Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/l90aD4rYDXc4CZgBMJiSEzns9dM.roa
File: l90aD4rYDXc4CZgBMJiSEzns9dM.roa (raw, json)
Hash identifier: CUttKaBeRML+XWPnSg661dh2rNxkCfgnO+uXM/XSP7g=
Subject key identifier: 97:DD:1A:0F:8A:D8:0D:77:38:09:98:01:30:98:92:13:39:EC:F5:D3
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0188488AEFDA2AF3EE4DFDA11C93B6A5A51B
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/l90aD4rYDXc4CZgBMJiSEzns9dM.roa
Signing time: Tue 23 May 2023 12:17:24 +0000
ROA not before: Tue 23 May 2023 12:17:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13329
IP address blocks: 176.107.72.0/21 maxlen: 21
91.246.184.0/22 maxlen: 22
91.218.252.0/23 maxlen: 23
91.218.254.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:48:8a:ef:da:2a:f3:ee:4d:fd:a1:1c:93:b6:a5:a5:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: May 23 12:17:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=97dd1a0f8ad80d77380998013098921339ecf5d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:fa:78:6b:78:1a:aa:c5:bd:98:99:dc:05:71:
22:ab:dd:78:3b:4d:be:00:c9:be:7d:dc:eb:e4:3b:
b1:7f:48:5d:5b:7f:82:36:04:a6:c6:fe:5a:40:51:
30:30:97:c2:02:2f:f9:89:1d:41:b4:e6:95:67:a4:
71:8e:6a:fc:f0:fa:0c:f5:57:81:ae:a5:c1:89:f0:
e1:fe:a4:7c:90:99:77:af:e9:cd:a9:eb:a7:88:d7:
2c:d7:78:6d:f6:d9:98:f8:27:39:fb:2a:39:5c:f0:
08:f4:9e:73:bb:20:d9:e3:26:77:84:ad:db:93:dd:
8d:3f:e8:ba:6d:d7:79:f1:41:27:5f:9d:30:47:4f:
a0:27:e9:fc:5d:f8:15:63:ca:e2:43:9d:6d:d2:a7:
8f:24:72:cb:44:92:7b:6b:1e:32:cc:b2:e7:1e:20:
eb:ca:b8:32:37:2f:18:61:ba:2e:86:bd:30:4f:61:
db:45:91:af:4f:c5:fb:ed:f2:4d:c4:50:6e:bd:6e:
3c:26:68:ef:73:bc:91:fc:5e:3a:7b:6f:4e:23:bb:
6d:4e:fb:b5:d4:4b:65:c9:03:10:1b:df:0c:3c:cb:
58:d3:78:dc:d5:9d:98:86:15:56:5e:db:92:4d:de:
7f:6e:1d:98:23:36:d6:c6:8a:3f:d9:ed:c6:f2:b5:
f3:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:DD:1A:0F:8A:D8:0D:77:38:09:98:01:30:98:92:13:39:EC:F5:D3
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/l90aD4rYDXc4CZgBMJiSEzns9dM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.218.252.0/22
91.246.184.0/22
176.107.72.0/21
Signature Algorithm: sha256WithRSAEncryption
01:46:c7:dd:41:30:13:d0:f3:8d:86:51:b9:96:3b:98:9b:f0:
c8:4a:7f:20:e7:e3:56:2d:b8:ed:c4:96:64:70:aa:73:69:2f:
40:8e:77:b9:43:37:56:11:52:cb:98:81:10:9e:17:55:4a:63:
ec:fb:0d:87:50:c3:c9:83:d8:c8:30:69:b9:6a:87:35:eb:f0:
21:ce:9b:e9:c9:a3:94:19:62:2c:55:d9:2b:b3:4e:ff:f3:2e:
f4:2f:70:0c:77:8b:0c:ad:fd:64:75:67:96:d6:df:a6:f9:16:
98:d8:56:bd:b5:2a:0a:8e:67:e6:6c:51:f0:db:dc:20:f2:3b:
17:09:b8:5e:e5:fa:da:fe:70:3f:43:87:9a:b8:fa:2d:c1:9f:
f5:3a:0f:fb:a9:0c:a4:1b:f0:49:7b:54:c8:78:09:3e:da:23:
62:10:fc:80:46:61:7b:63:47:7f:af:db:2a:08:f9:11:5c:d8:
08:d3:f2:ce:11:44:ec:97:05:d3:73:de:be:e0:7e:33:f4:f6:
06:55:02:3f:a5:4d:55:c6:d4:bc:67:f1:8d:fe:28:d5:3e:47:
a9:97:b7:9e:76:e2:b8:6d:ed:dd:77:20:97:4f:0a:eb:66:3e:
34:80:f8:e0:36:5f:16:ca:49:fb:45:19:42:b1:b9:80:cc:4c:
98:bc:1f:9a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYhIiu/aKvPuTf2hHJO2paUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMwNTIzMTIxNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2RkMWEwZjhhZDgwZDc3MzgwOTk4MDEzMDk4OTIxMzM5ZWNmNWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfp4a3gaqsW9mJncBXEiq914O02+
AMm+fdzr5Duxf0hdW3+CNgSmxv5aQFEwMJfCAi/5iR1BtOaVZ6Rxjmr88PoM9VeB
rqXBifDh/qR8kJl3r+nNqeuniNcs13ht9tmY+Cc5+yo5XPAI9J5zuyDZ4yZ3hK3b
k92NP+i6bdd58UEnX50wR0+gJ+n8XfgVY8riQ51t0qePJHLLRJJ7ax4yzLLnHiDr
yrgyNy8YYbouhr0wT2HbRZGvT8X77fJNxFBuvW48Jmjvc7yR/F46e29OI7ttTvu1
1EtlyQMQG98MPMtY03jc1Z2YhhVWXtuSTd5/bh2YIzbWxoo/2e3G8rXzxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJfdGg+K2A13OAmYATCYkhM57PXTMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvbDkwYUQ0cllEWGM0Q1pnQk1KaVNFem5zOWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9r8AwQC
W/a4AwQDsGtIMA0GCSqGSIb3DQEBCwUAA4IBAQABRsfdQTAT0PONhlG5ljuYm/DI
Sn8g5+NWLbjtxJZkcKpzaS9Ajne5QzdWEVLLmIEQnhdVSmPs+w2HUMPJg9jIMGm5
aoc16/AhzpvpyaOUGWIsVdkrs07/8y70L3AMd4sMrf1kdWeW1t+m+RaY2Fa9tSoK
jmfmbFHw29wg8jsXCbhe5fra/nA/Q4eauPotwZ/1Og/7qQykG/BJe1TIeAk+2iNi
EPyARmF7Y0d/r9sqCPkRXNgI0/LOEUTslwXTc96+4H4z9PYGVQI/pU1VxtS8Z/GN
/ijVPkepl7eeduK4be3ddyCXTwrrZj40gPjgNl8Wykn7RRlCsbmAzEyYvB+a
-----END CERTIFICATE-----
Generated at Mon Apr 28 01:06:39 2025 by rpki-client