Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/PkXIe3e4LBUYM6rgIUz2w1GCN88.roa
File: PkXIe3e4LBUYM6rgIUz2w1GCN88.roa (raw, json)
Hash identifier: 9pTEQQgeEgeTj1KnBRbeniZN/P1WhowjYLEPUYA6uXU=
Subject key identifier: 3E:45:C8:7B:77:B8:2C:15:18:33:AA:E0:21:4C:F6:C3:51:82:37:CF
Certificate issuer: /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial: 01856D4ABBF7B13C5E42547EF9376F695D21
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/PkXIe3e4LBUYM6rgIUz2w1GCN88.roa
Signing time: Sun 01 Jan 2023 12:24:52 +0000
ROA not before: Sun 01 Jan 2023 12:24:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203436
IP address blocks: 185.224.217.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:bb:f7:b1:3c:5e:42:54:7e:f9:37:6f:69:5d:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Validity
Not Before: Jan 1 12:24:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e45c87b77b82c151833aae0214cf6c3518237cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:99:fa:a1:a5:96:e9:2c:ee:5e:ee:b8:67:18:
77:89:10:a3:e1:9b:79:89:f8:7c:9a:a4:52:9a:90:
c3:af:48:31:a8:92:92:0d:49:af:42:d6:c6:70:22:
88:ba:55:71:a6:43:fe:a1:93:7c:16:bf:75:02:c4:
92:bd:4d:63:49:40:bc:be:2b:1c:ca:3e:61:0d:f9:
44:04:6f:35:6c:fe:e8:f9:a2:a2:21:0b:2b:13:01:
7f:3e:b4:1a:eb:b2:01:04:9b:1c:db:42:3d:80:40:
26:90:b2:14:32:8c:6c:8e:11:77:10:f2:8a:76:cb:
a3:d5:f8:d1:f6:2d:1c:9d:8a:7a:9a:be:d8:86:ae:
55:01:3f:0c:4a:56:74:a4:ff:83:3c:04:3f:3e:08:
1e:b0:a5:d8:98:89:65:ee:31:99:83:96:e1:0a:64:
76:e4:79:d5:52:43:a2:2a:c0:ce:b1:62:6d:04:94:
45:21:6d:64:91:dd:38:27:a6:3c:33:58:08:82:68:
b2:30:64:64:60:8b:a0:f6:7a:9d:71:78:a5:bd:32:
5d:84:40:0b:fc:70:1a:43:13:18:9a:9b:e4:e2:db:
99:73:d0:c1:37:3d:43:ba:41:19:8d:7a:c3:23:f9:
59:6b:35:fe:9a:1e:00:b8:a2:ce:07:82:3f:d3:d9:
0d:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:45:C8:7B:77:B8:2C:15:18:33:AA:E0:21:4C:F6:C3:51:82:37:CF
X509v3 Authority Key Identifier:
keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/PkXIe3e4LBUYM6rgIUz2w1GCN88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.224.217.0/24
Signature Algorithm: sha256WithRSAEncryption
85:0c:84:54:d5:af:38:97:1f:fa:5e:ae:dc:87:21:05:b2:32:
50:81:f1:7d:68:7c:f1:bd:eb:42:1f:92:43:8f:54:d5:16:ba:
0b:76:4a:fc:56:c9:87:18:ca:0a:87:73:db:21:c0:e9:5e:80:
c8:dc:47:4d:22:24:5d:6c:c7:92:a4:3a:a3:8c:d0:92:63:74:
ea:fd:e2:dc:12:a6:0c:99:99:dd:69:1c:24:14:b8:a0:19:46:
dd:d7:62:e5:5a:23:d6:9e:2b:93:34:a1:80:6d:db:20:06:64:
2d:b2:fe:e0:48:27:0a:ee:03:dc:b2:1b:d2:07:75:ed:85:af:
d4:11:59:6d:9b:8c:37:55:fc:e1:c5:de:b3:e2:f4:8f:d1:21:
41:da:8b:ad:68:74:6b:ed:9d:94:ea:eb:d7:33:22:ec:37:c1:
8f:dc:a5:76:91:01:4a:d3:6c:3f:31:c1:58:a0:73:b0:62:77:
df:3d:33:64:07:5b:de:94:cb:ea:3f:62:10:f9:b5:56:78:79:
c1:1e:63:16:54:18:6f:ef:4e:83:e7:0f:46:cf:ed:b9:30:b7:
b6:69:7d:6a:52:de:66:29:05:2d:a6:64:09:aa:a2:37:5c:8b:
0b:74:cd:59:72:27:eb:ca:87:45:53:51:a8:53:df:9f:c0:70:
7f:eb:0d:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtSrv3sTxeQlR++TdvaV0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjMwMTAxMTIyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQ1Yzg3Yjc3YjgyYzE1MTgzM2FhZTAyMTRjZjZjMzUxODIzN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5n6oaWW6SzuXu64Zxh3iRCj4Zt5
ifh8mqRSmpDDr0gxqJKSDUmvQtbGcCKIulVxpkP+oZN8Fr91AsSSvU1jSUC8visc
yj5hDflEBG81bP7o+aKiIQsrEwF/PrQa67IBBJsc20I9gEAmkLIUMoxsjhF3EPKK
dsuj1fjR9i0cnYp6mr7Yhq5VAT8MSlZ0pP+DPAQ/PggesKXYmIll7jGZg5bhCmR2
5HnVUkOiKsDOsWJtBJRFIW1kkd04J6Y8M1gIgmiyMGRkYIug9nqdcXilvTJdhEAL
/HAaQxMYmpvk4tuZc9DBNz1DukEZjXrDI/lZazX+mh4AuKLOB4I/09kNbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5FyHt3uCwVGDOq4CFM9sNRgjfPMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvUGtYSWUzZTRMQlVZTTZyZ0lVejJ3MUdDTjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueDZMA0G
CSqGSIb3DQEBCwUAA4IBAQCFDIRU1a84lx/6Xq7chyEFsjJQgfF9aHzxvetCH5JD
j1TVFroLdkr8VsmHGMoKh3PbIcDpXoDI3EdNIiRdbMeSpDqjjNCSY3Tq/eLcEqYM
mZndaRwkFLigGUbd12LlWiPWniuTNKGAbdsgBmQtsv7gSCcK7gPcshvSB3Xtha/U
EVltm4w3Vfzhxd6z4vSP0SFB2outaHRr7Z2U6uvXMyLsN8GP3KV2kQFK02w/McFY
oHOwYnffPTNkB1velMvqP2IQ+bVWeHnBHmMWVBhv706D5w9Gz+25MLe2aX1qUt5m
KQUtpmQJqqI3XIsLdM1ZcifryodFU1GoU9+fwHB/6w2Q
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:17:04 2025 by rpki-client