Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/C70oUS9adxQmyamCHcNhWtIkh1k.roa
File: C70oUS9adxQmyamCHcNhWtIkh1k.roa (raw, json)
Hash identifier: kyudtqS4Djvx0mj4StgH40F2IxUDcCmA+qH/v4kufl8=
Subject key identifier: 0B:BD:28:51:2F:5A:77:14:26:C9:A9:82:1D:C3:61:5A:D2:24:87:59
Certificate issuer: /CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Certificate serial: 01856D81C2D64BC51DBFDD94761703D7AFAA
Authority key identifier: 32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/C70oUS9adxQmyamCHcNhWtIkh1k.roa
Signing time: Sun 01 Jan 2023 13:24:58 +0000
ROA not before: Sun 01 Jan 2023 13:24:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29345
IP address blocks: 85.254.192.0/23 maxlen: 24
85.254.193.0/24 maxlen: 24
91.240.246.0/23 maxlen: 23
2a02:501::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:c2:d6:4b:c5:1d:bf:dd:94:76:17:03:d7:af:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Validity
Not Before: Jan 1 13:24:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0bbd28512f5a771426c9a9821dc3615ad2248759
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:92:1b:07:0f:c8:54:33:e5:96:16:56:ba:de:
fb:ba:81:e3:1c:6f:33:a1:aa:58:c0:bc:f2:02:0e:
4f:ef:f4:cc:d4:49:f0:2c:4a:c6:2d:57:10:8c:7d:
61:9e:6d:53:22:95:7e:bb:b6:01:a1:29:1b:cb:58:
13:e7:8e:10:c9:0c:29:0b:c6:fe:ab:bb:04:93:9b:
68:d9:f1:35:66:0c:2a:f1:eb:a6:87:6f:34:f7:84:
03:08:91:95:88:64:99:18:f4:a1:33:53:04:f9:76:
f9:df:9c:9a:3c:be:14:47:b4:97:fa:23:63:4d:38:
d3:c6:56:a9:9c:ab:85:82:6c:e1:95:f7:b3:ed:6c:
fb:45:a7:3d:cd:85:d0:a3:f5:e3:72:8e:ea:63:a7:
65:e6:47:55:dd:fe:1a:a2:7e:eb:1e:86:36:2d:50:
e3:01:1f:90:65:9b:0b:de:d4:b0:1b:ca:00:77:ae:
74:53:04:db:aa:4c:1c:c0:57:50:57:0d:29:34:ab:
e7:f5:d9:49:0c:52:38:e9:b5:4a:1b:21:a0:5b:01:
51:44:88:d4:04:e7:f8:1c:20:36:ff:70:25:ce:3b:
d0:53:61:2f:36:3f:8a:c6:cb:14:fc:58:b5:ed:a0:
d7:1d:87:0b:1b:72:82:b6:96:06:a0:7b:b8:68:88:
86:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:BD:28:51:2F:5A:77:14:26:C9:A9:82:1D:C3:61:5A:D2:24:87:59
X509v3 Authority Key Identifier:
keyid:32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/C70oUS9adxQmyamCHcNhWtIkh1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.254.192.0/23
91.240.246.0/23
IPv6:
2a02:501::/32
Signature Algorithm: sha256WithRSAEncryption
89:20:61:2c:93:b5:0f:b1:cf:21:56:f8:de:3c:ea:8d:1d:09:
25:c3:24:e3:1b:d6:38:c0:d5:7f:12:13:b2:de:1b:29:d3:37:
fc:83:72:9f:ca:49:6b:31:9e:00:d8:70:83:b8:c0:d5:94:69:
71:a1:da:a6:c7:57:80:d9:78:08:26:da:4f:f2:06:38:66:83:
a5:5e:28:8f:b7:35:cb:8c:10:37:fc:1e:2f:98:c0:51:8e:c4:
1c:1f:cf:bd:c4:f2:47:d1:27:2c:ac:8c:21:8e:09:ef:1a:f5:
be:05:5e:51:8c:3e:af:01:ea:15:a5:dd:f9:62:dd:7b:29:20:
50:8b:a8:5d:57:e0:0b:62:43:e5:1d:64:96:dc:dd:63:2d:4c:
cc:19:df:81:ee:92:c8:93:39:b2:bd:34:7a:49:27:81:8c:e9:
84:eb:9b:a6:e9:67:92:1a:6a:30:3d:66:9f:ea:83:3b:2d:18:
38:f3:64:5b:0c:75:5c:65:92:82:ca:f6:57:b1:b8:e7:27:61:
f8:7c:d6:df:e5:88:6d:9e:a7:e0:77:53:6c:37:fb:4b:2f:21:
22:6c:5f:9f:bb:ae:81:42:d2:50:50:93:36:b6:cc:c5:87:cf:
0c:ff:1a:62:1c:2b:49:8e:38:9f:16:89:6d:78:c8:92:f3:9d:
1f:f2:68:b5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtgcLWS8Udv92UdhcD16+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGIyNGE3NDBmMmU2MTYzMjA1MGFkYzE0NmMxZWU2YTNl
Njg2YzUwHhcNMjMwMTAxMTMyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJkMjg1MTJmNWE3NzE0MjZjOWE5ODIxZGMzNjE1YWQyMjQ4NzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipIbBw/IVDPllhZWut77uoHjHG8z
oapYwLzyAg5P7/TM1EnwLErGLVcQjH1hnm1TIpV+u7YBoSkby1gT544QyQwpC8b+
q7sEk5to2fE1Zgwq8eumh28094QDCJGViGSZGPShM1ME+Xb535yaPL4UR7SX+iNj
TTjTxlapnKuFgmzhlfez7Wz7Rac9zYXQo/Xjco7qY6dl5kdV3f4aon7rHoY2LVDj
AR+QZZsL3tSwG8oAd650UwTbqkwcwFdQVw0pNKvn9dlJDFI46bVKGyGgWwFRRIjU
BOf4HCA2/3AlzjvQU2EvNj+KxssU/Fi17aDXHYcLG3KCtpYGoHu4aIiGXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAu9KFEvWncUJsmpgh3DYVrSJIdZMB8GA1UdIwQY
MBaAFDILJKdA8uYWMgUK3BRsHuaj5obFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYt
OTQ5MTRmNWRkYjNjLzEvQzcwb1VTOWFkeFFteWFtQ0hjTmhXdElraDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYtOTQ5MTRmNWRkYjNj
LzEvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBVf7AAwQB
W/D2MA0EAgACMAcDBQAqAgUBMA0GCSqGSIb3DQEBCwUAA4IBAQCJIGEsk7UPsc8h
VvjePOqNHQklwyTjG9Y4wNV/EhOy3hsp0zf8g3KfyklrMZ4A2HCDuMDVlGlxodqm
x1eA2XgIJtpP8gY4ZoOlXiiPtzXLjBA3/B4vmMBRjsQcH8+9xPJH0ScsrIwhjgnv
GvW+BV5RjD6vAeoVpd35Yt17KSBQi6hdV+ALYkPlHWSW3N1jLUzMGd+B7pLIkzmy
vTR6SSeBjOmE65um6WeSGmowPWaf6oM7LRg482RbDHVcZZKCyvZXsbjnJ2H4fNbf
5Yhtnqfgd1NsN/tLLyEibF+fu66BQtJQUJM2tszFh88M/xpiHCtJjjifFolteMiS
850f8mi1
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:14 2025 by rpki-client