Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/0ebeb9-31a8-4550-8396-695f4a927610/1/pWAOO5J0yjAnwO55XNLB3CMXGy8.roa
File: pWAOO5J0yjAnwO55XNLB3CMXGy8.roa (raw, json)
Hash identifier: pDhAEsUOfrizLIS/bCTr0J3bG3GkLsU0qOmqpOr4q2A=
Subject key identifier: A5:60:0E:3B:92:74:CA:30:27:C0:EE:79:5C:D2:C1:DC:23:17:1B:2F
Certificate issuer: /CN=688e713b07c79f97b47e9f0321768b09488b7a03
Certificate serial: 01856F1DB76EF8A62CD6602DA36ABF85D6FE
Authority key identifier: 68:8E:71:3B:07:C7:9F:97:B4:7E:9F:03:21:76:8B:09:48:8B:7A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aI5xOwfHn5e0fp8DIXaLCUiLegM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/0ebeb9-31a8-4550-8396-695f4a927610/1/pWAOO5J0yjAnwO55XNLB3CMXGy8.roa
Signing time: Sun 01 Jan 2023 20:54:56 +0000
ROA not before: Sun 01 Jan 2023 20:54:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50171
IP address blocks: 193.104.160.0/24 maxlen: 24
91.216.0.0/24 maxlen: 24
176.57.192.0/21 maxlen: 21
2a00:f680::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:1d:b7:6e:f8:a6:2c:d6:60:2d:a3:6a:bf:85:d6:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=688e713b07c79f97b47e9f0321768b09488b7a03
Validity
Not Before: Jan 1 20:54:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a5600e3b9274ca3027c0ee795cd2c1dc23171b2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:22:6e:2b:18:36:b0:23:33:48:9b:e8:be:39:
64:ef:89:bd:a7:42:19:db:90:82:02:04:e2:e6:51:
84:08:12:30:9d:1f:c2:29:44:af:a9:7b:91:c0:c5:
47:fc:0f:56:14:ee:1b:72:ee:09:35:06:14:8d:8d:
e7:de:6d:12:f1:4f:c8:a3:4e:1d:f0:e4:bd:ce:ec:
69:b2:5b:69:79:85:bc:61:66:4b:df:5a:3a:0a:cd:
9c:b8:b9:51:f3:f0:ca:d1:6d:2c:aa:5f:3a:ed:9e:
54:a4:14:65:23:9a:f0:ab:f9:6f:7f:b6:28:d5:00:
ba:1f:85:31:9f:e9:82:12:29:26:6f:6e:7f:f0:44:
d9:2f:bf:cb:f5:70:df:54:92:fd:dc:8a:82:00:d0:
e4:84:1b:46:bd:7c:7e:8f:2c:9d:30:c2:94:35:1a:
d1:a4:24:c4:2d:95:cc:c9:d2:7a:3e:a1:55:42:69:
e6:96:03:01:71:23:17:a1:bc:c7:19:33:13:e7:52:
ca:47:bd:e4:93:a7:ee:34:45:b6:e2:66:f8:a7:94:
72:f3:9e:9e:85:bd:d2:5e:b1:a4:cb:9a:d9:27:f6:
54:a3:eb:62:7e:73:22:37:b4:e5:a3:9c:59:39:5c:
0d:3b:40:ea:0d:81:30:c7:3e:82:5f:ba:69:fb:2c:
23:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:60:0E:3B:92:74:CA:30:27:C0:EE:79:5C:D2:C1:DC:23:17:1B:2F
X509v3 Authority Key Identifier:
keyid:68:8E:71:3B:07:C7:9F:97:B4:7E:9F:03:21:76:8B:09:48:8B:7A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aI5xOwfHn5e0fp8DIXaLCUiLegM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0ebeb9-31a8-4550-8396-695f4a927610/1/pWAOO5J0yjAnwO55XNLB3CMXGy8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0ebeb9-31a8-4550-8396-695f4a927610/1/aI5xOwfHn5e0fp8DIXaLCUiLegM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.216.0.0/24
176.57.192.0/21
193.104.160.0/24
IPv6:
2a00:f680::/32
Signature Algorithm: sha256WithRSAEncryption
a6:47:f2:d4:72:30:44:f3:ad:52:3e:1c:8e:29:bc:3a:d9:28:
df:bf:42:27:d3:51:8f:da:7e:b9:73:f9:ac:b3:55:b7:b2:e4:
04:46:ef:7b:ff:24:90:e1:8f:dc:03:98:dd:aa:f3:a8:e2:cb:
7e:70:6b:01:63:45:30:9b:cb:21:e4:70:dd:2b:8b:07:2b:88:
e3:10:76:df:e9:0c:fe:da:10:d7:e5:5e:3f:db:c9:ba:a0:99:
87:47:0d:0c:96:2a:bd:c4:7c:27:5b:c3:24:a5:5d:cc:7f:e6:
71:35:ec:1f:e2:2a:6b:d0:d8:67:5c:a1:ed:fa:0d:89:e6:7c:
c0:38:06:01:dc:89:87:03:a2:2f:9f:fb:9c:57:50:ab:b7:88:
41:b3:84:f3:9c:47:41:36:58:11:60:55:9b:6e:ef:71:30:c4:
b5:bd:43:a9:fa:44:0e:17:c6:99:17:e7:52:3f:2c:a0:45:06:
48:96:8a:b6:62:9a:79:a4:17:81:0b:ad:79:a8:0c:6f:22:b9:
be:8f:44:82:00:51:d9:30:f9:db:0a:f0:5d:72:d0:c2:a5:f3:
bf:99:88:0e:3d:54:4b:e6:ba:14:b5:52:b2:db:6d:94:00:41:
2c:c0:80:0e:fe:e1:3f:f2:b8:0d:64:b9:7e:e1:df:4a:06:de:
eb:66:75:bc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvHbdu+KYs1mAto2q/hdb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OGU3MTNiMDdjNzlmOTdiNDdlOWYwMzIxNzY4YjA5NDg4
YjdhMDMwHhcNMjMwMTAxMjA1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTYwMGUzYjkyNzRjYTMwMjdjMGVlNzk1Y2QyYzFkYzIzMTcxYjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiJuKxg2sCMzSJvovjlk74m9p0IZ
25CCAgTi5lGECBIwnR/CKUSvqXuRwMVH/A9WFO4bcu4JNQYUjY3n3m0S8U/Io04d
8OS9zuxpsltpeYW8YWZL31o6Cs2cuLlR8/DK0W0sql867Z5UpBRlI5rwq/lvf7Yo
1QC6H4Uxn+mCEikmb25/8ETZL7/L9XDfVJL93IqCANDkhBtGvXx+jyydMMKUNRrR
pCTELZXMydJ6PqFVQmnmlgMBcSMXobzHGTMT51LKR73kk6fuNEW24mb4p5Ry856e
hb3SXrGky5rZJ/ZUo+tifnMiN7Tlo5xZOVwNO0DqDYEwxz6CX7pp+ywjiQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKVgDjuSdMowJ8DueVzSwdwjFxsvMB8GA1UdIwQY
MBaAFGiOcTsHx5+XtH6fAyF2iwlIi3oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUk1eE93ZkhuNWUwZnA4RElYYUxDVWlMZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wZWJlYjktMzFhOC00NTUwLTgzOTYt
Njk1ZjRhOTI3NjEwLzEvcFdBT081SjB5akFud081NVhOTEIzQ01YR3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wZWJlYjktMzFhOC00NTUwLTgzOTYtNjk1ZjRhOTI3NjEw
LzEvYUk1eE93ZkhuNWUwZnA4RElYYUxDVWlMZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW9gAAwQD
sDnAAwQAwWigMA0EAgACMAcDBQAqAPaAMA0GCSqGSIb3DQEBCwUAA4IBAQCmR/LU
cjBE861SPhyOKbw62Sjfv0In01GP2n65c/mss1W3suQERu97/ySQ4Y/cA5jdqvOo
4st+cGsBY0Uwm8sh5HDdK4sHK4jjEHbf6Qz+2hDX5V4/28m6oJmHRw0Mliq9xHwn
W8MkpV3Mf+ZxNewf4ipr0NhnXKHt+g2J5nzAOAYB3ImHA6Ivn/ucV1Crt4hBs4Tz
nEdBNlgRYFWbbu9xMMS1vUOp+kQOF8aZF+dSPyygRQZIloq2Ypp5pBeBC615qAxv
Irm+j0SCAFHZMPnbCvBdctDCpfO/mYgOPVRL5roUtVKy222UAEEswIAO/uE/8rgN
ZLl+4d9KBt7rZnW8
-----END CERTIFICATE-----
Generated at Mon Apr 21 16:14:27 2025 by rpki-client