Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/YgSdHaqDU45Fhsb1P__rOzRL0NA.roa
File: YgSdHaqDU45Fhsb1P__rOzRL0NA.roa (raw, json)
Hash identifier: DeFrGJ3yVVY2uyl9lHbhVIJpySoMnU1H9QpyD9azzuk=
Subject key identifier: 62:04:9D:1D:AA:83:53:8E:45:86:C6:F5:3F:FF:EB:3B:34:4B:D0:D0
Certificate issuer: /CN=92660b23fe3b8642d6bf475f8eb7fcad9d13c413
Certificate serial: 0182112147FAE02980800D3D69C31693096B
Authority key identifier: 92:66:0B:23:FE:3B:86:42:D6:BF:47:5F:8E:B7:FC:AD:9D:13:C4:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kmYLI_47hkLWv0dfjrf8rZ0TxBM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/YgSdHaqDU45Fhsb1P__rOzRL0NA.roa
Signing time: Mon 18 Jul 2022 11:46:09 +0000
ROA not before: Mon 18 Jul 2022 11:46:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 203759
IP address blocks: 45.129.40.0/21 maxlen: 24
193.148.162.0/24 maxlen: 24
193.148.160.0/19 maxlen: 24
185.86.188.0/22 maxlen: 24
185.124.192.0/22 maxlen: 24
193.19.128.0/22 maxlen: 24
2a05:b540::/29 maxlen: 48
2a06:b500::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:11:21:47:fa:e0:29:80:80:0d:3d:69:c3:16:93:09:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92660b23fe3b8642d6bf475f8eb7fcad9d13c413
Validity
Not Before: Jul 18 11:46:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=62049d1daa83538e4586c6f53fffeb3b344bd0d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:8d:fc:79:05:37:98:0f:cf:ff:b0:41:8d:3b:
a3:06:98:81:0b:c4:48:1e:7e:08:e6:fd:59:c3:af:
2c:ae:77:a0:19:4a:80:8f:50:0c:ea:49:43:b6:31:
de:67:e5:93:f1:59:7f:19:52:e9:52:43:73:4a:47:
62:37:a0:c9:c5:08:be:b8:36:cf:f6:40:46:9f:c5:
de:d3:bb:7b:1f:30:31:72:52:9f:e7:85:31:a7:01:
65:07:3b:75:cc:8e:ae:75:9e:3f:40:67:66:e4:2e:
20:0d:8d:89:33:56:e7:cb:c1:21:91:f0:b0:55:ad:
c3:f5:d3:f3:90:8c:fa:25:5d:b9:6e:8f:71:fe:b8:
65:9b:5f:d5:40:af:2e:9d:b3:95:6d:ba:be:98:01:
8a:44:a6:26:ad:12:f9:20:35:d4:62:c0:0d:37:10:
3d:ae:17:a9:18:72:87:8d:5c:04:4c:2e:33:21:69:
a6:ab:7a:70:50:d9:e4:f8:b6:60:61:71:57:8a:78:
f5:ea:81:79:a7:41:33:91:48:d8:26:38:fb:b0:dd:
b6:fc:5b:d9:f7:d5:c6:70:1f:33:39:e7:b1:b1:93:
ed:d5:83:e9:13:73:be:6f:28:05:0e:ff:cf:a7:af:
ac:b7:30:29:39:ab:c8:d2:d5:fc:90:f8:02:48:59:
66:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:04:9D:1D:AA:83:53:8E:45:86:C6:F5:3F:FF:EB:3B:34:4B:D0:D0
X509v3 Authority Key Identifier:
keyid:92:66:0B:23:FE:3B:86:42:D6:BF:47:5F:8E:B7:FC:AD:9D:13:C4:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmYLI_47hkLWv0dfjrf8rZ0TxBM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/YgSdHaqDU45Fhsb1P__rOzRL0NA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/kmYLI_47hkLWv0dfjrf8rZ0TxBM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.40.0/21
185.86.188.0/22
185.124.192.0/22
193.19.128.0/22
193.148.160.0/19
IPv6:
2a05:b540::/29
2a06:b500::/29
Signature Algorithm: sha256WithRSAEncryption
12:89:0d:af:c1:27:c6:fe:11:1f:8c:a0:06:76:21:f2:87:83:
79:49:84:08:ca:58:52:8b:bb:b9:e2:77:61:e3:95:f5:80:7d:
c0:75:1e:85:91:be:27:8f:f8:f1:17:92:28:1b:0b:b5:3a:9e:
df:f7:0c:c4:e5:cf:e5:c2:f8:19:7d:2b:a7:74:e4:05:49:e4:
22:4a:40:0a:07:90:3e:7a:a8:c3:5d:8d:46:00:39:b1:1a:b0:
1e:bd:46:7e:8b:81:b1:d1:e0:46:cf:66:8d:6d:69:61:6d:87:
76:1f:95:70:0b:79:f3:35:b3:84:f3:ff:02:d1:f9:ad:e1:83:
92:12:d1:81:38:c6:25:ca:4d:17:d1:bd:3c:e5:20:e2:c9:cb:
8e:b8:4a:a2:9f:e8:85:9e:8c:43:9c:d8:9a:dd:a8:06:03:cb:
59:d0:4e:b4:67:10:d5:4e:4d:12:5a:92:50:98:8e:b5:d3:fb:
f7:47:dd:43:46:76:97:b8:8b:f1:99:1f:03:e3:f4:5c:f6:72:
9d:7f:5b:17:33:12:d1:cc:fc:ea:31:df:73:1d:29:5f:45:76:
df:d5:53:f5:f0:f6:75:82:b3:b1:54:19:0e:8c:d8:5a:14:38:
23:3d:ce:a5:f1:f8:7f:75:bc:67:3f:e9:32:26:b6:3b:e9:2b:
5b:17:fb:da
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYIRIUf64CmAgA09acMWkwlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjYwYjIzZmUzYjg2NDJkNmJmNDc1ZjhlYjdmY2FkOWQx
M2M0MTMwHhcNMjIwNzE4MTE0NjA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjA0OWQxZGFhODM1MzhlNDU4NmM2ZjUzZmZmZWIzYjM0NGJkMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiI38eQU3mA/P/7BBjTujBpiBC8RI
Hn4I5v1Zw68srnegGUqAj1AM6klDtjHeZ+WT8Vl/GVLpUkNzSkdiN6DJxQi+uDbP
9kBGn8Xe07t7HzAxclKf54UxpwFlBzt1zI6udZ4/QGdm5C4gDY2JM1bny8EhkfCw
Va3D9dPzkIz6JV25bo9x/rhlm1/VQK8unbOVbbq+mAGKRKYmrRL5IDXUYsANNxA9
rhepGHKHjVwETC4zIWmmq3pwUNnk+LZgYXFXinj16oF5p0EzkUjYJjj7sN22/FvZ
99XGcB8zOeexsZPt1YPpE3O+bygFDv/Pp6+stzApOavI0tX8kPgCSFlm0wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFGIEnR2qg1OORYbG9T//6zs0S9DQMB8GA1UdIwQY
MBaAFJJmCyP+O4ZC1r9HX463/K2dE8QTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21ZTElfNDdoa0xXdjBkZmpyZjhyWjBUeEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZTNiYWMtM2RhMi00ZTQ5LWJkYWIt
MTNlZjFjNDU1Y2M0LzEvWWdTZEhhcURVNDVGaHNiMVBfX3JPelJMME5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZTNiYWMtM2RhMi00ZTQ5LWJkYWItMTNlZjFjNDU1Y2M0
LzEva21ZTElfNDdoa0xXdjBkZmpyZjhyWjBUeEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDLYEoAwQC
uVa8AwQCuXzAAwQCwROAAwQFwZSgMBQEAgACMA4DBQMqBbVAAwUDKga1ADANBgkq
hkiG9w0BAQsFAAOCAQEAEokNr8Enxv4RH4ygBnYh8oeDeUmECMpYUou7ueJ3YeOV
9YB9wHUehZG+J4/48ReSKBsLtTqe3/cMxOXP5cL4GX0rp3TkBUnkIkpACgeQPnqo
w12NRgA5sRqwHr1GfouBsdHgRs9mjW1pYW2Hdh+VcAt58zWzhPP/AtH5reGDkhLR
gTjGJcpNF9G9POUg4snLjrhKop/ohZ6MQ5zYmt2oBgPLWdBOtGcQ1U5NElqSUJiO
tdP790fdQ0Z2l7iL8ZkfA+P0XPZynX9bFzMS0cz86jHfcx0pX0V239VT9fD2dYKz
sVQZDozYWhQ4Iz3OpfH4f3W8Zz/pMia2O+krWxf72g==
-----END CERTIFICATE-----
Generated at Wed May 7 13:44:33 2025 by rpki-client