Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/kx_ilhYiHEN1uh4bfLXnkbcObHE.roa
File: kx_ilhYiHEN1uh4bfLXnkbcObHE.roa (raw, json)
Hash identifier: TsRgY9cw40UC30u7wx75WTMimeSDuWEGuizgLvFG3a0=
Subject key identifier: 93:1F:E2:96:16:22:1C:43:75:BA:1E:1B:7C:B5:E7:91:B7:0E:6C:71
Certificate issuer: /CN=4d08894ca40531e7d20294091288e77ad12c2979
Certificate serial: 018BC860A0910233E8F6B34920859263423B
Authority key identifier: 4D:08:89:4C:A4:05:31:E7:D2:02:94:09:12:88:E7:7A:D1:2C:29:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TQiJTKQFMefSApQJEojnetEsKXk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/kx_ilhYiHEN1uh4bfLXnkbcObHE.roa
Signing time: Mon 13 Nov 2023 11:10:57 +0000
ROA not before: Mon 13 Nov 2023 11:10:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201020
IP address blocks: 185.204.224.0/24 maxlen: 24
185.204.225.0/24 maxlen: 24
185.204.226.0/24 maxlen: 24
185.204.227.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:c8:60:a0:91:02:33:e8:f6:b3:49:20:85:92:63:42:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d08894ca40531e7d20294091288e77ad12c2979
Validity
Not Before: Nov 13 11:10:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=931fe29616221c4375ba1e1b7cb5e791b70e6c71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:f4:2a:74:88:bc:fb:d5:b6:c7:42:39:5a:e8:
33:f6:b1:1c:0c:de:2a:3e:9d:83:31:18:b8:a8:f3:
8f:bc:ba:e9:e1:c9:91:4e:f8:36:bd:8b:e2:e2:20:
29:6b:9d:76:24:86:7d:62:40:a2:6f:b2:19:d1:3a:
3d:84:db:1b:a5:62:84:49:bc:a4:c2:1b:a7:6c:84:
c3:fb:72:92:28:34:a9:e8:c9:b3:55:ce:fb:3d:66:
d6:ed:de:5a:d9:3c:e0:51:06:38:34:86:af:4e:0b:
50:67:ff:28:58:38:20:59:ed:d1:c8:77:23:a1:3a:
22:18:f0:f0:fe:f7:72:ee:c3:57:c9:c5:a8:1f:31:
e2:bf:32:78:4e:c3:73:e1:85:6d:7b:96:1b:10:4c:
d1:cb:28:91:a7:34:1e:54:d4:06:fe:55:c0:5f:5b:
04:c8:c9:15:04:1f:e2:93:d8:8e:13:08:74:61:7b:
44:a0:52:31:a1:f2:a6:34:04:19:bf:4a:5b:d4:97:
a2:82:35:6f:6e:b5:4a:43:ad:e9:74:02:bf:2b:a8:
26:4d:35:0e:e1:26:ff:12:25:09:d6:5f:a5:a2:7f:
b5:c6:05:06:86:0d:8c:99:1c:c0:a7:b9:a7:3a:4a:
0d:10:c6:00:a8:a1:da:ad:73:fa:f1:8f:9b:82:e4:
66:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:1F:E2:96:16:22:1C:43:75:BA:1E:1B:7C:B5:E7:91:B7:0E:6C:71
X509v3 Authority Key Identifier:
keyid:4D:08:89:4C:A4:05:31:E7:D2:02:94:09:12:88:E7:7A:D1:2C:29:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQiJTKQFMefSApQJEojnetEsKXk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/kx_ilhYiHEN1uh4bfLXnkbcObHE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/TQiJTKQFMefSApQJEojnetEsKXk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.204.224.0/22
Signature Algorithm: sha256WithRSAEncryption
ce:e1:4e:e7:d5:82:4a:be:51:6f:d1:0c:d5:f9:c9:dd:9f:fc:
cc:86:c0:24:64:19:d8:e7:07:fa:ff:ba:70:75:b4:61:d1:f9:
83:ca:30:b8:ce:84:a9:b2:03:a0:8b:8d:8b:8e:17:b1:e3:4f:
9c:e9:f8:8e:b8:5c:17:f0:91:27:a0:b7:e9:48:d7:24:b4:c7:
cd:be:b0:5d:f4:0b:26:cc:3f:7e:4f:47:e1:15:9b:0b:08:e2:
41:ea:00:c2:a5:f9:50:51:5f:15:49:b0:c6:6e:de:ae:0e:08:
9c:30:be:73:88:10:9b:57:b8:05:fb:7a:84:9c:a9:d8:a6:e7:
3d:89:10:8c:60:ca:ba:39:44:53:b4:33:c7:98:a1:2e:34:0d:
da:b3:46:d3:c8:30:14:7b:41:c4:3c:77:bd:d7:ea:2f:06:01:
63:52:9a:52:2a:e8:19:14:87:9c:41:83:65:1b:43:e0:1e:48:
75:6f:9a:35:f4:fc:c6:ad:85:65:2f:32:85:ac:e5:a8:19:d2:
6b:d8:c1:a9:e4:c9:23:9d:0d:28:06:cc:95:45:52:4c:d8:8b:
2c:2b:49:f9:11:4f:38:4e:37:55:c1:48:d4:37:8b:1c:4d:8f:
c1:78:1b:c1:b1:2e:f9:d1:cf:f2:46:ea:e7:8c:73:ad:3a:1b:
68:96:b0:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYvIYKCRAjPo9rNJIIWSY0I7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMDg4OTRjYTQwNTMxZTdkMjAyOTQwOTEyODhlNzdhZDEy
YzI5NzkwHhcNMjMxMTEzMTExMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFmZTI5NjE2MjIxYzQzNzViYTFlMWI3Y2I1ZTc5MWI3MGU2YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfQqdIi8+9W2x0I5Wugz9rEcDN4q
Pp2DMRi4qPOPvLrp4cmRTvg2vYvi4iApa512JIZ9YkCib7IZ0To9hNsbpWKESbyk
whunbITD+3KSKDSp6MmzVc77PWbW7d5a2TzgUQY4NIavTgtQZ/8oWDggWe3RyHcj
oToiGPDw/vdy7sNXycWoHzHivzJ4TsNz4YVte5YbEEzRyyiRpzQeVNQG/lXAX1sE
yMkVBB/ik9iOEwh0YXtEoFIxofKmNAQZv0pb1JeigjVvbrVKQ63pdAK/K6gmTTUO
4Sb/EiUJ1l+lon+1xgUGhg2MmRzAp7mnOkoNEMYAqKHarXP68Y+bguRmDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMf4pYWIhxDdboeG3y155G3DmxxMB8GA1UdIwQY
MBaAFE0IiUykBTHn0gKUCRKI53rRLCl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFpSlRLUUZNZWZTQXBRSkVvam5ldEVzS1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85YTA4YjAtY2ZlYy00YzkxLWI4ZWIt
NGFiYWRiNWFlYTlhLzEva3hfaWxoWWlIRU4xdWg0YmZMWG5rYmNPYkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85YTA4YjAtY2ZlYy00YzkxLWI4ZWItNGFiYWRiNWFlYTlh
LzEvVFFpSlRLUUZNZWZTQXBRSkVvam5ldEVzS1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuczgMA0G
CSqGSIb3DQEBCwUAA4IBAQDO4U7n1YJKvlFv0QzV+cndn/zMhsAkZBnY5wf6/7pw
dbRh0fmDyjC4zoSpsgOgi42Ljhex40+c6fiOuFwX8JEnoLfpSNcktMfNvrBd9Asm
zD9+T0fhFZsLCOJB6gDCpflQUV8VSbDGbt6uDgicML5ziBCbV7gF+3qEnKnYpuc9
iRCMYMq6OURTtDPHmKEuNA3as0bTyDAUe0HEPHe91+ovBgFjUppSKugZFIecQYNl
G0PgHkh1b5o19PzGrYVlLzKFrOWoGdJr2MGp5MkjnQ0oBsyVRVJM2IssK0n5EU84
TjdVwUjUN4scTY/BeBvBsS750c/yRurnjHOtOhtolrBw
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:54 2025 by rpki-client