Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/41e287-50b4-46ef-82cc-ca3b7278dde2/1/r_Z8MXqhc3Jf5DNaFXyDk1ZaCKk.roa
File: r_Z8MXqhc3Jf5DNaFXyDk1ZaCKk.roa (raw, json)
Hash identifier: ifFN6/dpf+QJB6h3ACi5ImQnLfDY/OQmhJBLOJiZqCA=
Subject key identifier: AF:F6:7C:31:7A:A1:73:72:5F:E4:33:5A:15:7C:83:93:56:5A:08:A9
Certificate issuer: /CN=b69cb709934b99f689dd1e99d72c1b000fd872c5
Certificate serial: 01856C41485D4C9B3531CEA8C41164319E61
Authority key identifier: B6:9C:B7:09:93:4B:99:F6:89:DD:1E:99:D7:2C:1B:00:0F:D8:72:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tpy3CZNLmfaJ3R6Z1ywbAA_YcsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/41e287-50b4-46ef-82cc-ca3b7278dde2/1/r_Z8MXqhc3Jf5DNaFXyDk1ZaCKk.roa
Signing time: Sun 01 Jan 2023 07:34:55 +0000
ROA not before: Sun 01 Jan 2023 07:34:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 38926
IP address blocks: 195.114.114.0/23 maxlen: 24
193.169.64.0/23 maxlen: 24
5.44.160.0/21 maxlen: 24
185.105.68.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:41:48:5d:4c:9b:35:31:ce:a8:c4:11:64:31:9e:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b69cb709934b99f689dd1e99d72c1b000fd872c5
Validity
Not Before: Jan 1 07:34:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aff67c317aa173725fe4335a157c8393565a08a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:af:22:14:f2:d5:23:23:ca:38:50:38:ac:e9:
70:ae:cd:2f:95:6f:c4:86:dd:78:0a:78:a2:a3:eb:
04:9d:69:c4:ac:a3:aa:9a:e8:2d:79:81:3f:58:45:
99:d8:41:cc:c2:ba:dd:56:38:4e:4e:d4:ad:ea:c0:
49:13:98:20:06:5b:85:e0:0c:6b:d3:e2:bd:e1:97:
aa:b3:1f:a8:51:5f:d2:0f:65:aa:f3:22:9a:b5:32:
9a:bf:e9:17:42:c6:36:ee:50:37:3c:67:b3:e0:5d:
fb:c8:25:b4:f3:e6:3b:20:97:35:dc:a3:90:7b:04:
84:17:ae:9c:d7:72:21:e7:01:89:94:c8:5d:d1:67:
c1:30:91:a1:f8:09:08:7c:e7:36:bd:27:e3:da:f7:
b0:22:cd:d1:7f:56:2c:93:c4:e7:94:c8:9a:00:aa:
a8:95:8f:a7:06:f6:f7:de:9a:30:5d:7a:42:6a:a3:
f6:14:d4:f2:7b:73:80:95:ac:c9:b3:39:f6:ce:be:
59:97:57:d3:49:a6:f9:c9:e2:03:8b:64:d7:c5:4a:
41:7d:e4:98:56:d3:e6:c0:ff:cd:08:6f:69:c0:bc:
b7:4a:4e:2b:9e:2c:75:06:20:5d:ee:4d:61:6f:c6:
a1:c7:25:0f:ec:73:73:69:cd:6d:f8:7a:4f:31:3a:
0a:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:F6:7C:31:7A:A1:73:72:5F:E4:33:5A:15:7C:83:93:56:5A:08:A9
X509v3 Authority Key Identifier:
keyid:B6:9C:B7:09:93:4B:99:F6:89:DD:1E:99:D7:2C:1B:00:0F:D8:72:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tpy3CZNLmfaJ3R6Z1ywbAA_YcsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/41e287-50b4-46ef-82cc-ca3b7278dde2/1/r_Z8MXqhc3Jf5DNaFXyDk1ZaCKk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/41e287-50b4-46ef-82cc-ca3b7278dde2/1/tpy3CZNLmfaJ3R6Z1ywbAA_YcsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.160.0/21
185.105.68.0/22
193.169.64.0/23
195.114.114.0/23
Signature Algorithm: sha256WithRSAEncryption
2a:61:d6:7c:18:66:56:d6:0c:9b:92:27:9e:02:0a:6f:c7:19:
1f:bf:63:24:15:1e:bf:ca:a0:51:54:17:99:6b:88:c0:e0:22:
06:8d:05:70:fb:7d:cd:a7:36:29:14:77:e2:14:a4:d5:b6:c0:
b5:a4:f9:9d:47:1f:88:71:1f:cd:ad:32:29:46:90:42:d2:43:
d9:78:f1:c5:fd:e0:a6:aa:d1:37:79:9f:21:da:dd:a1:45:42:
33:4c:57:cf:9f:9c:62:63:7d:09:4c:c9:56:c8:b6:d0:ee:0e:
d3:41:07:e1:07:86:7a:73:f8:f8:f4:69:ab:b6:9f:f0:68:e2:
3f:46:89:02:83:b8:79:e1:d6:d7:b3:8f:1a:42:8b:b5:66:27:
1d:44:da:99:ac:ab:10:06:01:d0:d1:85:cc:72:9e:08:90:ed:
13:bb:91:ec:0b:30:a6:01:ea:2d:cd:5c:3c:18:d3:16:b0:3a:
2d:00:bb:8e:6f:a6:75:da:93:42:41:3e:f8:79:81:ca:1e:e1:
73:71:fd:05:5f:77:26:87:f1:91:50:1d:df:38:08:45:0a:ca:
43:f5:03:57:97:8a:fd:f4:26:dd:af:15:be:df:8b:0d:bf:be:
cd:77:75:b5:5a:ad:b1:c5:66:de:89:f5:10:a8:1e:94:c3:5e:
28:9e:e4:32
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVsQUhdTJs1Mc6oxBFkMZ5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OWNiNzA5OTM0Yjk5ZjY4OWRkMWU5OWQ3MmMxYjAwMGZk
ODcyYzUwHhcNMjMwMTAxMDczNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmY2N2MzMTdhYTE3MzcyNWZlNDMzNWExNTdjODM5MzU2NWEwOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh68iFPLVIyPKOFA4rOlwrs0vlW/E
ht14Cniio+sEnWnErKOqmugteYE/WEWZ2EHMwrrdVjhOTtSt6sBJE5ggBluF4Axr
0+K94Zeqsx+oUV/SD2Wq8yKatTKav+kXQsY27lA3PGez4F37yCW08+Y7IJc13KOQ
ewSEF66c13Ih5wGJlMhd0WfBMJGh+AkIfOc2vSfj2vewIs3Rf1Ysk8TnlMiaAKqo
lY+nBvb33powXXpCaqP2FNTye3OAlazJszn2zr5Zl1fTSab5yeIDi2TXxUpBfeSY
VtPmwP/NCG9pwLy3Sk4rnix1BiBd7k1hb8ahxyUP7HNzac1t+HpPMToK0wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK/2fDF6oXNyX+QzWhV8g5NWWgipMB8GA1UdIwQY
MBaAFLactwmTS5n2id0emdcsGwAP2HLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHB5M0NaTkxtZmFKM1I2WjF5d2JBQV9ZY3NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS80MWUyODctNTBiNC00NmVmLTgyY2Mt
Y2EzYjcyNzhkZGUyLzEvcl9aOE1YcWhjM0pmNUROYUZYeURrMVphQ0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS80MWUyODctNTBiNC00NmVmLTgyY2MtY2EzYjcyNzhkZGUy
LzEvdHB5M0NaTkxtZmFKM1I2WjF5d2JBQV9ZY3NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBSygAwQC
uWlEAwQBwalAAwQBw3JyMA0GCSqGSIb3DQEBCwUAA4IBAQAqYdZ8GGZW1gybkiee
Agpvxxkfv2MkFR6/yqBRVBeZa4jA4CIGjQVw+33NpzYpFHfiFKTVtsC1pPmdRx+I
cR/NrTIpRpBC0kPZePHF/eCmqtE3eZ8h2t2hRUIzTFfPn5xiY30JTMlWyLbQ7g7T
QQfhB4Z6c/j49Gmrtp/waOI/RokCg7h54dbXs48aQou1ZicdRNqZrKsQBgHQ0YXM
cp4IkO0Tu5HsCzCmAeotzVw8GNMWsDotALuOb6Z12pNCQT74eYHKHuFzcf0FX3cm
h/GRUB3fOAhFCspD9QNXl4r99CbdrxW+34sNv77Nd3W1Wq2xxWbeifUQqB6Uw14o
nuQy
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:31:53 2025 by rpki-client