Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/GXt7UKwnx7A8qREqidKlmhuBQ3g.roa
File: GXt7UKwnx7A8qREqidKlmhuBQ3g.roa (raw, json)
Hash identifier: sdelIYIU4Ginm6eTHx8Ik/mDcD261k/pHk4K+BgExAs=
Subject key identifier: 19:7B:7B:50:AC:27:C7:B0:3C:A9:11:2A:89:D2:A5:9A:1B:81:43:78
Certificate issuer: /CN=e9c4cd4118ddffee56e885663795547a1de3f98a
Certificate serial: 018572B4380BEFE4818CF19EC79B58FAFB35
Authority key identifier: E9:C4:CD:41:18:DD:FF:EE:56:E8:85:66:37:95:54:7A:1D:E3:F9:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/GXt7UKwnx7A8qREqidKlmhuBQ3g.roa
Signing time: Mon 02 Jan 2023 13:38:11 +0000
ROA not before: Mon 02 Jan 2023 13:38:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35426
IP address blocks: 85.208.144.0/22 maxlen: 24
2a09:8740::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:b4:38:0b:ef:e4:81:8c:f1:9e:c7:9b:58:fa:fb:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9c4cd4118ddffee56e885663795547a1de3f98a
Validity
Not Before: Jan 2 13:38:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=197b7b50ac27c7b03ca9112a89d2a59a1b814378
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d0:90:a3:68:2a:1c:75:db:43:d0:6b:2a:0f:
78:13:56:fb:e5:20:3e:6b:7e:2d:97:4b:8b:11:e4:
39:85:84:b7:16:48:34:60:0d:56:92:a9:1d:a1:b5:
a4:95:c5:8f:17:46:67:d9:e2:6d:16:27:64:0a:26:
bf:28:65:79:04:f8:6d:03:6a:3b:b1:6e:f6:60:55:
f7:fe:4e:a9:12:b1:7e:b3:bf:4e:29:a4:a8:2d:c0:
f2:b7:69:4f:32:cf:d0:8f:e9:d7:df:16:f0:64:79:
d3:86:0a:27:41:be:a5:97:b9:eb:84:45:b2:17:2a:
b3:58:5a:cd:c6:53:60:63:39:db:45:ba:8c:b0:50:
82:f9:59:8c:6e:c1:36:66:fd:be:90:bd:b0:d2:0b:
15:24:e8:b6:d5:2d:21:80:30:29:ae:9d:9c:b7:e9:
ed:61:21:34:44:0d:03:e2:e7:38:79:5b:91:dd:35:
c4:e9:88:65:a3:62:fc:e5:e8:0d:4a:53:9d:32:3c:
77:ca:b7:bb:59:66:87:fa:f8:22:c5:c9:8b:bc:13:
3b:da:84:6c:5f:f1:69:6a:14:d0:fe:fa:f5:9d:9e:
8a:14:00:ca:84:09:74:b1:d2:7b:8d:d0:df:22:d7:
1c:2c:a4:c0:d1:39:d4:82:0f:c9:16:08:a7:bc:bc:
04:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:7B:7B:50:AC:27:C7:B0:3C:A9:11:2A:89:D2:A5:9A:1B:81:43:78
X509v3 Authority Key Identifier:
keyid:E9:C4:CD:41:18:DD:FF:EE:56:E8:85:66:37:95:54:7A:1D:E3:F9:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/GXt7UKwnx7A8qREqidKlmhuBQ3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.144.0/22
IPv6:
2a09:8740::/29
Signature Algorithm: sha256WithRSAEncryption
75:a6:82:f5:63:06:30:99:5c:b8:85:f0:d7:dc:e9:91:17:fc:
60:fe:bf:05:bc:db:d4:b5:06:38:39:4a:ae:8c:7d:bb:1d:24:
18:f2:dc:ca:2a:8c:d8:ce:ca:9b:fa:35:85:f7:af:e2:aa:9f:
64:61:04:e9:29:a8:f6:f5:f2:e0:f5:6c:70:46:fb:26:83:31:
b0:25:1a:78:b6:da:24:81:db:2c:61:60:5a:5a:27:9f:5c:80:
5e:cb:06:88:06:34:f6:09:c9:2c:80:e9:db:58:86:c9:a8:13:
05:e2:58:36:3e:8a:dc:05:c5:5e:dd:ec:5f:88:92:70:41:a6:
d2:7b:b9:f7:7f:53:c7:bf:95:2b:58:95:2c:57:ec:9e:48:87:
27:9e:29:54:94:63:9d:04:c6:0e:d0:c9:90:d4:f5:64:4f:8b:
3e:c6:04:51:2d:dc:c2:25:68:ff:f9:18:8c:3e:27:ff:65:fd:
f2:b8:85:12:fd:b7:df:f7:97:26:0b:a5:be:63:8e:8f:ec:b4:
45:f9:fd:46:be:85:93:65:37:80:6d:73:c7:72:78:ac:f5:fb:
21:84:12:77:db:94:6d:0b:ad:d1:95:31:24:be:61:3a:89:cd:
51:25:a6:68:31:09:56:6e:62:ff:db:19:4c:05:bc:fa:20:b6:
68:17:bf:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVytDgL7+SBjPGex5tY+vs1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YzRjZDQxMThkZGZmZWU1NmU4ODU2NjM3OTU1NDdhMWRl
M2Y5OGEwHhcNMjMwMTAyMTMzODExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTdiN2I1MGFjMjdjN2IwM2NhOTExMmE4OWQyYTU5YTFiODE0Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltCQo2gqHHXbQ9BrKg94E1b75SA+
a34tl0uLEeQ5hYS3Fkg0YA1WkqkdobWklcWPF0Zn2eJtFidkCia/KGV5BPhtA2o7
sW72YFX3/k6pErF+s79OKaSoLcDyt2lPMs/Qj+nX3xbwZHnThgonQb6ll7nrhEWy
FyqzWFrNxlNgYznbRbqMsFCC+VmMbsE2Zv2+kL2w0gsVJOi21S0hgDAprp2ct+nt
YSE0RA0D4uc4eVuR3TXE6Yhlo2L85egNSlOdMjx3yre7WWaH+vgixcmLvBM72oRs
X/FpahTQ/vr1nZ6KFADKhAl0sdJ7jdDfItccLKTA0TnUgg/JFginvLwEPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBl7e1CsJ8ewPKkRKonSpZobgUN4MB8GA1UdIwQY
MBaAFOnEzUEY3f/uVuiFZjeVVHod4/mKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmNUTlFSamRfLTVXNklWbU41VlVlaDNqLVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8zZjdkYTQtMzYzMS00YjAzLWJhODQt
NmNiMmQzYjQ0MzdjLzEvR1h0N1VLd254N0E4cVJFcWlkS2xtaHVCUTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8zZjdkYTQtMzYzMS00YjAzLWJhODQtNmNiMmQzYjQ0Mzdj
LzEvNmNUTlFSamRfLTVXNklWbU41VlVlaDNqLVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdCQMA0E
AgACMAcDBQMqCYdAMA0GCSqGSIb3DQEBCwUAA4IBAQB1poL1YwYwmVy4hfDX3OmR
F/xg/r8FvNvUtQY4OUqujH27HSQY8tzKKozYzsqb+jWF96/iqp9kYQTpKaj29fLg
9WxwRvsmgzGwJRp4ttokgdssYWBaWiefXIBeywaIBjT2CcksgOnbWIbJqBMF4lg2
PorcBcVe3exfiJJwQabSe7n3f1PHv5UrWJUsV+yeSIcnnilUlGOdBMYO0MmQ1PVk
T4s+xgRRLdzCJWj/+RiMPif/Zf3yuIUS/bff95cmC6W+Y46P7LRF+f1GvoWTZTeA
bXPHcnis9fshhBJ325RtC63RlTEkvmE6ic1RJaZoMQlWbmL/2xlMBbz6ILZoF7+c
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:45 2025 by rpki-client