Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/6XcGFN9CrDwPwmuyMueFlI44sGI.roa
File: 6XcGFN9CrDwPwmuyMueFlI44sGI.roa (raw, json)
Hash identifier: 9ya10x1Jeomqmv8MB3vrKkC/ioEY8Nl69ajjo3ByB3M=
Subject key identifier: E9:77:06:14:DF:42:AC:3C:0F:C2:6B:B2:32:E7:85:94:8E:38:B0:62
Certificate issuer: /CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
Certificate serial: 01856D01C1195A2A3C30CD2CF6A96C780A25
Authority key identifier: 37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/6XcGFN9CrDwPwmuyMueFlI44sGI.roa
Signing time: Sun 01 Jan 2023 11:05:09 +0000
ROA not before: Sun 01 Jan 2023 11:05:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203576
IP address blocks: 5.252.98.0/24 maxlen: 32
5.252.97.0/24 maxlen: 32
5.252.96.0/24 maxlen: 32
5.252.99.0/24 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:01:c1:19:5a:2a:3c:30:cd:2c:f6:a9:6c:78:0a:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
Validity
Not Before: Jan 1 11:05:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e9770614df42ac3c0fc26bb232e785948e38b062
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:80:40:03:1e:5a:c3:38:89:0e:7e:c2:83:70:
8f:62:96:c0:14:e0:93:79:7c:f6:fc:18:f4:fa:4b:
b4:a4:f1:3c:3c:07:88:37:ce:31:bc:71:86:85:8d:
39:a7:52:33:c2:35:f8:aa:2f:13:e9:fb:d1:cf:76:
85:ed:ec:66:7c:e0:31:a6:da:29:c0:8a:71:0a:bd:
8b:bf:69:aa:fd:c3:49:a0:40:0e:b7:b8:e0:00:d1:
62:e7:93:d2:d4:b6:76:76:88:bb:8c:cd:d7:19:4d:
1c:a8:fe:a1:87:ab:2f:a8:9f:fb:19:f2:8a:df:91:
a0:e8:56:4a:55:2b:30:b0:83:e6:5b:9e:14:90:84:
33:a6:18:3a:30:88:d6:62:f0:1c:c4:f9:b3:8f:be:
c0:e1:34:04:09:ba:dd:71:40:36:71:18:cf:12:16:
77:26:8a:c1:e9:e8:2a:01:4b:bf:ee:d9:46:9c:6a:
3b:b7:4b:b8:a0:c7:90:eb:99:fd:78:de:5c:b0:ba:
72:e4:1e:84:ad:b0:12:30:ee:53:84:19:52:19:97:
24:0a:0c:af:54:f3:31:83:0d:65:32:51:a3:ba:17:
cf:74:33:fb:b0:0f:1b:74:ae:20:61:d5:2c:eb:b2:
3e:e3:4a:95:cf:2f:43:34:f8:29:8d:45:b7:c7:83:
a8:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:77:06:14:DF:42:AC:3C:0F:C2:6B:B2:32:E7:85:94:8E:38:B0:62
X509v3 Authority Key Identifier:
keyid:37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/6XcGFN9CrDwPwmuyMueFlI44sGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.96.0/22
Signature Algorithm: sha256WithRSAEncryption
06:10:2e:a3:99:8e:85:94:e4:ff:72:59:d6:6f:c4:6a:35:2d:
fe:5d:eb:f9:60:a5:1b:37:7c:c4:4f:a4:b0:c9:17:59:2d:7e:
d5:29:d1:45:17:fe:8a:32:8f:be:3e:01:f0:3c:77:40:8b:50:
61:b0:d3:d1:d5:26:86:13:50:4c:fb:45:98:df:43:18:f4:41:
06:5b:fa:99:2c:ff:6a:2e:c0:4b:b6:52:b3:85:f8:9f:82:ed:
92:e5:ed:4b:e9:c6:54:da:af:01:fe:f6:db:32:a9:c4:03:bb:
0f:58:40:95:cc:c6:e7:ee:85:b2:0c:e7:d6:4b:8b:1b:19:86:
e3:8d:7a:0f:75:c9:30:91:92:00:2b:bd:58:db:2b:ba:13:2f:
77:04:23:09:73:c1:82:60:fd:f9:72:8d:45:f9:a0:09:a5:68:
3e:8b:6b:c7:96:06:dc:18:cc:28:49:aa:d7:f8:42:e7:34:14:
e0:04:31:e9:9d:2f:aa:f2:3f:7b:5c:f8:38:03:93:6e:ee:45:
74:e5:64:d1:22:84:97:51:96:94:a9:b2:6f:cd:8f:c9:b1:3e:
28:e9:d1:81:5b:55:6f:47:4c:23:8d:d4:1b:3f:9b:f4:b0:af:
b8:c5:5a:70:72:59:50:56:dd:b8:1a:a5:f2:5a:69:b0:ae:c9:
23:7a:f5:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtAcEZWio8MM0s9qlseAolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZDI3ZmMyNDQ0M2ZjZGQ0YjFiNjVjZmM4MDc4YzRhMTQy
ODlmOWUwHhcNMjMwMTAxMTEwNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTc3MDYxNGRmNDJhYzNjMGZjMjZiYjIzMmU3ODU5NDhlMzhiMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4BAAx5awziJDn7Cg3CPYpbAFOCT
eXz2/Bj0+ku0pPE8PAeIN84xvHGGhY05p1IzwjX4qi8T6fvRz3aF7exmfOAxptop
wIpxCr2Lv2mq/cNJoEAOt7jgANFi55PS1LZ2doi7jM3XGU0cqP6hh6svqJ/7GfKK
35Gg6FZKVSswsIPmW54UkIQzphg6MIjWYvAcxPmzj77A4TQECbrdcUA2cRjPEhZ3
JorB6egqAUu/7tlGnGo7t0u4oMeQ65n9eN5csLpy5B6ErbASMO5ThBlSGZckCgyv
VPMxgw1lMlGjuhfPdDP7sA8bdK4gYdUs67I+40qVzy9DNPgpjUW3x4OoSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOl3BhTfQqw8D8JrsjLnhZSOOLBiMB8GA1UdIwQY
MBaAFDfSf8JEQ/zdSxtlz8gHjEoUKJ+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQt
NDhiMTY2NGQ0MGQ1LzEvNlhjR0ZOOUNyRHdQd211eU11ZUZsSTQ0c0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQtNDhiMTY2NGQ0MGQ1
LzEvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfxgMA0G
CSqGSIb3DQEBCwUAA4IBAQAGEC6jmY6FlOT/clnWb8RqNS3+Xev5YKUbN3zET6Sw
yRdZLX7VKdFFF/6KMo++PgHwPHdAi1BhsNPR1SaGE1BM+0WY30MY9EEGW/qZLP9q
LsBLtlKzhfifgu2S5e1L6cZU2q8B/vbbMqnEA7sPWECVzMbn7oWyDOfWS4sbGYbj
jXoPdckwkZIAK71Y2yu6Ey93BCMJc8GCYP35co1F+aAJpWg+i2vHlgbcGMwoSarX
+ELnNBTgBDHpnS+q8j97XPg4A5Nu7kV05WTRIoSXUZaUqbJvzY/JsT4o6dGBW1Vv
R0wjjdQbP5v0sK+4xVpwcllQVt24GqXyWmmwrskjevW8
-----END CERTIFICATE-----
Generated at Tue May 13 06:43:06 2025 by rpki-client