Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/shGf5MfEUgpr_VvKSeInQSlAzvc.roa
File: shGf5MfEUgpr_VvKSeInQSlAzvc.roa (raw, json)
Hash identifier: s/wRrM2XkJ4cjgW2Qfruefan0TgNN5/+FZK9PBfOMOM=
Subject key identifier: B2:11:9F:E4:C7:C4:52:0A:6B:FD:5B:CA:49:E2:27:41:29:40:CE:F7
Certificate issuer: /CN=b930da21518184145f6d7621b5a13bd54035ac83
Certificate serial: 0185715E6041FB550DE6679A686200597D80
Authority key identifier: B9:30:DA:21:51:81:84:14:5F:6D:76:21:B5:A1:3B:D5:40:35:AC:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uTDaIVGBhBRfbXYhtaE71UA1rIM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/shGf5MfEUgpr_VvKSeInQSlAzvc.roa
Signing time: Mon 02 Jan 2023 07:24:48 +0000
ROA not before: Mon 02 Jan 2023 07:24:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29405
IP address blocks: 185.152.28.0/22 maxlen: 22
2a07:7d40::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:5e:60:41:fb:55:0d:e6:67:9a:68:62:00:59:7d:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b930da21518184145f6d7621b5a13bd54035ac83
Validity
Not Before: Jan 2 07:24:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b2119fe4c7c4520a6bfd5bca49e227412940cef7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:ce:a9:ae:30:fc:48:27:06:bb:42:fe:9c:03:
7e:45:41:85:b2:c5:a3:a9:b5:a7:3f:99:3e:d3:96:
e6:d9:66:45:57:8f:2e:5a:d7:55:f1:7c:75:50:82:
c4:25:36:80:58:eb:8b:fc:52:2a:05:7d:b8:8c:62:
42:fd:b8:c1:e1:68:ce:7b:fe:c2:e7:1f:5f:f4:24:
26:f5:e3:a1:82:35:4c:7e:28:ff:39:28:28:4a:1c:
12:ba:1c:e4:de:f2:1e:9d:f4:d4:43:f5:45:00:dc:
89:26:ac:68:84:1e:ee:af:f0:cd:16:1f:69:64:a2:
a5:19:03:e1:a9:0b:f6:7c:df:88:74:bd:42:19:40:
1f:98:92:09:73:2a:6c:8c:97:fa:77:fe:e2:43:24:
90:b8:0d:27:42:c7:89:7d:4d:8e:e6:a2:0d:64:a1:
90:70:41:86:0e:9b:97:e6:f6:0c:28:ff:1f:ab:cd:
ba:42:17:2e:c1:3b:bd:14:21:59:cc:20:e7:b1:7c:
89:a7:40:1e:ed:71:01:0d:db:2c:86:14:1b:02:3b:
4b:c0:aa:24:1b:8b:f0:a3:21:c0:7a:27:0a:0d:fe:
3b:ec:1a:af:ff:6f:d1:82:82:ad:bb:ed:b9:3b:da:
a1:16:ae:02:b6:a1:c7:af:17:fd:0c:54:04:42:32:
f5:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:11:9F:E4:C7:C4:52:0A:6B:FD:5B:CA:49:E2:27:41:29:40:CE:F7
X509v3 Authority Key Identifier:
keyid:B9:30:DA:21:51:81:84:14:5F:6D:76:21:B5:A1:3B:D5:40:35:AC:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uTDaIVGBhBRfbXYhtaE71UA1rIM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/shGf5MfEUgpr_VvKSeInQSlAzvc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/uTDaIVGBhBRfbXYhtaE71UA1rIM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.152.28.0/22
IPv6:
2a07:7d40::/32
Signature Algorithm: sha256WithRSAEncryption
2e:71:21:07:b9:ff:21:3a:76:0b:af:20:2b:30:7d:f0:a4:50:
60:7c:0d:77:8e:e3:5c:4a:ae:3d:54:03:00:42:f5:ae:d2:fb:
00:69:78:7d:e0:25:d9:80:6f:ff:df:73:2a:0c:29:49:88:b8:
1e:aa:98:8b:de:a6:bc:03:ae:31:66:68:68:5e:c9:4e:4b:aa:
37:41:30:86:39:8e:41:a6:67:91:da:78:8d:76:a9:ea:ff:f5:
54:cf:d6:d8:ed:44:d8:d4:a4:61:a2:34:af:40:54:e7:cf:16:
25:ce:ec:dd:6b:91:06:f3:72:9a:c2:d3:de:e5:f4:1f:81:ee:
66:23:14:31:54:ef:1c:3b:c6:74:5b:8d:05:47:69:57:d7:d5:
24:ac:11:d6:6d:9b:d2:61:96:24:b9:26:21:a3:58:62:c7:95:
f2:ff:1e:0e:1c:e8:22:23:87:bd:28:0a:63:dc:1d:a9:6a:76:
c8:14:d8:5c:92:ef:ad:eb:33:68:ed:a1:78:f8:3f:34:94:60:
5b:ba:fb:e9:5d:24:8a:a6:9b:2a:37:48:4e:17:12:56:77:c5:
db:c7:e6:cd:e9:6e:33:a3:f1:f8:7f:65:cd:16:8d:d8:26:53:
ef:ac:ae:e9:13:17:8a:9e:c8:d4:4d:4e:b0:f4:4b:78:7f:f8:
9e:bd:e5:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxXmBB+1UN5meaaGIAWX2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MzBkYTIxNTE4MTg0MTQ1ZjZkNzYyMWI1YTEzYmQ1NDAz
NWFjODMwHhcNMjMwMTAyMDcyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjExOWZlNGM3YzQ1MjBhNmJmZDViY2E0OWUyMjc0MTI5NDBjZWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn86prjD8SCcGu0L+nAN+RUGFssWj
qbWnP5k+05bm2WZFV48uWtdV8Xx1UILEJTaAWOuL/FIqBX24jGJC/bjB4WjOe/7C
5x9f9CQm9eOhgjVMfij/OSgoShwSuhzk3vIenfTUQ/VFANyJJqxohB7ur/DNFh9p
ZKKlGQPhqQv2fN+IdL1CGUAfmJIJcypsjJf6d/7iQySQuA0nQseJfU2O5qINZKGQ
cEGGDpuX5vYMKP8fq826QhcuwTu9FCFZzCDnsXyJp0Ae7XEBDdsshhQbAjtLwKok
G4vwoyHAeicKDf477Bqv/2/RgoKtu+25O9qhFq4CtqHHrxf9DFQEQjL1DwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLIRn+THxFIKa/1bykniJ0EpQM73MB8GA1UdIwQY
MBaAFLkw2iFRgYQUX212IbWhO9VANayDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVREYUlWR0JoQlJmYlhZaHRhRTcxVUExcklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80NzBjZGEtZDBlYy00MzIzLWFlOWIt
OTk0YWY1YzM0NDAyLzEvc2hHZjVNZkVVZ3ByX1Z2S1NlSW5RU2xBenZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80NzBjZGEtZDBlYy00MzIzLWFlOWItOTk0YWY1YzM0NDAy
LzEvdVREYUlWR0JoQlJmYlhZaHRhRTcxVUExcklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZgcMA0E
AgACMAcDBQAqB31AMA0GCSqGSIb3DQEBCwUAA4IBAQAucSEHuf8hOnYLryArMH3w
pFBgfA13juNcSq49VAMAQvWu0vsAaXh94CXZgG//33MqDClJiLgeqpiL3qa8A64x
ZmhoXslOS6o3QTCGOY5BpmeR2niNdqnq//VUz9bY7UTY1KRhojSvQFTnzxYlzuzd
a5EG83KawtPe5fQfge5mIxQxVO8cO8Z0W40FR2lX19UkrBHWbZvSYZYkuSYho1hi
x5Xy/x4OHOgiI4e9KApj3B2panbIFNhcku+t6zNo7aF4+D80lGBbuvvpXSSKppsq
N0hOFxJWd8Xbx+bN6W4zo/H4f2XNFo3YJlPvrK7pExeKnsjUTU6w9Et4f/ieveXB
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:13:11 2025 by rpki-client