Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/vFMAVfTRk1Aqn0lZBETAhB-Pcnw.roa
File: vFMAVfTRk1Aqn0lZBETAhB-Pcnw.roa (raw, json)
Hash identifier: NgPemmnlBXEKqRHCVgpMITHuNOr1UlKry94iRs0ls/c=
Subject key identifier: BC:53:00:55:F4:D1:93:50:2A:9F:49:59:04:44:C0:84:1F:8F:72:7C
Certificate issuer: /CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Certificate serial: 01856D81C02DF7579FF0D06D491C9E0B8CC8
Authority key identifier: 32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/vFMAVfTRk1Aqn0lZBETAhB-Pcnw.roa
Signing time: Sun 01 Jan 2023 13:24:57 +0000
ROA not before: Sun 01 Jan 2023 13:24:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5538
IP address blocks: 92.240.64.0/19 maxlen: 19
194.8.1.0/24 maxlen: 24
85.254.192.0/18 maxlen: 18
5.152.224.0/21 maxlen: 21
185.23.160.0/22 maxlen: 22
2a02:500::/29 maxlen: 29
2a02:500::/32 maxlen: 32
2a02:500:4000::/35 maxlen: 35
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:c0:2d:f7:57:9f:f0:d0:6d:49:1c:9e:0b:8c:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Validity
Not Before: Jan 1 13:24:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bc530055f4d193502a9f49590444c0841f8f727c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:d7:db:1f:f9:2b:14:65:d6:a5:7c:27:61:3d:
9c:14:0e:c0:a4:83:9a:c8:1e:5e:48:e9:ac:dc:4c:
2c:02:d3:b0:a1:85:6b:ff:26:ba:ac:85:f7:b6:8c:
be:68:8f:30:57:18:e1:07:91:67:ec:e5:5d:b1:e4:
93:ad:cd:3a:c9:3c:0c:3e:11:46:ab:74:7c:20:4a:
8b:fb:2b:19:94:89:a5:b2:88:d9:e6:3a:02:34:84:
56:c5:3d:b5:2c:46:20:0e:e3:fd:e5:8b:a6:c2:d8:
7d:44:57:ed:a5:c0:80:27:c3:db:db:f4:50:f7:be:
c6:e3:bc:a4:5c:12:7c:60:36:a8:e9:24:fa:56:da:
aa:6d:d6:79:bb:68:1a:71:db:0c:51:f2:c5:63:b6:
85:80:8a:7c:3f:1e:12:4f:b1:da:f6:bf:50:fb:10:
b4:4f:4a:59:a0:91:65:c0:ee:50:65:d9:5f:af:b8:
2c:3f:5b:71:f2:9a:b7:73:1d:fc:ee:e0:e1:65:b3:
5d:85:0b:14:75:bc:cf:49:e4:d8:3e:1e:42:18:53:
ba:36:30:9f:ff:60:3d:b2:49:f8:3b:fe:ca:83:12:
1b:40:d8:25:25:27:a4:cd:eb:18:92:9b:3e:c7:23:
a1:28:54:7d:64:de:96:d6:6f:9e:8e:09:2d:48:d8:
2d:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:53:00:55:F4:D1:93:50:2A:9F:49:59:04:44:C0:84:1F:8F:72:7C
X509v3 Authority Key Identifier:
keyid:32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/vFMAVfTRk1Aqn0lZBETAhB-Pcnw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.224.0/21
85.254.192.0/18
92.240.64.0/19
185.23.160.0/22
194.8.1.0/24
IPv6:
2a02:500::/29
Signature Algorithm: sha256WithRSAEncryption
60:ec:b2:3b:79:f5:17:c9:ec:e6:fc:fa:c3:37:af:f6:71:5b:
0b:26:08:e6:a1:76:2b:1c:e3:ff:64:5f:09:c9:0d:8d:5f:8b:
c0:d1:24:3f:78:79:cd:80:e6:74:14:4a:b5:ec:dd:1b:0c:80:
87:a3:ca:d5:98:44:19:c3:c4:54:95:5b:19:86:4e:06:61:02:
63:5b:ff:f1:28:b2:92:0c:e7:cc:d4:bf:36:c8:61:90:ec:ea:
1b:4b:ff:87:8a:b6:35:51:4f:e7:9d:9f:bd:cc:1a:8f:2d:76:
05:3e:e2:d1:68:c6:ca:40:5d:61:e8:9d:7f:a8:a4:3d:c2:63:
0b:d9:41:0a:d5:50:f1:44:2d:73:4e:17:c5:f3:4c:a4:d5:1f:
23:a2:88:aa:24:bc:e3:0d:2f:83:89:b5:9e:96:bb:32:4f:09:
98:35:8a:0b:d4:cd:7c:e6:a3:1f:8f:28:6e:c9:ae:01:d8:d7:
e2:3c:d4:f4:83:cc:f2:d8:ec:01:bc:6d:5f:dc:74:d4:d6:e4:
97:11:d7:f1:f3:9a:bc:2d:0d:f3:7c:9e:b1:3c:12:7a:b7:0b:
db:4f:f9:98:a9:f0:d8:a4:45:1a:ef:28:7b:48:3b:fd:9f:1a:
31:8b:de:ab:f9:d0:15:1b:e0:db:93:c6:3b:e2:e4:02:7e:7d:
80:69:5a:ce
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVtgcAt91ef8NBtSRyeC4zIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGIyNGE3NDBmMmU2MTYzMjA1MGFkYzE0NmMxZWU2YTNl
Njg2YzUwHhcNMjMwMTAxMTMyNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzUzMDA1NWY0ZDE5MzUwMmE5ZjQ5NTkwNDQ0YzA4NDFmOGY3MjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNfbH/krFGXWpXwnYT2cFA7ApIOa
yB5eSOms3EwsAtOwoYVr/ya6rIX3toy+aI8wVxjhB5Fn7OVdseSTrc06yTwMPhFG
q3R8IEqL+ysZlImlsojZ5joCNIRWxT21LEYgDuP95Yumwth9RFftpcCAJ8Pb2/RQ
977G47ykXBJ8YDao6ST6VtqqbdZ5u2gacdsMUfLFY7aFgIp8Px4ST7Ha9r9Q+xC0
T0pZoJFlwO5QZdlfr7gsP1tx8pq3cx387uDhZbNdhQsUdbzPSeTYPh5CGFO6NjCf
/2A9skn4O/7KgxIbQNglJSekzesYkps+xyOhKFR9ZN6W1m+ejgktSNgtVwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLxTAFX00ZNQKp9JWQREwIQfj3J8MB8GA1UdIwQY
MBaAFDILJKdA8uYWMgUK3BRsHuaj5obFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYt
OTQ5MTRmNWRkYjNjLzEvdkZNQVZmVFJrMUFxbjBsWkJFVEFoQi1QY253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYtOTQ5MTRmNWRkYjNj
LzEvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBZjgAwQG
Vf7AAwQFXPBAAwQCuRegAwQAwggBMA0EAgACMAcDBQMqAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQBg7LI7efUXyezm/PrDN6/2cVsLJgjmoXYrHOP/ZF8JyQ2NX4vA0SQ/
eHnNgOZ0FEq17N0bDICHo8rVmEQZw8RUlVsZhk4GYQJjW//xKLKSDOfM1L82yGGQ
7OobS/+HirY1UU/nnZ+9zBqPLXYFPuLRaMbKQF1h6J1/qKQ9wmML2UEK1VDxRC1z
ThfF80yk1R8jooiqJLzjDS+DibWelrsyTwmYNYoL1M185qMfjyhuya4B2NfiPNT0
g8zy2OwBvG1f3HTU1uSXEdfx85q8LQ3zfJ6xPBJ6twvbT/mYqfDYpEUa7yh7SDv9
nxoxi96r+dAVG+Dbk8Y74uQCfn2AaVrO
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:51 2025 by rpki-client