Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/XrtLK2bLIavA3jO9FOxVa42i-MA.roa
File: XrtLK2bLIavA3jO9FOxVa42i-MA.roa (raw, json)
Hash identifier: w0kTx+BSpeXozdcvbM5YQNnmEYEQI0Ez8xNmoV7Ee7Q=
Subject key identifier: 5E:BB:4B:2B:66:CB:21:AB:C0:DE:33:BD:14:EC:55:6B:8D:A2:F8:C0
Certificate issuer: /CN=282e432ed88bec1ad1454449632814d43996b1e0
Certificate serial: 01857321D94BBFC8CFC9DB7FA647954D04E4
Authority key identifier: 28:2E:43:2E:D8:8B:EC:1A:D1:45:44:49:63:28:14:D4:39:96:B1:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KC5DLtiL7BrRRURJYygU1DmWseA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/XrtLK2bLIavA3jO9FOxVa42i-MA.roa
Signing time: Mon 02 Jan 2023 15:37:56 +0000
ROA not before: Mon 02 Jan 2023 15:37:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197639
IP address blocks: 91.223.204.0/24 maxlen: 24
2001:67c:620::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:21:d9:4b:bf:c8:cf:c9:db:7f:a6:47:95:4d:04:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=282e432ed88bec1ad1454449632814d43996b1e0
Validity
Not Before: Jan 2 15:37:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5ebb4b2b66cb21abc0de33bd14ec556b8da2f8c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:56:f4:22:78:88:e5:3f:54:62:0f:91:e3:2e:
71:d9:de:3a:e1:f1:91:02:76:81:ac:8a:3c:3c:08:
33:52:4e:89:c6:69:07:54:bf:b4:d7:a0:cf:ad:ee:
62:64:2c:ff:e9:3b:37:5f:65:65:f5:9f:1d:7b:b6:
f5:e5:1e:7d:9b:44:85:0e:96:1c:5d:19:3c:50:1f:
58:2f:cf:8e:47:8b:49:c8:e3:66:e6:81:d6:ea:56:
d2:6e:e0:13:b8:d4:28:95:a4:0b:bb:8d:71:b1:01:
a4:2a:33:03:01:df:ad:7a:61:f7:96:c9:d2:ca:01:
61:d5:48:cf:07:95:95:3a:22:e0:49:60:89:71:a7:
4e:16:5d:6a:1c:38:c6:23:9e:20:c7:52:ff:a0:06:
bb:c1:1c:aa:6b:2a:fb:53:0e:56:ac:cc:82:b3:74:
0c:e9:9e:7c:92:f5:2f:dc:e5:58:63:c1:3f:ac:da:
44:0a:9e:a8:e2:ec:6d:e0:8d:85:d2:c0:24:20:1c:
9b:10:70:ce:69:08:b7:fc:ae:14:bb:e6:db:71:f9:
4e:6a:c9:72:e2:d5:a9:3a:fd:20:1d:4b:f1:23:e7:
aa:de:21:3e:ce:6b:13:13:e0:98:76:aa:a3:87:25:
bc:b8:53:cd:86:09:57:b7:f7:4a:07:39:6d:5f:7b:
fa:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:BB:4B:2B:66:CB:21:AB:C0:DE:33:BD:14:EC:55:6B:8D:A2:F8:C0
X509v3 Authority Key Identifier:
keyid:28:2E:43:2E:D8:8B:EC:1A:D1:45:44:49:63:28:14:D4:39:96:B1:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KC5DLtiL7BrRRURJYygU1DmWseA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/XrtLK2bLIavA3jO9FOxVa42i-MA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/KC5DLtiL7BrRRURJYygU1DmWseA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.223.204.0/24
IPv6:
2001:67c:620::/48
Signature Algorithm: sha256WithRSAEncryption
5e:b6:fc:cb:df:c1:ed:a4:04:33:4b:01:6e:e6:f9:b2:2c:08:
c0:3a:38:6b:d4:83:4e:10:6e:37:d4:46:9e:24:31:ea:87:58:
d2:38:f6:80:f8:dd:06:85:67:21:51:96:e6:6d:be:27:64:e4:
84:ec:54:55:fe:15:88:57:b7:16:17:0b:56:7e:47:d9:b9:b5:
0a:e9:d3:6c:72:92:35:02:dd:af:66:f2:80:a3:62:15:2a:41:
45:5e:31:f9:90:1c:c2:d9:39:32:83:f5:e0:1b:15:b4:2f:51:
0e:ed:a8:6c:dc:61:10:9d:d0:26:b9:69:9a:49:f6:1f:2e:23:
75:29:f2:a6:84:76:af:0e:17:1d:46:8d:51:95:11:b5:c2:2b:
b5:33:7b:1a:69:0f:35:a5:a9:12:6d:98:32:f2:09:ae:e8:86:
9f:03:ce:79:57:71:85:61:5b:f9:14:ec:09:3e:9f:8f:94:6c:
0c:ed:b2:43:e3:90:4e:84:2b:4b:88:47:d7:fe:f4:e9:9a:b7:
f1:80:e6:da:5e:ee:12:90:7b:8c:f5:53:cf:b6:04:5b:b7:43:
51:b4:fd:78:92:03:b8:c0:55:a8:40:9b:9d:6a:93:7b:b0:c3:
09:df:79:7f:17:c7:a7:ea:d7:f5:bc:d1:2e:31:3f:71:1c:13:
76:a0:4a:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVzIdlLv8jPydt/pkeVTQTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MmU0MzJlZDg4YmVjMWFkMTQ1NDQ0OTYzMjgxNGQ0Mzk5
NmIxZTAwHhcNMjMwMTAyMTUzNzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJiNGIyYjY2Y2IyMWFiYzBkZTMzYmQxNGVjNTU2YjhkYTJmOGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1b0IniI5T9UYg+R4y5x2d464fGR
AnaBrIo8PAgzUk6JxmkHVL+016DPre5iZCz/6Ts3X2Vl9Z8de7b15R59m0SFDpYc
XRk8UB9YL8+OR4tJyONm5oHW6lbSbuATuNQolaQLu41xsQGkKjMDAd+temH3lsnS
ygFh1UjPB5WVOiLgSWCJcadOFl1qHDjGI54gx1L/oAa7wRyqayr7Uw5WrMyCs3QM
6Z58kvUv3OVYY8E/rNpECp6o4uxt4I2F0sAkIBybEHDOaQi3/K4Uu+bbcflOasly
4tWpOv0gHUvxI+eq3iE+zmsTE+CYdqqjhyW8uFPNhglXt/dKBzltX3v6nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF67SytmyyGrwN4zvRTsVWuNovjAMB8GA1UdIwQY
MBaAFCguQy7Yi+wa0UVESWMoFNQ5lrHgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0M1REx0aUw3QnJSUlVSSll5Z1UxRG1Xc2VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jNjBmMDgtYjI0Yi00ZGM0LWEyN2Mt
ZmMwYWE3MmU4ZWFkLzEvWHJ0TEsyYkxJYXZBM2pPOUZPeFZhNDJpLU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jNjBmMDgtYjI0Yi00ZGM0LWEyN2MtZmMwYWE3MmU4ZWFk
LzEvS0M1REx0aUw3QnJSUlVSSll5Z1UxRG1Xc2VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9/MMA8E
AgACMAkDBwAgAQZ8BiAwDQYJKoZIhvcNAQELBQADggEBAF62/Mvfwe2kBDNLAW7m
+bIsCMA6OGvUg04QbjfURp4kMeqHWNI49oD43QaFZyFRluZtvidk5ITsVFX+FYhX
txYXC1Z+R9m5tQrp02xykjUC3a9m8oCjYhUqQUVeMfmQHMLZOTKD9eAbFbQvUQ7t
qGzcYRCd0Ca5aZpJ9h8uI3Up8qaEdq8OFx1GjVGVEbXCK7UzexppDzWlqRJtmDLy
Ca7ohp8DznlXcYVhW/kU7Ak+n4+UbAztskPjkE6EK0uIR9f+9Omat/GA5tpe7hKQ
e4z1U8+2BFu3Q1G0/XiSA7jAVahAm51qk3uwwwnfeX8Xx6fq1/W80S4xP3EcE3ag
Svw=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:02 2025 by rpki-client