Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/YL5iLWYUEydACPkaYzgGtaUKeHw.roa
File: YL5iLWYUEydACPkaYzgGtaUKeHw.roa (raw, json)
Hash identifier: 6UON6NfNhkrOP/Nmy9IsYD4ppfub2rOOTa0yvYNGe6w=
Subject key identifier: 60:BE:62:2D:66:14:13:27:40:08:F9:1A:63:38:06:B5:A5:0A:78:7C
Certificate issuer: /CN=cd060238d0668d45a041618ac5df767f59a0c4ae
Certificate serial: 01856BEEACBF804ABE0C18E8EF170628FBEB
Authority key identifier: CD:06:02:38:D0:66:8D:45:A0:41:61:8A:C5:DF:76:7F:59:A0:C4:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zQYCONBmjUWgQWGKxd92f1mgxK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/YL5iLWYUEydACPkaYzgGtaUKeHw.roa
Signing time: Sun 01 Jan 2023 06:04:41 +0000
ROA not before: Sun 01 Jan 2023 06:04:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201618
IP address blocks: 185.68.223.0/24 maxlen: 24
185.68.220.0/23 maxlen: 23
185.68.220.0/24 maxlen: 24
185.68.221.0/24 maxlen: 24
185.68.222.0/24 maxlen: 24
185.68.222.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ee:ac:bf:80:4a:be:0c:18:e8:ef:17:06:28:fb:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd060238d0668d45a041618ac5df767f59a0c4ae
Validity
Not Before: Jan 1 06:04:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60be622d661413274008f91a633806b5a50a787c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:51:89:7b:ca:76:6b:21:d2:35:84:75:58:a8:
0e:0c:a4:e6:51:92:2a:5b:6d:d8:86:24:c8:5f:c9:
2f:89:53:b6:9b:bb:47:12:1d:7b:4e:40:fc:8b:2b:
b1:7e:ac:78:35:74:6b:2a:67:52:c6:81:22:4e:b9:
5e:7d:d7:df:f1:7b:08:bc:63:88:c5:23:88:59:f0:
12:4b:ef:7d:67:1e:f9:03:0f:54:ee:f2:13:d8:88:
75:9c:30:4b:e1:d7:a8:d3:73:62:b6:bc:85:8c:38:
6c:6e:b0:ec:9a:f8:ab:33:3e:03:3b:0f:84:07:21:
fd:0f:c1:11:77:4b:68:93:6a:97:12:42:ee:aa:a2:
3d:84:ff:a3:c2:ac:36:05:66:d9:77:ed:4d:c3:1d:
ce:29:22:36:7b:88:17:46:6c:1b:56:99:56:cc:ea:
62:e2:c4:2a:b5:8e:4f:6f:fd:b7:eb:7a:5c:94:4f:
db:33:74:22:a0:3e:09:a2:33:44:70:c2:76:ce:ab:
99:8f:33:ab:dc:64:15:83:fb:c4:03:cb:31:16:97:
e2:f4:da:09:b8:1d:30:64:53:02:7f:16:c1:1c:f8:
9c:99:45:c8:a5:88:f3:de:15:fe:dd:f9:20:dd:b1:
49:ad:eb:3c:5f:6b:61:74:bf:fb:89:bb:aa:57:89:
6b:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:BE:62:2D:66:14:13:27:40:08:F9:1A:63:38:06:B5:A5:0A:78:7C
X509v3 Authority Key Identifier:
keyid:CD:06:02:38:D0:66:8D:45:A0:41:61:8A:C5:DF:76:7F:59:A0:C4:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zQYCONBmjUWgQWGKxd92f1mgxK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/YL5iLWYUEydACPkaYzgGtaUKeHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/762006-f158-4e5a-b956-7fb6ea89637f/1/zQYCONBmjUWgQWGKxd92f1mgxK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.68.220.0/22
Signature Algorithm: sha256WithRSAEncryption
57:00:84:c7:ff:c8:ee:71:64:08:55:83:e0:f5:8b:2f:61:e6:
86:0a:99:34:a9:9d:74:63:7b:d4:cc:a8:82:ea:ef:84:09:7b:
e2:be:25:42:e1:f5:ba:70:61:05:4e:cb:8e:3a:52:38:b3:01:
59:f0:0e:eb:58:e5:8f:4f:76:63:d8:1a:66:6b:b1:9e:ef:bf:
db:91:38:6d:81:7b:b0:b5:6e:f9:50:20:3b:62:02:f5:b7:64:
4c:40:3b:4a:95:4a:c7:27:ae:19:9a:6f:c2:eb:d0:bd:29:c7:
7b:fd:f6:b2:5d:b3:f4:23:45:dc:4c:bd:51:46:44:fe:a7:ed:
aa:71:f7:20:af:9d:85:1d:aa:71:6c:ca:cc:26:a3:bf:9a:1e:
ac:66:2e:58:3b:ea:48:a1:36:be:d5:3e:43:27:d8:b0:b1:f6:
25:bd:8d:2f:42:7b:4d:71:c6:65:71:91:f0:f6:b4:d4:af:0a:
72:f4:ba:fd:69:c0:a3:11:f7:8b:08:d1:56:e1:85:e4:47:e5:
56:96:c0:9b:14:cd:19:3b:77:27:92:9a:f8:8a:a3:d7:1a:c4:
a3:f6:94:91:3d:01:fa:6f:13:d1:61:09:bf:26:09:36:2c:25:
93:e4:ce:03:8b:e3:b0:2c:c9:ca:d8:1b:5e:f4:58:53:67:e9:
46:1b:2f:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVr7qy/gEq+DBjo7xcGKPvrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMDYwMjM4ZDA2NjhkNDVhMDQxNjE4YWM1ZGY3NjdmNTlh
MGM0YWUwHhcNMjMwMTAxMDYwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGJlNjIyZDY2MTQxMzI3NDAwOGY5MWE2MzM4MDZiNWE1MGE3ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklGJe8p2ayHSNYR1WKgODKTmUZIq
W23YhiTIX8kviVO2m7tHEh17TkD8iyuxfqx4NXRrKmdSxoEiTrlefdff8XsIvGOI
xSOIWfASS+99Zx75Aw9U7vIT2Ih1nDBL4deo03NitryFjDhsbrDsmvirMz4DOw+E
ByH9D8ERd0tok2qXEkLuqqI9hP+jwqw2BWbZd+1Nwx3OKSI2e4gXRmwbVplWzOpi
4sQqtY5Pb/2363pclE/bM3QioD4JojNEcMJ2zquZjzOr3GQVg/vEA8sxFpfi9NoJ
uB0wZFMCfxbBHPicmUXIpYjz3hX+3fkg3bFJres8X2thdL/7ibuqV4lrFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGC+Yi1mFBMnQAj5GmM4BrWlCnh8MB8GA1UdIwQY
MBaAFM0GAjjQZo1FoEFhisXfdn9ZoMSuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelFZQ09OQm1qVVdnUVdHS3hkOTJmMW1neEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NjIwMDYtZjE1OC00ZTVhLWI5NTYt
N2ZiNmVhODk2MzdmLzEvWUw1aUxXWVVFeWRBQ1BrYVl6Z0d0YVVLZUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NjIwMDYtZjE1OC00ZTVhLWI5NTYtN2ZiNmVhODk2Mzdm
LzEvelFZQ09OQm1qVVdnUVdHS3hkOTJmMW1neEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUTcMA0G
CSqGSIb3DQEBCwUAA4IBAQBXAITH/8jucWQIVYPg9YsvYeaGCpk0qZ10Y3vUzKiC
6u+ECXviviVC4fW6cGEFTsuOOlI4swFZ8A7rWOWPT3Zj2Bpma7Ge77/bkThtgXuw
tW75UCA7YgL1t2RMQDtKlUrHJ64Zmm/C69C9Kcd7/fayXbP0I0XcTL1RRkT+p+2q
cfcgr52FHapxbMrMJqO/mh6sZi5YO+pIoTa+1T5DJ9iwsfYlvY0vQntNccZlcZHw
9rTUrwpy9Lr9acCjEfeLCNFW4YXkR+VWlsCbFM0ZO3cnkpr4iqPXGsSj9pSRPQH6
bxPRYQm/Jgk2LCWT5M4Di+OwLMnK2Bte9FhTZ+lGGy9j
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:51:40 2025 by rpki-client