Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/QdOao6LiYDF_y_eojHvncqTFxbs.roa
File: QdOao6LiYDF_y_eojHvncqTFxbs.roa (raw, json)
Hash identifier: wobjbf076rdePEazDNpJKz0k+KdJkxLoiWXIjiAhb+A=
Subject key identifier: 41:D3:9A:A3:A2:E2:60:31:7F:CB:F7:A8:8C:7B:E7:72:A4:C5:C5:BB
Certificate issuer: /CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
Certificate serial: 018BFEB2057A1711F5A9E213D2E4A780F3F1
Authority key identifier: 7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/QdOao6LiYDF_y_eojHvncqTFxbs.roa
Signing time: Fri 24 Nov 2023 00:19:21 +0000
ROA not before: Fri 24 Nov 2023 00:19:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201642
IP address blocks: 185.249.103.0/24 maxlen: 24
185.249.100.0/23 maxlen: 23
185.249.100.0/24 maxlen: 24
185.249.100.0/22 maxlen: 22
185.249.101.0/24 maxlen: 24
185.249.102.0/24 maxlen: 24
2a14:3200::/32 maxlen: 32
2a14:3200:2a14::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:fe:b2:05:7a:17:11:f5:a9:e2:13:d2:e4:a7:80:f3:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
Validity
Not Before: Nov 24 00:19:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41d39aa3a2e260317fcbf7a88c7be772a4c5c5bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:b8:a6:29:df:50:7f:05:85:78:55:7e:67:85:
9e:f8:8c:34:1a:94:70:ef:9d:98:a1:a5:7e:32:cd:
36:df:51:aa:9b:66:c9:73:0e:fe:fd:1c:41:69:a7:
e1:1f:4c:66:bd:57:f9:3c:f6:14:18:3b:f2:58:79:
c7:77:3b:f4:fa:2b:2c:8f:11:2b:99:aa:61:0a:de:
53:8d:20:0d:ef:c4:21:8c:a7:4a:57:11:41:e9:3b:
4e:d6:59:d8:50:e7:ae:8a:e1:06:83:4a:27:f3:57:
3f:82:f8:2a:5f:94:0b:5c:78:0d:2a:3f:86:10:1e:
d4:f4:e1:d3:3b:02:6f:27:6d:a9:92:dd:3b:e2:2a:
4b:2b:eb:60:8c:15:66:e1:b0:c3:6a:af:65:3a:54:
5b:37:ca:b4:10:1a:f6:9d:70:c6:a7:78:aa:cc:db:
e2:2d:de:be:7b:1d:04:db:32:10:f7:3d:f8:e3:ea:
85:ab:fd:c7:bb:75:aa:95:f2:5c:c2:a9:e4:1e:9a:
43:79:33:87:36:f0:f6:2f:44:40:8e:86:42:36:71:
84:ef:67:82:b0:dd:f1:ab:32:64:2b:7f:db:ab:76:
cf:ff:d4:b5:a9:6e:6f:ec:3e:96:57:4b:1c:68:69:
f0:4a:1a:23:7e:cc:bf:dc:d1:a7:c0:05:3e:6c:1a:
5d:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:D3:9A:A3:A2:E2:60:31:7F:CB:F7:A8:8C:7B:E7:72:A4:C5:C5:BB
X509v3 Authority Key Identifier:
keyid:7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/QdOao6LiYDF_y_eojHvncqTFxbs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.249.100.0/22
IPv6:
2a14:3200::/32
Signature Algorithm: sha256WithRSAEncryption
b3:bb:63:e2:41:67:41:58:f9:50:b3:b2:23:f6:3d:72:69:6d:
d0:68:05:9f:58:cf:a9:1b:15:39:54:ad:77:4e:7a:b0:42:ee:
9d:0c:f7:51:9c:c4:fc:d5:95:20:e4:39:fd:42:18:70:9f:73:
30:7a:ae:d2:94:1a:d0:6e:7a:ad:8c:99:75:a2:52:6b:81:55:
81:9a:33:56:c5:46:ca:16:1a:3e:8e:05:75:41:a1:9b:dd:92:
1e:ed:40:12:1f:40:49:ce:1e:76:07:60:6e:83:68:33:7b:bd:
61:46:d4:58:3b:36:3e:e4:c3:9f:20:f4:a8:ff:b2:f9:7e:19:
23:b1:0b:6c:cc:c3:30:31:37:18:80:a3:76:d5:d0:14:ea:a7:
b2:dc:dd:0f:86:d5:57:09:9c:b5:61:67:e0:f0:84:28:04:c9:
d3:1c:c0:e1:39:59:e4:54:f4:fa:79:19:12:49:18:a5:19:41:
c8:14:bf:d1:01:00:88:10:64:9c:c5:1c:7a:3d:18:f5:28:68:
cd:12:81:92:bd:da:d1:28:fe:e0:50:5d:16:8e:19:32:4f:a9:
88:43:6d:34:ad:1a:ae:27:e2:41:01:ad:16:a2:37:c2:f8:e8:
46:cf:1b:d5:0c:0a:46:f1:08:99:df:1b:11:9a:e2:c6:40:3b:
6a:b3:1b:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYv+sgV6FxH1qeIT0uSngPPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjkwNGFiMTQwNjZjN2E5ZmU2MWE1MjFkNTQ5MmEwZTUy
OTY1Y2EwHhcNMjMxMTI0MDAxOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQzOWFhM2EyZTI2MDMxN2ZjYmY3YTg4YzdiZTc3MmE0YzVjNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7imKd9QfwWFeFV+Z4We+Iw0GpRw
752YoaV+Ms0231Gqm2bJcw7+/RxBaafhH0xmvVf5PPYUGDvyWHnHdzv0+issjxEr
maphCt5TjSAN78QhjKdKVxFB6TtO1lnYUOeuiuEGg0on81c/gvgqX5QLXHgNKj+G
EB7U9OHTOwJvJ22pkt074ipLK+tgjBVm4bDDaq9lOlRbN8q0EBr2nXDGp3iqzNvi
Ld6+ex0E2zIQ9z344+qFq/3Hu3WqlfJcwqnkHppDeTOHNvD2L0RAjoZCNnGE72eC
sN3xqzJkK3/bq3bP/9S1qW5v7D6WV0scaGnwShojfsy/3NGnwAU+bBpdZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEHTmqOi4mAxf8v3qIx753KkxcW7MB8GA1UdIwQY
MBaAFH35BKsUBmx6n+YaUh1UkqDlKWXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYt
M2I0NDVmMjlmNWI3LzEvUWRPYW82TGlZREZfeV9lb2pIdm5jcVRGeGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYtM2I0NDVmMjlmNWI3
LzEvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuflkMA0E
AgACMAcDBQAqFDIAMA0GCSqGSIb3DQEBCwUAA4IBAQCzu2PiQWdBWPlQs7Ij9j1y
aW3QaAWfWM+pGxU5VK13TnqwQu6dDPdRnMT81ZUg5Dn9Qhhwn3Mweq7SlBrQbnqt
jJl1olJrgVWBmjNWxUbKFho+jgV1QaGb3ZIe7UASH0BJzh52B2Bug2gze71hRtRY
OzY+5MOfIPSo/7L5fhkjsQtszMMwMTcYgKN21dAU6qey3N0PhtVXCZy1YWfg8IQo
BMnTHMDhOVnkVPT6eRkSSRilGUHIFL/RAQCIEGScxRx6PRj1KGjNEoGSvdrRKP7g
UF0WjhkyT6mIQ200rRquJ+JBAa0WojfC+OhGzxvVDApG8QiZ3xsRmuLGQDtqsxsr
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:24 2025 by rpki-client