Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/itXNrK8B29RQW8b3pD25QKaDKig.roa
File: itXNrK8B29RQW8b3pD25QKaDKig.roa (raw, json)
Hash identifier: 3DgNeSkd/uHHOOTo5yPPkk+arP87gpFKt5B4c92xj0s=
Subject key identifier: 8A:D5:CD:AC:AF:01:DB:D4:50:5B:C6:F7:A4:3D:B9:40:A6:83:2A:28
Certificate issuer: /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial: 018BD3522336C6301F118E61C77DC6BBD510
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/itXNrK8B29RQW8b3pD25QKaDKig.roa
Signing time: Wed 15 Nov 2023 14:10:57 +0000
ROA not before: Wed 15 Nov 2023 14:10:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7393
IP address blocks: 62.106.81.0/24 maxlen: 24
185.230.246.0/24 maxlen: 24
91.246.36.0/24 maxlen: 24
176.116.10.0/24 maxlen: 24
188.244.125.0/24 maxlen: 24
193.243.186.0/24 maxlen: 24
212.18.119.0/24 maxlen: 24
194.150.79.0/24 maxlen: 24
213.173.38.0/24 maxlen: 24
77.75.229.0/24 maxlen: 24
79.110.224.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d3:52:23:36:c6:30:1f:11:8e:61:c7:7d:c6:bb:d5:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Validity
Not Before: Nov 15 14:10:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8ad5cdacaf01dbd4505bc6f7a43db940a6832a28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:6f:08:54:84:4e:6b:f5:14:d2:d5:2c:e0:58:
98:02:c8:dd:31:8a:da:3b:6f:e1:30:96:cd:05:6c:
8c:63:27:14:25:c0:53:b3:e1:bc:ec:b5:17:0e:07:
73:b3:c3:03:0c:73:07:14:55:6a:4b:e0:be:18:1c:
c7:a2:bb:bc:b9:3a:8d:c7:af:d0:97:9f:4d:9a:69:
ab:a3:34:18:12:3c:8c:20:10:44:78:81:c1:b0:e7:
d7:90:58:29:6b:5c:f8:4f:f2:05:7a:eb:fe:92:3d:
3b:fb:57:a5:93:de:a3:1d:8a:2b:b5:ae:26:12:cd:
a2:06:bf:df:e6:c5:1c:ea:ed:24:d2:97:ca:4d:cf:
52:5e:78:ed:aa:8f:dd:f8:d9:57:6f:f4:2a:e3:af:
84:3c:79:17:29:f7:c2:6d:86:49:08:fc:9e:9b:fa:
bf:6b:fc:19:dd:dd:f8:03:d9:4b:e5:d3:11:b3:af:
3f:1b:c1:19:3c:88:cf:0b:c7:89:5d:35:1e:e0:14:
b2:a5:58:b4:ad:b8:e2:09:79:4d:67:2d:8e:f9:b6:
32:ec:51:54:cc:1c:25:7f:b7:2a:11:18:86:f4:b5:
c6:9a:ab:0b:3c:dc:9b:3f:8c:ef:30:88:0c:6d:ba:
9b:05:58:13:6f:67:82:76:fe:08:3c:5b:fa:89:f2:
94:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:D5:CD:AC:AF:01:DB:D4:50:5B:C6:F7:A4:3D:B9:40:A6:83:2A:28
X509v3 Authority Key Identifier:
keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/itXNrK8B29RQW8b3pD25QKaDKig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.106.81.0/24
77.75.229.0/24
79.110.224.0/24
91.246.36.0/24
176.116.10.0/24
185.230.246.0/24
188.244.125.0/24
193.243.186.0/24
194.150.79.0/24
212.18.119.0/24
213.173.38.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:88:66:87:85:e8:94:58:26:4d:78:9e:df:a9:de:31:ec:92:
ba:55:65:9a:7f:a1:84:57:54:85:3f:0f:0b:8c:51:2f:5a:fb:
03:9d:9e:42:d3:24:bf:53:4c:87:fa:44:72:bc:3d:c5:b1:7e:
3d:00:11:48:19:6e:e2:c0:70:dc:c7:b2:2e:a5:a5:2b:de:19:
66:b0:33:34:d6:8d:35:61:ec:2f:8e:61:4b:96:bf:80:f3:83:
9a:91:20:49:1c:5d:98:03:48:39:b9:a7:73:cd:e6:aa:7b:54:
87:12:62:df:0d:ef:3e:da:9d:79:f9:d0:3b:ed:d7:e0:af:a3:
6f:83:12:40:ea:e5:fa:a3:1d:81:22:79:05:2c:e9:56:bf:8d:
8a:61:ef:9e:48:54:34:54:80:14:20:ff:cb:25:ed:c3:df:cd:
bb:b5:ed:d5:3b:ee:50:84:77:65:60:a2:c6:b2:2f:56:e9:9b:
60:de:4e:1b:09:a4:93:fb:e5:f4:34:ec:9e:53:59:6b:cf:6c:
b6:c8:89:03:66:13:9f:ef:06:d1:2e:e4:45:be:6a:04:b4:12:
db:56:73:33:c2:8b:8e:c8:16:6b:bc:ee:c6:13:07:54:05:6f:
f4:32:9b:f6:7d:49:8c:9c:3c:15:29:0f:01:a8:9f:de:b2:d4:
c3:b6:8f:8d
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYvTUiM2xjAfEY5hx33Gu9UQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjMxMTE1MTQxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQ1Y2RhY2FmMDFkYmQ0NTA1YmM2ZjdhNDNkYjk0MGE2ODMyYTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG8IVIROa/UU0tUs4FiYAsjdMYra
O2/hMJbNBWyMYycUJcBTs+G87LUXDgdzs8MDDHMHFFVqS+C+GBzHoru8uTqNx6/Q
l59NmmmrozQYEjyMIBBEeIHBsOfXkFgpa1z4T/IFeuv+kj07+1elk96jHYorta4m
Es2iBr/f5sUc6u0k0pfKTc9SXnjtqo/d+NlXb/Qq46+EPHkXKffCbYZJCPyem/q/
a/wZ3d34A9lL5dMRs68/G8EZPIjPC8eJXTUe4BSypVi0rbjiCXlNZy2O+bYy7FFU
zBwlf7cqERiG9LXGmqsLPNybP4zvMIgMbbqbBVgTb2eCdv4IPFv6ifKUSQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIrVzayvAdvUUFvG96Q9uUCmgyooMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvaXRYTnJLOEIyOVJRVzhiM3BEMjVRS2FES2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAPmpRAwQA
TUvlAwQAT27gAwQAW/YkAwQAsHQKAwQAueb2AwQAvPR9AwQAwfO6AwQAwpZPAwQA
1BJ3AwQA1a0mMA0GCSqGSIb3DQEBCwUAA4IBAQBOiGaHheiUWCZNeJ7fqd4x7JK6
VWWaf6GEV1SFPw8LjFEvWvsDnZ5C0yS/U0yH+kRyvD3FsX49ABFIGW7iwHDcx7Iu
paUr3hlmsDM01o01YewvjmFLlr+A84OakSBJHF2YA0g5uadzzeaqe1SHEmLfDe8+
2p15+dA77dfgr6NvgxJA6uX6ox2BInkFLOlWv42KYe+eSFQ0VIAUIP/LJe3D3827
te3VO+5QhHdlYKLGsi9W6Ztg3k4bCaST++X0NOyeU1lrz2y2yIkDZhOf7wbRLuRF
vmoEtBLbVnMzwouOyBZrvO7GEwdUBW/0Mpv2fUmMnDwVKQ8BqJ/estTDto+N
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:44:04 2025 by rpki-client