Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/lfr8BTnMA9LCEAuhkWsu4iWLaBA.roa
File: lfr8BTnMA9LCEAuhkWsu4iWLaBA.roa (raw, json)
Hash identifier: a6vjMoTnYn4lWjknj4J9lNQAMXTfW7FOO17dDzcXfec=
Subject key identifier: 95:FA:FC:05:39:CC:03:D2:C2:10:0B:A1:91:6B:2E:E2:25:8B:68:10
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 01856DE67535786B8687FBF73BA1114AF347
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/lfr8BTnMA9LCEAuhkWsu4iWLaBA.roa
Signing time: Sun 01 Jan 2023 15:14:57 +0000
ROA not before: Sun 01 Jan 2023 15:14:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 85.239.149.0/24 maxlen: 24
85.239.148.0/24 maxlen: 24
85.239.150.0/24 maxlen: 24
85.239.151.0/24 maxlen: 24
185.95.157.0/24 maxlen: 24
185.95.156.0/24 maxlen: 24
185.95.159.0/24 maxlen: 24
185.95.158.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:e6:75:35:78:6b:86:87:fb:f7:3b:a1:11:4a:f3:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Jan 1 15:14:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=95fafc0539cc03d2c2100ba1916b2ee2258b6810
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:2e:3d:bd:d0:42:ec:bb:9e:ff:2c:75:40:8c:
31:d0:bc:4a:bc:36:ac:43:72:15:db:25:b7:12:1f:
71:c5:df:f4:41:e7:8d:a7:ee:44:22:da:df:53:32:
29:86:9f:ef:46:d6:0d:fa:f3:d2:be:b5:f3:7e:f5:
12:d0:ab:b4:69:ea:d0:6b:80:94:fa:e2:c9:d5:70:
e7:14:6d:6c:11:de:38:5a:16:3a:31:59:79:1d:90:
3c:29:5f:2f:81:ad:db:f8:b5:de:ff:61:8d:8d:19:
0c:a5:35:3d:08:a1:5d:71:e2:29:0b:1c:6c:b7:c4:
ef:21:6d:ea:45:19:05:ea:e9:4e:46:22:16:da:98:
b5:df:6b:95:17:f3:6d:fb:ef:2a:8a:dd:92:2c:1b:
52:9a:a9:7b:b9:1b:42:f6:4f:fc:25:b7:24:c0:75:
fe:69:43:de:5a:f5:df:7c:10:25:7e:80:c8:3c:bf:
a5:92:13:2d:0d:8a:58:c3:11:43:bd:0a:f9:c4:96:
5d:11:0b:84:7d:42:06:68:9a:5b:12:ac:27:79:2e:
ca:29:78:31:c2:3c:75:6b:87:ac:77:4d:7c:14:66:
9e:1f:31:06:e8:27:01:c5:69:dd:20:d4:b1:9e:e6:
80:80:81:b0:fd:c9:34:5c:c0:be:fd:85:b6:c4:ea:
55:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:FA:FC:05:39:CC:03:D2:C2:10:0B:A1:91:6B:2E:E2:25:8B:68:10
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/lfr8BTnMA9LCEAuhkWsu4iWLaBA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.148.0/22
185.95.156.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:ef:93:cd:8c:29:3d:ed:8c:f6:7e:c9:3a:a9:f5:ee:59:1a:
24:3c:6d:54:9d:c0:ca:77:8c:45:05:b0:eb:2c:5c:02:97:0b:
ae:62:3e:4a:94:f3:b4:47:a8:5a:60:ff:17:da:88:80:14:74:
1c:43:fa:c5:b6:b7:67:07:fe:82:8f:97:df:fe:af:11:23:05:
d6:dd:81:e7:48:6f:ac:3e:2d:4b:92:b7:7c:4a:32:04:0c:c8:
af:3f:ec:fb:a2:94:3a:77:a0:16:e8:1e:13:68:f0:0f:ae:5a:
bc:71:97:94:2c:a9:5d:7b:2f:b5:61:e2:7f:4c:f1:fe:39:75:
ea:6a:1d:b3:a9:5b:85:2d:82:0d:49:85:02:6d:ff:97:5d:0e:
27:34:d2:bc:c8:91:1e:16:a1:ae:b8:ca:d5:d3:4f:94:61:35:
70:95:e0:71:53:cc:44:ae:de:fd:0c:5d:74:19:4f:cb:f5:90:
62:3f:17:b9:0a:43:ef:3b:88:b9:a4:32:63:52:e1:59:38:f7:
02:6e:f1:0a:90:ba:30:07:90:c6:5f:bc:65:43:95:72:47:a8:
ed:40:44:76:98:3e:8c:15:b8:e9:3f:13:c7:58:89:8f:a1:59:
43:8a:0d:f3:96:2b:95:dd:03:d1:9a:fd:76:7c:e4:bd:77:56:
36:0d:84:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVt5nU1eGuGh/v3O6ERSvNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjMwMTAxMTUxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWZhZmMwNTM5Y2MwM2QyYzIxMDBiYTE5MTZiMmVlMjI1OGI2ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoy49vdBC7Lue/yx1QIwx0LxKvDas
Q3IV2yW3Eh9xxd/0QeeNp+5EItrfUzIphp/vRtYN+vPSvrXzfvUS0Ku0aerQa4CU
+uLJ1XDnFG1sEd44WhY6MVl5HZA8KV8vga3b+LXe/2GNjRkMpTU9CKFdceIpCxxs
t8TvIW3qRRkF6ulORiIW2pi132uVF/Nt++8qit2SLBtSmql7uRtC9k/8JbckwHX+
aUPeWvXffBAlfoDIPL+lkhMtDYpYwxFDvQr5xJZdEQuEfUIGaJpbEqwneS7KKXgx
wjx1a4esd018FGaeHzEG6CcBxWndINSxnuaAgIGw/ck0XMC+/YW2xOpVswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJX6/AU5zAPSwhALoZFrLuIli2gQMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvbGZyOEJUbk1BOUxDRUF1aGtXc3U0aVdMYUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVe+UAwQC
uV+cMA0GCSqGSIb3DQEBCwUAA4IBAQAM75PNjCk97Yz2fsk6qfXuWRokPG1UncDK
d4xFBbDrLFwClwuuYj5KlPO0R6haYP8X2oiAFHQcQ/rFtrdnB/6Cj5ff/q8RIwXW
3YHnSG+sPi1Lkrd8SjIEDMivP+z7opQ6d6AW6B4TaPAPrlq8cZeULKldey+1YeJ/
TPH+OXXqah2zqVuFLYINSYUCbf+XXQ4nNNK8yJEeFqGuuMrV00+UYTVwleBxU8xE
rt79DF10GU/L9ZBiPxe5CkPvO4i5pDJjUuFZOPcCbvEKkLowB5DGX7xlQ5VyR6jt
QER2mD6MFbjpPxPHWImPoVlDig3zliuV3QPRmv12fOS9d1Y2DYR6
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:00:11 2025 by rpki-client