Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/0xr05l4tWWMhpVtVkVC9OWY5jRM.roa
File: 0xr05l4tWWMhpVtVkVC9OWY5jRM.roa (raw, json)
Hash identifier: c40keBjKRuKp2lhEoxt4F84/6vRC1sNLTSv8mCfM+UI=
Subject key identifier: D3:1A:F4:E6:5E:2D:59:63:21:A5:5B:55:91:50:BD:39:66:39:8D:13
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0187E6EDBB4576F4F5DBA6F918117424F7D2
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/0xr05l4tWWMhpVtVkVC9OWY5jRM.roa
Signing time: Thu 04 May 2023 13:22:32 +0000
ROA not before: Thu 04 May 2023 13:22:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211434
IP address blocks: 192.71.206.0/24 maxlen: 24
194.71.106.0/24 maxlen: 24
194.68.22.0/23 maxlen: 23
194.132.172.0/23 maxlen: 24
192.36.200.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:e6:ed:bb:45:76:f4:f5:db:a6:f9:18:11:74:24:f7:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: May 4 13:22:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d31af4e65e2d596321a55b559150bd3966398d13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:20:3d:41:ad:d0:07:7d:76:1b:fc:e2:8d:1e:
b9:dc:c8:d0:79:72:21:3a:d1:53:a0:e4:96:46:7c:
85:69:d6:d0:91:49:90:64:e4:4a:bb:41:34:9a:33:
cb:29:ea:2e:bd:f5:00:a9:f1:9f:2c:2c:90:d1:5a:
5a:29:0c:cc:94:29:c0:91:63:3d:f8:63:5f:8d:f0:
5b:9a:cd:d3:56:da:c3:c2:8c:46:57:50:01:26:12:
a1:e3:63:c5:de:9f:3a:e2:5d:c3:2c:31:cd:59:7a:
4f:f4:e5:13:c2:f4:57:af:03:bb:31:47:59:b3:a4:
5e:7a:07:2b:86:e2:9b:8d:78:e3:b8:6d:13:f3:a7:
b3:a2:e7:d1:a7:7c:0f:05:e5:ec:8a:5d:77:ff:a9:
a9:71:4d:ef:29:3d:9f:a3:19:2f:40:53:41:e2:fe:
65:5b:db:51:1b:c9:af:cc:62:3c:7d:cc:af:5a:33:
87:73:5d:d9:ab:df:48:0a:8c:21:9e:86:2c:b4:bc:
0e:5d:b8:b0:c0:98:ef:cd:f8:de:e9:b4:dc:eb:0e:
be:11:1c:86:30:0e:f0:48:1d:69:4a:aa:d8:3c:65:
1a:7b:c5:ae:1b:b7:55:17:b5:f4:3c:6e:49:93:b4:
57:29:9a:2c:c4:8d:3d:f2:c1:0f:88:ba:dc:c2:31:
37:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:1A:F4:E6:5E:2D:59:63:21:A5:5B:55:91:50:BD:39:66:39:8D:13
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/0xr05l4tWWMhpVtVkVC9OWY5jRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.200.0/24
192.71.206.0/24
194.68.22.0/23
194.71.106.0/24
194.132.172.0/23
Signature Algorithm: sha256WithRSAEncryption
08:0a:31:28:3e:98:c4:3a:f0:ee:1e:8c:ab:73:a3:55:e4:af:
d7:12:14:dd:dc:48:19:7b:bd:93:a7:3a:2b:70:04:4e:47:35:
45:81:af:ce:8f:6a:cf:f3:b2:ec:d6:31:ac:11:dc:f6:61:0b:
06:0a:0f:21:8d:46:02:2b:31:58:f6:17:58:40:05:ce:a4:10:
6c:3b:5e:87:b8:78:65:1f:c7:e2:94:e3:f2:0d:1f:29:17:8e:
b6:4e:2c:c7:84:f5:3d:4b:2c:40:4c:45:38:2c:65:38:a3:03:
58:0e:38:ad:e4:ad:b2:64:88:29:92:ef:2c:5e:43:7f:50:09:
fc:4b:b8:c1:8a:34:98:bd:c7:6f:56:df:38:96:74:2e:ac:9f:
63:9b:61:c6:b0:d8:89:b0:d1:45:6e:e5:3f:30:22:c6:3f:d0:
3d:a6:ba:f6:09:49:8e:f1:71:4e:60:aa:02:2c:6d:ad:a3:be:
f6:fc:ef:34:fa:b0:1e:5b:e2:0b:c5:ec:c1:e4:26:c0:e2:5f:
34:e1:52:29:c8:2d:d7:29:09:3f:90:c1:86:3d:4f:14:b6:d8:
bd:66:6f:54:a1:4f:0b:54:20:7f:31:c9:a2:6a:86:8a:d7:21:
f1:54:bd:ce:ea:24:e2:61:db:93:30:fe:e7:88:cc:0c:5c:19:
7c:fa:03:50
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYfm7btFdvT126b5GBF0JPfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjMwNTA0MTMyMjMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzFhZjRlNjVlMmQ1OTYzMjFhNTViNTU5MTUwYmQzOTY2Mzk4ZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCA9Qa3QB312G/zijR653MjQeXIh
OtFToOSWRnyFadbQkUmQZORKu0E0mjPLKeouvfUAqfGfLCyQ0VpaKQzMlCnAkWM9
+GNfjfBbms3TVtrDwoxGV1ABJhKh42PF3p864l3DLDHNWXpP9OUTwvRXrwO7MUdZ
s6ReegcrhuKbjXjjuG0T86ezoufRp3wPBeXsil13/6mpcU3vKT2foxkvQFNB4v5l
W9tRG8mvzGI8fcyvWjOHc13Zq99ICowhnoYstLwOXbiwwJjvzfje6bTc6w6+ERyG
MA7wSB1pSqrYPGUae8WuG7dVF7X0PG5Jk7RXKZosxI098sEPiLrcwjE38wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNMa9OZeLVljIaVbVZFQvTlmOY0TMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMHhyMDVsNHRXV01ocFZ0VmtWQzlPV1k1alJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwCTIAwQA
wEfOAwQBwkQWAwQAwkdqAwQBwoSsMA0GCSqGSIb3DQEBCwUAA4IBAQAICjEoPpjE
OvDuHoyrc6NV5K/XEhTd3EgZe72TpzorcARORzVFga/Oj2rP87Ls1jGsEdz2YQsG
Cg8hjUYCKzFY9hdYQAXOpBBsO16HuHhlH8filOPyDR8pF462TizHhPU9SyxATEU4
LGU4owNYDjit5K2yZIgpku8sXkN/UAn8S7jBijSYvcdvVt84lnQurJ9jm2HGsNiJ
sNFFbuU/MCLGP9A9prr2CUmO8XFOYKoCLG2to772/O80+rAeW+ILxezB5CbA4l80
4VIpyC3XKQk/kMGGPU8Utti9Zm9UoU8LVCB/McmiaoaK1yHxVL3O6iTiYduTMP7n
iMwMXBl8+gNQ
-----END CERTIFICATE-----
Generated at Sat May 17 16:40:51 2025 by rpki-client