Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/D7dBBMcWjqJVw7BTuWI1VG8f8as.roa
File: D7dBBMcWjqJVw7BTuWI1VG8f8as.roa (raw, json)
Hash identifier: eWkP9eYS6qBR+jmTIHTN9sfOoiHA/PU2us/p6OMe/IM=
Subject key identifier: 0F:B7:41:04:C7:16:8E:A2:55:C3:B0:53:B9:62:35:54:6F:1F:F1:AB
Certificate issuer: /CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Certificate serial: 01856EA6AA96A2D96647A1457580E90538F2
Authority key identifier: D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/D7dBBMcWjqJVw7BTuWI1VG8f8as.roa
Signing time: Sun 01 Jan 2023 18:44:54 +0000
ROA not before: Sun 01 Jan 2023 18:44:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205334
IP address blocks: 185.193.173.0/24 maxlen: 24
185.193.175.0/24 maxlen: 24
185.193.174.0/24 maxlen: 24
185.211.41.0/24 maxlen: 24
176.119.132.0/23 maxlen: 23
176.119.132.0/24 maxlen: 24
176.119.132.0/22 maxlen: 22
185.214.169.0/24 maxlen: 24
176.119.134.0/24 maxlen: 24
176.119.134.0/23 maxlen: 23
176.119.133.0/24 maxlen: 24
176.119.135.0/24 maxlen: 24
185.193.172.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:a6:aa:96:a2:d9:66:47:a1:45:75:80:e9:05:38:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Validity
Not Before: Jan 1 18:44:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0fb74104c7168ea255c3b053b96235546f1ff1ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:64:32:b3:c6:30:d6:f6:80:c1:3f:fe:12:36:
e1:a9:91:33:81:d5:39:99:7b:bc:6a:ac:9a:9e:ea:
b7:dc:a1:46:18:d2:89:45:ba:91:f0:21:24:38:dc:
bb:5d:75:84:11:57:aa:4e:5c:e2:a7:d6:bf:41:c9:
04:b7:d2:64:00:ef:85:cb:53:61:04:61:bd:53:69:
2b:c2:14:91:d4:3c:36:81:fe:45:e2:68:8f:1f:42:
35:d2:c5:5b:52:c4:f0:de:b3:37:9d:0d:4b:21:49:
74:2e:1b:46:f6:b0:50:b9:b8:49:b0:d7:4b:e2:46:
db:5c:6c:7f:84:64:8b:54:85:07:f9:45:18:fd:f5:
16:9d:a0:94:3f:b3:f6:c5:33:1b:c9:ef:87:e1:63:
a0:c9:60:4f:3f:8a:2a:96:2e:7c:94:d1:b1:37:ca:
30:55:b9:cf:d4:7d:75:17:e1:c8:c8:0a:93:82:c7:
2e:b1:1e:26:16:c2:e4:f4:17:bc:92:7c:9b:59:12:
58:bc:28:48:5e:15:97:a0:93:b3:69:e7:83:f4:d6:
da:57:a0:d7:0e:a2:f0:bf:9f:d3:71:47:67:70:42:
63:8f:fa:64:ba:a3:24:82:7a:30:86:12:70:fb:7c:
23:39:e7:9e:29:48:6a:74:9c:59:04:7e:3f:87:58:
e2:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:B7:41:04:C7:16:8E:A2:55:C3:B0:53:B9:62:35:54:6F:1F:F1:AB
X509v3 Authority Key Identifier:
keyid:D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/D7dBBMcWjqJVw7BTuWI1VG8f8as.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.132.0/22
185.193.172.0/22
185.211.41.0/24
185.214.169.0/24
Signature Algorithm: sha256WithRSAEncryption
c6:ef:6f:84:db:8c:13:2d:69:6c:dc:8d:2d:9c:ee:78:1c:e6:
4e:69:24:4b:86:82:27:2e:51:13:45:58:65:ba:78:37:af:eb:
4b:61:41:c7:08:fa:f0:e0:92:b3:07:2b:1c:18:4d:77:a0:3d:
c0:9a:10:01:6e:cd:d1:3b:6e:ad:d4:4a:b3:81:13:e6:2c:bf:
0b:ae:04:4e:3a:d3:87:7f:d0:4a:a1:d5:36:98:8c:4e:a1:cc:
99:f6:eb:87:7f:97:f7:f7:8d:1a:79:a9:f2:c6:bf:82:60:b7:
ae:05:75:b8:c9:8c:9e:9a:af:08:b5:33:63:ce:8c:82:d0:51:
04:08:aa:52:1d:cd:fa:22:70:ef:b3:cf:9c:91:a2:df:65:5c:
0c:43:57:1b:8f:ca:88:17:e5:6e:17:55:ee:7d:21:5a:d5:e1:
1f:9c:9d:2e:f8:a1:a1:b2:79:32:28:3a:63:68:5d:57:69:dc:
d4:03:c7:81:fa:cd:6f:e2:2f:62:94:4c:36:67:9d:99:32:44:
96:f5:d2:e7:d3:05:ff:5a:e5:48:95:c7:8d:51:b0:75:dc:0f:
7d:c5:36:8a:5c:93:98:cd:86:10:9f:ba:e9:b7:12:fc:c1:b7:
50:bd:03:f5:12:8d:ff:4b:e9:cc:13:66:b5:c6:fd:f2:d2:32:
fe:c9:9c:b4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVupqqWotlmR6FFdYDpBTjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2JmNGZiZWE4OTRmNDNlZWIzZGIxYjIxNmU1Nzc2NmUw
MWFiODEwHhcNMjMwMTAxMTg0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmI3NDEwNGM3MTY4ZWEyNTVjM2IwNTNiOTYyMzU1NDZmMWZmMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmQys8Yw1vaAwT/+EjbhqZEzgdU5
mXu8aqyanuq33KFGGNKJRbqR8CEkONy7XXWEEVeqTlzip9a/QckEt9JkAO+Fy1Nh
BGG9U2krwhSR1Dw2gf5F4miPH0I10sVbUsTw3rM3nQ1LIUl0LhtG9rBQubhJsNdL
4kbbXGx/hGSLVIUH+UUY/fUWnaCUP7P2xTMbye+H4WOgyWBPP4oqli58lNGxN8ow
VbnP1H11F+HIyAqTgscusR4mFsLk9Be8knybWRJYvChIXhWXoJOzaeeD9NbaV6DX
DqLwv5/TcUdncEJjj/pkuqMkgnowhhJw+3wjOeeeKUhqdJxZBH4/h1ji/QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFA+3QQTHFo6iVcOwU7liNVRvH/GrMB8GA1UdIwQY
MBaAFNF79PvqiU9D7rPbGyFuV3ZuAauBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDIt
MmMyMDFkMzBhZTA1LzEvRDdkQkJNY1dqcUpWdzdCVHVXSTFWRzhmOGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDItMmMyMDFkMzBhZTA1
LzEvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCsHeEAwQC
ucGsAwQAudMpAwQAudapMA0GCSqGSIb3DQEBCwUAA4IBAQDG72+E24wTLWls3I0t
nO54HOZOaSRLhoInLlETRVhlung3r+tLYUHHCPrw4JKzByscGE13oD3AmhABbs3R
O26t1EqzgRPmLL8LrgROOtOHf9BKodU2mIxOocyZ9uuHf5f3940aeanyxr+CYLeu
BXW4yYyemq8ItTNjzoyC0FEECKpSHc36InDvs8+ckaLfZVwMQ1cbj8qIF+VuF1Xu
fSFa1eEfnJ0u+KGhsnkyKDpjaF1XadzUA8eB+s1v4i9ilEw2Z52ZMkSW9dLn0wX/
WuVIlceNUbB13A99xTaKXJOYzYYQn7rptxL8wbdQvQP1Eo3/S+nME2a1xv3y0jL+
yZy0
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:13 2025 by rpki-client