Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/496232-d18b-4554-9a43-432f5c1f41f7/1/2TyiyNk-BXRv5LFFo-hk6qKZeCo.roa
File: 2TyiyNk-BXRv5LFFo-hk6qKZeCo.roa (raw, json)
Hash identifier: CAgPNzAx/3eXK79VxuXM5RU8GbErF9+f2reL6L70woc=
Subject key identifier: D9:3C:A2:C8:D9:3E:05:74:6F:E4:B1:45:A3:E8:64:EA:A2:99:78:2A
Certificate issuer: /CN=9dd504860a7c924e721cbfaea5f49a72c8296c35
Certificate serial: 0185707983DA763EE4A67E817E1E70B88BB5
Authority key identifier: 9D:D5:04:86:0A:7C:92:4E:72:1C:BF:AE:A5:F4:9A:72:C8:29:6C:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ndUEhgp8kk5yHL-upfSacsgpbDU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/496232-d18b-4554-9a43-432f5c1f41f7/1/2TyiyNk-BXRv5LFFo-hk6qKZeCo.roa
Signing time: Mon 02 Jan 2023 03:14:49 +0000
ROA not before: Mon 02 Jan 2023 03:14:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35319
IP address blocks: 91.204.121.0/24 maxlen: 24
91.204.122.0/24 maxlen: 24
193.19.240.0/24 maxlen: 24
193.19.242.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:79:83:da:76:3e:e4:a6:7e:81:7e:1e:70:b8:8b:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dd504860a7c924e721cbfaea5f49a72c8296c35
Validity
Not Before: Jan 2 03:14:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d93ca2c8d93e05746fe4b145a3e864eaa299782a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:ed:8f:53:54:10:73:89:a4:56:02:95:0e:84:
dc:b3:2a:6a:06:92:9c:8f:fe:83:7c:2f:56:c4:d9:
c1:fd:2f:2a:e6:2f:c8:22:86:32:c5:5b:82:9f:38:
a5:b1:ec:1a:ba:38:24:9c:86:eb:9d:b8:5c:d2:73:
d5:d3:6d:4a:e4:fa:23:c8:dd:18:8f:a3:dd:41:d0:
20:a9:50:20:03:0e:33:a8:93:58:61:e6:9f:d7:c1:
20:9a:f3:c9:20:21:b2:05:f0:80:5f:0b:18:53:7d:
93:71:24:ab:a2:af:a0:ed:7b:da:dd:50:ff:1c:4d:
f7:36:c0:b7:c8:27:38:77:f3:0c:0c:4e:c3:e2:36:
33:83:69:d2:46:5b:ad:67:dd:87:ef:44:c4:8f:ee:
97:8d:92:55:87:c6:d2:a0:71:f9:93:17:d2:7d:3d:
11:39:51:e7:63:e1:ec:95:1b:f0:7c:f2:d0:62:fc:
6f:0c:4f:32:1f:7e:77:cc:bf:80:0b:16:8a:86:6e:
98:f0:6e:ed:0a:c8:17:30:90:6a:90:dc:fa:74:55:
53:e4:0a:87:15:bf:71:ec:f2:fc:4a:7d:89:41:12:
b0:b2:4a:f6:89:7a:87:e4:f7:65:e3:93:58:70:74:
7f:17:70:c9:1b:26:b1:89:d9:1c:8c:33:b8:1b:ae:
f2:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:3C:A2:C8:D9:3E:05:74:6F:E4:B1:45:A3:E8:64:EA:A2:99:78:2A
X509v3 Authority Key Identifier:
keyid:9D:D5:04:86:0A:7C:92:4E:72:1C:BF:AE:A5:F4:9A:72:C8:29:6C:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ndUEhgp8kk5yHL-upfSacsgpbDU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/496232-d18b-4554-9a43-432f5c1f41f7/1/2TyiyNk-BXRv5LFFo-hk6qKZeCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/496232-d18b-4554-9a43-432f5c1f41f7/1/ndUEhgp8kk5yHL-upfSacsgpbDU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.121.0-91.204.122.255
193.19.240.0/24
193.19.242.0/24
Signature Algorithm: sha256WithRSAEncryption
98:aa:aa:b3:c5:d7:f1:bc:7a:f1:ef:54:fd:9e:f9:83:5d:7c:
c1:e4:95:bc:b4:c4:0d:0c:39:37:7a:69:2c:33:cc:de:dc:f2:
b9:01:7b:77:e8:38:f9:96:58:40:67:cc:5f:cc:fe:14:27:7d:
af:b9:95:e1:a0:31:74:fb:30:b6:e7:21:87:f2:af:78:95:b7:
b7:38:93:26:84:01:8c:31:ae:01:7f:10:c9:c0:f2:e0:03:e0:
da:5d:ab:a6:8b:25:93:59:7a:fe:bc:4d:be:b9:d4:9f:6f:5a:
21:83:a0:61:65:82:8b:bb:f9:36:25:9d:1a:e7:25:2c:8f:e1:
2c:c0:f3:0c:40:30:66:f7:16:82:0b:a3:03:1c:10:04:22:93:
90:04:e1:08:cd:82:ed:16:a3:62:e0:dd:de:63:78:da:3b:e2:
20:26:42:f2:c6:f0:6e:2b:f0:14:5b:ce:b6:81:80:0c:3f:a1:
4b:39:9a:b5:2a:38:87:4f:5d:9c:be:1f:90:fd:2d:e4:c5:55:
d4:98:b7:d3:6c:06:ed:3a:da:6a:85:ec:53:4e:f1:17:29:8b:
06:91:32:28:6e:f3:40:8e:3a:d2:3d:b1:b6:aa:b7:56:c2:a6:
dc:c6:4a:cc:5e:ed:b2:d6:d2:ae:52:80:0a:06:7f:7e:5b:7b:
5d:0a:c9:0f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVweYPadj7kpn6Bfh5wuIu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZDUwNDg2MGE3YzkyNGU3MjFjYmZhZWE1ZjQ5YTcyYzgy
OTZjMzUwHhcNMjMwMTAyMDMxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNjYTJjOGQ5M2UwNTc0NmZlNGIxNDVhM2U4NjRlYWEyOTk3ODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlu2PU1QQc4mkVgKVDoTcsypqBpKc
j/6DfC9WxNnB/S8q5i/IIoYyxVuCnzilsewaujgknIbrnbhc0nPV021K5PojyN0Y
j6PdQdAgqVAgAw4zqJNYYeaf18EgmvPJICGyBfCAXwsYU32TcSSroq+g7Xva3VD/
HE33NsC3yCc4d/MMDE7D4jYzg2nSRlutZ92H70TEj+6XjZJVh8bSoHH5kxfSfT0R
OVHnY+HslRvwfPLQYvxvDE8yH353zL+ACxaKhm6Y8G7tCsgXMJBqkNz6dFVT5AqH
Fb9x7PL8Sn2JQRKwskr2iXqH5Pdl45NYcHR/F3DJGyaxidkcjDO4G67yGQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNk8osjZPgV0b+SxRaPoZOqimXgqMB8GA1UdIwQY
MBaAFJ3VBIYKfJJOchy/rqX0mnLIKWw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmRVRWhncDhrazV5SEwtdXBmU2Fjc2dwYkRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80OTYyMzItZDE4Yi00NTU0LTlhNDMt
NDMyZjVjMWY0MWY3LzEvMlR5aXlOay1CWFJ2NUxGRm8taGs2cUtaZUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80OTYyMzItZDE4Yi00NTU0LTlhNDMtNDMyZjVjMWY0MWY3
LzEvbmRVRWhncDhrazV5SEwtdXBmU2Fjc2dwYkRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABbzHkD
BABbzHoDBADBE/ADBADBE/IwDQYJKoZIhvcNAQELBQADggEBAJiqqrPF1/G8evHv
VP2e+YNdfMHklby0xA0MOTd6aSwzzN7c8rkBe3foOPmWWEBnzF/M/hQnfa+5leGg
MXT7MLbnIYfyr3iVt7c4kyaEAYwxrgF/EMnA8uAD4Npdq6aLJZNZev68Tb651J9v
WiGDoGFlgou7+TYlnRrnJSyP4SzA8wxAMGb3FoILowMcEAQik5AE4QjNgu0Wo2Lg
3d5jeNo74iAmQvLG8G4r8BRbzraBgAw/oUs5mrUqOIdPXZy+H5D9LeTFVdSYt9Ns
Bu062mqF7FNO8RcpiwaRMihu80COOtI9sbaqt1bCptzGSsxe7bLW0q5SgAoGf35b
e10KyQ8=
-----END CERTIFICATE-----
Generated at Thu May 1 10:05:24 2025 by rpki-client