Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/DXS9aLxaVkJgu5vI7yg-FwEdof4.roa
File: DXS9aLxaVkJgu5vI7yg-FwEdof4.roa (raw, json)
Hash identifier: CBGe+HBZMIuY/J/QUzyo/OPu/0GrIpBf+OvxLjUrJ+Q=
Subject key identifier: 0D:74:BD:68:BC:5A:56:42:60:BB:9B:C8:EF:28:3E:17:01:1D:A1:FE
Certificate issuer: /CN=de63eb6319ba454d397645945ce5439576fac741
Certificate serial: 018B2367949FCB55B77112CFB90EE11D2EC5
Authority key identifier: DE:63:EB:63:19:BA:45:4D:39:76:45:94:5C:E5:43:95:76:FA:C7:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3mPrYxm6RU05dkWUXOVDlXb6x0E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/DXS9aLxaVkJgu5vI7yg-FwEdof4.roa
Signing time: Thu 12 Oct 2023 10:21:12 +0000
ROA not before: Thu 12 Oct 2023 10:21:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8540
IP address blocks: 185.228.34.0/24 maxlen: 24
185.228.32.0/22 maxlen: 24
185.228.32.0/23 maxlen: 24
185.211.216.0/22 maxlen: 24
2a0b:6c40::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:23:67:94:9f:cb:55:b7:71:12:cf:b9:0e:e1:1d:2e:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=de63eb6319ba454d397645945ce5439576fac741
Validity
Not Before: Oct 12 10:21:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0d74bd68bc5a564260bb9bc8ef283e17011da1fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:7b:1c:06:6c:7d:99:20:ff:b2:b3:f8:15:27:
df:b8:88:b7:40:03:59:b5:12:e1:e2:f9:33:fb:53:
2f:0a:e2:5f:ae:29:b2:2f:22:f5:fc:4e:d9:65:f2:
48:92:fa:f5:a2:f3:af:9c:29:db:0a:f7:34:ff:a8:
27:ed:81:00:69:68:d7:6e:fa:b6:b5:e9:3f:b9:40:
76:9d:91:2b:ec:01:05:c1:19:00:d3:58:65:63:8e:
b2:45:66:28:7e:b3:ee:97:ce:17:d3:f1:da:94:1c:
3f:1b:93:84:88:9f:1d:99:af:24:f7:f6:d0:09:4b:
60:8c:94:d5:94:16:45:46:6e:56:28:f9:81:74:ae:
8b:14:72:50:1f:d3:c0:aa:c0:bb:b6:0a:78:ca:61:
4d:a5:14:7e:45:6f:93:c0:a6:d7:cb:28:19:7d:35:
a6:40:03:9f:1d:a8:34:6b:4c:98:e0:68:d5:4b:69:
43:e5:b8:6d:76:15:b2:ec:c6:74:f4:1b:27:d5:03:
06:ae:c9:3c:ae:d8:9b:94:0d:23:16:49:4f:b9:b2:
46:23:ba:97:d7:53:89:42:bf:69:33:e6:b9:01:7b:
5c:b0:a8:01:ae:16:02:06:c6:27:c8:da:6b:0c:09:
6d:6c:b0:ca:bd:f8:31:72:c6:ce:81:9d:4e:57:64:
3b:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:74:BD:68:BC:5A:56:42:60:BB:9B:C8:EF:28:3E:17:01:1D:A1:FE
X509v3 Authority Key Identifier:
keyid:DE:63:EB:63:19:BA:45:4D:39:76:45:94:5C:E5:43:95:76:FA:C7:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3mPrYxm6RU05dkWUXOVDlXb6x0E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/DXS9aLxaVkJgu5vI7yg-FwEdof4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/3mPrYxm6RU05dkWUXOVDlXb6x0E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.211.216.0/22
185.228.32.0/22
IPv6:
2a0b:6c40::/29
Signature Algorithm: sha256WithRSAEncryption
21:c4:f5:05:c0:92:ec:96:0d:49:b1:11:0a:24:72:d0:c2:32:
88:b4:58:dc:0d:b4:3f:3f:9e:66:d8:43:eb:00:79:d8:82:63:
b3:e0:0c:9a:39:0d:0c:39:b5:f3:03:77:e9:58:c6:b3:4d:d3:
16:1f:06:e6:72:66:83:ab:70:d9:d2:2c:98:23:49:f6:77:72:
18:f1:33:af:43:18:dd:0d:c9:00:36:d9:97:64:2f:74:2a:d2:
f6:27:c2:cf:0c:87:0e:02:55:18:ed:b9:9d:b3:2b:f2:8e:cb:
79:10:86:da:b9:10:d3:31:e5:75:ad:57:32:82:23:ac:09:5b:
81:00:59:5b:6d:2e:99:45:cf:1e:e3:18:5b:4a:3f:8d:6a:c1:
3b:f9:24:29:6b:0c:33:32:f0:c9:ab:49:26:ba:b1:01:0b:25:
9e:ff:dc:d8:16:a2:2c:5f:16:ac:57:f8:af:84:31:37:13:a2:
9c:f4:c9:35:12:82:35:80:c4:75:1b:b2:3f:af:32:3a:6e:dc:
03:6e:c5:60:1c:f8:4a:35:26:30:7e:1e:72:02:49:97:56:da:
6b:23:e2:cd:3f:81:ac:2a:53:68:89:7d:3f:34:50:ce:59:8b:
e0:31:eb:39:ee:8e:6d:23:73:b4:84:4f:2c:e1:66:4a:b5:b2:
2f:7e:fd:93
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYsjZ5Sfy1W3cRLPuQ7hHS7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNjNlYjYzMTliYTQ1NGQzOTc2NDU5NDVjZTU0Mzk1NzZm
YWM3NDEwHhcNMjMxMDEyMTAyMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDc0YmQ2OGJjNWE1NjQyNjBiYjliYzhlZjI4M2UxNzAxMWRhMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA63scBmx9mSD/srP4FSffuIi3QANZ
tRLh4vkz+1MvCuJfrimyLyL1/E7ZZfJIkvr1ovOvnCnbCvc0/6gn7YEAaWjXbvq2
tek/uUB2nZEr7AEFwRkA01hlY46yRWYofrPul84X0/HalBw/G5OEiJ8dma8k9/bQ
CUtgjJTVlBZFRm5WKPmBdK6LFHJQH9PAqsC7tgp4ymFNpRR+RW+TwKbXyygZfTWm
QAOfHag0a0yY4GjVS2lD5bhtdhWy7MZ09Bsn1QMGrsk8rtiblA0jFklPubJGI7qX
11OJQr9pM+a5AXtcsKgBrhYCBsYnyNprDAltbLDKvfgxcsbOgZ1OV2Q7jwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA10vWi8WlZCYLubyO8oPhcBHaH+MB8GA1UdIwQY
MBaAFN5j62MZukVNOXZFlFzlQ5V2+sdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM21Qcll4bTZSVTA1ZGtXVVhPVkRsWGI2eDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MzI3YTctODFiZi00ZjdkLTlmNWMt
MWUxOGY1YjQ5MDVkLzEvRFhTOWFMeGFWa0pndTV2STd5Zy1Gd0Vkb2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MzI3YTctODFiZi00ZjdkLTlmNWMtMWUxOGY1YjQ5MDVk
LzEvM21Qcll4bTZSVTA1ZGtXVVhPVkRsWGI2eDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudPYAwQC
ueQgMA0EAgACMAcDBQMqC2xAMA0GCSqGSIb3DQEBCwUAA4IBAQAhxPUFwJLslg1J
sREKJHLQwjKItFjcDbQ/P55m2EPrAHnYgmOz4AyaOQ0MObXzA3fpWMazTdMWHwbm
cmaDq3DZ0iyYI0n2d3IY8TOvQxjdDckANtmXZC90KtL2J8LPDIcOAlUY7bmdsyvy
jst5EIbauRDTMeV1rVcygiOsCVuBAFlbbS6ZRc8e4xhbSj+NasE7+SQpawwzMvDJ
q0kmurEBCyWe/9zYFqIsXxasV/ivhDE3E6Kc9Mk1EoI1gMR1G7I/rzI6btwDbsVg
HPhKNSYwfh5yAkmXVtprI+LNP4GsKlNoiX0/NFDOWYvgMes57o5tI3O0hE8s4WZK
tbIvfv2T
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:44:31 2025 by rpki-client