Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/FM_CQ1V2je_e-X5hiyM9oMASrek.roa
File: FM_CQ1V2je_e-X5hiyM9oMASrek.roa (raw, json)
Hash identifier: o8pVs5zc0ONO1fq1epxV2wPw4CAZEXGP8EdukvI4tn8=
Subject key identifier: 14:CF:C2:43:55:76:8D:EF:DE:F9:7E:61:8B:23:3D:A0:C0:12:AD:E9
Certificate issuer: /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial: 01856DCAD87451A19A0C4FB0DD7A96013021
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/FM_CQ1V2je_e-X5hiyM9oMASrek.roa
Signing time: Sun 01 Jan 2023 14:44:48 +0000
ROA not before: Sun 01 Jan 2023 14:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9049
IP address blocks: 5.3.85.0/24 maxlen: 24
188.234.152.0/21 maxlen: 24
2a02:2698:a100::/40 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ca:d8:74:51:a1:9a:0c:4f:b0:dd:7a:96:01:30:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Validity
Not Before: Jan 1 14:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=14cfc24355768defdef97e618b233da0c012ade9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:de:e4:48:b5:8b:08:64:44:2e:59:11:47:e8:
a3:de:90:6a:68:e4:c3:23:61:e8:67:d4:d7:24:ce:
13:89:55:8c:cf:c4:06:29:27:bd:a0:9f:83:58:59:
0c:40:12:fd:9e:da:5b:48:6d:11:e2:7c:f1:c3:74:
02:2f:11:0b:6a:9c:66:fc:b3:b2:fe:0b:be:4f:4c:
da:56:d4:b5:03:5f:7a:50:f0:a0:73:fa:8d:80:3f:
00:68:20:28:39:5e:14:be:44:78:f9:4c:67:7a:21:
0f:64:9f:0b:5c:7c:e2:09:4d:d9:cf:53:99:75:38:
f1:b1:68:d5:ce:f4:78:4e:cc:4b:3f:4e:c1:dd:c4:
d9:2c:9c:c9:73:07:fe:03:a0:d9:d2:a9:03:98:af:
2e:0c:f6:29:fa:4b:0b:72:0e:0b:83:98:83:69:60:
2b:05:cc:b2:f3:ed:79:92:71:06:d3:13:eb:ba:b4:
c6:f0:56:61:2f:a8:56:40:6a:16:c4:53:83:db:c7:
40:d3:73:f5:1e:96:02:19:83:ea:36:9f:a8:4e:df:
66:80:a0:d4:9b:d7:5f:e1:0c:fb:15:a7:8b:fe:47:
d1:e9:7c:68:a2:b8:05:38:7f:b5:32:8d:f6:6e:4c:
15:db:82:93:1c:fd:3e:da:80:cb:60:00:78:1e:0e:
ad:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:CF:C2:43:55:76:8D:EF:DE:F9:7E:61:8B:23:3D:A0:C0:12:AD:E9
X509v3 Authority Key Identifier:
keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/FM_CQ1V2je_e-X5hiyM9oMASrek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.3.85.0/24
188.234.152.0/21
IPv6:
2a02:2698:a100::/40
Signature Algorithm: sha256WithRSAEncryption
dd:f5:4a:5a:46:0d:a6:ab:00:9f:98:4f:38:ba:9d:d4:89:5b:
fc:06:6c:f7:67:e5:b4:e7:74:36:13:cf:f5:5e:1f:10:5e:02:
10:60:0e:4d:89:54:de:44:49:28:b7:46:ec:37:60:be:d9:f7:
1d:06:0d:a7:74:22:06:a0:28:ba:ae:d4:00:36:72:12:e8:6b:
93:1c:be:4c:64:79:50:bf:ab:97:63:c4:79:d5:96:ea:e6:a3:
77:c7:86:c6:51:b8:ed:5b:46:af:3b:55:f6:79:c8:fc:a4:17:
59:1a:be:1d:7e:5f:07:cb:09:37:2b:64:78:91:a9:93:30:99:
89:8f:75:e9:3f:89:b9:f8:72:4a:d4:56:69:64:98:3b:2b:64:
4d:8f:2d:b2:09:39:56:0f:dc:86:ea:95:06:60:00:79:55:44:
b8:f5:7a:87:19:03:89:ae:af:78:70:3f:19:4f:ad:5f:80:c1:
c5:58:e7:eb:5a:d1:2b:61:95:bc:3e:81:cd:d8:f1:e4:4e:c4:
3d:ed:a3:92:61:5f:2c:46:67:f2:bc:1a:2e:3a:20:40:99:03:
51:07:eb:21:b0:24:b4:4e:b9:72:4c:87:43:aa:55:37:45:ca:
82:eb:30:06:a5:98:f8:f0:52:e4:f9:1c:44:09:5d:28:6a:dd:
f2:25:ed:8d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVtyth0UaGaDE+w3XqWATAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjMwMTAxMTQ0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGNmYzI0MzU1NzY4ZGVmZGVmOTdlNjE4YjIzM2RhMGMwMTJhZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi97kSLWLCGRELlkRR+ij3pBqaOTD
I2HoZ9TXJM4TiVWMz8QGKSe9oJ+DWFkMQBL9ntpbSG0R4nzxw3QCLxELapxm/LOy
/gu+T0zaVtS1A196UPCgc/qNgD8AaCAoOV4UvkR4+UxneiEPZJ8LXHziCU3Zz1OZ
dTjxsWjVzvR4TsxLP07B3cTZLJzJcwf+A6DZ0qkDmK8uDPYp+ksLcg4Lg5iDaWAr
Bcyy8+15knEG0xPrurTG8FZhL6hWQGoWxFOD28dA03P1HpYCGYPqNp+oTt9mgKDU
m9df4Qz7FaeL/kfR6XxoorgFOH+1Mo32bkwV24KTHP0+2oDLYAB4Hg6tCQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFBTPwkNVdo3v3vl+YYsjPaDAEq3pMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvRk1fQ1ExVjJqZV9lLVg1aGl5TTlvTUFTcmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQABQNVAwQD
vOqYMA4EAgACMAgDBgAqAiaYoTANBgkqhkiG9w0BAQsFAAOCAQEA3fVKWkYNpqsA
n5hPOLqd1Ilb/AZs92fltOd0NhPP9V4fEF4CEGAOTYlU3kRJKLdG7Ddgvtn3HQYN
p3QiBqAouq7UADZyEuhrkxy+TGR5UL+rl2PEedWW6uajd8eGxlG47VtGrztV9nnI
/KQXWRq+HX5fB8sJNytkeJGpkzCZiY916T+JufhyStRWaWSYOytkTY8tsgk5Vg/c
huqVBmAAeVVEuPV6hxkDia6veHA/GU+tX4DBxVjn61rRK2GVvD6Bzdjx5E7EPe2j
kmFfLEZn8rwaLjogQJkDUQfrIbAktE65ckyHQ6pVN0XKguswBqWY+PBS5PkcRAld
KGrd8iXtjQ==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:52:13 2025 by rpki-client