Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/2sD-TiEn_r4BD-RLYM5Rv31wdX4.roa
File: 2sD-TiEn_r4BD-RLYM5Rv31wdX4.roa (raw, json)
Hash identifier: 0NA5s6sb+ZGPCr5tzsxHlwhWj+ZhGkosYO62bKaE9FU=
Subject key identifier: DA:C0:FE:4E:21:27:FE:BE:01:0F:E4:4B:60:CE:51:BF:7D:70:75:7E
Certificate issuer: /CN=7094a425595e923c4b53b9c000aa8f19ad923f20
Certificate serial: 01856CEF3A37B8ABEBA7C8AA46379905273E
Authority key identifier: 70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/2sD-TiEn_r4BD-RLYM5Rv31wdX4.roa
Signing time: Sun 01 Jan 2023 10:44:55 +0000
ROA not before: Sun 01 Jan 2023 10:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3339
IP address blocks: 185.209.120.0/22 maxlen: 22
185.255.104.0/22 maxlen: 22
192.145.40.0/22 maxlen: 22
185.177.168.0/22 maxlen: 22
185.233.76.0/22 maxlen: 22
185.73.188.0/22 maxlen: 22
185.72.12.0/24 maxlen: 24
185.72.12.0/22 maxlen: 22
185.95.56.0/22 maxlen: 22
91.200.244.0/22 maxlen: 22
176.97.224.0/22 maxlen: 22
2a0a:4280::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ef:3a:37:b8:ab:eb:a7:c8:aa:46:37:99:05:27:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7094a425595e923c4b53b9c000aa8f19ad923f20
Validity
Not Before: Jan 1 10:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dac0fe4e2127febe010fe44b60ce51bf7d70757e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:d5:ef:29:72:af:29:83:bf:87:ce:1c:71:20:
82:8b:61:7e:48:6a:56:16:74:24:a5:ff:c0:d3:c6:
a2:e4:39:dc:9f:71:6b:de:4e:f3:30:6d:7a:bf:d5:
5b:22:85:46:e1:0f:ee:6c:2f:4e:0e:7d:12:fc:4b:
6d:2b:2d:91:14:04:f2:55:a4:d2:33:73:56:0f:59:
b1:fc:88:ab:31:78:9f:7b:08:42:46:72:ac:d9:6c:
5a:cb:e8:41:a8:c1:d0:f2:1a:37:ab:f6:d9:14:bb:
2a:0c:41:2a:89:7a:2f:c7:30:bd:b9:79:20:94:20:
6c:f4:9e:ce:97:13:cd:99:62:4d:03:42:76:0c:fc:
11:80:f2:bc:c8:8a:88:8b:ea:cc:b4:c4:f0:c2:1d:
58:1e:3f:1c:7a:6c:ba:8c:a1:e5:21:d9:fe:e3:41:
86:c7:dd:ea:58:ec:1a:e7:86:8d:5c:d2:85:6e:17:
86:78:c7:64:e7:ed:3d:31:8a:0a:35:a9:56:d9:c4:
e2:17:f7:1f:8d:08:ff:6b:18:b6:33:bf:01:66:e6:
92:cb:ab:83:4c:c0:77:5f:45:0e:49:ba:77:57:78:
33:e0:09:97:3d:45:69:55:91:99:07:70:4e:1a:af:
e7:d3:da:b7:70:e1:f6:90:f8:99:cc:2a:8d:0b:41:
d4:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:C0:FE:4E:21:27:FE:BE:01:0F:E4:4B:60:CE:51:BF:7D:70:75:7E
X509v3 Authority Key Identifier:
keyid:70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/2sD-TiEn_r4BD-RLYM5Rv31wdX4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.244.0/22
176.97.224.0/22
185.72.12.0/22
185.73.188.0/22
185.95.56.0/22
185.177.168.0/22
185.209.120.0/22
185.233.76.0/22
185.255.104.0/22
192.145.40.0/22
IPv6:
2a0a:4280::/29
Signature Algorithm: sha256WithRSAEncryption
c1:9f:9c:fb:11:74:ae:ab:45:7b:83:92:96:cb:7f:9e:49:d7:
ae:62:d1:fa:72:4c:92:08:f7:d0:f8:2a:f3:86:8c:86:4d:e3:
d3:46:49:9b:5d:d0:d1:6c:34:6a:0b:0e:d6:49:2d:2b:5a:0c:
1f:a8:67:55:e1:80:d6:70:06:bb:3a:c7:e8:94:e7:6b:e4:6f:
23:c0:da:2f:79:7b:d1:b0:2e:c9:f0:76:e3:74:02:e7:c9:87:
b5:4f:04:83:4a:a8:56:37:de:2c:40:b9:42:ea:32:a0:2e:ca:
13:12:6c:b0:29:6e:b2:db:4c:06:9c:2b:86:90:5a:97:3a:aa:
f2:4f:d0:90:7d:de:79:b9:56:2f:bb:f0:98:1d:85:8f:bb:18:
4d:50:7c:81:9c:23:ba:aa:22:4e:05:82:ec:1b:e1:a9:10:5f:
9e:35:bb:1e:eb:0e:8e:8c:aa:03:0d:93:fb:a6:82:5a:5b:d7:
df:ec:ac:7b:e2:b6:db:04:ac:df:64:92:0d:89:e5:04:59:96:
c4:4a:57:0d:a9:6e:3e:32:a6:50:1b:f2:33:49:74:4d:01:c0:
a2:7d:5c:21:f6:e2:7c:7f:62:ec:3d:79:cf:f0:ca:ba:d5:5c:
59:73:e1:18:72:da:ab:88:7f:75:a0:9d:8e:c9:3e:a1:c2:8a:
fe:b6:58:e3
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVs7zo3uKvrp8iqRjeZBSc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOTRhNDI1NTk1ZTkyM2M0YjUzYjljMDAwYWE4ZjE5YWQ5
MjNmMjAwHhcNMjMwMTAxMTA0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWMwZmU0ZTIxMjdmZWJlMDEwZmU0NGI2MGNlNTFiZjdkNzA3NTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9XvKXKvKYO/h84ccSCCi2F+SGpW
FnQkpf/A08ai5Dncn3Fr3k7zMG16v9VbIoVG4Q/ubC9ODn0S/EttKy2RFATyVaTS
M3NWD1mx/IirMXifewhCRnKs2Wxay+hBqMHQ8ho3q/bZFLsqDEEqiXovxzC9uXkg
lCBs9J7OlxPNmWJNA0J2DPwRgPK8yIqIi+rMtMTwwh1YHj8cemy6jKHlIdn+40GG
x93qWOwa54aNXNKFbheGeMdk5+09MYoKNalW2cTiF/cfjQj/axi2M78BZuaSy6uD
TMB3X0UOSbp3V3gz4AmXPUVpVZGZB3BOGq/n09q3cOH2kPiZzCqNC0HUnwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFNrA/k4hJ/6+AQ/kS2DOUb99cHV+MB8GA1UdIwQY
MBaAFHCUpCVZXpI8S1O5wACqjxmtkj8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0pTa0pWbGVranhMVTduQUFLcVBHYTJTUHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85NjMxNzAtNThiZS00NmJiLWE1ZGUt
Nzc3MzczZTYwNTVlLzEvMnNELVRpRW5fcjRCRC1STFlNNVJ2MzF3ZFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS85NjMxNzAtNThiZS00NmJiLWE1ZGUtNzc3MzczZTYwNTVl
LzEvY0pTa0pWbGVranhMVTduQUFLcVBHYTJTUHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCW8j0AwQC
sGHgAwQCuUgMAwQCuUm8AwQCuV84AwQCubGoAwQCudF4AwQCuelMAwQCuf9oAwQC
wJEoMA0EAgACMAcDBQMqCkKAMA0GCSqGSIb3DQEBCwUAA4IBAQDBn5z7EXSuq0V7
g5KWy3+eSdeuYtH6ckySCPfQ+CrzhoyGTePTRkmbXdDRbDRqCw7WSS0rWgwfqGdV
4YDWcAa7OsfolOdr5G8jwNoveXvRsC7J8HbjdALnyYe1TwSDSqhWN94sQLlC6jKg
LsoTEmywKW6y20wGnCuGkFqXOqryT9CQfd55uVYvu/CYHYWPuxhNUHyBnCO6qiJO
BYLsG+GpEF+eNbse6w6OjKoDDZP7poJaW9ff7Kx74rbbBKzfZJINieUEWZbESlcN
qW4+MqZQG/IzSXRNAcCifVwh9uJ8f2LsPXnP8Mq61VxZc+EYctqriH91oJ2OyT6h
wor+tljj
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:12:44 2025 by rpki-client