Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/qfo9tgixRCD9HacugtI-zk7scvU.roa
File: qfo9tgixRCD9HacugtI-zk7scvU.roa (raw, json)
Hash identifier: AxLqaMOtC4ak3cE4wzyW4Qn9Tb8wr44fA2snNhtjE8g=
Subject key identifier: A9:FA:3D:B6:08:B1:44:20:FD:1D:A7:2E:82:D2:3E:CE:4E:EC:72:F5
Certificate issuer: /CN=23ef9de2152aef1b2a62a31fb2f35e8590b3ad84
Certificate serial: 018C1C4E9675F81D91243BFEDC122DDA0C25
Authority key identifier: 23:EF:9D:E2:15:2A:EF:1B:2A:62:A3:1F:B2:F3:5E:85:90:B3:AD:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I--d4hUq7xsqYqMfsvNehZCzrYQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/qfo9tgixRCD9HacugtI-zk7scvU.roa
Signing time: Wed 29 Nov 2023 18:19:21 +0000
ROA not before: Wed 29 Nov 2023 18:19:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208244
IP address blocks: 5.180.115.0/24 maxlen: 24
83.171.196.0/22 maxlen: 22
146.19.219.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1c:4e:96:75:f8:1d:91:24:3b:fe:dc:12:2d:da:0c:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23ef9de2152aef1b2a62a31fb2f35e8590b3ad84
Validity
Not Before: Nov 29 18:19:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a9fa3db608b14420fd1da72e82d23ece4eec72f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:2e:a5:3b:1d:e6:b5:07:dd:1c:c8:78:6a:11:
6f:9c:05:79:4d:b2:80:b2:f9:0a:33:1f:a7:cf:46:
e6:3b:27:66:5b:62:5e:59:e8:fd:8c:63:1c:b9:8f:
ba:b3:67:b2:1e:0f:a1:68:ed:76:db:f0:16:9e:99:
f4:b5:34:c2:a7:63:39:ad:83:dd:28:42:62:80:20:
4b:ed:14:e4:a7:50:51:d6:e5:a4:26:60:54:24:8c:
36:d0:4e:a7:07:25:45:62:cc:cb:30:da:69:15:a2:
49:a4:7f:ba:78:95:c4:ed:cb:c0:5f:c4:f9:1c:a5:
47:38:5b:4f:c6:d9:03:34:67:31:46:2f:07:3b:75:
6e:6e:21:40:dc:ce:a6:12:e3:82:c6:b3:3a:af:fa:
35:ac:04:25:8c:b5:98:3b:b9:ae:6b:7b:6a:b4:1c:
75:4f:04:4f:76:37:43:e4:46:5c:6f:4a:fc:63:38:
1d:d1:d0:49:92:eb:df:8e:e1:d4:20:0a:18:f6:2d:
1c:d9:09:e7:92:5e:47:3e:88:6b:5c:1f:73:1d:f7:
07:b7:53:e0:75:75:bf:0d:83:86:bb:04:4b:fc:87:
5f:55:8e:30:f2:fb:52:c0:c2:12:31:d8:88:8f:3b:
e9:db:8e:d1:ee:32:1c:fe:7b:25:0e:e2:ff:4d:4e:
f8:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:FA:3D:B6:08:B1:44:20:FD:1D:A7:2E:82:D2:3E:CE:4E:EC:72:F5
X509v3 Authority Key Identifier:
keyid:23:EF:9D:E2:15:2A:EF:1B:2A:62:A3:1F:B2:F3:5E:85:90:B3:AD:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I--d4hUq7xsqYqMfsvNehZCzrYQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/qfo9tgixRCD9HacugtI-zk7scvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/I--d4hUq7xsqYqMfsvNehZCzrYQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.115.0/24
83.171.196.0/22
146.19.219.0/24
Signature Algorithm: sha256WithRSAEncryption
b5:a1:8b:c3:c8:99:3c:bd:92:5c:27:c8:9b:0d:50:1d:44:6b:
91:ed:f1:c4:aa:8a:7a:e0:d1:9b:70:06:05:28:62:2b:27:ba:
1e:ab:f8:58:e0:44:56:c8:69:d7:e2:1e:56:83:c0:9e:b5:3f:
d4:8f:a1:11:6c:5c:22:e9:9d:bc:2a:15:2f:d5:52:fc:53:24:
14:4e:8b:9e:0a:6b:34:fe:b3:7e:79:c4:e3:aa:36:58:ba:44:
4b:d8:3c:60:42:e7:5e:d2:6c:8c:8b:a5:91:65:1e:76:0b:c0:
ac:86:b7:ed:66:33:1f:b9:e5:71:91:63:51:c5:ae:e3:db:3d:
1a:df:80:52:9a:84:78:8e:bc:07:e1:e3:32:90:4b:de:92:09:
8c:35:71:45:9e:ef:d6:71:a2:a0:de:17:00:d5:0a:b7:a1:03:
86:58:ab:e4:d3:bb:06:65:cb:41:fd:c9:93:0e:09:cc:44:6a:
25:2a:a4:77:02:ec:31:21:04:00:78:eb:a0:d5:21:94:2a:12:
53:8f:00:a4:9e:30:0b:2c:08:14:d4:07:2f:40:51:11:53:7e:
ef:04:3d:4e:88:38:67:a3:e0:13:6b:b9:1d:0a:03:10:c9:e9:
5f:cc:05:cf:d2:56:dd:d6:ad:30:c4:be:a2:47:eb:bc:f7:78:
8e:cc:6b:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYwcTpZ1+B2RJDv+3BIt2gwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZWY5ZGUyMTUyYWVmMWIyYTYyYTMxZmIyZjM1ZTg1OTBi
M2FkODQwHhcNMjMxMTI5MTgxOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWZhM2RiNjA4YjE0NDIwZmQxZGE3MmU4MmQyM2VjZTRlZWM3MmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS6lOx3mtQfdHMh4ahFvnAV5TbKA
svkKMx+nz0bmOydmW2JeWej9jGMcuY+6s2eyHg+haO122/AWnpn0tTTCp2M5rYPd
KEJigCBL7RTkp1BR1uWkJmBUJIw20E6nByVFYszLMNppFaJJpH+6eJXE7cvAX8T5
HKVHOFtPxtkDNGcxRi8HO3VubiFA3M6mEuOCxrM6r/o1rAQljLWYO7mua3tqtBx1
TwRPdjdD5EZcb0r8Yzgd0dBJkuvfjuHUIAoY9i0c2Qnnkl5HPohrXB9zHfcHt1Pg
dXW/DYOGuwRL/IdfVY4w8vtSwMISMdiIjzvp247R7jIc/nslDuL/TU744QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKn6PbYIsUQg/R2nLoLSPs5O7HL1MB8GA1UdIwQY
MBaAFCPvneIVKu8bKmKjH7LzXoWQs62EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS0tZDRoVXE3eHNxWXFNZnN2TmVoWkN6cllRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jM2YzY2MtYzU2Yi00ZDM1LWI3N2Yt
M2JjNmViMGEzNDdmLzEvcWZvOXRnaXhSQ0Q5SGFjdWd0SS16azdzY3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jM2YzY2MtYzU2Yi00ZDM1LWI3N2YtM2JjNmViMGEzNDdm
LzEvSS0tZDRoVXE3eHNxWXFNZnN2TmVoWkN6cllRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbRzAwQC
U6vEAwQAkhPbMA0GCSqGSIb3DQEBCwUAA4IBAQC1oYvDyJk8vZJcJ8ibDVAdRGuR
7fHEqop64NGbcAYFKGIrJ7oeq/hY4ERWyGnX4h5Wg8CetT/Uj6ERbFwi6Z28KhUv
1VL8UyQUToueCms0/rN+ecTjqjZYukRL2DxgQude0myMi6WRZR52C8CshrftZjMf
ueVxkWNRxa7j2z0a34BSmoR4jrwH4eMykEvekgmMNXFFnu/WcaKg3hcA1Qq3oQOG
WKvk07sGZctB/cmTDgnMRGolKqR3AuwxIQQAeOug1SGUKhJTjwCknjALLAgU1Acv
QFERU37vBD1OiDhno+ATa7kdCgMQyelfzAXP0lbd1q0wxL6iR+u893iOzGu1
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:53:52 2025 by rpki-client