Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/Pu0MmCKGOFpR32zzN_HI30_mNn0.roa
File: Pu0MmCKGOFpR32zzN_HI30_mNn0.roa (raw, json)
Hash identifier: t3RxVUyPseUQaa1MESYwkjxtVuZETPkVQal/3b0+j6w=
Subject key identifier: 3E:ED:0C:98:22:86:38:5A:51:DF:6C:F3:37:F1:C8:DF:4F:E6:36:7D
Certificate issuer: /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial: 0185C5F4E9C288F1D6300919AF5FF4D927B4
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/Pu0MmCKGOFpR32zzN_HI30_mNn0.roa
Signing time: Wed 18 Jan 2023 17:37:19 +0000
ROA not before: Wed 18 Jan 2023 17:37:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209260
IP address blocks: 193.38.248.0/24 maxlen: 24
194.110.172.0/23 maxlen: 24
192.144.32.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:c5:f4:e9:c2:88:f1:d6:30:09:19:af:5f:f4:d9:27:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Validity
Not Before: Jan 18 17:37:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3eed0c982286385a51df6cf337f1c8df4fe6367d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:cf:18:7c:42:c9:cc:fe:94:d0:17:a0:ea:b5:
4e:28:5e:02:64:df:8c:bb:5e:ad:39:45:74:a8:b4:
e3:35:c6:b4:85:ce:fc:c0:b9:e7:19:d9:10:28:ab:
1a:88:4d:12:fb:c1:34:93:2a:68:d2:57:9e:ec:6f:
bc:23:ac:5e:e2:16:55:97:09:54:c5:4f:6e:93:05:
54:58:17:a5:9b:1e:82:57:38:3b:3d:57:e9:18:b5:
03:4d:9d:b6:0d:70:fe:ae:c4:7b:c1:51:90:f7:c5:
5e:12:cb:e0:71:54:1e:6b:50:2f:f0:93:a2:05:f5:
d5:c2:c3:d4:5a:ab:2b:16:66:92:fd:a7:e4:59:42:
a6:0a:09:d5:86:05:8b:98:9f:52:b8:75:97:03:5c:
06:9d:49:dd:ed:10:cc:f6:cb:45:42:cf:0f:1c:47:
e3:0b:d9:14:25:a8:99:10:f7:ca:16:2e:96:d9:32:
6b:87:02:df:42:d6:ea:1b:94:af:54:11:02:d4:2e:
ee:66:84:a9:70:bc:44:7b:41:b7:5c:b9:65:0f:20:
76:5c:57:03:7c:88:f4:28:b4:99:95:c9:c0:7d:16:
27:0a:9f:ad:49:03:75:10:be:bd:67:77:ef:44:4a:
79:24:da:dd:4a:96:54:50:ff:05:23:c7:1f:eb:4a:
fd:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:ED:0C:98:22:86:38:5A:51:DF:6C:F3:37:F1:C8:DF:4F:E6:36:7D
X509v3 Authority Key Identifier:
keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/Pu0MmCKGOFpR32zzN_HI30_mNn0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.144.32.0/24
193.38.248.0/24
194.110.172.0/23
Signature Algorithm: sha256WithRSAEncryption
52:d4:f4:32:dd:3a:54:c4:69:fb:fe:78:ba:1a:1e:2d:59:35:
c8:76:00:dd:2e:2e:8d:97:99:26:6a:f4:05:78:1d:82:91:6f:
84:a5:a6:14:13:d1:25:d4:91:1b:77:b6:5e:0e:c0:51:18:df:
fd:a0:47:a9:7b:b7:88:fc:bb:75:ef:b1:3f:34:8d:6a:26:d0:
5b:75:ac:c4:cf:37:b7:3c:a4:2f:67:54:f5:fc:cf:19:46:fd:
c5:f8:c4:bd:d5:6c:b9:93:75:7b:fb:56:9b:df:2a:c6:7b:cc:
57:1f:61:a9:d3:6d:ba:b3:5b:2d:2d:fb:64:bf:9e:31:7a:e7:
1c:89:09:cf:a5:14:e8:3c:9f:ac:b6:34:8d:f6:2f:c7:53:d8:
61:f3:fc:e6:3b:4e:60:4a:a4:81:cb:3f:ed:ce:10:bb:50:3b:
f6:78:07:fb:f6:2b:17:b5:5f:5d:02:97:ea:58:c1:01:0d:c9:
2f:e1:9b:bc:8c:17:75:d9:5d:32:79:cc:40:04:38:5d:a5:f0:
bc:82:30:fc:0b:dc:9f:21:80:a1:94:71:50:9d:68:e1:73:a3:
2c:dd:83:c8:e9:ea:ba:2a:05:4e:07:f7:16:6b:1a:ac:9a:c4:
97:f0:90:d6:12:8f:4a:d2:0f:c0:fd:fb:83:a0:eb:6b:b7:3b:
c4:d3:03:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYXF9OnCiPHWMAkZr1/02Se0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjMwMTE4MTczNzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWVkMGM5ODIyODYzODVhNTFkZjZjZjMzN2YxYzhkZjRmZTYzNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoc8YfELJzP6U0Beg6rVOKF4CZN+M
u16tOUV0qLTjNca0hc78wLnnGdkQKKsaiE0S+8E0kypo0lee7G+8I6xe4hZVlwlU
xU9ukwVUWBelmx6CVzg7PVfpGLUDTZ22DXD+rsR7wVGQ98VeEsvgcVQea1Av8JOi
BfXVwsPUWqsrFmaS/afkWUKmCgnVhgWLmJ9SuHWXA1wGnUnd7RDM9stFQs8PHEfj
C9kUJaiZEPfKFi6W2TJrhwLfQtbqG5SvVBEC1C7uZoSpcLxEe0G3XLllDyB2XFcD
fIj0KLSZlcnAfRYnCp+tSQN1EL69Z3fvREp5JNrdSpZUUP8FI8cf60r9WQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD7tDJgihjhaUd9s8zfxyN9P5jZ9MB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvUHUwTW1DS0dPRnBSMzJ6ek5fSEkzMF9tTm4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwJAgAwQA
wSb4AwQBwm6sMA0GCSqGSIb3DQEBCwUAA4IBAQBS1PQy3TpUxGn7/ni6Gh4tWTXI
dgDdLi6Nl5kmavQFeB2CkW+EpaYUE9El1JEbd7ZeDsBRGN/9oEepe7eI/Lt177E/
NI1qJtBbdazEzze3PKQvZ1T1/M8ZRv3F+MS91Wy5k3V7+1ab3yrGe8xXH2Gp0226
s1stLftkv54xeucciQnPpRToPJ+stjSN9i/HU9hh8/zmO05gSqSByz/tzhC7UDv2
eAf79isXtV9dApfqWMEBDckv4Zu8jBd12V0yecxABDhdpfC8gjD8C9yfIYChlHFQ
nWjhc6Ms3YPI6eq6KgVOB/cWaxqsmsSX8JDWEo9K0g/A/fuDoOtrtzvE0wN9
-----END CERTIFICATE-----
Generated at Sat Apr 5 16:45:11 2025 by rpki-client