Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/Z6JL0alPMheKL9A8v1w5-UM-umg.roa
File: Z6JL0alPMheKL9A8v1w5-UM-umg.roa (raw, json)
Hash identifier: AtXYIWvkPe6++l8kvl2vfY1SQ6XUI4QKkWr37K9+/l0=
Subject key identifier: 67:A2:4B:D1:A9:4F:32:17:8A:2F:D0:3C:BF:5C:39:F9:43:3E:BA:68
Certificate issuer: /CN=87d7f7d2fc1348914c006b55ab93f2d2e3390de6
Certificate serial: 01856D13AAF80A887D2640860545D29496E5
Authority key identifier: 87:D7:F7:D2:FC:13:48:91:4C:00:6B:55:AB:93:F2:D2:E3:39:0D:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/Z6JL0alPMheKL9A8v1w5-UM-umg.roa
Signing time: Sun 01 Jan 2023 11:24:43 +0000
ROA not before: Sun 01 Jan 2023 11:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52080
IP address blocks: 185.249.152.0/22 maxlen: 22
185.249.152.0/24 maxlen: 24
193.162.107.0/24 maxlen: 24
185.249.155.0/24 maxlen: 24
185.249.154.0/24 maxlen: 24
185.249.153.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:13:aa:f8:0a:88:7d:26:40:86:05:45:d2:94:96:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=87d7f7d2fc1348914c006b55ab93f2d2e3390de6
Validity
Not Before: Jan 1 11:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=67a24bd1a94f32178a2fd03cbf5c39f9433eba68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:e2:6e:13:44:b1:0e:6a:99:e8:8a:28:55:3d:
ab:40:d6:fa:5c:22:8d:c5:73:ff:d6:d8:29:3d:55:
01:40:f2:07:32:88:de:a1:da:4e:c4:50:d1:c6:ce:
10:7d:e4:93:1c:9b:af:d0:f5:68:ea:c0:ec:9a:0f:
c6:93:27:3e:d7:a9:a9:f0:39:3c:36:b1:14:2f:ad:
af:1e:c2:fe:bb:ee:41:3c:34:8f:f3:ed:43:d5:82:
10:00:36:8f:fb:9e:e9:98:96:f5:48:d1:84:06:20:
ed:12:cb:db:6d:4d:92:f6:ae:5b:28:14:5a:18:b7:
ab:09:71:f9:01:94:eb:90:e2:c0:c2:89:a2:ee:92:
92:15:41:4a:39:62:9c:b4:77:e6:63:f1:05:d8:15:
92:f3:70:10:8f:25:5c:7b:ce:01:4e:2f:47:eb:ac:
e2:69:4e:c7:45:99:65:bf:8d:e3:20:e8:f3:72:d7:
20:e4:70:69:22:41:68:a1:4a:ac:3e:3c:f0:3a:8f:
43:86:62:3b:5b:f3:d8:e7:c6:a9:ac:46:9c:4e:e3:
88:f5:51:29:a0:f7:fd:6f:6a:41:93:ee:da:dc:46:
50:1c:c6:e0:ba:99:0e:06:2e:63:31:48:78:f2:ff:
89:28:fa:41:10:9d:aa:77:b2:51:48:89:01:47:41:
c1:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:A2:4B:D1:A9:4F:32:17:8A:2F:D0:3C:BF:5C:39:F9:43:3E:BA:68
X509v3 Authority Key Identifier:
keyid:87:D7:F7:D2:FC:13:48:91:4C:00:6B:55:AB:93:F2:D2:E3:39:0D:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/Z6JL0alPMheKL9A8v1w5-UM-umg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.249.152.0/22
193.162.107.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:48:b7:6f:6e:b4:e5:05:96:bf:93:ff:5c:1c:5e:52:a9:a4:
f8:e7:96:13:c7:b5:41:10:13:92:d0:b6:f4:66:76:ce:d8:a7:
eb:56:7c:e3:b1:cb:d6:f0:c3:26:12:ce:62:00:fe:12:95:fd:
80:9a:fc:fa:06:f1:d8:da:6c:79:56:a8:b9:3a:3d:ec:58:0f:
de:ac:f3:5d:cc:c1:9f:54:e4:7a:7c:b9:cd:db:d8:47:b4:6d:
45:62:cc:88:94:03:92:41:b6:8e:71:f6:37:2f:67:2e:b6:6e:
d7:eb:10:b0:7d:f5:f5:25:84:91:7a:09:68:2c:f8:41:a7:a8:
74:b8:b9:24:08:d8:72:94:b5:94:21:8d:7a:56:fd:cd:4d:f7:
92:1f:ba:ab:77:3c:d5:d4:30:42:98:c3:f6:11:ef:ee:94:4b:
ca:bb:57:67:2a:f8:3f:fa:9a:3e:91:75:3a:81:83:fb:8b:41:
3d:56:23:1d:c8:e8:c6:4d:8a:91:0c:ad:c3:0f:dd:14:7c:fe:
1b:94:ed:1d:1d:23:c4:19:bb:3a:e0:9d:d5:51:60:4e:5b:32:
f5:d6:1e:03:67:41:9f:63:83:1c:f6:0c:98:38:12:cb:e0:cc:
da:ca:03:06:00:13:6f:5a:09:d9:e1:cf:cb:7b:5d:56:e0:1e:
f6:25:33:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtE6r4Coh9JkCGBUXSlJblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZDdmN2QyZmMxMzQ4OTE0YzAwNmI1NWFiOTNmMmQyZTMz
OTBkZTYwHhcNMjMwMTAxMTEyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2EyNGJkMWE5NGYzMjE3OGEyZmQwM2NiZjVjMzlmOTQzM2ViYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOJuE0SxDmqZ6IooVT2rQNb6XCKN
xXP/1tgpPVUBQPIHMojeodpOxFDRxs4QfeSTHJuv0PVo6sDsmg/Gkyc+16mp8Dk8
NrEUL62vHsL+u+5BPDSP8+1D1YIQADaP+57pmJb1SNGEBiDtEsvbbU2S9q5bKBRa
GLerCXH5AZTrkOLAwomi7pKSFUFKOWKctHfmY/EF2BWS83AQjyVce84BTi9H66zi
aU7HRZllv43jIOjzctcg5HBpIkFooUqsPjzwOo9DhmI7W/PY58aprEacTuOI9VEp
oPf9b2pBk+7a3EZQHMbgupkOBi5jMUh48v+JKPpBEJ2qd7JRSIkBR0HBeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGeiS9GpTzIXii/QPL9cOflDPrpoMB8GA1UdIwQY
MBaAFIfX99L8E0iRTABrVauT8tLjOQ3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDlmMzB2d1RTSkZNQUd0VnE1UHkwdU01RGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjU5MmUtYjFjMS00MDdjLThmMDQt
MzAxZGYyNzIxNTJlLzEvWjZKTDBhbFBNaGVLTDlBOHYxdzUtVU0tdW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjU5MmUtYjFjMS00MDdjLThmMDQtMzAxZGYyNzIxNTJl
LzEvaDlmMzB2d1RTSkZNQUd0VnE1UHkwdU01RGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCufmYAwQA
waJrMA0GCSqGSIb3DQEBCwUAA4IBAQAKSLdvbrTlBZa/k/9cHF5SqaT455YTx7VB
EBOS0Lb0ZnbO2KfrVnzjscvW8MMmEs5iAP4Slf2Amvz6BvHY2mx5Vqi5Oj3sWA/e
rPNdzMGfVOR6fLnN29hHtG1FYsyIlAOSQbaOcfY3L2cutm7X6xCwffX1JYSReglo
LPhBp6h0uLkkCNhylLWUIY16Vv3NTfeSH7qrdzzV1DBCmMP2Ee/ulEvKu1dnKvg/
+po+kXU6gYP7i0E9ViMdyOjGTYqRDK3DD90UfP4blO0dHSPEGbs64J3VUWBOWzL1
1h4DZ0GfY4Mc9gyYOBLL4MzaygMGABNvWgnZ4c/Le11W4B72JTPh
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:46:46 2025 by rpki-client