Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/IXeQSk55teAsJrzilM9bKwOrKdU.roa
File: IXeQSk55teAsJrzilM9bKwOrKdU.roa (raw, json)
Hash identifier: dytN1l5DNISIkiZSGzZeFbG4AVv0wGLG+6TrBdo7crA=
Subject key identifier: 21:77:90:4A:4E:79:B5:E0:2C:26:BC:E2:94:CF:5B:2B:03:AB:29:D5
Certificate issuer: /CN=3351a9ec0aa91b932ac3c3586cfcacf0ca29f580
Certificate serial: 01856D8AD3699CB1511C4AB1C4ED0B2D38D9
Authority key identifier: 33:51:A9:EC:0A:A9:1B:93:2A:C3:C3:58:6C:FC:AC:F0:CA:29:F5:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/IXeQSk55teAsJrzilM9bKwOrKdU.roa
Signing time: Sun 01 Jan 2023 13:34:52 +0000
ROA not before: Sun 01 Jan 2023 13:34:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59934
IP address blocks: 91.247.179.0/24 maxlen: 24
89.35.35.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8a:d3:69:9c:b1:51:1c:4a:b1:c4:ed:0b:2d:38:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3351a9ec0aa91b932ac3c3586cfcacf0ca29f580
Validity
Not Before: Jan 1 13:34:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2177904a4e79b5e02c26bce294cf5b2b03ab29d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:dd:a2:b4:9a:9a:47:43:60:fa:3f:6e:02:6e:
c8:29:16:51:be:c7:8f:79:74:5d:9a:b3:64:cb:af:
c1:09:69:ab:ff:f3:24:8f:a6:f0:80:56:a1:ac:d9:
86:28:6f:3f:ac:51:23:e7:cf:44:06:33:5b:ef:25:
ce:39:ef:ef:8c:4c:54:88:e0:29:81:ec:e5:fa:dd:
34:31:78:03:ea:89:09:13:16:fb:4f:7d:2b:5d:d6:
33:f0:fa:93:0c:35:c9:87:de:9c:e8:87:77:f1:d3:
d1:76:3a:d9:dd:f4:da:cf:06:3a:be:f8:88:9f:73:
f0:d4:0e:74:41:ae:bd:a1:e1:c8:ba:6f:72:d6:df:
0c:f9:55:fe:3b:83:ae:04:ae:b4:da:73:6a:cc:8d:
ef:84:88:0d:e9:36:01:28:e3:14:80:a8:fe:08:73:
5d:cf:53:96:91:3b:0d:a9:0c:a9:43:ed:73:8f:27:
a1:51:61:7a:69:4e:c9:2c:50:8b:11:29:ec:8a:db:
3d:60:74:59:21:12:cf:a1:a8:bf:87:99:6f:af:41:
ae:eb:b0:20:4e:fe:82:f6:3e:5f:ba:29:38:71:ca:
18:66:8f:8d:d1:59:07:8d:b5:b3:bc:50:0e:89:9e:
2e:c3:e2:91:23:ce:44:31:43:4e:70:be:c7:b4:09:
3d:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:77:90:4A:4E:79:B5:E0:2C:26:BC:E2:94:CF:5B:2B:03:AB:29:D5
X509v3 Authority Key Identifier:
keyid:33:51:A9:EC:0A:A9:1B:93:2A:C3:C3:58:6C:FC:AC:F0:CA:29:F5:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/IXeQSk55teAsJrzilM9bKwOrKdU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.35.0/24
91.247.179.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:b9:ec:b1:3e:9e:01:81:6d:22:99:9a:8c:dd:f5:d3:0e:a8:
96:86:99:dd:8c:c2:f3:00:fe:e7:37:08:af:17:3b:df:e1:c9:
3a:64:2b:e9:2d:fe:2f:16:24:62:df:2a:e5:a4:96:59:4c:fd:
20:11:ce:e3:32:8a:0b:e9:96:05:37:77:28:05:c2:fe:bf:e1:
3a:65:19:6a:9a:83:f4:dc:1b:bd:72:fc:54:c3:7d:75:0e:ac:
16:0a:96:40:a7:21:55:2f:60:2a:ef:20:10:e2:77:65:21:5b:
ca:cd:7d:e2:dd:47:22:f8:a3:f9:26:84:21:c8:69:11:9b:ec:
c9:72:00:46:46:28:ff:fc:94:e1:2a:f2:c8:38:d2:62:eb:38:
61:74:2f:5d:33:1e:cd:2e:d2:d4:6e:1e:ee:d2:d4:63:7f:94:
3d:81:7c:4b:85:5f:98:ec:5b:2e:76:8f:3e:c4:70:e7:f5:63:
22:b3:f4:e5:68:d7:1c:ca:b8:b3:cd:6f:21:f3:33:06:2b:9e:
19:92:99:8a:5f:29:04:bd:d5:fd:a2:12:5c:49:f1:e5:20:6b:
55:82:f3:b2:ab:e0:08:da:87:f0:39:a5:6e:90:ac:3d:4d:f1:
e4:b3:c7:bd:ef:5d:f1:98:1f:a5:5d:84:5a:58:bd:3f:d2:f0:
15:4b:d2:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtitNpnLFRHEqxxO0LLTjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNTFhOWVjMGFhOTFiOTMyYWMzYzM1ODZjZmNhY2YwY2Ey
OWY1ODAwHhcNMjMwMTAxMTMzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTc3OTA0YTRlNzliNWUwMmMyNmJjZTI5NGNmNWIyYjAzYWIyOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0t2itJqaR0Ng+j9uAm7IKRZRvseP
eXRdmrNky6/BCWmr//Mkj6bwgFahrNmGKG8/rFEj589EBjNb7yXOOe/vjExUiOAp
gezl+t00MXgD6okJExb7T30rXdYz8PqTDDXJh96c6Id38dPRdjrZ3fTazwY6vviI
n3Pw1A50Qa69oeHIum9y1t8M+VX+O4OuBK602nNqzI3vhIgN6TYBKOMUgKj+CHNd
z1OWkTsNqQypQ+1zjyehUWF6aU7JLFCLESnsits9YHRZIRLPoai/h5lvr0Gu67Ag
Tv6C9j5fuik4ccoYZo+N0VkHjbWzvFAOiZ4uw+KRI85EMUNOcL7HtAk9IQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCF3kEpOebXgLCa84pTPWysDqynVMB8GA1UdIwQY
MBaAFDNRqewKqRuTKsPDWGz8rPDKKfWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTFHcDdBcXBHNU1xdzhOWWJQeXM4TW9wOVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8yYzRmYmItNzc0NS00NzU5LWEwYzgt
NjY4OWY4NzJmYzg3LzEvSVhlUVNrNTV0ZUFzSnJ6aWxNOWJLd09yS2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8yYzRmYmItNzc0NS00NzU5LWEwYzgtNjY4OWY4NzJmYzg3
LzEvTTFHcDdBcXBHNU1xdzhOWWJQeXM4TW9wOVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSMjAwQA
W/ezMA0GCSqGSIb3DQEBCwUAA4IBAQBNueyxPp4BgW0imZqM3fXTDqiWhpndjMLz
AP7nNwivFzvf4ck6ZCvpLf4vFiRi3yrlpJZZTP0gEc7jMooL6ZYFN3coBcL+v+E6
ZRlqmoP03Bu9cvxUw311DqwWCpZApyFVL2Aq7yAQ4ndlIVvKzX3i3Uci+KP5JoQh
yGkRm+zJcgBGRij//JThKvLIONJi6zhhdC9dMx7NLtLUbh7u0tRjf5Q9gXxLhV+Y
7Fsudo8+xHDn9WMis/TlaNccyrizzW8h8zMGK54ZkpmKXykEvdX9ohJcSfHlIGtV
gvOyq+AI2ofwOaVukKw9TfHks8e9713xmB+lXYRaWL0/0vAVS9Lm
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:03:54 2025 by rpki-client