Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/853c76-a398-435a-be41-7d0ac52815a6/1/VT1dmKMQBMP0rkOHuLAnKQDhQVc.roa
File: VT1dmKMQBMP0rkOHuLAnKQDhQVc.roa (raw, json)
Hash identifier: ZYP/1SD/R+OtuayKogpLLNcyE3/hRrGJpE+RxQN0r0A=
Subject key identifier: 55:3D:5D:98:A3:10:04:C3:F4:AE:43:87:B8:B0:27:29:00:E1:41:57
Certificate issuer: /CN=dbd7c951348bd2e09ccaf76f57b8385f15df44e4
Certificate serial: 01856DDD3FC968911EAF6B7EFF6DA65CAE5F
Authority key identifier: DB:D7:C9:51:34:8B:D2:E0:9C:CA:F7:6F:57:B8:38:5F:15:DF:44:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/29fJUTSL0uCcyvdvV7g4XxXfROQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/853c76-a398-435a-be41-7d0ac52815a6/1/VT1dmKMQBMP0rkOHuLAnKQDhQVc.roa
Signing time: Sun 01 Jan 2023 15:04:54 +0000
ROA not before: Sun 01 Jan 2023 15:04:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201766
IP address blocks: 176.124.253.0/24 maxlen: 24
185.64.32.0/22 maxlen: 23
2a04:f7c1::/32 maxlen: 32
2a04:f7c0::/32 maxlen: 32
2a04:f7c2::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:dd:3f:c9:68:91:1e:af:6b:7e:ff:6d:a6:5c:ae:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbd7c951348bd2e09ccaf76f57b8385f15df44e4
Validity
Not Before: Jan 1 15:04:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=553d5d98a31004c3f4ae4387b8b0272900e14157
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:38:49:d3:4e:f1:a1:12:f8:20:cb:51:10:5b:
53:3f:5d:ed:b5:e8:fa:60:df:40:84:45:04:2b:17:
06:70:19:35:37:9d:cd:7c:df:f3:26:f5:be:0c:31:
1d:68:a8:e9:84:80:cd:66:b7:64:90:23:fe:2c:32:
85:d7:ef:71:75:90:ec:72:54:3a:cf:5b:a9:66:e8:
d5:66:27:da:a5:05:c9:db:a4:a1:27:f9:08:0f:5d:
8b:0d:cd:ba:e4:cf:68:18:fc:e3:02:98:fd:0f:43:
13:b0:84:27:a6:9d:c8:f5:a5:aa:27:8e:24:28:d0:
45:54:3e:8e:c8:98:d9:d6:16:bb:27:da:e5:47:3f:
5f:ab:0f:fd:df:b1:e0:57:5a:b8:aa:82:e8:f8:fe:
90:d6:da:fd:ca:6d:05:10:a9:f5:25:a2:c6:7b:1d:
b1:8a:2a:f6:76:50:df:d6:8a:f4:17:6f:5f:fd:0b:
80:af:5b:f1:72:2a:d2:06:0e:cc:58:39:8c:cb:12:
4a:c9:b5:c5:ca:6a:dd:e2:cf:ce:60:81:7e:0b:9d:
84:6f:29:19:9c:02:c2:65:da:2c:af:ba:15:42:26:
ba:ab:66:25:a6:58:c5:c2:0f:86:b6:e2:97:88:e1:
64:7b:89:74:54:f3:07:eb:9b:b3:b1:59:47:0a:56:
8f:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:3D:5D:98:A3:10:04:C3:F4:AE:43:87:B8:B0:27:29:00:E1:41:57
X509v3 Authority Key Identifier:
keyid:DB:D7:C9:51:34:8B:D2:E0:9C:CA:F7:6F:57:B8:38:5F:15:DF:44:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29fJUTSL0uCcyvdvV7g4XxXfROQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/853c76-a398-435a-be41-7d0ac52815a6/1/VT1dmKMQBMP0rkOHuLAnKQDhQVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/853c76-a398-435a-be41-7d0ac52815a6/1/29fJUTSL0uCcyvdvV7g4XxXfROQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.124.253.0/24
185.64.32.0/22
IPv6:
2a04:f7c0::-2a04:f7c2:0:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
34:cc:6d:8c:ba:41:e1:d3:28:07:d7:70:2a:3a:8f:de:ea:4f:
4f:ce:fa:22:33:dc:92:2c:54:00:96:9e:bc:f5:7a:f5:ea:5a:
6f:14:fc:89:0c:91:cb:5d:d9:dc:d5:5b:94:18:e7:86:d9:46:
6c:bb:2d:39:ca:e3:c8:77:29:ba:ca:0c:91:30:74:d3:3d:dd:
cc:d9:ff:ca:0c:51:d5:c9:75:eb:98:9c:e8:f6:f4:67:72:28:
8a:27:e0:ec:6b:e8:7d:46:fc:59:77:46:4e:b1:a2:16:ff:12:
18:12:e0:eb:a9:8d:75:eb:9a:06:d6:fb:dc:3b:05:98:2e:31:
a5:d6:96:d3:95:fe:1a:fa:e1:d4:df:67:e5:6e:e6:23:98:16:
dd:65:fb:cd:06:70:4c:4a:f7:e9:9b:26:b1:11:4f:f8:46:64:
b6:a6:bb:b1:77:5e:b1:ef:82:5f:10:5f:80:e5:2b:47:fb:12:
47:e5:69:ea:e2:06:f7:bb:3a:b5:66:c8:db:b0:0b:ec:e8:78:
e0:ae:b5:c8:7a:1c:72:82:58:ca:65:70:50:da:9c:e6:ea:44:
a4:e0:6e:f3:35:5f:d8:2d:64:00:14:20:de:51:ac:f7:0a:10:
08:24:5c:1f:ed:ee:79:fb:bc:63:47:eb:ce:93:38:f4:88:ea:
be:42:0e:6d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYVt3T/JaJEer2t+/22mXK5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDdjOTUxMzQ4YmQyZTA5Y2NhZjc2ZjU3YjgzODVmMTVk
ZjQ0ZTQwHhcNMjMwMTAxMTUwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTNkNWQ5OGEzMTAwNGMzZjRhZTQzODdiOGIwMjcyOTAwZTE0MTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzhJ007xoRL4IMtREFtTP13ttej6
YN9AhEUEKxcGcBk1N53NfN/zJvW+DDEdaKjphIDNZrdkkCP+LDKF1+9xdZDsclQ6
z1upZujVZifapQXJ26ShJ/kID12LDc265M9oGPzjApj9D0MTsIQnpp3I9aWqJ44k
KNBFVD6OyJjZ1ha7J9rlRz9fqw/937HgV1q4qoLo+P6Q1tr9ym0FEKn1JaLGex2x
iir2dlDf1or0F29f/QuAr1vxcirSBg7MWDmMyxJKybXFymrd4s/OYIF+C52EbykZ
nALCZdosr7oVQia6q2YlpljFwg+GtuKXiOFke4l0VPMH65uzsVlHClaPZQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFFU9XZijEATD9K5Dh7iwJykA4UFXMB8GA1UdIwQY
MBaAFNvXyVE0i9LgnMr3b1e4OF8V30TkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlmSlVUU0wwdUNjeXZkdlY3ZzRYeFhmUk9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84NTNjNzYtYTM5OC00MzVhLWJlNDEt
N2QwYWM1MjgxNWE2LzEvVlQxZG1LTVFCTVAwcmtPSHVMQW5LUURoUVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84NTNjNzYtYTM5OC00MzVhLWJlNDEtN2QwYWM1MjgxNWE2
LzEvMjlmSlVUU0wwdUNjeXZkdlY3ZzRYeFhmUk9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAsHz9AwQC
uUAgMBgEAgACMBIwEAMFBioE98ADBwAqBPfCAAAwDQYJKoZIhvcNAQELBQADggEB
ADTMbYy6QeHTKAfXcCo6j97qT0/O+iIz3JIsVACWnrz1evXqWm8U/IkMkctd2dzV
W5QY54bZRmy7LTnK48h3KbrKDJEwdNM93czZ/8oMUdXJdeuYnOj29GdyKIon4Oxr
6H1G/Fl3Rk6xohb/EhgS4OupjXXrmgbW+9w7BZguMaXWltOV/hr64dTfZ+Vu5iOY
Ft1l+80GcExK9+mbJrERT/hGZLamu7F3XrHvgl8QX4DlK0f7EkflaeriBve7OrVm
yNuwC+zoeOCutch6HHKCWMplcFDanObqRKTgbvM1X9gtZAAUIN5RrPcKEAgkXB/t
7nn7vGNH686TOPSI6r5CDm0=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:33:55 2025 by rpki-client