Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/sldmEwHNlupltlyQ2q-U8tBAY08.roa
File: sldmEwHNlupltlyQ2q-U8tBAY08.roa (raw, json)
Hash identifier: 448lGT4utJAgEbAYh5VaZZVkOT5DcRS2rZuHGPI/7qk=
Subject key identifier: B2:57:66:13:01:CD:96:EA:65:B6:5C:90:DA:AF:94:F2:D0:40:63:4F
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018ACAB646D5C2D2AD85E31CC4E0118274F6
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/sldmEwHNlupltlyQ2q-U8tBAY08.roa
Signing time: Mon 25 Sep 2023 05:00:57 +0000
ROA not before: Mon 25 Sep 2023 05:00:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 121.127.56.0/21 maxlen: 24
66.9.96.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ca:b6:46:d5:c2:d2:ad:85:e3:1c:c4:e0:11:82:74:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Sep 25 05:00:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b257661301cd96ea65b65c90daaf94f2d040634f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:5f:84:f5:53:d1:c4:84:6e:62:41:cb:9c:46:
6f:8c:0d:74:bf:cf:6e:b3:a2:79:e0:dc:fa:36:27:
bb:5a:e4:d4:c2:c2:04:67:52:93:08:3c:d2:be:42:
14:15:d3:08:78:2a:8e:26:91:c6:76:c5:2d:76:30:
94:cb:1b:18:0c:47:10:3f:ab:da:fb:7e:c6:48:04:
9e:1a:34:84:3b:f4:6c:46:1d:d2:c1:a5:a5:d4:d6:
fb:1a:30:dc:34:33:b1:33:0b:9f:38:bd:95:83:fe:
9e:b8:6e:95:a4:03:6a:c2:94:01:a4:7a:db:14:1e:
7d:00:d9:29:b7:25:88:25:71:ca:b0:f6:de:e9:34:
6e:d3:38:cc:78:60:f2:d4:e0:3e:87:82:b6:d2:92:
77:71:86:04:a6:58:21:f3:27:3a:a6:94:58:1a:92:
41:e3:1e:5e:3d:f5:8d:bd:a6:0a:fd:a8:ee:71:41:
f0:99:97:82:f9:f1:98:ef:c5:9b:4e:b5:98:b7:e5:
f5:a4:d8:e8:14:d1:19:b8:dd:88:58:ae:b1:5f:8b:
fa:b2:0b:b4:e4:ae:26:0e:18:ad:b4:f6:8b:f5:39:
e8:71:a0:d3:22:b4:bb:f5:2d:9f:91:d9:b7:0f:ad:
64:60:8d:75:f5:41:13:91:f3:f3:21:76:b6:bd:2b:
12:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:57:66:13:01:CD:96:EA:65:B6:5C:90:DA:AF:94:F2:D0:40:63:4F
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/sldmEwHNlupltlyQ2q-U8tBAY08.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
66.9.96.0/20
121.127.56.0/21
198.145.112.0/22
Signature Algorithm: sha256WithRSAEncryption
09:49:16:c2:7e:d9:43:7a:cb:8b:fe:b4:af:b1:23:6a:85:bc:
c9:23:db:dd:88:10:04:c0:c8:47:c4:dc:d9:29:2f:60:00:a9:
c6:c0:4e:08:bc:4a:fb:75:cc:cd:c2:46:44:12:eb:fd:ee:5b:
75:f2:28:52:5c:94:a7:a6:52:69:29:1f:53:a9:3d:82:94:4a:
7d:69:2a:61:59:db:0d:2a:0a:b5:28:d5:cd:06:78:c1:10:63:
08:24:3a:00:50:4b:26:25:c3:26:94:9e:32:49:8d:9d:09:a6:
5c:d2:de:91:2d:3e:e4:57:b1:33:48:4c:22:77:e8:84:9e:2f:
ad:22:bd:28:c7:20:e3:c7:39:1d:5a:28:f3:22:a2:a1:09:68:
d0:8e:86:b7:8e:1d:84:4a:6b:b1:b6:99:5e:91:c6:54:f0:d8:
ee:40:ba:0a:38:b5:b6:41:62:c9:a7:de:01:67:19:4a:b6:4a:
36:87:81:5b:dc:a5:8c:af:4d:c4:d3:0a:9e:4f:55:ed:83:b0:
55:54:5a:8e:03:e2:10:bd:74:32:21:1b:51:b8:58:a0:7b:03:
b9:88:38:e5:69:b9:1d:d8:4b:66:c8:21:97:e3:9d:5e:7b:4d:
83:8e:11:41:d0:84:6d:b9:f4:0a:bd:e4:ff:cb:a3:71:e1:36:
3a:bc:b3:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYrKtkbVwtKtheMcxOARgnT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjMwOTI1MDUwMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjU3NjYxMzAxY2Q5NmVhNjViNjVjOTBkYWFmOTRmMmQwNDA2MzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1+E9VPRxIRuYkHLnEZvjA10v89u
s6J54Nz6Nie7WuTUwsIEZ1KTCDzSvkIUFdMIeCqOJpHGdsUtdjCUyxsYDEcQP6va
+37GSASeGjSEO/RsRh3SwaWl1Nb7GjDcNDOxMwufOL2Vg/6euG6VpANqwpQBpHrb
FB59ANkptyWIJXHKsPbe6TRu0zjMeGDy1OA+h4K20pJ3cYYEplgh8yc6ppRYGpJB
4x5ePfWNvaYK/ajucUHwmZeC+fGY78WbTrWYt+X1pNjoFNEZuN2IWK6xX4v6sgu0
5K4mDhittPaL9TnocaDTIrS79S2fkdm3D61kYI119UETkfPzIXa2vSsS0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLJXZhMBzZbqZbZckNqvlPLQQGNPMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvc2xkbUV3SE5sdXBsdGx5UTJxLVU4dEJBWTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEQglgAwQD
eX84AwQCxpFwMA0GCSqGSIb3DQEBCwUAA4IBAQAJSRbCftlDesuL/rSvsSNqhbzJ
I9vdiBAEwMhHxNzZKS9gAKnGwE4IvEr7dczNwkZEEuv97lt18ihSXJSnplJpKR9T
qT2ClEp9aSphWdsNKgq1KNXNBnjBEGMIJDoAUEsmJcMmlJ4ySY2dCaZc0t6RLT7k
V7EzSEwid+iEni+tIr0oxyDjxzkdWijzIqKhCWjQjoa3jh2ESmuxtplekcZU8Nju
QLoKOLW2QWLJp94BZxlKtko2h4Fb3KWMr03E0wqeT1Xtg7BVVFqOA+IQvXQyIRtR
uFigewO5iDjlabkd2EtmyCGX451ee02DjhFB0IRtufQKveT/y6Nx4TY6vLOG
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:10:04 2025 by rpki-client