Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rsKJuTj175u37AD8B_lTivCaKRI.roa
File: rsKJuTj175u37AD8B_lTivCaKRI.roa (raw, json)
Hash identifier: cZnHBJGSKhuEyLfMcpBixUD+jwDp42p2DDuciuoPgGI=
Subject key identifier: AE:C2:89:B9:38:F5:EF:9B:B7:EC:00:FC:07:F9:53:8A:F0:9A:29:12
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018997FE8498A52561A82268F152AC06D77D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rsKJuTj175u37AD8B_lTivCaKRI.roa
Signing time: Thu 27 Jul 2023 15:36:26 +0000
ROA not before: Thu 27 Jul 2023 15:36:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57097
IP address blocks: 193.124.3.0/24 maxlen: 24
193.124.8.0/24 maxlen: 24
194.87.229.0/24 maxlen: 24
185.72.11.0/24 maxlen: 24
194.87.161.0/24 maxlen: 24
195.133.28.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:97:fe:84:98:a5:25:61:a8:22:68:f1:52:ac:06:d7:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 27 15:36:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aec289b938f5ef9bb7ec00fc07f9538af09a2912
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:70:74:48:5f:a7:f5:63:03:45:35:14:1c:5f:
fb:ed:0e:a6:d3:e0:9c:fe:cd:a8:ca:52:4a:12:c1:
79:8f:32:ff:0c:cf:b4:9e:3e:d9:8d:e0:db:48:47:
5d:9b:15:92:6b:53:c5:53:2a:69:01:37:11:fe:33:
9a:7c:2e:ba:af:29:29:27:df:db:10:eb:4e:d2:df:
f5:d1:e9:d3:f2:f7:3d:bc:06:f1:96:14:f0:47:31:
75:aa:0e:60:f9:21:48:a1:aa:58:39:4e:81:68:a8:
1b:87:db:ac:29:18:7a:2c:c6:15:3a:51:c2:66:7a:
d5:2c:01:65:02:1b:ab:e9:99:ab:c5:a8:db:0f:c2:
61:0d:1b:8a:34:6b:61:b3:0f:cf:a0:03:88:31:32:
5a:f0:09:11:c6:c1:46:37:33:da:b4:f9:4a:5c:5b:
34:d0:55:f7:c5:48:2f:ec:25:ee:3e:91:06:d9:43:
86:53:69:a2:12:03:39:18:e3:08:e1:51:8d:d4:c2:
0e:c6:32:f8:09:32:b8:79:c7:80:9b:45:18:3e:33:
9b:44:16:5c:16:9f:fa:f1:d7:51:47:f2:4b:68:31:
48:2e:84:36:0f:6a:f6:d3:fd:4a:18:e4:30:51:e0:
f6:69:af:05:4c:a2:8c:eb:fb:a5:1e:c6:42:b6:b3:
35:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:C2:89:B9:38:F5:EF:9B:B7:EC:00:FC:07:F9:53:8A:F0:9A:29:12
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rsKJuTj175u37AD8B_lTivCaKRI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.72.11.0/24
193.124.3.0/24
193.124.8.0/24
194.58.59.0/24
194.87.161.0/24
194.87.229.0/24
195.133.28.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:a2:c4:b4:59:db:e4:3c:43:d5:5c:33:ee:8d:3c:db:39:8b:
67:38:c7:1f:a4:a9:6d:0a:6e:9e:a1:a4:cd:c6:84:f5:a7:5c:
5e:3f:fb:cc:96:27:df:b1:15:1f:4f:24:52:a7:97:5c:79:59:
22:34:d2:6e:9f:be:94:4f:39:f6:0b:b2:42:df:94:1f:c8:4f:
e3:74:67:eb:d7:d8:a1:38:71:47:3c:91:1d:9e:0d:dd:4b:5f:
67:65:cb:a9:6a:74:d3:82:9a:70:63:c1:a6:48:ca:bd:5d:93:
0e:b5:74:24:ed:2a:76:20:a9:f4:92:b9:71:74:87:53:b7:c8:
da:b1:40:c0:25:05:83:38:cd:b6:76:19:76:e6:0c:b2:c3:fb:
16:b0:ee:42:66:5f:c0:83:c0:f9:e6:0c:a9:23:55:8e:16:c9:
08:22:09:dc:82:82:49:72:d4:80:5d:ed:cd:14:ed:55:28:1b:
c5:33:3d:98:7c:ab:5b:27:76:43:da:68:f5:93:63:7a:8a:2c:
02:7a:11:9f:f2:39:3b:e6:f9:6c:8d:0a:45:3a:72:c0:72:5b:
34:b2:72:27:04:21:0d:93:dd:b8:e3:d9:d4:93:07:aa:79:06:
f6:e0:99:c2:ec:d0:cb:1d:da:b7:a4:f1:4b:eb:e5:73:f5:13:
ce:e7:2b:98
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYmX/oSYpSVhqCJo8VKsBtd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzI3MTUzNjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWMyODliOTM4ZjVlZjliYjdlYzAwZmMwN2Y5NTM4YWYwOWEyOTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnB0SF+n9WMDRTUUHF/77Q6m0+Cc
/s2oylJKEsF5jzL/DM+0nj7ZjeDbSEddmxWSa1PFUyppATcR/jOafC66rykpJ9/b
EOtO0t/10enT8vc9vAbxlhTwRzF1qg5g+SFIoapYOU6BaKgbh9usKRh6LMYVOlHC
ZnrVLAFlAhur6ZmrxajbD8JhDRuKNGthsw/PoAOIMTJa8AkRxsFGNzPatPlKXFs0
0FX3xUgv7CXuPpEG2UOGU2miEgM5GOMI4VGN1MIOxjL4CTK4eceAm0UYPjObRBZc
Fp/68ddRR/JLaDFILoQ2D2r20/1KGOQwUeD2aa8FTKKM6/ulHsZCtrM15wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFK7Cibk49e+bt+wA/Af5U4rwmikSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcnNLSnVUajE3NXUzN0FEOEJfbFRpdkNhS1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAuUgLAwQA
wXwDAwQAwXwIAwQAwjo7AwQAwlehAwQAwlflAwQAw4UcMA0GCSqGSIb3DQEBCwUA
A4IBAQCKosS0WdvkPEPVXDPujTzbOYtnOMcfpKltCm6eoaTNxoT1p1xeP/vMliff
sRUfTyRSp5dceVkiNNJun76UTzn2C7JC35QfyE/jdGfr19ihOHFHPJEdng3dS19n
ZcupanTTgppwY8GmSMq9XZMOtXQk7Sp2IKn0krlxdIdTt8jasUDAJQWDOM22dhl2
5gyyw/sWsO5CZl/Ag8D55gypI1WOFskIIgncgoJJctSAXe3NFO1VKBvFMz2YfKtb
J3ZD2mj1k2N6iiwCehGf8jk75vlsjQpFOnLAcls0snInBCENk92449nUkweqeQb2
4JnC7NDLHdq3pPFL6+Vz9RPO5yuY
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:18:23 2025 by rpki-client