Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/X42vZrh53MjUCfDstHH_RLXTsIw.roa
File: X42vZrh53MjUCfDstHH_RLXTsIw.roa (raw, json)
Hash identifier: AKBhVU0z/sfFhAOZNxK7nfB2TJ7or5nqz2+Iy4ZSbtk=
Subject key identifier: 5F:8D:AF:66:B8:79:DC:C8:D4:09:F0:EC:B4:71:FF:44:B5:D3:B0:8C
Certificate issuer: /CN=3def11bb8a8d480a0313e1f218a66bdf4e95f627
Certificate serial: 3520C367
Authority key identifier: 3D:EF:11:BB:8A:8D:48:0A:03:13:E1:F2:18:A6:6B:DF:4E:95:F6:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/X42vZrh53MjUCfDstHH_RLXTsIw.roa
Signing time: Sat 01 Jan 2022 11:02:02 +0000
ROA not before: Sat 01 Jan 2022 11:02:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47331
IP address blocks: 212.156.0.0/16 maxlen: 24
81.212.0.0/14 maxlen: 24
85.96.0.0/12 maxlen: 24
95.0.0.0/12 maxlen: 24
88.224.0.0/11 maxlen: 24
78.160.0.0/11 maxlen: 24
212.174.0.0/15 maxlen: 24
2a01:358::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 891339623 (0x3520c367)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3def11bb8a8d480a0313e1f218a66bdf4e95f627
Validity
Not Before: Jan 1 11:02:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5f8daf66b879dcc8d409f0ecb471ff44b5d3b08c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:41:cd:74:48:ff:50:9c:79:a5:7e:e5:2b:84:
6f:ec:36:fa:51:b4:f4:6e:e2:8e:bd:98:80:82:2a:
f5:cd:78:3e:9e:12:fd:1e:ab:ec:3f:37:22:17:ec:
c3:60:38:11:f8:0c:a3:f3:ba:eb:58:b1:38:c1:9f:
1a:c0:06:93:ce:c6:7b:db:07:70:c3:b8:87:c2:19:
ae:38:da:4c:4f:c1:fc:f5:26:6f:40:ee:ff:00:e1:
e5:87:71:da:2c:89:5c:a0:8b:d0:16:02:3f:ac:3b:
32:04:c7:43:cc:f7:8b:29:88:38:ca:2c:d7:9a:3c:
92:4c:6e:52:05:d8:21:cb:b8:66:26:7c:83:61:c7:
d6:3d:4d:1b:b1:80:f5:d2:8b:a2:1a:68:4d:f1:fe:
71:7d:54:9f:db:9d:cb:65:ba:1b:82:0f:ed:31:79:
b7:55:38:70:7f:10:cd:a3:76:29:06:0e:83:92:7a:
d0:08:d6:e2:6f:57:c5:fc:d0:b6:0d:e1:c5:ed:55:
43:63:c2:be:43:a7:b5:31:3a:ef:25:1c:0a:22:5c:
dc:b3:f0:67:2e:ca:79:07:56:45:2a:6a:8e:36:52:
92:89:62:4e:e7:fa:c8:46:17:d5:b3:89:77:c4:40:
5d:8e:7b:b2:ac:c2:6e:3e:91:c1:71:a2:46:9c:37:
0c:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:8D:AF:66:B8:79:DC:C8:D4:09:F0:EC:B4:71:FF:44:B5:D3:B0:8C
X509v3 Authority Key Identifier:
keyid:3D:EF:11:BB:8A:8D:48:0A:03:13:E1:F2:18:A6:6B:DF:4E:95:F6:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/X42vZrh53MjUCfDstHH_RLXTsIw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/Pe8Ru4qNSAoDE-HyGKZr306V9ic.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.160.0.0/11
81.212.0.0/14
85.96.0.0/12
88.224.0.0/11
95.0.0.0/12
212.156.0.0/16
212.174.0.0/15
IPv6:
2a01:358::/29
Signature Algorithm: sha256WithRSAEncryption
02:5e:36:db:75:d0:76:a2:90:6f:02:e4:9e:1b:f3:31:81:cd:
e5:85:25:de:43:89:d6:b4:fc:64:d4:db:07:2c:43:8d:27:83:
ee:02:e7:0a:94:1b:dd:3f:5a:5c:22:d3:5a:8b:37:ba:85:f5:
d9:49:64:09:90:b3:7d:4c:35:1f:15:fa:3c:9d:0f:4d:f0:ad:
a8:d0:21:f1:26:70:38:97:6d:1b:55:31:1b:7a:4f:c3:89:04:
b8:95:9f:64:c8:d0:66:da:86:b1:fa:4e:b4:86:87:80:91:f5:
c8:02:58:9a:d9:d2:8c:d9:8b:3f:dc:9f:91:fe:e2:6e:7c:7d:
75:e1:19:62:3b:27:b1:2d:39:ed:24:07:a0:ce:27:68:8e:b1:
03:34:62:ec:4b:a3:96:cf:12:e1:70:d8:44:32:c2:1b:bd:7a:
01:5f:db:e1:80:fc:66:8d:81:43:e8:4a:44:37:01:83:48:e7:
0c:be:fe:04:e2:5f:13:13:fe:75:03:b7:2c:9c:fe:ed:61:1b:
a1:45:00:b5:e0:d7:78:40:91:5b:78:e5:63:23:d2:4b:5e:21:
fc:08:67:f4:4c:2b:4c:e3:0d:41:0a:37:74:9b:72:a9:e7:14:
29:98:cd:d8:a9:73:b6:63:6f:23:7e:ff:19:88:08:f0:9a:e2:
5b:fe:74:92
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIENSDDZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZGVmMTFiYjhhOGQ0ODBhMDMxM2UxZjIxOGE2NmJkZjRlOTVmNjI3MB4XDTIyMDEw
MTExMDIwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWY4ZGFmNjZiODc5
ZGNjOGQ0MDlmMGVjYjQ3MWZmNDRiNWQzYjA4YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANNBzXRI/1CceaV+5SuEb+w2+lG09G7ijr2YgIIq9c14Pp4S
/R6r7D83Ihfsw2A4EfgMo/O661ixOMGfGsAGk87Ge9sHcMO4h8IZrjjaTE/B/PUm
b0Du/wDh5Ydx2iyJXKCL0BYCP6w7MgTHQ8z3iymIOMos15o8kkxuUgXYIcu4ZiZ8
g2HH1j1NG7GA9dKLohpoTfH+cX1Un9udy2W6G4IP7TF5t1U4cH8QzaN2KQYOg5J6
0AjW4m9XxfzQtg3hxe1VQ2PCvkOntTE67yUcCiJc3LPwZy7KeQdWRSpqjjZSkoli
Tuf6yEYX1bOJd8RAXY57sqzCbj6RwXGiRpw3DPUCAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBRfja9muHncyNQJ8Oy0cf9EtdOwjDAfBgNVHSMEGDAWgBQ97xG7io1ICgMT
4fIYpmvfTpX2JzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BlOFJ1NHFOU0FvREUtSHlHS1pyMzA2VjlpYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjYvZDFmMTcyLTJkZWYtNDc5Ny04MDVmLWI0OTQ2NjQ3MjRhZC8x
L1g0MnZacmg1M01qVUNmRHN0SEhfUkxYVHNJdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYv
ZDFmMTcyLTJkZWYtNDc5Ny04MDVmLWI0OTQ2NjQ3MjRhZC8xL1BlOFJ1NHFOU0Fv
REUtSHlHS1pyMzA2VjlpYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowKQQCAAEwIwMDBU6gAwMCUdQDAwRVYAMDBVjgAwME
XwADAwDUnAMDAdSuMA0EAgACMAcDBQMqAQNYMA0GCSqGSIb3DQEBCwUAA4IBAQAC
XjbbddB2opBvAuSeG/Mxgc3lhSXeQ4nWtPxk1NsHLEONJ4PuAucKlBvdP1pcItNa
ize6hfXZSWQJkLN9TDUfFfo8nQ9N8K2o0CHxJnA4l20bVTEbek/DiQS4lZ9kyNBm
2oax+k60hoeAkfXIAlia2dKM2Ys/3J+R/uJufH114RliOyexLTntJAegzidojrED
NGLsS6OWzxLhcNhEMsIbvXoBX9vhgPxmjYFD6EpENwGDSOcMvv4E4l8TE/51A7cs
nP7tYRuhRQC14Nd4QJFbeOVjI9JLXiH8CGf0TCtM4w1BCjd0m3Kp5xQpmM3YqXO2
Y28jfv8ZiAjwmuJb/nSS
-----END CERTIFICATE-----
Generated at Thu Apr 17 08:09:10 2025 by rpki-client