Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/qXKFYzN3v3g5folbh9M0eqCyh_k.roa
File: qXKFYzN3v3g5folbh9M0eqCyh_k.roa (raw, json)
Hash identifier: /2R6TSD5qwuspYHK9wBJtaghV7FHSDYTK0Ia44c2cKQ=
Subject key identifier: A9:72:85:63:33:77:BF:78:39:7E:89:5B:87:D3:34:7A:A0:B2:87:F9
Certificate issuer: /CN=3cff1f2b1175f0605d025e51017369c1ca8b1a46
Certificate serial: 01856DAF6AB2987E195F4F5FD94B62828AD8
Authority key identifier: 3C:FF:1F:2B:11:75:F0:60:5D:02:5E:51:01:73:69:C1:CA:8B:1A:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/qXKFYzN3v3g5folbh9M0eqCyh_k.roa
Signing time: Sun 01 Jan 2023 14:14:50 +0000
ROA not before: Sun 01 Jan 2023 14:14:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12803
IP address blocks: 195.200.250.0/24 maxlen: 24
195.200.251.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:af:6a:b2:98:7e:19:5f:4f:5f:d9:4b:62:82:8a:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3cff1f2b1175f0605d025e51017369c1ca8b1a46
Validity
Not Before: Jan 1 14:14:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a97285633377bf78397e895b87d3347aa0b287f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:12:87:6b:16:97:3c:dc:03:6e:c8:c7:78:fa:
b1:0f:67:f4:ed:c4:11:2d:19:6c:b2:f9:c0:59:e6:
bd:f1:e3:35:08:16:28:09:a5:a5:0f:df:f0:84:53:
1c:93:8e:3c:d6:0b:8e:df:5c:e2:7a:aa:d9:c3:f3:
c4:c8:96:d8:c8:78:1f:92:e6:8a:ac:59:3a:ff:59:
99:5c:7a:25:16:74:1b:fe:83:de:92:27:54:7a:ed:
78:80:03:1e:da:04:c4:e8:49:99:1d:c4:4f:f3:dc:
4e:a2:b4:4a:83:2c:64:92:35:11:a7:2c:e2:e4:3c:
85:94:0c:3a:a8:de:50:b1:d1:e6:cc:6c:bf:cf:21:
bc:e2:f3:e9:14:3e:d4:45:7d:0e:36:5a:5e:f4:83:
48:89:d8:1c:9e:49:3c:7f:95:2c:3a:65:83:ff:e9:
68:e8:88:42:4d:57:08:75:f9:55:95:e3:c8:5a:60:
40:c5:12:4b:24:de:3c:6a:66:e8:17:3b:58:cb:10:
e5:ea:98:0f:61:ec:a7:76:97:42:47:40:d8:95:a1:
fc:94:47:62:b8:a9:41:26:aa:8b:14:66:2b:ac:e4:
90:70:1a:39:6d:7a:75:07:49:a7:b4:4f:ee:f0:27:
20:ae:fa:e8:fa:c1:df:29:81:b0:0a:bb:0c:e9:6a:
95:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:72:85:63:33:77:BF:78:39:7E:89:5B:87:D3:34:7A:A0:B2:87:F9
X509v3 Authority Key Identifier:
keyid:3C:FF:1F:2B:11:75:F0:60:5D:02:5E:51:01:73:69:C1:CA:8B:1A:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/qXKFYzN3v3g5folbh9M0eqCyh_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.200.250.0/23
Signature Algorithm: sha256WithRSAEncryption
00:b2:db:64:23:cb:a6:fd:14:a5:f2:a5:c5:bd:0c:cd:29:6d:
34:57:0c:8e:7d:53:31:2a:c5:e2:67:6e:79:e3:38:3a:4c:0e:
9a:36:6a:ba:f8:c3:a6:f7:3e:df:18:cd:81:ad:6b:d8:87:f7:
36:a5:55:ce:8f:a9:b8:86:4f:33:d1:90:1e:b1:3e:b9:f2:44:
d2:e2:cc:a2:e9:55:38:59:20:0e:4a:57:1c:03:3e:e4:ce:88:
ab:aa:ed:d6:56:78:78:33:de:97:5e:c0:cb:8a:7b:b3:42:cf:
74:56:f8:17:9d:4e:3e:cc:4b:c0:4d:24:f6:43:52:ea:bf:2e:
d5:ea:41:bf:2d:00:62:14:7d:d6:30:ad:b5:20:09:5c:b1:d0:
41:c4:6a:de:a4:7e:bf:dd:a1:4b:35:66:b1:dd:3b:59:1d:b4:
7f:8b:2f:9a:26:0e:a4:c3:e2:ef:95:c2:26:e6:df:e6:0a:5a:
53:f7:47:9f:2d:21:f0:45:f1:e0:fd:e5:4b:c2:60:10:0c:2a:
71:b5:3d:96:1d:87:00:8f:3e:d2:98:3f:24:3d:01:89:94:36:
00:a6:a7:af:a6:01:06:08:3f:09:a3:67:96:b3:1b:f2:e7:13:
71:5d:b1:22:af:5a:9c:64:f3:60:f9:81:18:2b:9c:af:af:9e:
f6:1e:08:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtr2qymH4ZX09f2UtigorYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZmYxZjJiMTE3NWYwNjA1ZDAyNWU1MTAxNzM2OWMxY2E4
YjFhNDYwHhcNMjMwMTAxMTQxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTcyODU2MzMzNzdiZjc4Mzk3ZTg5NWI4N2QzMzQ3YWEwYjI4N2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRKHaxaXPNwDbsjHePqxD2f07cQR
LRlssvnAWea98eM1CBYoCaWlD9/whFMck4481guO31zieqrZw/PEyJbYyHgfkuaK
rFk6/1mZXHolFnQb/oPekidUeu14gAMe2gTE6EmZHcRP89xOorRKgyxkkjURpyzi
5DyFlAw6qN5QsdHmzGy/zyG84vPpFD7URX0ONlpe9INIidgcnkk8f5UsOmWD/+lo
6IhCTVcIdflVlePIWmBAxRJLJN48amboFztYyxDl6pgPYeyndpdCR0DYlaH8lEdi
uKlBJqqLFGYrrOSQcBo5bXp1B0mntE/u8Ccgrvro+sHfKYGwCrsM6WqVpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlyhWMzd794OX6JW4fTNHqgsof5MB8GA1UdIwQY
MBaAFDz/HysRdfBgXQJeUQFzacHKixpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFA4Zkt4RjE4R0JkQWw1UkFYTnB3Y3FMR2tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hYzc5NDktYTFjYS00N2Y0LWIzOTMt
MmJmMzRjNTI2MmU3LzEvcVhLRll6TjN2M2c1Zm9sYmg5TTBlcUN5aF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hYzc5NDktYTFjYS00N2Y0LWIzOTMtMmJmMzRjNTI2MmU3
LzEvUFA4Zkt4RjE4R0JkQWw1UkFYTnB3Y3FMR2tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw8j6MA0G
CSqGSIb3DQEBCwUAA4IBAQAAsttkI8um/RSl8qXFvQzNKW00VwyOfVMxKsXiZ255
4zg6TA6aNmq6+MOm9z7fGM2BrWvYh/c2pVXOj6m4hk8z0ZAesT658kTS4syi6VU4
WSAOSlccAz7kzoirqu3WVnh4M96XXsDLinuzQs90VvgXnU4+zEvATST2Q1Lqvy7V
6kG/LQBiFH3WMK21IAlcsdBBxGrepH6/3aFLNWax3TtZHbR/iy+aJg6kw+LvlcIm
5t/mClpT90efLSHwRfHg/eVLwmAQDCpxtT2WHYcAjz7SmD8kPQGJlDYApqevpgEG
CD8Jo2eWsxvy5xNxXbEir1qcZPNg+YEYK5yvr572HgjC
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:24:15 2025 by rpki-client