:8e:c2:7d:16:ae:56:
9e:70:8a:4a:78:b9:ee:1f:79:09:f0:05:32:d0:7d:
a2:dd:01:15:84:61:10:30:76:4d:19:dd:72:eb:34:
4f:ef:5d:1f:1a:05:99:e3:95:f2:71:32:8f:59:ac:
e7:5f:55:ba:d6:46:f9:6f:a5:e1:1a:57:45:53:6e:
5d:65:de:f4:73:5a:56:a6:19:53:ef:8d:8e:c1:72:
0f:17:13:6b:b9:de:e5:13:f6:c6:b9:43:11:66:99:
15:71:65:64:68:3a:e8:dc:4f:b5:cb:41:67:56:dd:
a2:35:54:b7:3c:fe:ec:17:9e:be:e3:43:7f:f0:36:
f0:d9:f6:05:1a:2f:3b:a8:53:0c:6e:30:f1:dc:44:
13:63:5f:89:84:6d:e7:6e:60:27:ff:7f:98:e2:3e:
52:cc:91:19:cc:8a:6c:9a:00:27:e8:ff:c4:32:ff:
0c:90:9e:78:0a:bd:ce:a6:5b:19:49:0a:dd:af:c5:
78:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:04:2C:09:9B:8E:70:45:91:AB:6D:54:3A:60:84:4E:08:32:27:AF
X509v3 Authority Key Identifier:
keyid:E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/rAQsCZuOcEWRq21UOmCETggyJ68.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.255.163.0-213.255.164.255
213.255.183.0-213.255.184.255
Signature Algorithm: sha256WithRSAEncryption
40:0f:6d:fb:7b:d5:dc:d4:1a:df:f6:b0:4d:2e:58:eb:f1:80:
50:4c:12:2c:42:b3:4b:91:3d:73:11:3e:76:ca:da:cc:dc:48:
12:ec:1c:85:eb:ad:27:3d:9b:c2:ff:96:17:50:24:c2:a1:db:
cf:b8:bb:45:98:a2:72:d3:d1:56:73:1d:0e:da:ce:2f:c2:95:
cb:7c:0e:13:ba:11:55:31:c8:c7:be:7b:02:c5:ea:34:11:c4:
48:45:75:64:65:99:d1:78:e7:e9:b8:4e:58:a8:f3:ee:69:2e:
f6:87:7d:42:3d:dd:66:d2:5d:ce:c4:7d:64:ec:a6:7e:f7:30:
60:3e:ca:31:2d:52:cf:e2:9a:2a:fa:2d:28:05:5a:2d:0e:dd:
34:b4:ef:cc:87:15:1a:4f:32:c9:13:6d:f7:fa:4b:6b:d6:c3:
da:af:5f:72:45:a8:4e:85:67:24:ee:37:eb:0c:24:80:b6:33:
5e:3d:c5:8c:3f:b6:14:cc:32:c6:4f:0a:4a:a8:bc:f8:64:0c:
18:08:2e:ab:79:10:f6:3a:0d:4c:aa:fa:44:60:46:c1:c5:c0:
04:8f:f8:48:3a:b5:ed:67:21:4d:34:a6:05:24:fa:7b:f7:65:
7e:95:90:a6:f3:f6:c7:fe:12:86:44:eb:85:dd:95:bb:98:85:
33:fc:e8:76
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYR6C3+8wTC7fi+lnsfeVbg3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGMyMmM2NmI4NWZhYzk4ZGU4M2Q3NjFlZjQyNDM0Mzdh
YjAzOTMwHhcNMjIxMTE1MDY0ODA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzA0MmMwOTliOGU3MDQ1OTFhYjZkNTQzYTYwODQ0ZTA4MzIyN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmMvnY6q6TEkqcxhMdlCzxkupgQK
jaY4Cusnu89halo6YvAIXTf/kmT1mCuA85BiSuAvBR3BUpxJdbPtJiPHfrqS4J2O
wn0WrlaecIpKeLnuH3kJ8AUy0H2i3QEVhGEQMHZNGd1y6zRP710fGgWZ45XycTKP
WaznX1W61kb5b6XhGldFU25dZd70c1pWphlT742OwXIPFxNrud7lE/bGuUMRZpkV
cWVkaDro3E+1y0FnVt2iNVS3PP7sF56+40N/8Dbw2fYFGi87qFMMbjDx3EQTY1+J
hG3nbmAn/3+Y4j5SzJEZzIpsmgAn6P/EMv8MkJ54Cr3OplsZSQrdr8V4gQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKwELAmbjnBFkattVDpghE4IMievMB8GA1UdIwQY
MBaAFOUMIsZrhfrJjeg9dh70JDQ3qwOTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgt
OTIxNDI3ODEwOGE4LzEvckFRc0NadU9jRVdScTIxVU9tQ0VUZ2d5SjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgtOTIxNDI3ODEwOGE4
LzEvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBADV/6MD
BADV/6QwDAMEANX/twMEANX/uDANBgkqhkiG9w0BAQsFAAOCAQEAQA9t+3vV3NQa
3/awTS5Y6/GAUEwSLEKzS5E9cxE+dsrazNxIEuwcheutJz2bwv+WF1AkwqHbz7i7
RZiictPRVnMdDtrOL8KVy3wOE7oRVTHIx757AsXqNBHESEV1ZGWZ0Xjn6bhOWKjz
7mku9od9Qj3dZtJdzsR9ZOymfvcwYD7KMS1Sz+KaKvotKAVaLQ7dNLTvzIcVGk8y
yRNt9/pLa9bD2q9fckWoToVnJO436wwkgLYzXj3FjD+2FMwyxk8KSqi8+GQMGAgu
q3kQ9joNTKr6RGBGwcXABI/4SDq17WchTTSmBST6e/dlfpWQpvP2x/4ShkTrhd2V
u5iFM/zodg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:20:52 2025 by rpki-client