Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/0iGU_UVqusObGz0OUSbKZCUqVoA.roa
File: 0iGU_UVqusObGz0OUSbKZCUqVoA.roa (raw, json)
Hash identifier: T3BezI1InetzSpplfunI+qrSQwqA3H3n0FPbtaj1I8o=
Subject key identifier: D2:21:94:FD:45:6A:BA:C3:9B:1B:3D:0E:51:26:CA:64:25:2A:56:80
Certificate issuer: /CN=515585aca423697c62236e2b5f91b41e4be7ae58
Certificate serial: 01856EC21D7391785CB39AE7898E38E7B3F3
Authority key identifier: 51:55:85:AC:A4:23:69:7C:62:23:6E:2B:5F:91:B4:1E:4B:E7:AE:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UVWFrKQjaXxiI24rX5G0Hkvnrlg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/0iGU_UVqusObGz0OUSbKZCUqVoA.roa
Signing time: Sun 01 Jan 2023 19:14:53 +0000
ROA not before: Sun 01 Jan 2023 19:14:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56546
IP address blocks: 31.41.20.0/22 maxlen: 22
31.41.21.0/24 maxlen: 24
31.41.22.0/24 maxlen: 24
31.41.23.0/24 maxlen: 24
31.41.20.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:c2:1d:73:91:78:5c:b3:9a:e7:89:8e:38:e7:b3:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=515585aca423697c62236e2b5f91b41e4be7ae58
Validity
Not Before: Jan 1 19:14:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d22194fd456abac39b1b3d0e5126ca64252a5680
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f7:62:6c:6c:c4:71:e9:0c:48:c6:41:3f:6d:
09:88:a4:b8:71:8e:6c:7a:1a:fa:93:62:85:2f:40:
7f:c0:d0:6e:2b:83:5e:eb:03:fb:fb:3e:1d:ae:4d:
85:a6:94:dd:21:ba:6f:37:51:5e:1c:da:1d:f2:08:
0b:7c:9e:a3:37:14:ff:55:3b:4e:07:11:3d:33:21:
2a:3e:e8:11:5b:eb:86:d9:9b:3d:a1:41:92:8d:9d:
56:5b:f8:30:69:7c:73:94:5e:35:f0:96:fc:18:fb:
8e:1d:e7:40:30:85:76:0d:0c:46:30:fa:82:79:4c:
db:4a:9b:34:c9:e2:f2:93:df:81:ba:38:95:15:2d:
6f:2f:75:d3:b4:45:d1:a2:b3:76:17:6e:97:57:39:
13:51:db:69:25:f8:3f:07:86:2f:c5:64:6a:86:f0:
f6:23:b6:2f:05:1f:92:53:9f:87:b9:3d:bf:7e:48:
fe:bf:07:8b:9b:6c:a0:9e:60:f5:90:43:6a:ad:8e:
9f:6d:7d:38:33:95:e7:03:24:4d:5f:09:db:c4:5e:
7f:84:46:b6:c4:6e:d8:8a:f1:ed:85:1f:92:11:b1:
99:ab:92:73:65:72:eb:ff:e6:bc:f9:3e:e9:5b:be:
5d:2c:c1:73:4a:22:51:a3:09:9d:cc:67:c5:9b:05:
b5:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:21:94:FD:45:6A:BA:C3:9B:1B:3D:0E:51:26:CA:64:25:2A:56:80
X509v3 Authority Key Identifier:
keyid:51:55:85:AC:A4:23:69:7C:62:23:6E:2B:5F:91:B4:1E:4B:E7:AE:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UVWFrKQjaXxiI24rX5G0Hkvnrlg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/0iGU_UVqusObGz0OUSbKZCUqVoA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/UVWFrKQjaXxiI24rX5G0Hkvnrlg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.20.0/22
Signature Algorithm: sha256WithRSAEncryption
48:95:29:4e:f2:9f:3e:4a:9d:d8:50:46:8d:b9:a8:a0:93:2e:
c7:45:57:24:be:4d:14:12:63:a2:25:65:5f:71:97:66:7e:56:
4f:86:5e:e8:5f:4b:ee:ef:f9:3f:6f:f4:cb:8b:61:c4:b2:a9:
81:3a:74:a3:2a:d1:0a:68:b3:93:a9:17:57:b1:34:66:6a:2a:
20:90:a4:f4:dd:32:2d:32:e0:16:22:37:ba:72:a0:8d:76:5c:
93:ea:f3:37:c0:f3:6b:94:e7:ef:05:0e:6f:21:9c:60:65:e9:
f3:2f:a1:2b:c3:07:84:8d:74:45:f2:8d:f3:4d:be:fc:de:4e:
94:be:44:8f:c6:01:1a:e7:61:f1:97:6c:59:d1:b1:57:27:93:
77:15:01:71:97:bb:fe:cb:7a:91:f6:2b:0f:f4:f2:a8:61:dd:
92:b5:9f:46:06:6e:69:7d:06:32:84:cf:0a:12:aa:4d:31:f0:
ab:62:a4:09:b2:32:68:31:e0:a1:05:a6:5e:cb:45:c4:1c:44:
9c:e5:31:d3:ad:20:3a:23:7d:8c:d4:27:0d:20:22:15:31:b1:
71:43:28:af:66:04:51:1d:eb:91:e8:77:16:bc:0d:dc:11:17:
fa:dc:ce:3f:d4:4e:6e:65:77:6a:5c:61:9b:6e:c9:f7:b0:88:
71:db:18:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuwh1zkXhcs5rniY4457PzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNTU4NWFjYTQyMzY5N2M2MjIzNmUyYjVmOTFiNDFlNGJl
N2FlNTgwHhcNMjMwMTAxMTkxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIxOTRmZDQ1NmFiYWMzOWIxYjNkMGU1MTI2Y2E2NDI1MmE1NjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfdibGzEcekMSMZBP20JiKS4cY5s
ehr6k2KFL0B/wNBuK4Ne6wP7+z4drk2FppTdIbpvN1FeHNod8ggLfJ6jNxT/VTtO
BxE9MyEqPugRW+uG2Zs9oUGSjZ1WW/gwaXxzlF418Jb8GPuOHedAMIV2DQxGMPqC
eUzbSps0yeLyk9+BujiVFS1vL3XTtEXRorN2F26XVzkTUdtpJfg/B4YvxWRqhvD2
I7YvBR+SU5+HuT2/fkj+vweLm2ygnmD1kENqrY6fbX04M5XnAyRNXwnbxF5/hEa2
xG7YivHthR+SEbGZq5JzZXLr/+a8+T7pW75dLMFzSiJRowmdzGfFmwW1cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIhlP1FarrDmxs9DlEmymQlKlaAMB8GA1UdIwQY
MBaAFFFVhaykI2l8YiNuK1+RtB5L565YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVZXRnJLUWphWHhpSTI0clg1RzBIa3ZucmxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85ZDNmMTUtNDdkMC00MDY5LWI1OTYt
NTFhMGY2YmRlNGY2LzEvMGlHVV9VVnF1c09iR3owT1VTYktaQ1VxVm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85ZDNmMTUtNDdkMC00MDY5LWI1OTYtNTFhMGY2YmRlNGY2
LzEvVVZXRnJLUWphWHhpSTI0clg1RzBIa3ZucmxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHykUMA0G
CSqGSIb3DQEBCwUAA4IBAQBIlSlO8p8+Sp3YUEaNuaigky7HRVckvk0UEmOiJWVf
cZdmflZPhl7oX0vu7/k/b/TLi2HEsqmBOnSjKtEKaLOTqRdXsTRmaiogkKT03TIt
MuAWIje6cqCNdlyT6vM3wPNrlOfvBQ5vIZxgZenzL6ErwweEjXRF8o3zTb783k6U
vkSPxgEa52Hxl2xZ0bFXJ5N3FQFxl7v+y3qR9isP9PKoYd2StZ9GBm5pfQYyhM8K
EqpNMfCrYqQJsjJoMeChBaZey0XEHESc5THTrSA6I32M1CcNICIVMbFxQyivZgRR
HeuR6HcWvA3cERf63M4/1E5uZXdqXGGbbsn3sIhx2xi2
-----END CERTIFICATE-----
Generated at Tue Apr 29 08:46:08 2025 by rpki-client