Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/9omyuzii21Slz5R2CgFMZW1buZE.roa
File: 9omyuzii21Slz5R2CgFMZW1buZE.roa (raw, json)
Hash identifier: 7bFlXKCeS9N3W1hMRylLyV0iS35E6NFsqTIP8tohrik=
Subject key identifier: F6:89:B2:BB:38:A2:DB:54:A5:CF:94:76:0A:01:4C:65:6D:5B:B9:91
Certificate issuer: /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial: 018B430115ABB0F5FCD7A2D401CADDE6B343
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/9omyuzii21Slz5R2CgFMZW1buZE.roa
Signing time: Wed 18 Oct 2023 13:37:06 +0000
ROA not before: Wed 18 Oct 2023 13:37:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202306
IP address blocks: 109.237.96.0/22 maxlen: 22
109.237.97.0/24 maxlen: 24
109.237.98.0/24 maxlen: 24
109.237.98.0/23 maxlen: 23
109.237.96.0/24 maxlen: 24
109.237.96.0/23 maxlen: 23
109.237.99.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:01:15:ab:b0:f5:fc:d7:a2:d4:01:ca:dd:e6:b3:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
Validity
Not Before: Oct 18 13:37:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f689b2bb38a2db54a5cf94760a014c656d5bb991
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:fc:eb:f9:da:77:93:9d:92:91:69:67:5e:94:
f6:ce:27:76:d6:31:d7:f0:f2:92:c8:87:6c:5a:bd:
5e:e1:f8:8f:fe:20:4e:0e:40:0f:b5:93:50:b9:ed:
b9:4a:51:c2:b9:2e:00:a3:72:82:69:57:8d:40:a4:
81:07:64:97:a3:ef:87:ac:64:22:ec:09:96:32:77:
c4:c3:d8:8c:e5:6d:c6:b2:2d:4d:6a:3e:a7:3d:e8:
54:64:c3:25:03:97:27:f5:9e:bf:99:70:e0:f5:31:
b2:50:e0:8d:10:c3:c5:67:d0:2c:eb:0c:a3:f8:c3:
17:fa:30:2a:3a:42:ae:80:57:e1:9a:1e:b3:a1:dc:
18:45:85:70:91:da:84:ea:0a:4c:0a:51:85:33:4e:
a3:f7:da:61:1f:a9:dd:0b:ed:fb:0c:54:46:45:80:
dc:d8:f5:eb:9f:3f:e0:04:27:bf:97:f2:5e:9c:81:
55:a9:51:56:f4:0e:14:85:70:d7:97:4e:bb:3b:92:
f7:e7:99:58:45:72:47:f2:b1:47:7b:93:ce:5a:a8:
3d:45:48:0d:cf:cd:84:87:63:00:b2:f1:16:37:80:
05:29:54:cb:8a:6c:96:e5:3d:95:f8:37:83:bb:74:
1e:c3:85:55:3e:af:81:ee:73:09:2c:48:6c:4c:1a:
08:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:89:B2:BB:38:A2:DB:54:A5:CF:94:76:0A:01:4C:65:6D:5B:B9:91
X509v3 Authority Key Identifier:
keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/9omyuzii21Slz5R2CgFMZW1buZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.237.96.0/22
Signature Algorithm: sha256WithRSAEncryption
17:69:97:7c:df:d4:28:fc:b7:a7:10:1a:e3:96:8e:44:47:60:
6e:2e:70:9e:d0:91:e3:6c:76:0c:2e:d5:1a:66:d8:55:45:d5:
4e:fc:ef:4c:74:b3:b4:0c:41:0c:66:98:20:6c:1c:de:3b:19:
9e:a9:fb:0f:5b:74:e1:b4:af:7b:ef:fe:56:98:ad:ab:96:65:
e5:31:c1:eb:15:cc:24:4f:00:c0:d8:2c:d3:23:ec:7a:7d:23:
24:c9:c7:cd:8f:c5:ca:be:03:f6:8e:88:36:ab:fa:17:51:fa:
1c:42:15:5f:6b:d8:48:cc:cb:4c:42:ff:03:ef:e2:f4:0b:1b:
37:f1:3b:ee:7a:4a:08:fb:82:d1:4d:bd:36:df:8e:26:21:ad:
f3:b7:9b:f3:5b:3a:e0:54:44:ee:0a:a1:5a:df:bb:a3:f9:f1:
f1:3a:23:f6:c3:75:52:5b:8a:15:1d:3b:d9:c5:12:92:83:5e:
92:a4:51:3c:c3:7a:c1:f1:fe:8a:8c:98:73:4c:3c:94:a4:70:
c3:3c:8a:a2:6a:e6:1e:2f:6d:55:f1:3d:67:9a:40:97:27:b5:
d6:8a:6b:e2:ff:39:7c:86:d0:b3:fe:79:35:15:61:cb:2a:c8:
e3:71:89:41:e9:45:f5:18:72:7e:f5:5b:f9:1e:99:7e:f1:ae:
0b:7f:b0:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtDARWrsPX816LUAcrd5rNDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjMxMDE4MTMzNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjg5YjJiYjM4YTJkYjU0YTVjZjk0NzYwYTAxNGM2NTZkNWJiOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/zr+dp3k52SkWlnXpT2zid21jHX
8PKSyIdsWr1e4fiP/iBODkAPtZNQue25SlHCuS4Ao3KCaVeNQKSBB2SXo++HrGQi
7AmWMnfEw9iM5W3Gsi1Naj6nPehUZMMlA5cn9Z6/mXDg9TGyUOCNEMPFZ9As6wyj
+MMX+jAqOkKugFfhmh6zodwYRYVwkdqE6gpMClGFM06j99phH6ndC+37DFRGRYDc
2PXrnz/gBCe/l/JenIFVqVFW9A4UhXDXl067O5L355lYRXJH8rFHe5POWqg9RUgN
z82Eh2MAsvEWN4AFKVTLimyW5T2V+DeDu3Qew4VVPq+B7nMJLEhsTBoImQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPaJsrs4ottUpc+UdgoBTGVtW7mRMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvOW9teXV6aWkyMVNsejVSMkNnRk1aVzFidVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbe1gMA0G
CSqGSIb3DQEBCwUAA4IBAQAXaZd839Qo/LenEBrjlo5ER2BuLnCe0JHjbHYMLtUa
ZthVRdVO/O9MdLO0DEEMZpggbBzeOxmeqfsPW3ThtK977/5WmK2rlmXlMcHrFcwk
TwDA2CzTI+x6fSMkycfNj8XKvgP2jog2q/oXUfocQhVfa9hIzMtMQv8D7+L0Cxs3
8TvuekoI+4LRTb02344mIa3zt5vzWzrgVETuCqFa37uj+fHxOiP2w3VSW4oVHTvZ
xRKSg16SpFE8w3rB8f6KjJhzTDyUpHDDPIqiauYeL21V8T1nmkCXJ7XWimvi/zl8
htCz/nk1FWHLKsjjcYlB6UX1GHJ+9Vv5Hpl+8a4Lf7DV
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:01:42 2025 by rpki-client