Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/6186da-51d4-4618-95f9-f4a39e18cfb4/1/aDbQE5S1X-kgL0Pacn6u2MXhzaQ.roa
File: aDbQE5S1X-kgL0Pacn6u2MXhzaQ.roa (raw, json)
Hash identifier: QoVF2ceuGZEmfeLxnyIrlMzfZJD6FuhsYMYLqJJ5O2I=
Subject key identifier: 68:36:D0:13:94:B5:5F:E9:20:2F:43:DA:72:7E:AE:D8:C5:E1:CD:A4
Certificate issuer: /CN=a8aba63e806a21d46035ca6e9d345b03dbc8e553
Certificate serial: 018BB09A328314002F64CBDA1C00E0C7AD49
Authority key identifier: A8:AB:A6:3E:80:6A:21:D4:60:35:CA:6E:9D:34:5B:03:DB:C8:E5:53
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qKumPoBqIdRgNcpunTRbA9vI5VM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/6186da-51d4-4618-95f9-f4a39e18cfb4/1/aDbQE5S1X-kgL0Pacn6u2MXhzaQ.roa
Signing time: Wed 08 Nov 2023 20:22:57 +0000
ROA not before: Wed 08 Nov 2023 20:22:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9008
IP address blocks: 109.69.240.0/21 maxlen: 24
185.211.232.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:b0:9a:32:83:14:00:2f:64:cb:da:1c:00:e0:c7:ad:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a8aba63e806a21d46035ca6e9d345b03dbc8e553
Validity
Not Before: Nov 8 20:22:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6836d01394b55fe9202f43da727eaed8c5e1cda4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:9b:32:24:d7:74:6c:3a:f3:b9:de:9f:95:89:
bf:54:b3:06:60:4d:8b:c1:7f:27:90:b3:93:44:6a:
4b:80:7c:ac:f3:c9:d8:0f:e5:62:2c:ed:1c:4a:00:
64:22:0b:66:b0:eb:2e:ff:fb:fb:50:6a:fc:4b:99:
1a:9a:79:c2:bc:44:02:30:f2:c8:44:92:3d:bf:01:
08:96:cd:e0:65:db:28:46:eb:e7:78:df:0e:4d:b5:
fe:8a:e5:77:c2:e1:3a:4f:ff:e5:1c:e7:7e:a4:fc:
42:2d:6e:ca:2c:b9:a0:25:64:d6:4c:8c:2d:22:83:
9f:03:eb:ab:07:83:ba:96:ef:cb:13:1a:43:94:e8:
c8:73:12:d9:cd:62:9b:87:70:e1:c9:6d:0d:1d:a6:
e6:0a:1e:55:05:be:e8:cb:13:9e:b9:88:ff:59:31:
c9:8f:56:0a:65:0b:0b:b4:b9:a9:f6:08:60:88:3c:
54:19:1e:fd:69:74:46:82:e4:8a:35:c5:2d:6a:f5:
a5:13:9a:49:3b:48:28:38:50:a6:0c:19:a4:b7:cb:
31:0b:2a:f0:e9:3a:9f:ac:85:e5:f1:73:75:20:bc:
85:1c:ab:e8:9a:a1:04:25:d0:68:20:ad:00:4c:b9:
2a:e8:e6:97:82:1c:52:84:ac:9a:3d:f4:bc:be:e8:
1b:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:36:D0:13:94:B5:5F:E9:20:2F:43:DA:72:7E:AE:D8:C5:E1:CD:A4
X509v3 Authority Key Identifier:
keyid:A8:AB:A6:3E:80:6A:21:D4:60:35:CA:6E:9D:34:5B:03:DB:C8:E5:53
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qKumPoBqIdRgNcpunTRbA9vI5VM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6186da-51d4-4618-95f9-f4a39e18cfb4/1/aDbQE5S1X-kgL0Pacn6u2MXhzaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6186da-51d4-4618-95f9-f4a39e18cfb4/1/qKumPoBqIdRgNcpunTRbA9vI5VM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.69.240.0/21
185.211.232.0/22
Signature Algorithm: sha256WithRSAEncryption
17:b3:1a:1d:dd:95:24:a6:01:1d:00:85:c8:b4:43:e4:ab:1d:
e9:c0:67:bf:26:02:9a:e9:4e:1a:2c:9a:83:6b:a7:ee:e2:a1:
4f:27:f5:97:27:16:52:e9:20:a2:34:9b:01:af:a2:9b:5f:4c:
f2:90:04:d1:14:fb:29:4d:7f:7f:14:00:7e:f7:a5:be:98:5c:
85:5d:af:2d:2e:58:0f:66:27:e2:c8:52:ed:b4:fd:6e:1d:6a:
b1:15:6f:5f:d3:d3:42:90:bd:c5:e3:32:ed:b9:81:6f:33:6d:
4d:ab:84:6b:1c:f0:a9:f1:f7:4d:e5:0c:38:cc:58:03:37:43:
bb:ba:5d:cf:fa:f7:ff:9c:27:8f:bf:dc:dd:60:20:2c:de:7e:
56:4e:9f:5e:29:a3:de:45:70:88:e7:d1:19:09:e3:c5:2c:2d:
b0:1f:29:bb:c9:c4:67:70:00:11:37:bc:f4:7a:c5:6e:f7:5e:
8f:9d:7f:22:54:b0:31:18:dd:39:47:c7:ba:3a:68:c2:b5:1b:
8c:01:67:83:e9:9a:0d:a2:6c:af:3f:70:39:a5:f9:42:e8:6f:
77:a6:db:5e:9c:b3:bd:c4:7c:5e:c5:6e:e3:8c:a1:a6:ea:f1:
1c:a8:c5:83:6b:d7:76:6e:bc:8b:31:59:8f:86:0a:bf:5e:bb:
f0:31:c9:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYuwmjKDFAAvZMvaHADgx61JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YWJhNjNlODA2YTIxZDQ2MDM1Y2E2ZTlkMzQ1YjAzZGJj
OGU1NTMwHhcNMjMxMTA4MjAyMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODM2ZDAxMzk0YjU1ZmU5MjAyZjQzZGE3MjdlYWVkOGM1ZTFjZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspsyJNd0bDrzud6flYm/VLMGYE2L
wX8nkLOTRGpLgHys88nYD+ViLO0cSgBkIgtmsOsu//v7UGr8S5kamnnCvEQCMPLI
RJI9vwEIls3gZdsoRuvneN8OTbX+iuV3wuE6T//lHOd+pPxCLW7KLLmgJWTWTIwt
IoOfA+urB4O6lu/LExpDlOjIcxLZzWKbh3DhyW0NHabmCh5VBb7oyxOeuYj/WTHJ
j1YKZQsLtLmp9ghgiDxUGR79aXRGguSKNcUtavWlE5pJO0goOFCmDBmkt8sxCyrw
6TqfrIXl8XN1ILyFHKvomqEEJdBoIK0ATLkq6OaXghxShKyaPfS8vugbFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGg20BOUtV/pIC9D2nJ+rtjF4c2kMB8GA1UdIwQY
MBaAFKirpj6AaiHUYDXKbp00WwPbyOVTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUt1bVBvQnFJZFJnTmNwdW5UUmJBOXZJNVZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82MTg2ZGEtNTFkNC00NjE4LTk1Zjkt
ZjRhMzllMThjZmI0LzEvYURiUUU1UzFYLWtnTDBQYWNuNnUyTVhoemFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82MTg2ZGEtNTFkNC00NjE4LTk1ZjktZjRhMzllMThjZmI0
LzEvcUt1bVBvQnFJZFJnTmNwdW5UUmJBOXZJNVZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUXwAwQC
udPoMA0GCSqGSIb3DQEBCwUAA4IBAQAXsxod3ZUkpgEdAIXItEPkqx3pwGe/JgKa
6U4aLJqDa6fu4qFPJ/WXJxZS6SCiNJsBr6KbX0zykATRFPspTX9/FAB+96W+mFyF
Xa8tLlgPZifiyFLttP1uHWqxFW9f09NCkL3F4zLtuYFvM21Nq4RrHPCp8fdN5Qw4
zFgDN0O7ul3P+vf/nCePv9zdYCAs3n5WTp9eKaPeRXCI59EZCePFLC2wHym7ycRn
cAARN7z0esVu916PnX8iVLAxGN05R8e6OmjCtRuMAWeD6ZoNomyvP3A5pflC6G93
pttenLO9xHxexW7jjKGm6vEcqMWDa9d2bryLMVmPhgq/XrvwMckq
-----END CERTIFICATE-----
Generated at Mon Apr 21 23:03:10 2025 by rpki-client