Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/2aA1Ts_rOoRaGtrAE19XwGt1yvQ.roa
File: 2aA1Ts_rOoRaGtrAE19XwGt1yvQ.roa (raw, json)
Hash identifier: 3U80kG7hU2J+LGzZbEGA39+D5o0w5KsB53hxPFiN8MU=
Subject key identifier: D9:A0:35:4E:CF:EB:3A:84:5A:1A:DA:C0:13:5F:57:C0:6B:75:CA:F4
Certificate issuer: /CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
Certificate serial: 018C3A8A9BE0D72F8CCD2E8BC52DA3558B50
Authority key identifier: AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/2aA1Ts_rOoRaGtrAE19XwGt1yvQ.roa
Signing time: Tue 05 Dec 2023 15:13:31 +0000
ROA not before: Tue 05 Dec 2023 15:13:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42905
IP address blocks: 81.163.218.0/24 maxlen: 24
81.163.216.0/21 maxlen: 21
81.163.219.0/24 maxlen: 24
81.163.216.0/22 maxlen: 22
81.163.216.0/24 maxlen: 24
81.163.217.0/24 maxlen: 24
81.163.220.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:8a:9b:e0:d7:2f:8c:cd:2e:8b:c5:2d:a3:55:8b:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
Validity
Not Before: Dec 5 15:13:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d9a0354ecfeb3a845a1adac0135f57c06b75caf4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:49:c5:38:a1:e0:08:fd:b2:3a:55:18:fd:a2:
31:64:7f:8a:22:06:24:42:84:22:41:e9:bb:4b:41:
41:16:76:c6:96:9d:c1:06:47:5b:28:d8:89:12:e1:
6f:48:75:bf:a9:4b:80:40:9c:72:59:40:66:81:0b:
1f:7b:f0:aa:43:12:b9:2d:b2:db:75:32:3d:08:85:
ca:ff:ac:30:20:33:a1:a6:91:f6:bc:b9:24:85:ae:
76:dc:3c:56:21:76:dd:4e:29:30:72:1b:e7:f1:07:
c5:c1:53:0a:fa:a0:bd:f0:7b:63:97:60:6c:16:89:
19:dc:a4:af:cc:c9:66:fe:10:da:56:30:d5:1b:9c:
ef:d7:57:33:7d:d2:7f:41:84:8d:70:88:f9:ee:02:
10:84:56:43:0c:de:7e:45:0d:51:e2:a4:06:c8:d6:
52:d5:3b:67:a1:e2:c9:0e:0f:c9:68:7e:e6:cc:0b:
16:53:d8:84:7b:a0:0f:ab:a6:1e:6c:8e:1c:22:c9:
37:43:d1:8a:0f:8b:4f:51:73:6b:1e:6f:21:2d:fc:
ab:e6:5c:1b:2c:33:d3:24:b7:0b:d3:16:df:6f:27:
d3:66:b9:c3:1d:80:9b:83:70:20:42:59:29:63:e6:
f6:95:5d:f8:07:6a:41:2f:92:e4:15:19:40:41:37:
48:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:A0:35:4E:CF:EB:3A:84:5A:1A:DA:C0:13:5F:57:C0:6B:75:CA:F4
X509v3 Authority Key Identifier:
keyid:AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/2aA1Ts_rOoRaGtrAE19XwGt1yvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.163.216.0/21
Signature Algorithm: sha256WithRSAEncryption
64:3e:d3:7f:b8:bb:8c:24:22:96:86:98:52:b5:bc:7f:b6:40:
d4:e3:f8:42:cf:d6:e0:d0:ad:25:96:17:69:5a:69:1d:22:1d:
fa:2e:31:47:c2:b3:44:77:62:89:3c:e7:32:1a:4c:e6:c3:de:
27:d7:53:a7:25:3e:25:f8:e6:e3:60:e2:29:70:5b:30:cd:ac:
42:77:33:d5:c7:c8:ed:ea:ce:20:69:45:23:5e:19:46:c4:a5:
97:3d:1a:c0:3c:8c:f1:87:05:e1:95:01:39:70:27:d2:05:13:
de:3b:17:de:a4:31:f7:b0:f3:63:4c:ad:e3:e0:2c:d0:a7:05:
9d:7b:5f:2d:35:31:d3:76:b4:91:6f:a3:4c:20:c5:73:18:c1:
a7:77:23:7c:0b:83:db:02:88:5a:31:8f:fc:de:1b:e0:89:b6:
ca:07:56:77:2c:64:b7:85:f1:7e:18:bf:ad:a8:ef:7c:aa:a8:
42:90:da:10:cf:79:eb:fa:f3:f9:cc:0d:83:99:4c:64:67:33:
bd:98:f3:8f:20:ae:3a:bb:e8:0f:de:f9:81:7b:81:ed:33:51:
ba:2c:c9:a5:20:6f:bb:d4:ca:40:37:40:24:c5:81:89:6c:21:
b2:d1:c2:52:74:ed:4f:08:35:24:f7:64:91:f2:88:c0:da:49:
b0:53:97:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYw6ipvg1y+MzS6LxS2jVYtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYjRlMDRhMGVkMzQ0MTEyYzE4NTNjYWIwOWY1MmUxY2Q5
YWJhZjIwHhcNMjMxMjA1MTUxMzMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWEwMzU0ZWNmZWIzYTg0NWExYWRhYzAxMzVmNTdjMDZiNzVjYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEnFOKHgCP2yOlUY/aIxZH+KIgYk
QoQiQem7S0FBFnbGlp3BBkdbKNiJEuFvSHW/qUuAQJxyWUBmgQsfe/CqQxK5LbLb
dTI9CIXK/6wwIDOhppH2vLkkha523DxWIXbdTikwchvn8QfFwVMK+qC98Htjl2Bs
FokZ3KSvzMlm/hDaVjDVG5zv11czfdJ/QYSNcIj57gIQhFZDDN5+RQ1R4qQGyNZS
1TtnoeLJDg/JaH7mzAsWU9iEe6APq6YebI4cIsk3Q9GKD4tPUXNrHm8hLfyr5lwb
LDPTJLcL0xbfbyfTZrnDHYCbg3AgQlkpY+b2lV34B2pBL5LkFRlAQTdIgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmgNU7P6zqEWhrawBNfV8Brdcr0MB8GA1UdIwQY
MBaAFK+04EoO00QRLBhTyrCfUuHNmrryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTct
ODA5NWYzMjk3MTc5LzEvMmFBMVRzX3JPb1JhR3RyQUUxOVh3R3QxeXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTctODA5NWYzMjk3MTc5
LzEvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUaPYMA0G
CSqGSIb3DQEBCwUAA4IBAQBkPtN/uLuMJCKWhphStbx/tkDU4/hCz9bg0K0llhdp
WmkdIh36LjFHwrNEd2KJPOcyGkzmw94n11OnJT4l+ObjYOIpcFswzaxCdzPVx8jt
6s4gaUUjXhlGxKWXPRrAPIzxhwXhlQE5cCfSBRPeOxfepDH3sPNjTK3j4CzQpwWd
e18tNTHTdrSRb6NMIMVzGMGndyN8C4PbAohaMY/83hvgibbKB1Z3LGS3hfF+GL+t
qO98qqhCkNoQz3nr+vP5zA2DmUxkZzO9mPOPIK46u+gP3vmBe4HtM1G6LMmlIG+7
1MpAN0AkxYGJbCGy0cJSdO1PCDUk92SR8ojA2kmwU5eg
-----END CERTIFICATE-----
Generated at Tue Apr 15 13:02:24 2025 by rpki-client