Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/uG3LEAb7YsNiYH9NgOUpuvNC43k.roa
File: uG3LEAb7YsNiYH9NgOUpuvNC43k.roa (raw, json)
Hash identifier: QMyWzHm5WyrqL78ic57x4S+hA9TYEEqr9x7t3OXg8cc=
Subject key identifier: B8:6D:CB:10:06:FB:62:C3:62:60:7F:4D:80:E5:29:BA:F3:42:E3:79
Certificate issuer: /CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
Certificate serial: 01856D93F56156336E299E2E167B7170E4B1
Authority key identifier: 2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/uG3LEAb7YsNiYH9NgOUpuvNC43k.roa
Signing time: Sun 01 Jan 2023 13:44:51 +0000
ROA not before: Sun 01 Jan 2023 13:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31027
IP address blocks: 185.125.80.0/22 maxlen: 24
176.67.184.0/21 maxlen: 24
2a06:b740::/29 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:93:f5:61:56:33:6e:29:9e:2e:16:7b:71:70:e4:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
Validity
Not Before: Jan 1 13:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b86dcb1006fb62c362607f4d80e529baf342e379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:29:d3:aa:c6:ce:d9:2e:c9:f1:3a:f0:34:b9:
fb:87:2c:06:95:00:e9:aa:da:98:67:ac:85:a6:31:
f2:1f:4f:3c:4b:7d:56:a8:ab:00:76:88:e1:89:ab:
07:a1:a1:a2:86:ba:b0:22:1a:b4:e7:f2:5d:f2:5a:
78:eb:13:6b:c1:42:96:84:08:f5:21:0f:14:02:3b:
d2:74:cb:89:c2:ae:8c:33:49:41:83:14:e5:a4:08:
f8:1d:e4:0f:62:28:61:9d:9c:aa:ee:9b:14:51:51:
22:0a:c6:04:c5:e7:d9:2e:dc:40:69:b5:6f:12:07:
83:99:bd:e7:8f:de:3a:d6:f9:7a:38:14:16:fd:73:
08:76:c2:d1:90:b4:b4:0b:14:c9:ca:54:00:d1:29:
e4:d1:be:7b:4a:ef:5b:5a:53:74:bc:f9:46:4d:2e:
d1:d8:5d:73:b1:fb:e6:7a:9d:19:64:88:f5:6a:d5:
8b:e7:68:0a:ce:d6:0a:e4:57:2f:93:ae:70:4f:71:
b9:1a:3a:ed:f9:6b:b4:20:7e:dc:6e:a6:78:28:d9:
fb:42:d2:be:23:8e:7d:72:68:db:28:04:33:d1:53:
99:2f:10:29:87:24:7c:7e:1b:5e:d3:42:f9:fc:a1:
bd:39:b5:9c:57:4b:a3:4e:73:1d:fe:58:36:d1:ff:
47:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:6D:CB:10:06:FB:62:C3:62:60:7F:4D:80:E5:29:BA:F3:42:E3:79
X509v3 Authority Key Identifier:
keyid:2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/uG3LEAb7YsNiYH9NgOUpuvNC43k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.67.184.0/21
185.125.80.0/22
IPv6:
2a06:b740::/29
Signature Algorithm: sha256WithRSAEncryption
75:44:a2:16:67:2e:d7:98:24:17:6c:e8:ae:ad:22:da:c8:1b:
1a:b3:40:50:9e:86:ab:3d:7e:d4:a7:04:06:c4:03:4b:52:82:
49:de:57:a2:39:27:29:22:55:79:da:ee:82:df:fc:60:b2:0e:
4b:6d:43:c2:33:39:f1:ca:ec:87:73:e1:57:48:da:0d:93:2d:
5c:e6:21:83:59:52:9b:5b:fe:5e:5c:84:45:08:a1:07:33:d8:
9f:73:07:37:f9:a1:58:23:51:73:0e:e2:26:73:ce:8d:ff:64:
d0:6a:0a:c2:b5:38:f8:a8:37:3a:78:67:71:06:0b:ee:0f:e1:
57:21:96:e4:93:92:a1:40:3e:5e:ea:8a:38:91:a6:3b:90:4a:
d4:6a:0b:73:9d:51:72:3e:cc:51:90:ec:1d:7a:c7:6f:0c:4f:
77:4d:7b:b7:6c:fd:7a:e8:ad:02:3e:8f:91:6c:5e:ed:62:64:
43:8e:5c:1f:5a:b8:54:de:bf:2a:b2:c0:fc:f2:48:65:f9:45:
b4:c6:da:09:64:88:5a:1c:c1:79:1e:3b:ee:df:a7:7f:6b:fb:
fd:24:44:c0:4d:3b:be:bc:14:e5:24:7f:c1:cb:d5:ea:7f:8a:
71:dd:1d:84:b3:88:cd:bb:70:09:3d:48:b8:a6:94:b7:2c:c0:
3c:4d:e8:a3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtk/VhVjNuKZ4uFntxcOSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjQ5NzkzZTU5MjRhOWYyNWYzYTBhOGRkOTk0YjM3NGVi
OTM3ZDIwHhcNMjMwMTAxMTM0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODZkY2IxMDA2ZmI2MmMzNjI2MDdmNGQ4MGU1MjliYWYzNDJlMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsynTqsbO2S7J8TrwNLn7hywGlQDp
qtqYZ6yFpjHyH088S31WqKsAdojhiasHoaGihrqwIhq05/Jd8lp46xNrwUKWhAj1
IQ8UAjvSdMuJwq6MM0lBgxTlpAj4HeQPYihhnZyq7psUUVEiCsYExefZLtxAabVv
EgeDmb3nj9461vl6OBQW/XMIdsLRkLS0CxTJylQA0Snk0b57Su9bWlN0vPlGTS7R
2F1zsfvmep0ZZIj1atWL52gKztYK5Fcvk65wT3G5Gjrt+Wu0IH7cbqZ4KNn7QtK+
I459cmjbKAQz0VOZLxAphyR8fhte00L5/KG9ObWcV0ujTnMd/lg20f9H2wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLhtyxAG+2LDYmB/TYDlKbrzQuN5MB8GA1UdIwQY
MBaAFC4kl5PlkkqfJfOgqN2ZSzdOuTfSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEt
OTZiZjE0M2ViNDUyLzEvdUczTEVBYjdZc05pWUg5TmdPVXB1dk5DNDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEtOTZiZjE0M2ViNDUy
LzEvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsEO4AwQC
uX1QMA0EAgACMAcDBQMqBrdAMA0GCSqGSIb3DQEBCwUAA4IBAQB1RKIWZy7XmCQX
bOiurSLayBsas0BQnoarPX7UpwQGxANLUoJJ3leiOScpIlV52u6C3/xgsg5LbUPC
MznxyuyHc+FXSNoNky1c5iGDWVKbW/5eXIRFCKEHM9ifcwc3+aFYI1FzDuImc86N
/2TQagrCtTj4qDc6eGdxBgvuD+FXIZbkk5KhQD5e6oo4kaY7kErUagtznVFyPsxR
kOwdesdvDE93TXu3bP166K0CPo+RbF7tYmRDjlwfWrhU3r8qssD88khl+UW0xtoJ
ZIhaHMF5Hjvu36d/a/v9JETATTu+vBTlJH/By9Xqf4px3R2Es4jNu3AJPUi4ppS3
LMA8Teij
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:13 2025 by rpki-client