Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/ybThBdlancaaTou78vfYZPTIlFI.roa
File: ybThBdlancaaTou78vfYZPTIlFI.roa (raw, json)
Hash identifier: bWtKyehNataEPL3lqO8J3bU5DUVEBweeLWwxD4YFQQ0=
Subject key identifier: C9:B4:E1:05:D9:5A:9D:C6:9A:4E:8B:BB:F2:F7:D8:64:F4:C8:94:52
Certificate issuer: /CN=34e110b59362f673eae33b66ee7aea3c4028294e
Certificate serial: 01856FF97DAA4D9C428F3FC95BE4C323FF88
Authority key identifier: 34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/ybThBdlancaaTou78vfYZPTIlFI.roa
Signing time: Mon 02 Jan 2023 00:54:59 +0000
ROA not before: Mon 02 Jan 2023 00:54:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198485
IP address blocks: 141.105.124.0/23 maxlen: 24
178.21.118.0/24 maxlen: 24
185.2.44.0/22 maxlen: 24
2a02:2308:20::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f9:7d:aa:4d:9c:42:8f:3f:c9:5b:e4:c3:23:ff:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34e110b59362f673eae33b66ee7aea3c4028294e
Validity
Not Before: Jan 2 00:54:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c9b4e105d95a9dc69a4e8bbbf2f7d864f4c89452
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:62:05:02:c1:3c:ff:e6:27:9f:54:4c:3b:da:
06:53:d6:a2:96:e4:f5:ef:97:39:3c:2a:64:43:04:
76:dc:05:81:44:dd:a1:5b:e8:bc:87:d0:42:b8:5a:
9e:4a:34:79:5b:cb:89:bf:03:d5:4d:49:21:44:39:
b5:c8:a5:32:3d:f2:4c:10:06:0f:6a:4a:cd:91:51:
6e:31:75:b1:f4:c1:7f:03:6a:d5:03:62:44:c4:4e:
95:6f:fc:2d:2c:9f:f6:66:f4:a2:27:78:66:d7:93:
24:cb:af:40:17:8a:f6:51:02:80:52:0b:98:cf:09:
8f:ea:01:d4:2a:6a:65:8f:16:1e:94:20:cc:2f:9a:
92:86:00:d7:15:71:70:cb:49:fb:ce:29:1a:05:8a:
8b:4c:71:fc:b5:59:d5:c5:4e:38:ae:fb:ab:6e:1e:
5e:0f:86:b5:4f:0c:9c:cf:92:1f:5d:7f:df:de:de:
64:b3:56:ea:d2:ed:5e:a9:88:93:06:6b:1a:78:e3:
bc:bd:4f:98:db:bf:f7:50:0d:df:fb:e3:a5:08:27:
be:9f:d2:99:d9:b4:5c:ca:5e:fd:b4:c4:d6:ae:7c:
f4:ee:7f:d5:8d:0e:d3:26:da:87:c1:e9:96:63:29:
47:f3:a4:48:07:60:8c:fe:a1:1e:41:e7:7a:21:79:
1d:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:B4:E1:05:D9:5A:9D:C6:9A:4E:8B:BB:F2:F7:D8:64:F4:C8:94:52
X509v3 Authority Key Identifier:
keyid:34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/ybThBdlancaaTou78vfYZPTIlFI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/NOEQtZNi9nPq4ztm7nrqPEAoKU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.124.0/23
178.21.118.0/24
185.2.44.0/22
IPv6:
2a02:2308:20::/48
Signature Algorithm: sha256WithRSAEncryption
50:33:4b:16:b3:18:91:a0:71:dc:6a:60:84:3a:ac:b0:e2:bb:
41:4c:2d:51:a9:d1:66:76:6f:ad:7e:0b:12:e4:78:99:95:b7:
ec:bd:10:ab:4b:a1:f4:ef:c6:25:f3:c1:a7:2e:27:5a:4e:33:
b4:6f:7a:66:da:7d:5a:f0:89:f5:0f:72:44:56:33:48:b7:95:
37:1a:a4:32:fb:5c:b9:89:9d:79:62:e4:44:c6:96:6d:27:30:
ec:6e:42:2f:d8:21:38:52:49:3c:66:f3:87:f8:b3:39:94:ca:
2d:1a:d4:f8:42:64:e7:79:3e:74:95:68:f3:81:9e:1d:0f:2b:
33:21:ef:8a:81:66:25:b1:cc:59:36:14:f4:cf:e8:2a:a2:ac:
31:b8:a6:37:e5:2d:b6:38:e8:40:34:2f:41:0e:2a:dc:2b:28:
4a:87:76:96:2a:ca:e5:5b:e4:2a:83:0d:27:fd:6b:a9:4d:8b:
45:ad:8b:a8:dd:6f:58:45:a1:48:7b:37:93:60:bd:83:ee:59:
aa:c1:4d:70:67:fe:34:a9:86:f8:4f:47:29:ea:c8:ab:a6:6f:
14:2c:6b:2f:9c:60:e1:69:4a:8d:98:df:44:44:8a:f3:37:de:
06:0b:72:c7:8e:1b:c6:ab:ec:fd:73:62:6d:6a:0e:30:b9:66:
be:c7:59:9c
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVv+X2qTZxCjz/JW+TDI/+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZTExMGI1OTM2MmY2NzNlYWUzM2I2NmVlN2FlYTNjNDAy
ODI5NGUwHhcNMjMwMTAyMDA1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWI0ZTEwNWQ5NWE5ZGM2OWE0ZThiYmJmMmY3ZDg2NGY0Yzg5NDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2IFAsE8/+Ynn1RMO9oGU9ailuT1
75c5PCpkQwR23AWBRN2hW+i8h9BCuFqeSjR5W8uJvwPVTUkhRDm1yKUyPfJMEAYP
akrNkVFuMXWx9MF/A2rVA2JExE6Vb/wtLJ/2ZvSiJ3hm15Mky69AF4r2UQKAUguY
zwmP6gHUKmpljxYelCDML5qShgDXFXFwy0n7zikaBYqLTHH8tVnVxU44rvurbh5e
D4a1Twycz5IfXX/f3t5ks1bq0u1eqYiTBmsaeOO8vU+Y27/3UA3f++OlCCe+n9KZ
2bRcyl79tMTWrnz07n/VjQ7TJtqHwemWYylH86RIB2CM/qEeQed6IXkdFQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFMm04QXZWp3Gmk6Lu/L32GT0yJRSMB8GA1UdIwQY
MBaAFDThELWTYvZz6uM7Zu566jxAKClOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYt
MWJiMjdjNWQzOTdlLzEveWJUaEJkbGFuY2FhVG91Nzh2ZllaUFRJbEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYtMWJiMjdjNWQzOTdl
LzEvTk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQBjWl8AwQA
shV2AwQCuQIsMA8EAgACMAkDBwAqAiMIACAwDQYJKoZIhvcNAQELBQADggEBAFAz
SxazGJGgcdxqYIQ6rLDiu0FMLVGp0WZ2b61+CxLkeJmVt+y9EKtLofTvxiXzwacu
J1pOM7RvembafVrwifUPckRWM0i3lTcapDL7XLmJnXli5ETGlm0nMOxuQi/YIThS
STxm84f4szmUyi0a1PhCZOd5PnSVaPOBnh0PKzMh74qBZiWxzFk2FPTP6CqirDG4
pjflLbY46EA0L0EOKtwrKEqHdpYqyuVb5CqDDSf9a6lNi0Wti6jdb1hFoUh7N5Ng
vYPuWarBTXBn/jSphvhPRynqyKumbxQsay+cYOFpSo2Y30REivM33gYLcseOG8ar
7P1zYm1qDjC5Zr7HWZw=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:33 2025 by rpki-client