Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/tM3qoigFt_2yrZT99QyOSi_M5Pw.roa
File: tM3qoigFt_2yrZT99QyOSi_M5Pw.roa (raw, json)
Hash identifier: T5rd/YpKyg8O2uF/cmFuItSyBE6xXTOdqB+jxfXGHaY=
Subject key identifier: B4:CD:EA:A2:28:05:B7:FD:B2:AD:94:FD:F5:0C:8E:4A:2F:CC:E4:FC
Certificate issuer: /CN=4d302a2dd517a61a3b952746f2ee9fbe436d6349
Certificate serial: 01857102D3A13A508F9B2AEEF382B8AE9AF2
Authority key identifier: 4D:30:2A:2D:D5:17:A6:1A:3B:95:27:46:F2:EE:9F:BE:43:6D:63:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/tM3qoigFt_2yrZT99QyOSi_M5Pw.roa
Signing time: Mon 02 Jan 2023 05:44:48 +0000
ROA not before: Mon 02 Jan 2023 05:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43950
IP address blocks: 193.239.8.0/22 maxlen: 22
5.252.156.0/22 maxlen: 22
79.98.32.0/21 maxlen: 21
79.98.33.0/24 maxlen: 24
79.98.32.0/24 maxlen: 24
79.98.35.0/24 maxlen: 24
79.98.39.0/24 maxlen: 24
2a01:568::/32 maxlen: 32
2a01:568::/36 maxlen: 36
2a01:568:3000::/36 maxlen: 36
2a01:568:4000::/36 maxlen: 36
2a01:568:5000::/36 maxlen: 36
2a01:568:6000::/36 maxlen: 36
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:02:d3:a1:3a:50:8f:9b:2a:ee:f3:82:b8:ae:9a:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d302a2dd517a61a3b952746f2ee9fbe436d6349
Validity
Not Before: Jan 2 05:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b4cdeaa22805b7fdb2ad94fdf50c8e4a2fcce4fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:47:ab:66:07:8a:57:e1:77:44:a8:2e:13:8c:
f0:e2:c4:45:a2:18:69:5b:2e:ae:56:5a:fe:88:9b:
e9:73:67:d7:42:d1:b9:8d:c7:54:76:23:14:0c:69:
db:94:7b:0d:79:b6:00:6e:f4:a8:22:07:4b:36:8f:
e1:07:de:58:a2:6f:e4:ad:f7:49:2d:7b:94:00:bc:
a6:1f:d6:4d:08:0e:17:d2:3f:06:71:77:4e:2a:3f:
1f:3f:09:2b:70:d4:98:44:ad:5d:78:32:60:d9:78:
e7:9e:17:b0:9e:a7:c9:00:dd:59:47:d5:78:1c:ad:
4c:32:d8:34:d8:b6:a5:ee:df:fc:23:73:64:46:31:
25:0d:fb:91:5f:ce:16:1f:f1:60:3f:39:58:81:9d:
8a:6e:d1:65:f1:d3:bf:4f:e6:e3:56:9b:16:7c:32:
17:ad:9b:05:04:9a:08:c8:ae:76:33:37:bd:47:9c:
73:f6:e0:ff:56:24:7f:e9:37:67:02:f5:07:5c:bb:
7e:16:94:5e:74:ef:a3:11:49:29:bb:5d:74:c3:f5:
d2:55:87:76:4d:cb:ea:20:f0:bf:a4:b0:97:4d:ff:
7a:12:61:f3:d2:3d:10:e1:5e:8c:b1:38:4f:7e:1b:
d6:42:c5:07:ab:e4:c6:64:85:9a:40:ca:6d:8d:67:
fe:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:CD:EA:A2:28:05:B7:FD:B2:AD:94:FD:F5:0C:8E:4A:2F:CC:E4:FC
X509v3 Authority Key Identifier:
keyid:4D:30:2A:2D:D5:17:A6:1A:3B:95:27:46:F2:EE:9F:BE:43:6D:63:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/tM3qoigFt_2yrZT99QyOSi_M5Pw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/TTAqLdUXpho7lSdG8u6fvkNtY0k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.156.0/22
79.98.32.0/21
193.239.8.0/22
IPv6:
2a01:568::/32
Signature Algorithm: sha256WithRSAEncryption
5c:69:0d:65:26:e6:cf:d5:e9:ba:43:73:13:b5:34:fb:48:df:
c5:4d:63:ff:bd:6d:df:7f:35:f9:bc:9d:5f:4a:66:cc:ac:16:
27:d5:f3:7f:7c:92:b2:ef:f8:0f:17:8a:20:8c:65:b9:67:14:
43:14:0a:01:d5:43:78:47:73:31:c9:ac:ac:3a:ab:29:b6:71:
9b:d9:21:30:b4:39:df:91:36:57:d5:38:fa:4e:3b:cd:41:9f:
0c:00:91:3e:62:56:a9:e2:e3:3d:73:c2:9c:ce:27:ae:61:30:
ab:70:81:7c:d7:e4:33:db:bb:bd:98:81:f4:bd:b8:f9:b4:2d:
da:7b:65:10:ee:04:c7:59:85:f1:ac:76:3c:f8:c9:62:89:bb:
bf:fc:e6:61:56:29:41:41:43:ae:2d:51:ef:79:4b:9d:4b:f9:
e7:8e:4b:1b:18:46:ae:86:e4:2f:de:03:9b:5f:d0:56:25:60:
53:32:b1:0b:d2:23:56:26:28:74:a6:67:27:83:97:1c:bb:fe:
27:bf:4b:e4:d0:74:29:d6:56:81:62:ec:4b:78:61:05:f6:8a:
53:78:4f:ab:6b:d2:ab:cd:a4:56:58:61:c6:d0:66:e6:03:49:
d3:45:f2:73:5b:74:cb:8a:8e:f1:80:d1:ff:6a:a5:23:43:bd:
e8:76:8d:00
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVxAtOhOlCPmyru84K4rpryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMzAyYTJkZDUxN2E2MWEzYjk1Mjc0NmYyZWU5ZmJlNDM2
ZDYzNDkwHhcNMjMwMTAyMDU0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNkZWFhMjI4MDViN2ZkYjJhZDk0ZmRmNTBjOGU0YTJmY2NlNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0erZgeKV+F3RKguE4zw4sRFohhp
Wy6uVlr+iJvpc2fXQtG5jcdUdiMUDGnblHsNebYAbvSoIgdLNo/hB95Yom/krfdJ
LXuUALymH9ZNCA4X0j8GcXdOKj8fPwkrcNSYRK1deDJg2XjnnhewnqfJAN1ZR9V4
HK1MMtg02Lal7t/8I3NkRjElDfuRX84WH/FgPzlYgZ2KbtFl8dO/T+bjVpsWfDIX
rZsFBJoIyK52Mze9R5xz9uD/ViR/6TdnAvUHXLt+FpRedO+jEUkpu110w/XSVYd2
TcvqIPC/pLCXTf96EmHz0j0Q4V6MsThPfhvWQsUHq+TGZIWaQMptjWf+RwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLTN6qIoBbf9sq2U/fUMjkovzOT8MB8GA1UdIwQY
MBaAFE0wKi3VF6YaO5UnRvLun75DbWNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFRBcUxkVVhwaG83bFNkRzh1NmZ2a050WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mMGRkNWYtYjk3Mi00MTBiLTk5MDct
MTY2ZmI5ZGI2ZGIzLzEvdE0zcW9pZ0Z0XzJ5clpUOTlReU9TaV9NNVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mMGRkNWYtYjk3Mi00MTBiLTk5MDctMTY2ZmI5ZGI2ZGIz
LzEvVFRBcUxkVVhwaG83bFNkRzh1NmZ2a050WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCBfycAwQD
T2IgAwQCwe8IMA0EAgACMAcDBQAqAQVoMA0GCSqGSIb3DQEBCwUAA4IBAQBcaQ1l
JubP1em6Q3MTtTT7SN/FTWP/vW3ffzX5vJ1fSmbMrBYn1fN/fJKy7/gPF4ogjGW5
ZxRDFAoB1UN4R3MxyaysOqsptnGb2SEwtDnfkTZX1Tj6TjvNQZ8MAJE+Ylap4uM9
c8KczieuYTCrcIF81+Qz27u9mIH0vbj5tC3ae2UQ7gTHWYXxrHY8+Mliibu//OZh
VilBQUOuLVHveUudS/nnjksbGEauhuQv3gObX9BWJWBTMrEL0iNWJih0pmcng5cc
u/4nv0vk0HQp1laBYuxLeGEF9opTeE+ra9KrzaRWWGHG0GbmA0nTRfJzW3TLio7x
gNH/aqUjQ73odo0A
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:03 2025 by rpki-client