Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/DKfw__yrXwh2qrbzGo0Vq7ZBkO0.roa
File: DKfw__yrXwh2qrbzGo0Vq7ZBkO0.roa (raw, json)
Hash identifier: pXU30/OvGcOZ29tU/SYTe6w56NpiY4BkkS3T8WbeDl8=
Subject key identifier: 0C:A7:F0:FF:FC:AB:5F:08:76:AA:B6:F3:1A:8D:15:AB:B6:41:90:ED
Certificate issuer: /CN=bc4f1e6b011f4d6331a127955a548fa5052580a5
Certificate serial: 018570428F5A2851404DEA36AA00C4110780
Authority key identifier: BC:4F:1E:6B:01:1F:4D:63:31:A1:27:95:5A:54:8F:A5:05:25:80:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/DKfw__yrXwh2qrbzGo0Vq7ZBkO0.roa
Signing time: Mon 02 Jan 2023 02:14:48 +0000
ROA not before: Mon 02 Jan 2023 02:14:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58080
IP address blocks: 185.128.164.0/22 maxlen: 22
185.136.192.0/24 maxlen: 24
185.136.192.0/22 maxlen: 22
185.136.194.0/24 maxlen: 24
185.136.193.0/24 maxlen: 24
185.136.195.0/24 maxlen: 24
185.128.154.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:42:8f:5a:28:51:40:4d:ea:36:aa:00:c4:11:07:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc4f1e6b011f4d6331a127955a548fa5052580a5
Validity
Not Before: Jan 2 02:14:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0ca7f0fffcab5f0876aab6f31a8d15abb64190ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:6c:64:9a:2a:5d:67:f7:b8:3f:cd:42:04:3b:
58:23:58:c0:bd:98:68:e5:23:16:65:69:39:0c:4b:
81:4d:cd:b3:ba:2c:21:fc:35:02:eb:25:8b:0c:fc:
3d:26:92:f0:dc:d7:47:a6:e2:96:28:33:1b:d0:34:
3e:48:60:35:cb:43:08:70:7f:c0:b0:09:e5:38:41:
7b:2d:3e:06:58:83:7d:e5:aa:f1:38:f3:9d:24:63:
b6:1d:d5:6b:4e:d4:1d:27:fa:b8:a7:40:5a:9b:18:
e7:05:a4:56:eb:96:0a:66:23:e2:a1:f9:9d:cb:14:
6f:50:d8:e9:2b:75:61:d8:f1:fd:8c:24:e0:a0:5c:
73:b9:44:8d:85:37:bb:26:ef:ff:8c:eb:50:d4:80:
09:9f:90:a1:80:3f:fd:0d:d0:8c:d9:eb:b1:e2:ec:
29:47:70:bc:1e:b2:74:4a:cf:75:c8:46:e3:14:af:
7c:2c:54:8b:ff:ad:6d:ee:8d:9a:99:d3:eb:5a:ac:
87:d2:af:b6:c6:c1:c1:48:7f:77:8f:d7:88:08:c5:
ce:bb:2c:db:e4:88:2c:f3:14:67:53:dd:96:07:3e:
ba:ef:95:70:af:73:3e:56:48:28:44:cb:66:50:f8:
5a:94:83:2e:38:bc:f4:fb:78:32:e2:c9:05:55:13:
61:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:A7:F0:FF:FC:AB:5F:08:76:AA:B6:F3:1A:8D:15:AB:B6:41:90:ED
X509v3 Authority Key Identifier:
keyid:BC:4F:1E:6B:01:1F:4D:63:31:A1:27:95:5A:54:8F:A5:05:25:80:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/DKfw__yrXwh2qrbzGo0Vq7ZBkO0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.128.154.0/23
185.128.164.0/22
185.136.192.0/22
Signature Algorithm: sha256WithRSAEncryption
4d:b5:00:da:86:74:38:5f:b9:65:12:93:61:0f:d6:79:83:3d:
1a:f3:7f:63:c6:50:87:a8:bc:e7:7b:34:7b:46:a3:ef:09:a1:
ea:c0:53:fc:8f:3b:da:2e:c5:cf:bd:7d:31:24:4c:20:81:b4:
59:42:46:fc:86:a7:d6:19:16:0f:57:5a:91:27:5a:d8:3f:86:
9b:6b:ea:ca:5d:9e:aa:ae:41:8c:24:84:2a:9b:8a:97:c6:a2:
7f:3f:24:d3:29:0d:2d:32:b2:05:f1:db:aa:c9:b5:1c:e5:bb:
15:55:fd:42:31:89:6c:11:18:9c:25:31:15:49:ba:c4:d2:d9:
16:ac:4d:5d:ae:91:23:4f:22:67:30:0b:3e:60:a5:85:ac:b3:
c6:2d:69:b2:a3:da:31:84:ad:0a:17:0a:4f:20:1b:77:d1:cb:
88:dc:91:10:51:1a:03:aa:85:68:28:81:e7:62:48:3f:d5:e9:
ed:1f:62:24:4d:fc:b5:1f:4e:a7:6d:a9:7a:dd:3d:46:a3:c7:
a8:c2:f1:19:d3:b2:3b:e9:9f:70:0e:0f:06:a0:a5:1e:13:15:
3c:27:13:b4:7b:45:a8:6d:9d:f7:d9:d9:b1:e7:6e:22:48:39:
88:6f:6e:8a:59:f0:ce:20:91:c9:9e:04:a6:13:cd:8a:7e:2b:
e5:b6:b5:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVwQo9aKFFATeo2qgDEEQeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNGYxZTZiMDExZjRkNjMzMWExMjc5NTVhNTQ4ZmE1MDUy
NTgwYTUwHhcNMjMwMTAyMDIxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E3ZjBmZmZjYWI1ZjA4NzZhYWI2ZjMxYThkMTVhYmI2NDE5MGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2xkmipdZ/e4P81CBDtYI1jAvZho
5SMWZWk5DEuBTc2zuiwh/DUC6yWLDPw9JpLw3NdHpuKWKDMb0DQ+SGA1y0MIcH/A
sAnlOEF7LT4GWIN95arxOPOdJGO2HdVrTtQdJ/q4p0BamxjnBaRW65YKZiPiofmd
yxRvUNjpK3Vh2PH9jCTgoFxzuUSNhTe7Ju//jOtQ1IAJn5ChgD/9DdCM2eux4uwp
R3C8HrJ0Ss91yEbjFK98LFSL/61t7o2amdPrWqyH0q+2xsHBSH93j9eICMXOuyzb
5Igs8xRnU92WBz6675Vwr3M+VkgoRMtmUPhalIMuOLz0+3gy4skFVRNh2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAyn8P/8q18Idqq28xqNFau2QZDtMB8GA1UdIwQY
MBaAFLxPHmsBH01jMaEnlVpUj6UFJYClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkU4ZWF3RWZUV014b1NlVldsU1BwUVVsZ0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi82NmEyMzctOWJjNS00YWJkLTliOGIt
YzU1NDc2NzU5ZDBjLzEvREtmd19feXJYd2gycXJiekdvMFZxN1pCa08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi82NmEyMzctOWJjNS00YWJkLTliOGItYzU1NDc2NzU5ZDBj
LzEvdkU4ZWF3RWZUV014b1NlVldsU1BwUVVsZ0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuYCaAwQC
uYCkAwQCuYjAMA0GCSqGSIb3DQEBCwUAA4IBAQBNtQDahnQ4X7llEpNhD9Z5gz0a
839jxlCHqLznezR7RqPvCaHqwFP8jzvaLsXPvX0xJEwggbRZQkb8hqfWGRYPV1qR
J1rYP4aba+rKXZ6qrkGMJIQqm4qXxqJ/PyTTKQ0tMrIF8duqybUc5bsVVf1CMYls
ERicJTEVSbrE0tkWrE1drpEjTyJnMAs+YKWFrLPGLWmyo9oxhK0KFwpPIBt30cuI
3JEQURoDqoVoKIHnYkg/1entH2IkTfy1H06nbal63T1Go8eowvEZ07I76Z9wDg8G
oKUeExU8JxO0e0WobZ332dmx524iSDmIb26KWfDOIJHJngSmE82KfivltrUO
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:23:01 2025 by rpki-client