Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/tf84zVqQuBzbWOaIPDSKMrikQfw.roa
File: tf84zVqQuBzbWOaIPDSKMrikQfw.roa (raw, json)
Hash identifier: bx9eQujI4Jy+IT31lBKcthviaOWAlASSd3dtXcuMpgM=
Subject key identifier: B5:FF:38:CD:5A:90:B8:1C:DB:58:E6:88:3C:34:8A:32:B8:A4:41:FC
Certificate issuer: /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial: 01856E2FD4445224DA8F80D9C8215019B84D
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/tf84zVqQuBzbWOaIPDSKMrikQfw.roa
Signing time: Sun 01 Jan 2023 16:35:06 +0000
ROA not before: Sun 01 Jan 2023 16:35:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60558
IP address blocks: 185.52.52.0/22 maxlen: 22
185.52.55.0/24 maxlen: 24
2a01:b960:2301::/48 maxlen: 64
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:d4:44:52:24:da:8f:80:d9:c8:21:50:19:b8:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Validity
Not Before: Jan 1 16:35:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b5ff38cd5a90b81cdb58e6883c348a32b8a441fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:a6:bd:3b:ce:af:c7:14:bc:3d:04:67:87:d8:
b7:fb:ab:75:db:f0:d4:be:a5:c4:2e:ca:5f:b2:67:
2f:34:d9:16:57:bc:cc:2b:1c:b1:0b:8f:14:a3:74:
d2:c9:7f:73:9a:2e:77:69:01:ae:c1:3d:ec:c0:52:
03:5a:30:b8:1c:a1:93:5f:b3:18:5f:c3:8b:0c:df:
af:47:27:f0:36:1b:43:9e:b3:06:4a:9c:4e:33:27:
af:30:b4:44:d0:fe:0e:5e:80:37:fa:0f:8b:34:e7:
ea:79:ad:48:a0:43:74:6d:b8:8b:9f:8d:d7:06:19:
10:75:60:01:33:46:4d:94:1b:70:55:4a:a2:41:64:
58:21:56:b7:bc:0e:89:18:ae:19:a2:a8:58:08:dc:
21:59:fb:a9:f2:03:63:a6:1f:4f:f7:e2:ee:41:db:
5d:49:02:eb:b0:88:1a:21:dd:40:fd:b1:27:48:96:
a6:bb:fb:26:69:59:b1:37:79:f0:f9:c3:5c:77:7d:
94:fb:dd:93:68:05:7c:34:7c:c1:0b:9e:60:a8:7c:
dd:cd:f1:a2:4f:6d:33:ae:63:1c:a9:75:15:67:08:
4c:c3:04:73:c1:aa:bd:c3:37:c3:a3:b5:d5:91:f3:
69:2e:c3:29:bc:55:26:5a:f6:87:fb:20:97:a1:25:
24:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:FF:38:CD:5A:90:B8:1C:DB:58:E6:88:3C:34:8A:32:B8:A4:41:FC
X509v3 Authority Key Identifier:
keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/tf84zVqQuBzbWOaIPDSKMrikQfw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.52.52.0/22
IPv6:
2a01:b960:2301::/48
Signature Algorithm: sha256WithRSAEncryption
2f:96:83:29:e2:c0:e0:59:66:0d:53:33:92:32:b8:bc:e7:e9:
84:b2:eb:b0:52:98:b0:69:ba:e2:53:e5:9c:e5:af:60:8b:74:
40:3e:6c:d0:9a:fd:1e:42:05:19:fb:d4:ef:8b:1d:a9:91:87:
94:dd:48:cb:f3:e4:9f:7c:61:d4:3e:17:af:e0:9b:3b:67:36:
92:09:54:d5:22:b8:66:39:24:2d:e1:be:be:bf:1d:81:23:6f:
07:d8:08:df:a6:3f:be:6a:20:3d:0c:51:50:b2:07:b2:db:c5:
70:be:1f:bd:bc:e6:8d:c7:91:0b:e2:5b:bb:c5:37:b6:1d:d2:
94:54:f0:8d:70:aa:10:83:a3:2d:1b:4f:70:49:aa:fd:48:3e:
c1:e3:92:33:e5:51:d2:6a:e4:f1:fd:b2:9e:8b:08:85:ac:0e:
cd:60:fc:1e:24:25:3c:63:98:5b:df:5a:8c:09:b9:29:e0:93:
33:f6:4b:a1:c4:02:10:7d:10:8b:cc:87:8c:dd:7a:b0:b0:83:
a2:52:6e:fa:7f:38:87:74:32:10:27:a9:a6:f6:83:15:ae:75:
0b:a4:9f:b2:7f:af:03:5d:04:c7:ef:30:46:97:c8:45:07:0b:
bb:aa:56:b4:c2:27:90:e9:07:2f:ae:fc:a2:25:7f:27:02:ce:
7e:9e:4a:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVuL9REUiTaj4DZyCFQGbhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjMwMTAxMTYzNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZmMzhjZDVhOTBiODFjZGI1OGU2ODgzYzM0OGEzMmI4YTQ0MWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqa9O86vxxS8PQRnh9i3+6t12/DU
vqXELspfsmcvNNkWV7zMKxyxC48Uo3TSyX9zmi53aQGuwT3swFIDWjC4HKGTX7MY
X8OLDN+vRyfwNhtDnrMGSpxOMyevMLRE0P4OXoA3+g+LNOfqea1IoEN0bbiLn43X
BhkQdWABM0ZNlBtwVUqiQWRYIVa3vA6JGK4ZoqhYCNwhWfup8gNjph9P9+LuQdtd
SQLrsIgaId1A/bEnSJamu/smaVmxN3nw+cNcd32U+92TaAV8NHzBC55gqHzdzfGi
T20zrmMcqXUVZwhMwwRzwaq9wzfDo7XVkfNpLsMpvFUmWvaH+yCXoSUkyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLX/OM1akLgc21jmiDw0ijK4pEH8MB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvdGY4NHpWcVF1QnpiV09hSVBEU0tNcmlrUWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuTQ0MA8E
AgACMAkDBwAqAblgIwEwDQYJKoZIhvcNAQELBQADggEBAC+WgyniwOBZZg1TM5Iy
uLzn6YSy67BSmLBpuuJT5Zzlr2CLdEA+bNCa/R5CBRn71O+LHamRh5TdSMvz5J98
YdQ+F6/gmztnNpIJVNUiuGY5JC3hvr6/HYEjbwfYCN+mP75qID0MUVCyB7LbxXC+
H7285o3HkQviW7vFN7Yd0pRU8I1wqhCDoy0bT3BJqv1IPsHjkjPlUdJq5PH9sp6L
CIWsDs1g/B4kJTxjmFvfWowJuSngkzP2S6HEAhB9EIvMh4zderCwg6JSbvp/OId0
MhAnqab2gxWudQukn7J/rwNdBMfvMEaXyEUHC7uqVrTCJ5DpBy+u/KIlfycCzn6e
Sj8=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:05:24 2025 by rpki-client