Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/768aa2-0b44-4cf4-b984-924cdf276d8d/1/QKR5PgU0hrpAi0fV1vvZb_jNcww.roa
File: QKR5PgU0hrpAi0fV1vvZb_jNcww.roa (raw, json)
Hash identifier: 3eFk7tPQNWw2/CdlXuDbWNWnLQp32pNCNYSpt01DU08=
Subject key identifier: 40:A4:79:3E:05:34:86:BA:40:8B:47:D5:D6:FB:D9:6F:F8:CD:73:0C
Certificate issuer: /CN=90a065eef40dc016a1be7f28d6e66ca7a87e7fe5
Certificate serial: 01856D4AE66CAB879114202578A7D4F697E5
Authority key identifier: 90:A0:65:EE:F4:0D:C0:16:A1:BE:7F:28:D6:E6:6C:A7:A8:7E:7F:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kKBl7vQNwBahvn8o1uZsp6h-f-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/768aa2-0b44-4cf4-b984-924cdf276d8d/1/QKR5PgU0hrpAi0fV1vvZb_jNcww.roa
Signing time: Sun 01 Jan 2023 12:25:03 +0000
ROA not before: Sun 01 Jan 2023 12:25:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60157
IP address blocks: 185.54.171.0/24 maxlen: 24
185.54.168.0/24 maxlen: 24
185.54.168.0/22 maxlen: 22
185.54.168.0/23 maxlen: 23
185.54.170.0/24 maxlen: 24
185.54.169.0/24 maxlen: 24
2a02:4560::/32 maxlen: 32
2a02:4560::/48 maxlen: 48
2a02:4560:3::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:e6:6c:ab:87:91:14:20:25:78:a7:d4:f6:97:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90a065eef40dc016a1be7f28d6e66ca7a87e7fe5
Validity
Not Before: Jan 1 12:25:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40a4793e053486ba408b47d5d6fbd96ff8cd730c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:ed:73:0a:af:72:46:09:d7:40:9f:fa:cf:5a:
4f:36:42:02:d1:7d:a1:06:6f:c2:18:6e:d7:8e:de:
80:93:3d:e2:a0:fc:bf:59:f2:90:81:2b:03:ce:54:
c6:0d:60:7a:0f:0a:38:76:8c:4a:4e:70:3d:dc:fb:
11:34:2b:70:7e:c2:59:ca:3a:23:83:76:1e:1f:80:
81:fc:48:a4:c1:c9:73:e9:c6:36:39:f3:01:9d:0e:
43:91:89:59:37:9f:cf:6a:15:b8:be:5a:c1:ca:2e:
f7:e5:9d:ef:76:4a:0c:00:32:26:ad:69:b9:f8:29:
88:fa:28:02:3b:bc:e5:a5:c3:12:19:21:4a:71:6a:
92:95:8f:33:95:43:d9:68:0d:10:d7:ac:fd:85:d6:
71:d7:f7:fd:c6:8b:cd:81:45:b1:19:7c:80:4b:5e:
df:55:b9:e4:a7:73:a5:76:67:a5:42:ee:10:bf:b7:
2f:c8:b5:fb:96:04:f1:29:e9:df:93:e3:9f:c8:15:
19:b5:02:99:22:32:cf:f3:d4:09:01:04:79:36:2f:
f0:92:dd:84:3c:90:2c:e3:dd:eb:06:20:23:2e:91:
2a:fd:4f:46:eb:f6:dd:e3:3d:2c:92:97:be:95:84:
07:dd:4f:5f:6f:52:cc:43:df:7b:66:2e:af:f2:24:
0b:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A4:79:3E:05:34:86:BA:40:8B:47:D5:D6:FB:D9:6F:F8:CD:73:0C
X509v3 Authority Key Identifier:
keyid:90:A0:65:EE:F4:0D:C0:16:A1:BE:7F:28:D6:E6:6C:A7:A8:7E:7F:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kKBl7vQNwBahvn8o1uZsp6h-f-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/768aa2-0b44-4cf4-b984-924cdf276d8d/1/QKR5PgU0hrpAi0fV1vvZb_jNcww.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/768aa2-0b44-4cf4-b984-924cdf276d8d/1/kKBl7vQNwBahvn8o1uZsp6h-f-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.54.168.0/22
IPv6:
2a02:4560::/32
Signature Algorithm: sha256WithRSAEncryption
66:9b:00:19:2b:8e:1c:4a:1d:85:9b:a3:7c:66:a9:3f:f8:33:
c6:3e:a3:3a:56:e7:02:2d:a3:59:57:36:5c:51:4f:e4:77:73:
73:2d:d1:5f:ba:da:6d:51:e8:9c:eb:b3:68:e0:7d:b6:47:af:
d3:11:e2:68:29:f6:da:19:38:13:ff:a7:29:cf:ad:52:1c:f6:
64:f3:6b:20:3f:a5:88:fe:f5:8d:a9:68:40:b4:88:4c:a4:81:
04:87:bc:7b:be:52:97:4a:74:5b:42:57:65:d7:7e:c3:53:c3:
9f:7f:c9:fc:8e:43:b7:91:0f:a0:65:a9:c2:34:ec:ec:71:10:
9e:e3:ef:a3:47:9d:32:10:c0:c3:07:ac:77:1f:c4:3b:e2:89:
2b:d8:98:1d:5d:92:30:51:63:5e:42:91:5b:52:a9:51:9f:9d:
6d:a4:14:4d:49:13:14:c6:19:f9:3c:68:12:d8:09:24:56:44:
39:f1:c6:c4:34:b2:81:d9:a1:7e:dd:d4:eb:fe:b2:f2:02:78:
88:35:87:d4:fd:e0:3f:00:a1:cd:84:8e:92:da:c2:e9:74:e9:
9b:a3:38:67:68:08:cc:64:45:25:4f:56:48:fb:2f:17:e5:e1:
e7:1a:cf:67:a6:65:a9:11:09:a9:d0:91:70:f4:d1:f4:f0:56:
20:7e:88:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtSuZsq4eRFCAleKfU9pflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYTA2NWVlZjQwZGMwMTZhMWJlN2YyOGQ2ZTY2Y2E3YTg3
ZTdmZTUwHhcNMjMwMTAxMTIyNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE0NzkzZTA1MzQ4NmJhNDA4YjQ3ZDVkNmZiZDk2ZmY4Y2Q3MzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO1zCq9yRgnXQJ/6z1pPNkIC0X2h
Bm/CGG7Xjt6Akz3ioPy/WfKQgSsDzlTGDWB6Dwo4doxKTnA93PsRNCtwfsJZyjoj
g3YeH4CB/Eikwclz6cY2OfMBnQ5DkYlZN5/PahW4vlrByi735Z3vdkoMADImrWm5
+CmI+igCO7zlpcMSGSFKcWqSlY8zlUPZaA0Q16z9hdZx1/f9xovNgUWxGXyAS17f
Vbnkp3OldmelQu4Qv7cvyLX7lgTxKenfk+OfyBUZtQKZIjLP89QJAQR5Ni/wkt2E
PJAs493rBiAjLpEq/U9G6/bd4z0skpe+lYQH3U9fb1LMQ997Zi6v8iQLCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFECkeT4FNIa6QItH1db72W/4zXMMMB8GA1UdIwQY
MBaAFJCgZe70DcAWob5/KNbmbKeofn/lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0tCbDd2UU53QmFodm44bzF1WnNwNmgtZi1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS83NjhhYTItMGI0NC00Y2Y0LWI5ODQt
OTI0Y2RmMjc2ZDhkLzEvUUtSNVBnVTBocnBBaTBmVjF2dlpiX2pOY3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS83NjhhYTItMGI0NC00Y2Y0LWI5ODQtOTI0Y2RmMjc2ZDhk
LzEva0tCbDd2UU53QmFodm44bzF1WnNwNmgtZi1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTaoMA0E
AgACMAcDBQAqAkVgMA0GCSqGSIb3DQEBCwUAA4IBAQBmmwAZK44cSh2Fm6N8Zqk/
+DPGPqM6VucCLaNZVzZcUU/kd3NzLdFfutptUeic67No4H22R6/TEeJoKfbaGTgT
/6cpz61SHPZk82sgP6WI/vWNqWhAtIhMpIEEh7x7vlKXSnRbQldl137DU8Off8n8
jkO3kQ+gZanCNOzscRCe4++jR50yEMDDB6x3H8Q74okr2JgdXZIwUWNeQpFbUqlR
n51tpBRNSRMUxhn5PGgS2AkkVkQ58cbENLKB2aF+3dTr/rLyAniINYfU/eA/AKHN
hI6S2sLpdOmbozhnaAjMZEUlT1ZI+y8X5eHnGs9npmWpEQmp0JFw9NH08FYgfoib
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:13:10 2025 by rpki-client