Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/2xLjW9GwTbT4hfhCTx19SNKEHxo.roa
File: 2xLjW9GwTbT4hfhCTx19SNKEHxo.roa (raw, json)
Hash identifier: kV5Cpp8r/4D/hvQCD49nXdcqOdFsGvE5L4gaTXhF/Uk=
Subject key identifier: DB:12:E3:5B:D1:B0:4D:B4:F8:85:F8:42:4F:1D:7D:48:D2:84:1F:1A
Certificate issuer: /CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
Certificate serial: 01856FCBA53099B22217B22D57967DAD37E4
Authority key identifier: 68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/2xLjW9GwTbT4hfhCTx19SNKEHxo.roa
Signing time: Mon 02 Jan 2023 00:04:55 +0000
ROA not before: Mon 02 Jan 2023 00:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206610
IP address blocks: 46.29.176.0/21 maxlen: 24
185.28.204.0/22 maxlen: 24
2a02:2290::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:cb:a5:30:99:b2:22:17:b2:2d:57:96:7d:ad:37:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
Validity
Not Before: Jan 2 00:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=db12e35bd1b04db4f885f8424f1d7d48d2841f1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:b7:45:ff:14:eb:96:58:bd:b3:83:b0:72:c4:
8c:4c:4e:14:4f:41:6f:be:0a:42:31:ea:ef:0a:9d:
89:13:aa:b0:c5:5d:5e:b7:0e:45:dc:57:b5:ef:52:
7d:a4:08:1d:00:ee:74:4c:1e:5e:ec:41:df:f0:b1:
e6:84:85:c5:89:3c:07:02:7e:5b:35:9e:d4:45:6b:
0e:07:60:30:df:63:fc:d8:4b:51:8c:fc:5d:1b:a4:
2f:a1:38:78:b3:32:ca:88:1a:66:55:58:4b:f8:e7:
73:34:ad:f6:aa:26:9e:86:1f:48:41:4c:bc:85:5a:
07:b8:8b:93:e2:da:16:34:b1:6d:68:3e:92:09:5b:
bb:58:75:7b:76:44:76:fa:e2:43:b2:0b:5a:44:da:
c6:c1:55:03:81:2e:98:c9:30:30:a9:aa:5b:5f:5c:
2c:65:54:18:63:37:6e:52:a3:b3:8c:c0:41:c3:88:
7e:26:7e:c6:52:4f:29:06:34:03:f0:77:10:be:2a:
4a:de:ed:c2:04:04:35:cd:c5:ad:a6:5b:a7:59:ab:
5f:38:dd:39:c8:74:bf:de:f0:a9:fb:0a:98:c3:88:
7a:78:39:aa:d8:3c:74:f6:34:44:06:cc:36:b7:c0:
92:17:6c:11:4f:bf:89:39:15:27:14:e0:11:06:fb:
75:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:12:E3:5B:D1:B0:4D:B4:F8:85:F8:42:4F:1D:7D:48:D2:84:1F:1A
X509v3 Authority Key Identifier:
keyid:68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/2xLjW9GwTbT4hfhCTx19SNKEHxo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.29.176.0/21
185.28.204.0/22
IPv6:
2a02:2290::/29
Signature Algorithm: sha256WithRSAEncryption
85:e5:83:e0:e3:1f:82:68:3d:e9:f9:b8:30:22:69:e9:d7:ba:
ae:5a:5c:31:64:d0:8a:f6:7f:e7:ee:d4:a2:39:49:e5:25:25:
e3:fe:86:22:6b:bf:94:ed:b9:03:45:9e:02:ed:bc:72:02:b3:
66:6b:c5:ea:24:e8:e4:5d:a9:b5:ce:86:bc:4d:23:43:e1:bb:
63:5e:87:86:e6:01:c2:52:b0:15:89:6c:b8:84:a6:2a:67:2c:
97:73:07:64:7c:ca:22:4b:a5:1b:45:d0:bf:fc:06:dc:46:c1:
6b:c0:a4:a8:b9:bb:39:f6:56:e0:f3:d7:65:8d:0f:15:9b:44:
6b:60:55:ba:ee:d7:61:07:72:42:82:71:27:62:9e:8f:bd:52:
96:7a:f0:2e:b1:fa:58:7b:de:c4:99:cb:42:34:a9:b2:d7:ae:
22:66:ae:be:93:bc:8f:0c:e4:1b:91:d2:53:50:70:0c:6c:08:
9b:c9:0e:b8:80:a8:13:ed:51:9e:59:c7:ab:ef:5d:0a:f6:22:
4f:3c:5b:a2:c0:29:51:e7:ad:97:98:e5:d8:6a:0e:fc:b5:42:
73:34:89:1a:b2:dd:d2:a3:91:a0:35:7f:f5:0e:1e:34:30:8d:
02:9e:44:f0:24:99:da:96:6a:f8:6c:1b:f4:ef:d9:c5:ea:76:
aa:15:2a:f3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvy6UwmbIiF7ItV5Z9rTfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTRlMWI4ZGE4MGNhYzJhZDFhMmYzZjA5YmY5ZGI1YTEy
NDg2YTQwHhcNMjMwMTAyMDAwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjEyZTM1YmQxYjA0ZGI0Zjg4NWY4NDI0ZjFkN2Q0OGQyODQxZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7dF/xTrlli9s4OwcsSMTE4UT0Fv
vgpCMervCp2JE6qwxV1etw5F3Fe171J9pAgdAO50TB5e7EHf8LHmhIXFiTwHAn5b
NZ7URWsOB2Aw32P82EtRjPxdG6QvoTh4szLKiBpmVVhL+OdzNK32qiaehh9IQUy8
hVoHuIuT4toWNLFtaD6SCVu7WHV7dkR2+uJDsgtaRNrGwVUDgS6YyTAwqapbX1ws
ZVQYYzduUqOzjMBBw4h+Jn7GUk8pBjQD8HcQvipK3u3CBAQ1zcWtplunWatfON05
yHS/3vCp+wqYw4h6eDmq2Dx09jREBsw2t8CSF2wRT7+JORUnFOARBvt1PwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNsS41vRsE20+IX4Qk8dfUjShB8aMB8GA1UdIwQY
MBaAFGiU4bjagMrCrRovPwm/nbWhJIakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODIt
NzAzY2FiNGQwNTk4LzEvMnhMalc5R3dUYlQ0aGZoQ1R4MTlTTktFSHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODItNzAzY2FiNGQwNTk4
LzEvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLh2wAwQC
uRzMMA0EAgACMAcDBQMqAiKQMA0GCSqGSIb3DQEBCwUAA4IBAQCF5YPg4x+CaD3p
+bgwImnp17quWlwxZNCK9n/n7tSiOUnlJSXj/oYia7+U7bkDRZ4C7bxyArNma8Xq
JOjkXam1zoa8TSND4btjXoeG5gHCUrAViWy4hKYqZyyXcwdkfMoiS6UbRdC//Abc
RsFrwKSoubs59lbg89dljQ8Vm0RrYFW67tdhB3JCgnEnYp6PvVKWevAusfpYe97E
mctCNKmy164iZq6+k7yPDOQbkdJTUHAMbAibyQ64gKgT7VGeWcer710K9iJPPFui
wClR562XmOXYag78tUJzNIkast3So5GgNX/1Dh40MI0CnkTwJJnalmr4bBv079nF
6naqFSrz
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:05:28 2025 by rpki-client