Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/f8BLzQFqwZa_STuu2_K3MeE3_T4.roa
File: f8BLzQFqwZa_STuu2_K3MeE3_T4.roa (raw, json)
Hash identifier: rTXiuhGQfnOiEWY6QxQJl5dSMBgDFNKbTVYjpkUSTHE=
Subject key identifier: 7F:C0:4B:CD:01:6A:C1:96:BF:49:3B:AE:DB:F2:B7:31:E1:37:FD:3E
Certificate issuer: /CN=0057ad09ae9a1a98012275851aabe69e4e15a2f4
Certificate serial: 018572E8236F0D010DECE7A6E534C84F3E46
Authority key identifier: 00:57:AD:09:AE:9A:1A:98:01:22:75:85:1A:AB:E6:9E:4E:15:A2:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/f8BLzQFqwZa_STuu2_K3MeE3_T4.roa
Signing time: Mon 02 Jan 2023 14:34:54 +0000
ROA not before: Mon 02 Jan 2023 14:34:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209304
IP address blocks: 213.217.12.0/22 maxlen: 24
5.11.56.0/22 maxlen: 24
2a09:5940::/29 maxlen: 40
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:e8:23:6f:0d:01:0d:ec:e7:a6:e5:34:c8:4f:3e:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0057ad09ae9a1a98012275851aabe69e4e15a2f4
Validity
Not Before: Jan 2 14:34:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7fc04bcd016ac196bf493baedbf2b731e137fd3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:6a:73:e3:1d:02:c6:8b:dc:74:6d:e0:05:42:
44:c2:ad:c0:17:b6:ee:72:72:27:75:e4:ad:aa:c8:
15:8a:c2:dc:2f:3a:e9:db:3d:1e:b6:75:a2:26:d5:
d6:4e:ae:92:f6:1a:d1:9d:c2:d7:02:3a:8a:91:c6:
57:d6:b8:e6:67:0d:79:3c:bf:6c:5b:b0:43:39:03:
e5:c3:fa:29:3c:28:66:96:86:3e:50:e3:8d:5f:b0:
24:92:f0:ba:8b:97:4e:b1:d6:49:b5:97:db:63:bb:
de:83:0a:78:f3:ac:4f:c1:89:87:b0:19:35:f5:7e:
44:48:c1:43:8f:cd:99:43:4a:97:50:26:32:4e:e8:
67:93:93:7a:9b:f3:0e:5f:83:11:8e:28:b7:61:97:
a1:10:5a:26:cb:48:ca:60:d8:81:8f:b7:72:18:ed:
bc:db:50:4c:da:a4:01:e4:b0:1d:a1:5e:4d:0b:2c:
90:d2:25:f3:72:9a:02:ee:05:8e:cc:51:e0:fb:c5:
db:76:c9:71:28:b8:38:2a:4d:06:10:be:4a:97:39:
83:26:18:69:8b:33:00:a1:cd:13:fe:14:ee:f2:03:
d5:8b:fa:11:63:e2:38:93:0b:be:8e:a7:5c:03:86:
ef:26:b1:d7:af:97:3e:53:3c:d6:37:e4:a7:04:7b:
a4:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:C0:4B:CD:01:6A:C1:96:BF:49:3B:AE:DB:F2:B7:31:E1:37:FD:3E
X509v3 Authority Key Identifier:
keyid:00:57:AD:09:AE:9A:1A:98:01:22:75:85:1A:AB:E6:9E:4E:15:A2:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/f8BLzQFqwZa_STuu2_K3MeE3_T4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.11.56.0/22
213.217.12.0/22
IPv6:
2a09:5940::/29
Signature Algorithm: sha256WithRSAEncryption
43:bf:ca:f0:f0:d4:0b:e3:31:3d:a5:65:2c:0d:b4:31:f0:14:
af:3e:b5:bf:ba:3b:ea:e9:c9:aa:78:f3:6e:a6:26:70:68:a7:
19:a3:f3:05:f3:5b:29:44:1d:79:8d:ee:ac:71:bc:37:01:3e:
0b:dc:42:70:0a:95:51:50:f2:8d:19:9b:99:90:31:db:2e:7f:
9b:27:44:b5:3d:4f:1c:b8:4b:1e:d8:94:a3:a1:09:db:65:3f:
7a:c9:ce:1e:73:c3:30:b3:24:d7:bf:3e:26:b5:75:55:2c:ba:
21:da:de:28:6c:1b:a2:dc:82:70:85:32:af:d2:a4:e6:c5:5d:
94:de:8a:5d:f0:96:14:2d:00:a8:33:a1:a3:e9:12:38:33:f3:
48:2f:32:04:10:0d:be:cf:bd:9f:f2:33:a7:29:75:cc:55:33:
c8:1d:b6:87:cf:ec:47:a6:c5:97:54:31:a8:53:e5:1f:b6:b0:
11:2e:11:1e:85:56:c6:dd:66:8e:fb:d1:26:b2:17:db:82:51:
d7:d7:b8:b9:8c:83:19:d4:10:93:40:81:d5:58:7d:17:02:33:
57:c5:f8:06:9c:4d:34:b8:68:0b:e5:99:6f:a8:c3:32:c5:f0:
fa:0b:a5:9a:42:2b:39:32:90:d0:7f:64:09:81:82:68:42:07:
b2:7f:79:f4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVy6CNvDQEN7Oem5TTITz5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNTdhZDA5YWU5YTFhOTgwMTIyNzU4NTFhYWJlNjllNGUx
NWEyZjQwHhcNMjMwMTAyMTQzNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmMwNGJjZDAxNmFjMTk2YmY0OTNiYWVkYmYyYjczMWUxMzdmZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWpz4x0CxovcdG3gBUJEwq3AF7bu
cnIndeStqsgVisLcLzrp2z0etnWiJtXWTq6S9hrRncLXAjqKkcZX1rjmZw15PL9s
W7BDOQPlw/opPChmloY+UOONX7AkkvC6i5dOsdZJtZfbY7vegwp486xPwYmHsBk1
9X5ESMFDj82ZQ0qXUCYyTuhnk5N6m/MOX4MRjii3YZehEFomy0jKYNiBj7dyGO28
21BM2qQB5LAdoV5NCyyQ0iXzcpoC7gWOzFHg+8XbdslxKLg4Kk0GEL5KlzmDJhhp
izMAoc0T/hTu8gPVi/oRY+I4kwu+jqdcA4bvJrHXr5c+UzzWN+SnBHukUQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH/AS80BasGWv0k7rtvytzHhN/0+MB8GA1UdIwQY
MBaAFABXrQmumhqYASJ1hRqr5p5OFaL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZldENhNmFHcGdCSW5XRkdxdm1uazRWb3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy80YzMyYjktZjc3NS00ODY4LTkyM2Qt
ZGNhMzhkNTlhMTU4LzEvZjhCTHpRRnF3WmFfU1R1dTJfSzNNZUUzX1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy80YzMyYjktZjc3NS00ODY4LTkyM2QtZGNhMzhkNTlhMTU4
LzEvQUZldENhNmFHcGdCSW5XRkdxdm1uazRWb3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBQs4AwQC
1dkMMA0EAgACMAcDBQMqCVlAMA0GCSqGSIb3DQEBCwUAA4IBAQBDv8rw8NQL4zE9
pWUsDbQx8BSvPrW/ujvq6cmqePNupiZwaKcZo/MF81spRB15je6scbw3AT4L3EJw
CpVRUPKNGZuZkDHbLn+bJ0S1PU8cuEse2JSjoQnbZT96yc4ec8MwsyTXvz4mtXVV
LLoh2t4obBui3IJwhTKv0qTmxV2U3opd8JYULQCoM6Gj6RI4M/NILzIEEA2+z72f
8jOnKXXMVTPIHbaHz+xHpsWXVDGoU+UftrARLhEehVbG3WaO+9EmshfbglHX17i5
jIMZ1BCTQIHVWH0XAjNXxfgGnE00uGgL5ZlvqMMyxfD6C6WaQis5MpDQf2QJgYJo
Qgeyf3n0
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:34:37 2025 by rpki-client