Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/uA3_weekUVu-IPzBQwtKkMIsPiA.roa
File: uA3_weekUVu-IPzBQwtKkMIsPiA.roa (raw, json)
Hash identifier: bvqmi6HkmBtxtDwWsqv8vyJ7GRhUFbLzP1/JNEW15PQ=
Subject key identifier: B8:0D:FF:C1:E7:A4:51:5B:BE:20:FC:C1:43:0B:4A:90:C2:2C:3E:20
Certificate issuer: /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial: 06FB52ED
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/uA3_weekUVu-IPzBQwtKkMIsPiA.roa
Signing time: Thu 24 Mar 2022 16:52:32 +0000
ROA not before: Thu 24 Mar 2022 16:52:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35297
IP address blocks: 193.238.32.0/22 maxlen: 22
185.249.160.0/22 maxlen: 22
5.53.112.0/21 maxlen: 21
178.251.104.0/21 maxlen: 21
178.251.110.0/24 maxlen: 24
193.239.72.0/22 maxlen: 22
91.204.212.0/22 maxlen: 24
77.75.144.0/21 maxlen: 21
2a02:2000:face::/48 maxlen: 48
2a02:2000:4::/48 maxlen: 48
2a02:2000::/29 maxlen: 48
2a02:2000::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 117134061 (0x6fb52ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
Validity
Not Before: Mar 24 16:52:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b80dffc1e7a4515bbe20fcc1430b4a90c22c3e20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:2c:eb:87:d4:1f:ac:d3:a5:58:ea:0e:1d:42:
35:70:da:9d:45:8f:bc:03:f2:89:00:77:7b:fb:dd:
ce:cb:99:af:1e:ea:10:c9:70:eb:88:d2:b4:71:00:
46:71:4a:b1:dd:d7:fa:44:64:3f:24:83:d3:0a:75:
e0:a3:f0:79:de:8e:f2:68:97:d3:36:4d:82:81:6d:
a0:63:bf:9d:91:42:53:11:52:58:b4:58:1a:43:75:
5e:d1:13:e2:4d:41:f5:ac:78:ac:cb:ed:b6:24:4c:
d3:30:5a:fe:f5:e9:30:e2:ef:b7:33:43:a9:d2:26:
47:ee:76:8b:72:8e:0a:84:86:22:a7:60:16:d9:44:
48:e6:26:d8:c4:b1:98:75:53:bc:4e:7d:bc:68:d8:
bf:4c:5f:67:37:c9:cd:02:c0:0f:59:00:87:21:6e:
0d:e1:b4:59:5e:42:41:9c:0d:f4:37:dc:28:de:b3:
2a:3e:50:cf:fd:2d:75:ea:2f:ed:b3:e9:6a:56:31:
0e:bd:47:a4:42:5c:e5:ae:4f:91:7c:3e:85:46:14:
3e:ab:60:9d:b0:b8:a4:70:87:1d:6a:ad:6c:11:62:
48:5d:c0:d8:b1:59:3d:6c:6d:25:2a:ea:a3:c9:ed:
b0:93:ce:72:23:45:60:b8:f3:3e:d9:fe:44:42:88:
bb:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:0D:FF:C1:E7:A4:51:5B:BE:20:FC:C1:43:0B:4A:90:C2:2C:3E:20
X509v3 Authority Key Identifier:
keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/uA3_weekUVu-IPzBQwtKkMIsPiA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.53.112.0/21
77.75.144.0/21
91.204.212.0/22
178.251.104.0/21
185.249.160.0/22
193.238.32.0/22
193.239.72.0/22
IPv6:
2a02:2000::/29
Signature Algorithm: sha256WithRSAEncryption
98:7e:d7:e2:a7:f8:3e:85:a5:28:74:41:50:de:18:87:09:e2:
29:8c:36:97:1f:09:da:24:a6:34:22:97:ea:9a:3a:e4:01:8a:
83:40:4f:06:c7:0a:f7:8a:b6:ff:10:1b:de:aa:a8:70:9e:ca:
ec:36:73:12:14:30:7a:11:6d:c3:5e:24:ea:9f:f2:ea:ec:39:
86:a8:72:81:69:71:46:45:7a:ca:38:d8:d8:f6:b6:8b:5b:a4:
86:a0:d4:4e:e4:b1:84:19:0c:aa:8f:40:0d:c9:aa:ca:98:99:
ab:7a:c1:e0:25:9f:2a:df:cf:ac:32:7d:32:b5:ea:e9:92:3f:
05:62:b6:64:fe:7f:8d:00:c2:45:f1:f3:01:c3:59:97:41:8d:
a8:e0:37:9c:e0:ab:cd:30:d2:34:40:65:43:1d:4b:ed:0a:d1:
7f:0d:80:cf:b0:91:92:92:a0:90:5c:d5:d0:4b:ce:30:90:30:
93:a0:8d:a8:75:98:2e:70:54:57:bb:f5:17:ef:00:4a:f8:66:
a8:3e:28:34:99:96:eb:a3:81:0e:76:3f:c5:03:f1:b7:80:cf:
5c:14:bb:ba:9b:6e:cd:3c:65:18:bc:40:98:12:42:83:9b:e2:
2b:a8:07:fe:84:d3:ad:9b:1e:bb:ea:09:56:fc:ec:36:79:4d:
81:f0:43:8b
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIEBvtS7TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NDUyYjAzZTFiMDE3MDk2Mzg5NDBkOTU5Mjk4M2NkZTc3ZWNhYjc3MB4XDTIyMDMy
NDE2NTIzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjgwZGZmYzFlN2E0
NTE1YmJlMjBmY2MxNDMwYjRhOTBjMjJjM2UyMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOMs64fUH6zTpVjqDh1CNXDanUWPvAPyiQB3e/vdzsuZrx7q
EMlw64jStHEARnFKsd3X+kRkPySD0wp14KPwed6O8miX0zZNgoFtoGO/nZFCUxFS
WLRYGkN1XtET4k1B9ax4rMvttiRM0zBa/vXpMOLvtzNDqdImR+52i3KOCoSGIqdg
FtlESOYm2MSxmHVTvE59vGjYv0xfZzfJzQLAD1kAhyFuDeG0WV5CQZwN9DfcKN6z
Kj5Qz/0tdeov7bPpalYxDr1HpEJc5a5PkXw+hUYUPqtgnbC4pHCHHWqtbBFiSF3A
2LFZPWxtJSrqo8ntsJPOciNFYLjzPtn+REKIu3kCAwEAAaOCAjwwggI4MB0GA1Ud
DgQWBBS4Df/B56RRW74g/MFDC0qQwiw+IDAfBgNVHSMEGDAWgBSEUrA+GwFwljiU
DZWSmDzed+yrdzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hGS3dQaHNCY0pZNGxBMlZrcGc4M25mc3EzYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTQvMDExZjZlLWU5MjgtNGYyYi1hYTI0LTIwMGZjMjc0Y2IwMS8x
L3VBM193ZWVrVVZ1LUlQekJRd3RLa01Jc1BpQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQv
MDExZjZlLWU5MjgtNGYyYi1hYTI0LTIwMGZjMjc0Y2IwMS8xL2hGS3dQaHNCY0pZ
NGxBMlZrcGc4M25mc3EzYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBS
BggrBgEFBQcBBwEB/wRDMEEwMAQCAAEwKgMEAwU1cAMEA01LkAMEAlvM1AMEA7L7
aAMEArn5oAMEAsHuIAMEAsHvSDANBAIAAjAHAwUDKgIgADANBgkqhkiG9w0BAQsF
AAOCAQEAmH7X4qf4PoWlKHRBUN4YhwniKYw2lx8J2iSmNCKX6po65AGKg0BPBscK
94q2/xAb3qqocJ7K7DZzEhQwehFtw14k6p/y6uw5hqhygWlxRkV6yjjY2Pa2i1uk
hqDUTuSxhBkMqo9ADcmqypiZq3rB4CWfKt/PrDJ9MrXq6ZI/BWK2ZP5/jQDCRfHz
AcNZl0GNqOA3nOCrzTDSNEBlQx1L7QrRfw2Az7CRkpKgkFzV0EvOMJAwk6CNqHWY
LnBUV7v1F+8ASvhmqD4oNJmW66OBDnY/xQPxt4DPXBS7uptuzTxlGLxAmBJCg5vi
K6gH/oTTrZseu+oJVvzsNnlNgfBDiw==
-----END CERTIFICATE-----
Generated at Sun Apr 13 07:36:57 2025 by rpki-client