Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/0KmisGefyAT99dnj181QP4oHdAQ.roa
File: 0KmisGefyAT99dnj181QP4oHdAQ.roa (raw, json)
Hash identifier: iplnawtbEdo6ujjUIQR4IoUuWrml0NMAZIK7+LVH1KU=
Subject key identifier: D0:A9:A2:B0:67:9F:C8:04:FD:F5:D9:E3:D7:CD:50:3F:8A:07:74:04
Certificate issuer: /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial: 01857EAC080C3F552A0B6BEB3E19D8CAD832
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/0KmisGefyAT99dnj181QP4oHdAQ.roa
Signing time: Wed 04 Jan 2023 21:24:41 +0000
ROA not before: Wed 04 Jan 2023 21:24:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60767
IP address blocks: 45.95.204.0/22 maxlen: 24
2a0e:3940:2000::/36 maxlen: 44
2a0e:3940:1000::/36 maxlen: 44
2a0e:3940:f000::/36 maxlen: 44
2a0e:3940:d000::/36 maxlen: 36
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7e:ac:08:0c:3f:55:2a:0b:6b:eb:3e:19:d8:ca:d8:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Validity
Not Before: Jan 4 21:24:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d0a9a2b0679fc804fdf5d9e3d7cd503f8a077404
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:58:c2:6a:f1:37:3f:a2:aa:ec:46:4b:67:77:
7e:08:52:8b:3a:bd:fd:5b:7d:c2:e6:f4:99:8e:96:
30:4f:59:b7:9a:df:5e:87:35:c8:6d:67:a1:99:c5:
fb:68:24:6c:6c:2b:79:02:92:6a:10:2b:d1:61:24:
92:a2:ea:ed:88:cf:d7:06:e2:e6:f9:8c:58:fe:59:
0a:33:af:63:ac:3d:53:d3:d7:4d:53:24:91:06:04:
79:ee:bf:67:12:dd:5c:3b:f9:23:f2:52:0f:b1:04:
47:6e:6f:92:48:25:d7:dd:cb:f4:d6:38:7b:ee:6c:
08:88:59:3a:e5:1c:a0:19:60:87:c0:00:52:55:e0:
66:47:d2:7b:11:2c:39:50:3e:16:a2:22:6e:59:d7:
ea:22:a4:16:50:5c:a8:f5:87:3c:2b:a6:e2:62:49:
b4:fe:ca:25:bb:f8:a6:12:dc:ab:39:c0:2f:8d:1a:
d5:b7:f3:f8:ca:2e:c5:59:8c:36:a6:17:47:49:57:
7f:36:5d:64:3a:ce:aa:4f:30:14:68:a6:78:fc:04:
e1:d9:48:4f:ed:5b:09:f5:df:14:a6:02:f0:67:8a:
bc:86:0d:14:b4:06:47:77:45:f2:79:7e:1c:01:fd:
17:8e:24:d5:74:d9:99:71:e6:53:93:b3:f2:fe:73:
18:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:A9:A2:B0:67:9F:C8:04:FD:F5:D9:E3:D7:CD:50:3F:8A:07:74:04
X509v3 Authority Key Identifier:
keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/0KmisGefyAT99dnj181QP4oHdAQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.204.0/22
IPv6:
2a0e:3940:1000::-2a0e:3940:2fff:ffff:ffff:ffff:ffff:ffff
2a0e:3940:d000::/36
2a0e:3940:f000::/36
Signature Algorithm: sha256WithRSAEncryption
3f:28:3d:75:f5:fb:85:cb:73:92:91:8b:ed:b3:72:25:d7:eb:
d7:c4:7d:26:85:d2:65:cb:03:7a:c6:4e:c2:ac:75:ee:0f:8e:
27:b6:a9:fb:ef:39:45:46:f3:66:bb:bb:c3:54:2c:57:1d:6f:
f7:98:df:43:c9:94:29:b2:b8:9b:2e:8e:59:3d:ff:1f:d5:da:
42:66:82:51:32:ae:e9:fe:c8:77:75:64:3a:ea:c3:ac:92:9a:
fb:74:43:1f:aa:35:82:90:79:b7:97:70:56:f6:f0:6d:ee:40:
1c:7a:4a:9a:35:12:7c:60:aa:85:f1:c2:aa:67:e8:c1:7c:4e:
31:ae:08:8a:f1:48:37:46:06:8d:a8:d6:c1:e3:b6:9a:06:ec:
73:5b:0c:3e:d6:06:1c:cc:d3:e4:80:79:19:5d:2c:96:7a:d6:
82:1b:da:b7:94:ab:ec:35:dc:d2:26:ef:16:c1:fb:fb:fa:4a:
63:2c:57:7d:f5:61:6e:e2:36:09:de:fb:b8:89:35:ff:35:db:
b2:fe:56:7c:86:aa:3e:28:a4:76:4a:0d:db:b2:4c:a4:f2:a8:
6e:7d:7b:03:61:9a:d0:48:1f:c5:38:6f:84:eb:1b:49:7a:ca:
f7:6b:4c:14:26:de:6b:d0:d0:b2:a8:b5:1f:ce:72:4c:a3:36:
56:d5:d9:93
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYV+rAgMP1UqC2vrPhnYytgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjMwMTA0MjEyNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGE5YTJiMDY3OWZjODA0ZmRmNWQ5ZTNkN2NkNTAzZjhhMDc3NDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFjCavE3P6Kq7EZLZ3d+CFKLOr39
W33C5vSZjpYwT1m3mt9ehzXIbWehmcX7aCRsbCt5ApJqECvRYSSSourtiM/XBuLm
+YxY/lkKM69jrD1T09dNUySRBgR57r9nEt1cO/kj8lIPsQRHbm+SSCXX3cv01jh7
7mwIiFk65RygGWCHwABSVeBmR9J7ESw5UD4WoiJuWdfqIqQWUFyo9Yc8K6biYkm0
/solu/imEtyrOcAvjRrVt/P4yi7FWYw2phdHSVd/Nl1kOs6qTzAUaKZ4/ATh2UhP
7VsJ9d8UpgLwZ4q8hg0UtAZHd0XyeX4cAf0XjiTVdNmZceZTk7Py/nMYQQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNCporBnn8gE/fXZ49fNUD+KB3QEMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvMEttaXNHZWZ5QVQ5OWRuajE4MVFQNG9IZEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAMBAIAATAGAwQCLV/MMCgE
AgACMCIwEAMGBCoOOUAQAwYEKg45QCADBgQqDjlA0AMGBCoOOUDwMA0GCSqGSIb3
DQEBCwUAA4IBAQA/KD119fuFy3OSkYvts3Il1+vXxH0mhdJlywN6xk7CrHXuD44n
tqn77zlFRvNmu7vDVCxXHW/3mN9DyZQpsribLo5ZPf8f1dpCZoJRMq7p/sh3dWQ6
6sOskpr7dEMfqjWCkHm3l3BW9vBt7kAcekqaNRJ8YKqF8cKqZ+jBfE4xrgiK8Ug3
RgaNqNbB47aaBuxzWww+1gYczNPkgHkZXSyWetaCG9q3lKvsNdzSJu8Wwfv7+kpj
LFd99WFu4jYJ3vu4iTX/Nduy/lZ8hqo+KKR2Sg3bskyk8qhufXsDYZrQSB/FOG+E
6xtJesr3a0wUJt5r0NCyqLUfznJMozZW1dmT
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:34:03 2025 by rpki-client