Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/2XpObcTs1_GyZoGsOWsn_9BuSNc.roa
File: 2XpObcTs1_GyZoGsOWsn_9BuSNc.roa (raw, json)
Hash identifier: iC/f3z9tMbWHwn3j2dxtx+F3tfVjry/6AY8z/F+CUAM=
Subject key identifier: D9:7A:4E:6D:C4:EC:D7:F1:B2:66:81:AC:39:6B:27:FF:D0:6E:48:D7
Certificate issuer: /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial: 0184C2B211FB6A82CAE9A6B38606E5ABD32E
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/2XpObcTs1_GyZoGsOWsn_9BuSNc.roa
Signing time: Tue 29 Nov 2022 09:22:40 +0000
ROA not before: Tue 29 Nov 2022 09:22:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9145
IP address blocks: 2a03:1e01::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c2:b2:11:fb:6a:82:ca:e9:a6:b3:86:06:e5:ab:d3:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Validity
Not Before: Nov 29 09:22:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d97a4e6dc4ecd7f1b26681ac396b27ffd06e48d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:4b:b2:43:9d:44:92:fa:c9:12:6e:90:10:19:
0a:a4:27:c5:e5:53:96:9b:8b:64:92:d8:2b:a0:5f:
1a:87:db:5b:92:5e:38:bc:4b:80:3a:9a:3b:87:36:
24:79:a5:91:36:93:c7:98:2d:48:3f:38:81:0f:2f:
bc:1a:d5:b5:cd:4b:ef:af:b0:5d:57:4d:78:3e:c0:
35:5c:2a:e0:5a:0e:a8:87:24:fa:b0:d8:d8:50:58:
8e:48:a4:a4:8a:cc:82:d5:35:42:71:d1:de:79:92:
63:7e:b4:d6:1b:01:32:88:1d:ce:aa:12:b5:c8:8f:
56:6b:25:3f:31:a0:4a:36:0f:7f:bb:a7:4d:76:32:
d1:9a:d0:84:f9:fa:90:d9:b2:77:86:4f:7b:d3:2c:
d0:b7:e0:f4:33:19:1f:c6:d4:bf:ff:8d:bc:e5:9a:
c5:1a:a4:62:b1:42:2f:11:42:0b:b7:40:88:89:a0:
92:e0:65:ae:4e:6d:ce:71:13:f9:20:6c:35:6c:29:
89:62:db:97:d5:c8:4f:0d:de:8a:1d:a5:2d:ca:36:
86:f1:aa:7d:33:6f:87:60:ce:1c:52:f5:8a:51:c7:
a6:20:05:31:8f:e4:c1:85:b9:c6:14:30:ca:74:de:
03:6e:e9:26:92:cb:fd:58:04:4b:c1:0d:63:f3:96:
df:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:7A:4E:6D:C4:EC:D7:F1:B2:66:81:AC:39:6B:27:FF:D0:6E:48:D7
X509v3 Authority Key Identifier:
keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/2XpObcTs1_GyZoGsOWsn_9BuSNc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a03:1e01::/32
Signature Algorithm: sha256WithRSAEncryption
5b:5c:c0:88:ed:cf:dd:66:62:0a:f8:77:6f:d7:bd:19:e5:88:
ab:1e:24:0b:1f:49:c2:c2:b5:0f:44:d0:48:5f:c1:b7:5e:7d:
48:15:08:cd:1c:5c:70:33:6c:11:10:77:78:b8:bd:80:1a:24:
1d:9f:54:81:5a:1c:45:c9:e7:e8:d8:b1:9f:d9:ce:25:6a:28:
c5:31:8b:3e:ef:63:f0:52:cf:7e:07:34:e6:e8:0a:fa:97:0f:
57:6e:97:4b:c0:6a:3b:53:33:95:12:57:a1:04:39:e6:d2:79:
91:2a:8e:85:b7:5a:23:72:29:e8:fc:a5:4a:f6:6a:df:2b:84:
19:70:c1:3a:8b:e4:1d:52:a0:e4:19:f7:a3:ad:09:7a:c2:18:
a5:6f:3a:cf:82:c3:e3:6e:96:25:2e:f6:a9:7d:41:fd:77:09:
0b:f3:ff:81:2b:65:6f:99:52:54:48:fe:6b:bf:2c:e9:00:4d:
05:54:5d:bc:95:e8:bc:3b:2d:18:dd:45:49:ec:bb:0c:60:dc:
33:fe:eb:08:39:e7:c1:5f:cf:b5:61:3a:8f:ca:4a:a7:9b:c6:
6c:5a:ea:20:96:d1:f6:6e:fe:d6:02:e5:a7:63:e0:4e:56:53:
06:66:31:09:89:73:b5:ca:10:27:2a:6a:55:3a:7e:22:43:b5:
6c:a0:e1:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYTCshH7aoLK6aazhgblq9MuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjIxMTI5MDkyMjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTdhNGU2ZGM0ZWNkN2YxYjI2NjgxYWMzOTZiMjdmZmQwNmU0OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0uyQ51EkvrJEm6QEBkKpCfF5VOW
m4tkktgroF8ah9tbkl44vEuAOpo7hzYkeaWRNpPHmC1IPziBDy+8GtW1zUvvr7Bd
V014PsA1XCrgWg6ohyT6sNjYUFiOSKSkisyC1TVCcdHeeZJjfrTWGwEyiB3OqhK1
yI9WayU/MaBKNg9/u6dNdjLRmtCE+fqQ2bJ3hk970yzQt+D0MxkfxtS//4285ZrF
GqRisUIvEUILt0CIiaCS4GWuTm3OcRP5IGw1bCmJYtuX1chPDd6KHaUtyjaG8ap9
M2+HYM4cUvWKUcemIAUxj+TBhbnGFDDKdN4Dbukmksv9WARLwQ1j85bfYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNl6Tm3E7NfxsmaBrDlrJ//QbkjXMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvMlhwT2JjVHMxX0d5Wm9Hc09Xc25fOUJ1U05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMeATAN
BgkqhkiG9w0BAQsFAAOCAQEAW1zAiO3P3WZiCvh3b9e9GeWIqx4kCx9JwsK1D0TQ
SF/Bt159SBUIzRxccDNsERB3eLi9gBokHZ9UgVocRcnn6Nixn9nOJWooxTGLPu9j
8FLPfgc05ugK+pcPV26XS8BqO1MzlRJXoQQ55tJ5kSqOhbdaI3Ip6PylSvZq3yuE
GXDBOovkHVKg5Bn3o60JesIYpW86z4LD426WJS72qX1B/XcJC/P/gStlb5lSVEj+
a78s6QBNBVRdvJXovDstGN1FSey7DGDcM/7rCDnnwV/PtWE6j8pKp5vGbFrqIJbR
9m7+1gLlp2PgTlZTBmYxCYlztcoQJypqVTp+IkO1bKDhlQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:23:38 2025 by rpki-client