Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c6b65c-2fc3-4196-af30-3940d135b28b/1/zf1lX_jbDVB7EKNcVLqJ0yiRry0.roa
File: zf1lX_jbDVB7EKNcVLqJ0yiRry0.roa (raw, json)
Hash identifier: 1A00T2OLrJKv4m/HClczHFZzGOqsRw8/Tnt6kKeoqHA=
Subject key identifier: CD:FD:65:5F:F8:DB:0D:50:7B:10:A3:5C:54:BA:89:D3:28:91:AF:2D
Certificate issuer: /CN=bf70d6fc63d1777eedcd8f46a5593617c6319de6
Certificate serial: 0185720344CA4DF496487B126779C43BAA5D
Authority key identifier: BF:70:D6:FC:63:D1:77:7E:ED:CD:8F:46:A5:59:36:17:C6:31:9D:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v3DW_GPRd37tzY9GpVk2F8YxneY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/c6b65c-2fc3-4196-af30-3940d135b28b/1/zf1lX_jbDVB7EKNcVLqJ0yiRry0.roa
Signing time: Mon 02 Jan 2023 10:24:54 +0000
ROA not before: Mon 02 Jan 2023 10:24:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52022
IP address blocks: 91.220.220.0/24 maxlen: 24
91.236.30.0/23 maxlen: 24
2001:678:220::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:03:44:ca:4d:f4:96:48:7b:12:67:79:c4:3b:aa:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf70d6fc63d1777eedcd8f46a5593617c6319de6
Validity
Not Before: Jan 2 10:24:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cdfd655ff8db0d507b10a35c54ba89d32891af2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:5b:49:66:c6:0f:23:f9:ac:77:b7:84:ca:f2:
3b:43:ac:d9:30:b5:9f:ac:4e:58:68:eb:3a:c7:5d:
8e:4e:3d:85:ad:1d:dc:47:bc:19:3e:71:d6:4d:54:
e0:db:03:cc:80:19:f1:b3:bc:b2:a2:0a:ce:c5:8c:
df:e9:6b:8c:14:14:16:84:ce:f5:8f:47:83:34:06:
d9:25:80:a1:97:09:53:1f:65:e3:c2:99:0e:9f:28:
da:a6:3d:4e:80:e2:09:b0:d0:32:f9:6c:0a:31:01:
95:31:02:69:54:f3:46:dc:a6:a1:c0:08:d4:e7:4d:
aa:5f:55:77:d8:75:2d:ac:b4:fc:d4:4e:8d:f5:96:
94:87:20:ff:07:d5:b3:a9:d1:b9:fb:d0:fb:9d:17:
66:c0:de:6e:c7:28:df:91:69:38:3e:a2:cb:d7:5f:
52:19:df:37:5f:7a:89:36:6b:f9:56:3c:d6:d8:39:
2e:44:bd:59:2f:06:76:1a:39:3b:3b:ac:eb:a0:06:
4f:c2:5e:2b:a5:a8:a3:e3:86:77:33:02:8e:95:a7:
72:f1:2d:ed:90:64:5d:ed:19:2c:8a:d6:06:e2:36:
1b:f5:5c:b7:64:e5:06:3f:36:2e:8c:7b:b4:54:ea:
73:1e:e1:8b:74:98:3b:f5:ac:26:0f:eb:ff:42:8c:
57:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:FD:65:5F:F8:DB:0D:50:7B:10:A3:5C:54:BA:89:D3:28:91:AF:2D
X509v3 Authority Key Identifier:
keyid:BF:70:D6:FC:63:D1:77:7E:ED:CD:8F:46:A5:59:36:17:C6:31:9D:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v3DW_GPRd37tzY9GpVk2F8YxneY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c6b65c-2fc3-4196-af30-3940d135b28b/1/zf1lX_jbDVB7EKNcVLqJ0yiRry0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c6b65c-2fc3-4196-af30-3940d135b28b/1/v3DW_GPRd37tzY9GpVk2F8YxneY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.220.220.0/24
91.236.30.0/23
IPv6:
2001:678:220::/48
Signature Algorithm: sha256WithRSAEncryption
01:aa:ec:b2:3c:0e:bc:bd:6f:89:8d:c6:46:a5:6c:6f:d8:7b:
84:8c:c8:09:0b:fe:28:d7:c7:7a:27:ae:de:cf:3f:12:45:f8:
31:86:55:dc:35:65:ed:5f:7a:ea:08:64:b8:c4:a7:d2:54:73:
e5:cf:c6:0c:42:a1:1c:b4:91:a2:37:d8:6d:2b:5e:b7:27:50:
9d:5f:0b:22:57:f5:b6:5b:9b:d3:7a:49:ee:3e:52:6a:f1:5d:
01:72:6b:58:fe:34:a1:b3:d7:d2:f2:f0:af:56:bb:07:69:f4:
d3:05:7b:a0:8c:54:f9:b8:a7:e0:43:75:45:82:59:20:d2:f1:
63:d1:8e:28:78:85:1d:9d:bc:bb:7c:8d:bf:c5:66:6f:42:86:
9b:ee:f9:22:e7:c6:4e:b9:eb:e6:14:fd:fc:9a:49:05:fc:a0:
44:63:49:7b:00:e5:bd:da:ed:e0:63:57:09:24:34:43:55:ec:
9c:06:7a:1d:c8:8c:11:34:76:d4:80:47:fd:47:f2:26:7c:4d:
db:64:99:18:63:60:dd:5b:b9:96:51:04:e6:a1:c5:0b:7b:a3:
d5:ff:d7:9f:c0:58:b2:38:50:4f:ae:89:fb:8c:24:bd:92:ed:
7b:2b:4c:2e:24:59:dd:c3:3e:3c:87:a4:d7:d7:bb:c3:97:4a:
d4:17:59:b7
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVyA0TKTfSWSHsSZ3nEO6pdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNzBkNmZjNjNkMTc3N2VlZGNkOGY0NmE1NTkzNjE3YzYz
MTlkZTYwHhcNMjMwMTAyMTAyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZkNjU1ZmY4ZGIwZDUwN2IxMGEzNWM1NGJhODlkMzI4OTFhZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhltJZsYPI/msd7eEyvI7Q6zZMLWf
rE5YaOs6x12OTj2FrR3cR7wZPnHWTVTg2wPMgBnxs7yyogrOxYzf6WuMFBQWhM71
j0eDNAbZJYChlwlTH2XjwpkOnyjapj1OgOIJsNAy+WwKMQGVMQJpVPNG3KahwAjU
502qX1V32HUtrLT81E6N9ZaUhyD/B9WzqdG5+9D7nRdmwN5uxyjfkWk4PqLL119S
Gd83X3qJNmv5VjzW2DkuRL1ZLwZ2Gjk7O6zroAZPwl4rpaij44Z3MwKOlady8S3t
kGRd7RksitYG4jYb9Vy3ZOUGPzYujHu0VOpzHuGLdJg79awmD+v/QoxXkwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFM39ZV/42w1QexCjXFS6idMoka8tMB8GA1UdIwQY
MBaAFL9w1vxj0Xd+7c2PRqVZNhfGMZ3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjNEV19HUFJkMzd0elk5R3BWazJGOFl4bmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jNmI2NWMtMmZjMy00MTk2LWFmMzAt
Mzk0MGQxMzViMjhiLzEvemYxbFhfamJEVkI3RUtOY1ZMcUoweWlScnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jNmI2NWMtMmZjMy00MTk2LWFmMzAtMzk0MGQxMzViMjhi
LzEvdjNEV19HUFJkMzd0elk5R3BWazJGOFl4bmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW9zcAwQB
W+weMA8EAgACMAkDBwAgAQZ4AiAwDQYJKoZIhvcNAQELBQADggEBAAGq7LI8Dry9
b4mNxkalbG/Ye4SMyAkL/ijXx3onrt7PPxJF+DGGVdw1Ze1feuoIZLjEp9JUc+XP
xgxCoRy0kaI32G0rXrcnUJ1fCyJX9bZbm9N6Se4+UmrxXQFya1j+NKGz19Ly8K9W
uwdp9NMFe6CMVPm4p+BDdUWCWSDS8WPRjih4hR2dvLt8jb/FZm9Chpvu+SLnxk65
6+YU/fyaSQX8oERjSXsA5b3a7eBjVwkkNENV7JwGeh3IjBE0dtSAR/1H8iZ8Tdtk
mRhjYN1buZZRBOahxQt7o9X/15/AWLI4UE+uifuMJL2S7XsrTC4kWd3DPjyHpNfX
u8OXStQXWbc=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:36:40 2025 by rpki-client