Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/sEkHvVD6CxIkFDZA-y8xKNrlNdk.roa
File: sEkHvVD6CxIkFDZA-y8xKNrlNdk.roa (raw, json)
Hash identifier: 3LP1QRBSakXdZ1VV7FkD1tRSujeKt2XHND2aOptPPxs=
Subject key identifier: B0:49:07:BD:50:FA:0B:12:24:14:36:40:FB:2F:31:28:DA:E5:35:D9
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 018C3AB256E07687AC2539552D0C814A469D
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/sEkHvVD6CxIkFDZA-y8xKNrlNdk.roa
Signing time: Tue 05 Dec 2023 15:56:55 +0000
ROA not before: Tue 05 Dec 2023 15:56:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209024
IP address blocks: 176.109.68.0/24 maxlen: 24
176.109.66.0/24 maxlen: 24
176.109.69.0/24 maxlen: 24
2a02:28:d::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:b2:56:e0:76:87:ac:25:39:55:2d:0c:81:4a:46:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Dec 5 15:56:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b04907bd50fa0b1224143640fb2f3128dae535d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:25:d9:ea:ee:92:18:e2:09:67:be:a6:85:6f:
b4:c3:4c:cb:33:82:9e:8c:9a:fe:e0:d0:ad:38:4c:
7d:29:39:80:61:16:c6:d9:e5:03:f3:0e:32:cc:5c:
09:03:2f:f3:20:a1:c9:5e:c2:65:5b:dd:85:50:a1:
b8:63:f4:cc:6d:58:1f:1b:29:2a:e6:a6:da:fa:16:
ef:0e:3f:05:96:7d:8a:f6:77:1f:61:7c:a7:6d:c6:
6d:98:dc:b1:b2:2e:c0:38:c1:72:37:79:1d:d6:25:
17:8b:bf:f7:ae:10:cc:61:9b:39:2c:c4:be:50:3e:
43:72:41:03:5b:ad:bf:94:2c:24:de:d2:fb:ef:8c:
15:a0:72:ae:5e:82:9f:a6:06:7d:36:33:05:d4:b2:
d0:e5:d6:f0:9e:09:b5:7e:e6:77:12:43:40:33:14:
13:e9:65:d4:89:a5:e9:7c:9d:04:d6:3c:42:56:14:
94:7d:62:ba:11:2f:06:56:88:b3:83:3d:48:8d:c1:
e1:f0:9b:f8:e8:30:3d:86:bf:b2:77:da:04:52:b5:
97:e0:d1:d6:8d:0e:6e:25:8f:3d:80:b3:bd:91:af:
74:62:b4:a3:a1:5a:a1:54:39:53:d2:a0:58:73:19:
2c:fd:e6:29:2e:d4:07:1c:a2:31:ca:12:ce:5d:e9:
c8:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:49:07:BD:50:FA:0B:12:24:14:36:40:FB:2F:31:28:DA:E5:35:D9
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/sEkHvVD6CxIkFDZA-y8xKNrlNdk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.109.66.0/24
176.109.68.0/23
IPv6:
2a02:28:d::/48
Signature Algorithm: sha256WithRSAEncryption
67:ba:fc:31:17:d2:a2:e9:e2:0c:8d:bd:80:b5:67:75:29:26:
6e:d2:3b:ed:67:36:52:6c:42:37:5f:00:da:66:5a:ba:da:8f:
9c:0c:b4:d0:6f:95:e9:89:3e:e9:07:19:88:7b:c0:97:02:91:
3a:20:54:1f:7d:01:ab:59:d4:db:09:89:6f:3c:c6:27:1e:9f:
75:f3:a6:73:30:ac:4f:89:74:36:2d:ef:6f:d0:23:4a:db:c0:
68:88:ea:7b:f1:ee:06:bc:75:52:3a:60:56:45:b5:eb:bf:4c:
39:f3:23:ad:9e:9f:9e:68:84:d5:af:28:79:a0:df:af:42:2d:
ee:e1:4a:81:01:7b:16:f3:13:2a:47:23:16:bd:a5:f9:78:97:
93:68:64:df:01:af:93:c5:78:f4:c7:8c:ab:da:bc:f4:d1:f8:
6f:b7:f1:3a:f6:6d:dc:ae:44:1c:2a:83:31:96:9c:ce:83:8f:
5c:56:b3:ee:fe:60:5b:a8:8d:56:b1:9a:20:0e:73:d0:a3:df:
22:8c:cb:93:cf:26:39:ab:16:2d:ff:65:d8:07:b4:f9:b0:ca:
25:99:62:fc:97:c0:fa:e5:d0:d8:cb:14:27:e8:8d:17:73:91:
fe:a7:d5:09:c5:75:f5:8f:c2:6e:3a:4c:56:ec:9b:17:ed:65:
a5:cf:cb:fe
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYw6slbgdoesJTlVLQyBSkadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA1MTU1NjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ5MDdiZDUwZmEwYjEyMjQxNDM2NDBmYjJmMzEyOGRhZTUzNWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSXZ6u6SGOIJZ76mhW+0w0zLM4Ke
jJr+4NCtOEx9KTmAYRbG2eUD8w4yzFwJAy/zIKHJXsJlW92FUKG4Y/TMbVgfGykq
5qba+hbvDj8Fln2K9ncfYXynbcZtmNyxsi7AOMFyN3kd1iUXi7/3rhDMYZs5LMS+
UD5DckEDW62/lCwk3tL774wVoHKuXoKfpgZ9NjMF1LLQ5dbwngm1fuZ3EkNAMxQT
6WXUiaXpfJ0E1jxCVhSUfWK6ES8GVoizgz1IjcHh8Jv46DA9hr+yd9oEUrWX4NHW
jQ5uJY89gLO9ka90YrSjoVqhVDlT0qBYcxks/eYpLtQHHKIxyhLOXenINwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLBJB71Q+gsSJBQ2QPsvMSja5TXZMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvc0VrSHZWRDZDeElrRkRaQS15OHhLTnJsTmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsG1CAwQB
sG1EMA8EAgACMAkDBwAqAgAoAA0wDQYJKoZIhvcNAQELBQADggEBAGe6/DEX0qLp
4gyNvYC1Z3UpJm7SO+1nNlJsQjdfANpmWrraj5wMtNBvlemJPukHGYh7wJcCkTog
VB99AatZ1NsJiW88xicen3XzpnMwrE+JdDYt72/QI0rbwGiI6nvx7ga8dVI6YFZF
teu/TDnzI62en55ohNWvKHmg369CLe7hSoEBexbzEypHIxa9pfl4l5NoZN8Br5PF
ePTHjKvavPTR+G+38Tr2bdyuRBwqgzGWnM6Dj1xWs+7+YFuojVaxmiAOc9Cj3yKM
y5PPJjmrFi3/ZdgHtPmwyiWZYvyXwPrl0NjLFCfojRdzkf6n1QnFdfWPwm46TFbs
mxftZaXPy/4=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:51:43 2025 by rpki-client