Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/zC3CsCx-tEGgAYfqdh2A-6cpzKk.roa
File: zC3CsCx-tEGgAYfqdh2A-6cpzKk.roa (raw, json)
Hash identifier: ageLyzaFjWV6+MXsBGP/WVBdnFCQsa0LUrQjAk2atXk=
Subject key identifier: CC:2D:C2:B0:2C:7E:B4:41:A0:01:87:EA:76:1D:80:FB:A7:29:CC:A9
Certificate issuer: /CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
Certificate serial: 018BAB4F8AAA05D8EFBC14F1790ADB6FA34D
Authority key identifier: 47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/zC3CsCx-tEGgAYfqdh2A-6cpzKk.roa
Signing time: Tue 07 Nov 2023 19:43:18 +0000
ROA not before: Tue 07 Nov 2023 19:43:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206892
IP address blocks: 95.140.32.0/24 maxlen: 24
185.199.28.0/22 maxlen: 24
95.140.38.0/23 maxlen: 24
45.95.44.0/22 maxlen: 24
194.39.44.0/22 maxlen: 24
185.161.72.0/22 maxlen: 24
94.199.179.0/24 maxlen: 24
185.234.181.0/24 maxlen: 24
185.234.182.0/23 maxlen: 24
2a07:c280::/32 maxlen: 33
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ab:4f:8a:aa:05:d8:ef:bc:14:f1:79:0a:db:6f:a3:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
Validity
Not Before: Nov 7 19:43:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cc2dc2b02c7eb441a00187ea761d80fba729cca9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:17:c3:3c:47:f4:96:bb:5f:e9:36:70:cb:69:
4d:f0:ce:be:41:2f:1f:50:65:76:2c:04:d7:ef:30:
d8:14:ac:56:e6:32:83:87:dc:85:f0:93:79:fd:08:
b4:42:06:0d:10:ab:58:17:3d:57:1d:eb:ed:6c:b7:
8e:b9:97:fd:8a:04:90:87:40:7f:ab:5e:f1:89:f2:
41:83:18:09:a1:bd:de:72:67:01:14:e7:ba:e3:cb:
a6:dd:7c:95:5e:4b:44:0d:db:3c:4b:d1:9a:80:ea:
0c:02:21:a6:7f:03:6d:12:02:40:7f:94:3e:1f:cb:
e1:63:12:e0:f5:95:fb:93:8d:8a:87:31:f5:a8:80:
01:85:d7:5c:59:dd:ca:bc:c7:13:3b:cc:1c:d7:8e:
91:80:9c:09:02:11:5d:18:9c:b5:76:e4:f7:49:e1:
7a:81:85:e1:60:fe:64:cc:84:41:fd:e5:ae:00:5e:
b8:4a:a0:93:df:e6:a4:d2:bb:f1:d8:c5:83:69:66:
d7:ee:4d:da:ec:f2:58:2c:a4:f8:b9:13:00:ab:0f:
dc:71:b1:db:eb:9f:fd:5e:b3:ac:a8:0e:8a:6d:c4:
59:e9:87:6d:1b:d4:9b:7d:8c:4f:25:3c:68:da:51:
39:11:94:61:9f:3b:3c:1e:d9:f8:24:2e:4c:a2:48:
19:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:2D:C2:B0:2C:7E:B4:41:A0:01:87:EA:76:1D:80:FB:A7:29:CC:A9
X509v3 Authority Key Identifier:
keyid:47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/zC3CsCx-tEGgAYfqdh2A-6cpzKk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.44.0/22
94.199.179.0/24
95.140.32.0/24
95.140.38.0/23
185.161.72.0/22
185.199.28.0/22
185.234.181.0-185.234.183.255
194.39.44.0/22
IPv6:
2a07:c280::/32
Signature Algorithm: sha256WithRSAEncryption
41:b2:cf:f9:8d:6f:d4:7c:22:9f:02:72:0d:40:be:25:89:77:
7f:5a:ff:3e:c9:a4:9c:8e:45:68:e1:8a:90:8c:e7:25:a9:f3:
9e:4b:da:71:17:76:43:69:37:87:08:13:85:49:fd:4c:2e:96:
a4:3b:0f:7e:ab:2e:07:f3:f6:15:c2:f2:c8:95:64:da:74:d4:
c2:99:47:9e:88:3a:a6:1b:1e:fb:15:7a:40:0e:ab:76:bb:3c:
26:3c:42:da:11:2e:0c:1d:af:1c:81:9d:fe:ff:8d:28:5d:a5:
d1:6a:68:bb:02:b1:cf:bd:92:23:50:12:29:f8:dd:60:bc:a8:
d5:3e:ab:3c:ab:e2:8e:88:c4:2e:08:89:ca:54:17:99:cf:9c:
f0:60:75:7c:5d:67:1f:ae:98:eb:64:9c:b6:f7:68:ae:37:39:
48:3e:75:c0:96:0c:e7:bd:04:f9:07:ed:59:03:08:0e:16:6d:
ac:e8:c1:2c:20:d8:e4:2f:92:75:de:c8:22:75:01:f2:50:11:
64:bf:17:f5:7e:bc:dd:25:b0:c9:96:a2:3e:aa:cb:7a:5c:a5:
f3:78:ff:e0:63:56:2d:b3:6d:19:c6:b8:33:9f:0c:e5:f3:cd:
05:0c:1c:16:6b:f4:10:1f:96:59:17:0d:84:f6:e8:6e:e7:f2:
8b:c2:1d:17
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYurT4qqBdjvvBTxeQrbb6NNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjJhZWEwZWY0YzA2NjdkYjgxOWY1ZDVhM2RhZWE2Mzk5
ZjAzOGMwHhcNMjMxMTA3MTk0MzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJkYzJiMDJjN2ViNDQxYTAwMTg3ZWE3NjFkODBmYmE3MjljY2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBfDPEf0lrtf6TZwy2lN8M6+QS8f
UGV2LATX7zDYFKxW5jKDh9yF8JN5/Qi0QgYNEKtYFz1XHevtbLeOuZf9igSQh0B/
q17xifJBgxgJob3ecmcBFOe648um3XyVXktEDds8S9GagOoMAiGmfwNtEgJAf5Q+
H8vhYxLg9ZX7k42KhzH1qIABhddcWd3KvMcTO8wc146RgJwJAhFdGJy1duT3SeF6
gYXhYP5kzIRB/eWuAF64SqCT3+ak0rvx2MWDaWbX7k3a7PJYLKT4uRMAqw/ccbHb
65/9XrOsqA6KbcRZ6YdtG9SbfYxPJTxo2lE5EZRhnzs8Htn4JC5MokgZhQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMwtwrAsfrRBoAGH6nYdgPunKcypMB8GA1UdIwQY
MBaAFEcirqDvTAZn24GfXVo9rqY5nwOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYt
NmUzMDc0YzZjNjYzLzEvekMzQ3NDeC10RUdnQVlmcWRoMkEtNmNwektrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYtNmUzMDc0YzZjNjYz
LzEvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQCLV8sAwQA
XsezAwQAX4wgAwQBX4wmAwQCuaFIAwQCucccMAwDBAC56rUDBAO56rADBALCJyww
DQQCAAIwBwMFACoHwoAwDQYJKoZIhvcNAQELBQADggEBAEGyz/mNb9R8Ip8Ccg1A
viWJd39a/z7JpJyORWjhipCM5yWp855L2nEXdkNpN4cIE4VJ/UwulqQ7D36rLgfz
9hXC8siVZNp01MKZR56IOqYbHvsVekAOq3a7PCY8QtoRLgwdrxyBnf7/jShdpdFq
aLsCsc+9kiNQEin43WC8qNU+qzyr4o6IxC4IicpUF5nPnPBgdXxdZx+umOtknLb3
aK43OUg+dcCWDOe9BPkH7VkDCA4WbazowSwg2OQvknXeyCJ1AfJQEWS/F/V+vN0l
sMmWoj6qy3pcpfN4/+BjVi2zbRnGuDOfDOXzzQUMHBZr9BAfllkXDYT26G7n8ovC
HRc=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:37 2025 by rpki-client