Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/CaDIKoaPeccRSEPJ0sAaXSXb1CQ.roa
File: CaDIKoaPeccRSEPJ0sAaXSXb1CQ.roa (raw, json)
Hash identifier: xgxWBKgbn6Zaxn5VA0SgrJIpyqWxf3fl2qbSuKIsYMg=
Subject key identifier: 09:A0:C8:2A:86:8F:79:C7:11:48:43:C9:D2:C0:1A:5D:25:DB:D4:24
Certificate issuer: /CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
Certificate serial: 018BEBA7C0DB746B4D23BD7779A14D4D886C
Authority key identifier: BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/CaDIKoaPeccRSEPJ0sAaXSXb1CQ.roa
Signing time: Mon 20 Nov 2023 07:35:21 +0000
ROA not before: Mon 20 Nov 2023 07:35:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50084
IP address blocks: 185.96.176.0/24 maxlen: 24
185.96.179.0/24 maxlen: 24
185.96.176.0/22 maxlen: 22
185.96.177.0/24 maxlen: 24
185.96.178.0/24 maxlen: 24
194.247.164.0/23 maxlen: 23
194.247.164.0/24 maxlen: 24
194.247.165.0/24 maxlen: 24
2a07:4140::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:eb:a7:c0:db:74:6b:4d:23:bd:77:79:a1:4d:4d:88:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
Validity
Not Before: Nov 20 07:35:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=09a0c82a868f79c7114843c9d2c01a5d25dbd424
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:10:2c:bf:27:ec:0f:28:77:a6:23:0d:02:c9:
9d:bb:d8:e1:a5:60:5e:af:37:97:34:d5:db:2f:9a:
02:ae:fa:ab:e8:bb:ce:51:53:11:e8:76:93:0b:b8:
2d:1a:0b:e9:6e:60:ed:b1:ff:3b:6f:f4:90:b6:c1:
05:5c:f0:18:ff:6c:98:37:ec:0c:27:77:ce:fe:7c:
f3:50:fd:cc:dd:43:1a:8a:6e:5e:d2:28:ec:9b:4d:
58:97:66:4c:f1:13:5d:81:b8:5c:61:dd:1a:d7:e0:
fb:0a:dd:e4:ce:09:04:c0:8d:c6:46:30:3b:2a:b2:
8f:bf:fc:f6:72:55:e2:64:2f:d0:62:e3:d3:56:c8:
51:1b:9e:a3:ad:99:c1:48:14:d0:23:45:ae:9b:f5:
e0:b3:46:7d:7c:35:99:9e:2a:a6:11:f9:29:f5:61:
a0:b6:6f:db:ae:5d:33:33:82:e1:d8:ef:60:1c:bd:
de:32:99:40:79:af:e8:ed:63:ca:be:fd:52:6c:2f:
43:74:a0:2d:20:7a:45:1d:18:c4:6b:a0:85:08:e4:
f4:30:4d:fb:51:10:65:7f:2e:02:a7:63:c6:d3:d3:
a0:23:e8:7f:50:16:d6:1c:7f:2c:18:3c:63:99:9b:
ae:0d:c2:bd:f8:51:7c:84:a0:6e:c7:73:d1:8f:30:
d8:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:A0:C8:2A:86:8F:79:C7:11:48:43:C9:D2:C0:1A:5D:25:DB:D4:24
X509v3 Authority Key Identifier:
keyid:BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/CaDIKoaPeccRSEPJ0sAaXSXb1CQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.96.176.0/22
194.247.164.0/23
IPv6:
2a07:4140::/29
Signature Algorithm: sha256WithRSAEncryption
32:ce:dc:86:a9:ac:88:08:c4:98:98:03:61:8d:2f:57:f1:40:
c2:da:f2:6d:f2:2c:71:a5:f5:0f:bc:2e:fe:19:4e:f5:ae:db:
21:0b:61:ec:4c:a9:39:0d:7d:4f:6b:bc:11:c7:5e:d9:f0:c0:
32:c1:57:d4:d2:4c:9e:6b:d2:8a:70:bc:e2:8e:09:52:74:d2:
5f:2c:7c:ed:84:0c:b6:99:9c:e0:d6:c0:15:1b:08:b7:b8:35:
a7:bd:75:90:43:c6:46:14:e9:12:f3:c7:87:45:db:b6:b3:4a:
a6:45:3d:8c:2e:fa:03:f5:1d:27:ba:b3:7c:fa:71:69:70:70:
e9:68:9e:3d:49:66:86:29:a4:2b:78:40:c7:2c:12:07:51:81:
f2:f8:71:1d:43:ea:12:fc:e9:94:07:60:79:a4:90:95:38:73:
83:f2:42:a5:68:5f:b6:a4:7b:a0:ee:ae:34:3f:c5:0b:59:c1:
fb:0a:d5:43:9c:7f:82:a3:a8:fe:a1:04:0c:a1:f2:90:05:4b:
2e:48:50:79:85:46:35:2e:53:7b:b6:59:1d:7d:f3:55:a1:1a:
7b:a8:65:dd:f9:e4:71:4d:8f:3d:36:94:36:45:33:0a:c8:c3:
36:81:ba:38:49:1c:ba:0f:ed:9d:1e:c7:ac:c9:f2:2e:c5:80:
34:b5:ff:0d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYvrp8DbdGtNI713eaFNTYhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDk0M2Y1MjAzZDQzNDYwYTEzYWQ0ZWE5ZDdkNWI5NTBj
NjEzY2QwHhcNMjMxMTIwMDczNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWEwYzgyYTg2OGY3OWM3MTE0ODQzYzlkMmMwMWE1ZDI1ZGJkNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBAsvyfsDyh3piMNAsmdu9jhpWBe
rzeXNNXbL5oCrvqr6LvOUVMR6HaTC7gtGgvpbmDtsf87b/SQtsEFXPAY/2yYN+wM
J3fO/nzzUP3M3UMaim5e0ijsm01Yl2ZM8RNdgbhcYd0a1+D7Ct3kzgkEwI3GRjA7
KrKPv/z2clXiZC/QYuPTVshRG56jrZnBSBTQI0Wum/Xgs0Z9fDWZniqmEfkp9WGg
tm/brl0zM4Lh2O9gHL3eMplAea/o7WPKvv1SbC9DdKAtIHpFHRjEa6CFCOT0ME37
URBlfy4Cp2PG09OgI+h/UBbWHH8sGDxjmZuuDcK9+FF8hKBux3PRjzDYkQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAmgyCqGj3nHEUhDydLAGl0l29QkMB8GA1UdIwQY
MBaAFL5JQ/UgPUNGChOtTqnX1blQxhPNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYt
YTA1MWFlNjNkYmExLzEvQ2FESUtvYVBlY2NSU0VQSjBzQWFYU1hiMUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYtYTA1MWFlNjNkYmEx
LzEvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWCwAwQB
wvekMA0EAgACMAcDBQMqB0FAMA0GCSqGSIb3DQEBCwUAA4IBAQAyztyGqayICMSY
mANhjS9X8UDC2vJt8ixxpfUPvC7+GU71rtshC2HsTKk5DX1Pa7wRx17Z8MAywVfU
0kyea9KKcLzijglSdNJfLHzthAy2mZzg1sAVGwi3uDWnvXWQQ8ZGFOkS88eHRdu2
s0qmRT2MLvoD9R0nurN8+nFpcHDpaJ49SWaGKaQreEDHLBIHUYHy+HEdQ+oS/OmU
B2B5pJCVOHOD8kKlaF+2pHug7q40P8ULWcH7CtVDnH+Co6j+oQQMofKQBUsuSFB5
hUY1LlN7tlkdffNVoRp7qGXd+eRxTY89NpQ2RTMKyMM2gbo4SRy6D+2dHsesyfIu
xYA0tf8N
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:32:35 2025 by rpki-client