Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/NFYgLsQtRh4Vi1GTZ1E6r62zKaE.roa
File: NFYgLsQtRh4Vi1GTZ1E6r62zKaE.roa (raw, json)
Hash identifier: 3LMH9inHMe51vuzcDLJlDvZ5Bnq/9k31ByNHjSkWyFw=
Subject key identifier: 34:56:20:2E:C4:2D:46:1E:15:8B:51:93:67:51:3A:AF:AD:B3:29:A1
Certificate issuer: /CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
Certificate serial: 01856D2F34BFEDB12714BDA3902F69C5D20F
Authority key identifier: 54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/NFYgLsQtRh4Vi1GTZ1E6r62zKaE.roa
Signing time: Sun 01 Jan 2023 11:54:48 +0000
ROA not before: Sun 01 Jan 2023 11:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 185.64.24.0/24 maxlen: 24
185.64.25.0/24 maxlen: 24
185.64.26.0/24 maxlen: 24
185.64.27.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:34:bf:ed:b1:27:14:bd:a3:90:2f:69:c5:d2:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
Validity
Not Before: Jan 1 11:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3456202ec42d461e158b519367513aafadb329a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:c3:8e:75:06:09:76:6d:52:a9:b4:7b:0f:f5:
69:7a:2e:60:51:37:9c:68:db:0a:aa:95:b0:3b:b2:
fa:76:98:29:59:f1:1f:4d:7c:37:be:e8:c4:45:c6:
75:82:9b:84:81:65:79:f0:c3:d2:5c:0e:33:46:17:
bf:7e:26:46:62:5a:0f:4c:d2:08:3f:ec:49:a5:f2:
70:c2:ed:aa:d2:c5:3e:a6:df:c4:cb:f0:63:38:81:
1b:27:c2:de:b8:13:ff:76:b4:62:2b:80:ef:64:c7:
e6:f8:61:52:1a:d7:40:89:6e:31:5d:fb:02:46:5d:
ca:b0:ee:04:cd:f7:bb:e0:2a:69:97:1e:be:00:db:
2f:92:6b:0a:1c:52:6d:54:70:47:15:e5:67:e1:67:
35:af:15:37:f1:bd:0f:5c:04:9d:a7:33:d9:d9:78:
35:63:b9:46:9c:cf:c1:bf:eb:32:8d:2f:c1:c6:51:
f9:53:e4:a7:b0:50:81:6b:85:f6:40:8b:58:e7:c4:
9a:56:0a:6a:3e:51:c5:82:cd:83:57:58:45:ee:ab:
ae:e5:fe:79:b1:df:b3:dd:20:65:5a:3d:bc:f4:6e:
9d:7e:26:a9:f2:c5:eb:9a:db:4a:98:b7:53:6c:4e:
37:5a:17:48:4a:31:69:78:20:f4:fb:60:15:01:c4:
e3:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:56:20:2E:C4:2D:46:1E:15:8B:51:93:67:51:3A:AF:AD:B3:29:A1
X509v3 Authority Key Identifier:
keyid:54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/NFYgLsQtRh4Vi1GTZ1E6r62zKaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.64.24.0/22
Signature Algorithm: sha256WithRSAEncryption
4d:c6:f3:90:37:c5:a6:8a:23:7f:ba:f7:6f:3e:68:0c:b5:14:
b6:a8:1f:98:88:85:d9:5f:ea:47:48:c4:55:8e:74:d3:28:50:
ee:f7:35:7f:61:84:03:4c:27:16:b9:fa:60:aa:b9:41:c4:85:
10:74:f2:6a:c8:a1:ff:d6:24:e1:da:b7:39:2f:1b:d4:f0:a4:
9e:60:de:e7:12:73:5f:3d:a9:b9:98:8b:f9:f4:0a:7f:08:f7:
04:5a:a6:d9:6a:55:5a:71:d5:4a:76:c4:49:d4:b9:20:4e:da:
e4:81:b5:76:82:44:36:0b:ec:54:76:b0:d1:59:b2:bc:25:97:
a4:88:c0:b1:85:fd:4e:fc:f6:64:e0:02:6c:f3:bf:85:32:6c:
72:49:52:de:07:28:42:e5:6f:d8:22:1a:9d:8d:a3:68:84:72:
fc:f4:c6:99:79:e2:5d:89:c8:39:06:79:68:d4:08:ec:e5:73:
38:f5:0a:a4:d8:2d:0f:b7:75:67:56:00:f3:ac:5d:a7:69:04:
21:9b:4d:03:a3:9b:5d:ce:2b:f4:d8:06:61:39:45:28:8e:d1:
fc:30:15:1e:8b:45:9b:90:62:1f:11:92:92:d6:f5:25:05:67:
49:c4:0f:ee:f8:1e:9d:56:9a:b3:72:1c:66:d0:c8:3f:6a:f3:
09:d0:d7:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtLzS/7bEnFL2jkC9pxdIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YTMxYWIwMzNjZmQyZGVlNjg1MmZhOWQ4YmY1YTRhMGUz
NTI0MTQwHhcNMjMwMTAxMTE1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDU2MjAyZWM0MmQ0NjFlMTU4YjUxOTM2NzUxM2FhZmFkYjMyOWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8OOdQYJdm1SqbR7D/Vpei5gUTec
aNsKqpWwO7L6dpgpWfEfTXw3vujERcZ1gpuEgWV58MPSXA4zRhe/fiZGYloPTNII
P+xJpfJwwu2q0sU+pt/Ey/BjOIEbJ8LeuBP/drRiK4DvZMfm+GFSGtdAiW4xXfsC
Rl3KsO4Ezfe74Cpplx6+ANsvkmsKHFJtVHBHFeVn4Wc1rxU38b0PXASdpzPZ2Xg1
Y7lGnM/Bv+syjS/BxlH5U+SnsFCBa4X2QItY58SaVgpqPlHFgs2DV1hF7quu5f55
sd+z3SBlWj289G6dfiap8sXrmttKmLdTbE43WhdISjFpeCD0+2AVAcTjPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRWIC7ELUYeFYtRk2dROq+tsymhMB8GA1UdIwQY
MBaAFFSjGrAzz9Le5oUvqdi/WkoONSQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGIt
NjE5YzI2MTk0MTY4LzEvTkZZZ0xzUXRSaDRWaTFHVFoxRTZyNjJ6S2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGItNjE5YzI2MTk0MTY4
LzEvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUAYMA0G
CSqGSIb3DQEBCwUAA4IBAQBNxvOQN8WmiiN/uvdvPmgMtRS2qB+YiIXZX+pHSMRV
jnTTKFDu9zV/YYQDTCcWufpgqrlBxIUQdPJqyKH/1iTh2rc5LxvU8KSeYN7nEnNf
Pam5mIv59Ap/CPcEWqbZalVacdVKdsRJ1LkgTtrkgbV2gkQ2C+xUdrDRWbK8JZek
iMCxhf1O/PZk4AJs87+FMmxySVLeByhC5W/YIhqdjaNohHL89MaZeeJdicg5Bnlo
1Ajs5XM49Qqk2C0Pt3VnVgDzrF2naQQhm00Do5tdziv02AZhOUUojtH8MBUei0Wb
kGIfEZKS1vUlBWdJxA/u+B6dVpqzchxm0Mg/avMJ0Nci
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:10:23 2025 by rpki-client