Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/zwgcPKiY3H6vPkPqetfhL3IJF5M.roa
File: zwgcPKiY3H6vPkPqetfhL3IJF5M.roa (raw, json)
Hash identifier: zJqmXCT7aEyn/jb0oxmcG6ridBBEL8EW9RJzeNtq6TU=
Subject key identifier: CF:08:1C:3C:A8:98:DC:7E:AF:3E:43:EA:7A:D7:E1:2F:72:09:17:93
Certificate issuer: /CN=3841abaa3e75c46d98b6fa8678d34fef2ac385b0
Certificate serial: 01857295A0C1831C74457C6E5FF9369F1FB8
Authority key identifier: 38:41:AB:AA:3E:75:C4:6D:98:B6:FA:86:78:D3:4F:EF:2A:C3:85:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OEGrqj51xG2YtvqGeNNP7yrDhbA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/zwgcPKiY3H6vPkPqetfhL3IJF5M.roa
Signing time: Mon 02 Jan 2023 13:04:45 +0000
ROA not before: Mon 02 Jan 2023 13:04:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35175
IP address blocks: 85.194.208.0/21 maxlen: 21
85.194.216.0/22 maxlen: 22
185.117.220.0/22 maxlen: 22
2a06:8680::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:95:a0:c1:83:1c:74:45:7c:6e:5f:f9:36:9f:1f:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3841abaa3e75c46d98b6fa8678d34fef2ac385b0
Validity
Not Before: Jan 2 13:04:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf081c3ca898dc7eaf3e43ea7ad7e12f72091793
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:ee:64:8d:6c:67:9b:23:5b:3d:2c:54:4a:6b:
2a:79:70:3b:7f:a5:7b:90:dd:f9:cd:12:73:7a:33:
5e:17:e5:f5:32:01:10:58:4e:49:77:99:13:22:36:
d8:d9:d7:c2:55:9b:2d:c7:a4:ec:b0:31:60:c0:f1:
fe:41:6b:51:42:16:5d:94:13:2a:8b:7d:09:98:7c:
93:b2:2a:e5:47:c4:cd:7d:19:20:79:3b:63:86:27:
24:3e:aa:f8:f5:f8:9c:a1:ae:16:e6:66:1b:47:39:
ce:45:a6:9d:3e:49:95:32:60:6e:a5:8f:62:14:de:
c0:1c:50:7b:eb:01:16:44:2b:e7:0d:76:5d:07:97:
96:0b:f2:29:e0:c0:3a:53:1a:f6:ca:18:a0:59:15:
ec:f6:3b:c5:44:52:a6:85:48:3a:15:1f:33:86:51:
92:98:85:8e:c6:03:03:b6:49:62:f5:99:a7:cd:bc:
8b:c0:dd:ef:28:88:f7:ab:6a:23:bf:38:6b:ee:2e:
d5:ad:72:66:52:25:bc:e7:80:21:f5:f3:7a:56:18:
49:c0:b8:fe:a4:53:29:48:6c:48:c4:b1:ff:8d:1b:
d9:54:cf:eb:a7:be:91:19:83:0f:d3:8e:a4:d6:5e:
1b:2a:a2:d2:8c:87:20:c1:36:38:61:53:60:e9:74:
b7:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:08:1C:3C:A8:98:DC:7E:AF:3E:43:EA:7A:D7:E1:2F:72:09:17:93
X509v3 Authority Key Identifier:
keyid:38:41:AB:AA:3E:75:C4:6D:98:B6:FA:86:78:D3:4F:EF:2A:C3:85:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEGrqj51xG2YtvqGeNNP7yrDhbA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/zwgcPKiY3H6vPkPqetfhL3IJF5M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/OEGrqj51xG2YtvqGeNNP7yrDhbA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.194.208.0-85.194.219.255
185.117.220.0/22
IPv6:
2a06:8680::/29
Signature Algorithm: sha256WithRSAEncryption
4e:43:44:89:85:61:86:f5:d8:28:45:20:09:86:6d:ab:be:f8:
57:b0:74:0c:14:bf:03:58:0a:4f:d4:1d:c5:73:12:1a:9b:77:
db:93:d8:02:42:6b:47:57:14:11:c9:53:34:98:c0:ae:26:ca:
4c:90:17:38:5d:c2:46:ca:1c:58:db:77:23:d4:ed:4f:0a:7d:
86:95:f5:32:7e:8e:e6:25:a0:b9:c8:d6:9e:c8:d6:08:ec:13:
8c:39:b4:ae:03:07:c6:4b:26:af:a1:b5:61:1f:f7:d5:81:9e:
52:65:c2:62:b8:6e:d7:d8:57:6d:ba:1c:b8:f2:dd:d5:4b:c2:
17:60:93:a7:c5:1d:e5:97:c1:56:38:08:44:42:aa:fb:60:ba:
be:9e:19:ac:65:cc:57:29:4c:65:0f:4a:a0:b3:63:1b:6a:aa:
0d:69:6a:60:84:1f:55:57:b7:ae:37:68:9b:0e:66:d1:b3:5c:
8d:a3:1b:e2:21:ae:f4:98:27:bf:58:fb:e8:40:bc:20:58:e3:
9f:e0:54:79:86:d9:30:f5:0f:23:ac:8a:91:9a:37:bf:1e:8c:
43:5b:f5:a8:3c:0b:6e:89:9d:6d:37:8d:57:a7:45:54:a3:11:
70:2a:41:4d:6b:6d:ed:aa:63:c2:0f:bb:0c:83:ec:f5:fe:58:
d8:59:44:9f
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVylaDBgxx0RXxuX/k2nx+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDFhYmFhM2U3NWM0NmQ5OGI2ZmE4Njc4ZDM0ZmVmMmFj
Mzg1YjAwHhcNMjMwMTAyMTMwNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA4MWMzY2E4OThkYzdlYWYzZTQzZWE3YWQ3ZTEyZjcyMDkxNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAku5kjWxnmyNbPSxUSmsqeXA7f6V7
kN35zRJzejNeF+X1MgEQWE5Jd5kTIjbY2dfCVZstx6TssDFgwPH+QWtRQhZdlBMq
i30JmHyTsirlR8TNfRkgeTtjhickPqr49ficoa4W5mYbRznORaadPkmVMmBupY9i
FN7AHFB76wEWRCvnDXZdB5eWC/Ip4MA6Uxr2yhigWRXs9jvFRFKmhUg6FR8zhlGS
mIWOxgMDtkli9ZmnzbyLwN3vKIj3q2ojvzhr7i7VrXJmUiW854Ah9fN6VhhJwLj+
pFMpSGxIxLH/jRvZVM/rp76RGYMP046k1l4bKqLSjIcgwTY4YVNg6XS3EQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFM8IHDyomNx+rz5D6nrX4S9yCReTMB8GA1UdIwQY
MBaAFDhBq6o+dcRtmLb6hnjTT+8qw4WwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VHcnFqNTF4RzJZdHZxR2VOTlA3eXJEaGJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8xMTI5ZGUtYmY0My00OTY3LThjMDQt
ZjIyNjEwZTYzYzkyLzEvendnY1BLaVkzSDZ2UGtQcWV0ZmhMM0lKRjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8xMTI5ZGUtYmY0My00OTY3LThjMDQtZjIyNjEwZTYzYzky
LzEvT0VHcnFqNTF4RzJZdHZxR2VOTlA3eXJEaGJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBARVwtAD
BAJVwtgDBAK5ddwwDQQCAAIwBwMFAyoGhoAwDQYJKoZIhvcNAQELBQADggEBAE5D
RImFYYb12ChFIAmGbau++FewdAwUvwNYCk/UHcVzEhqbd9uT2AJCa0dXFBHJUzSY
wK4mykyQFzhdwkbKHFjbdyPU7U8KfYaV9TJ+juYloLnI1p7I1gjsE4w5tK4DB8ZL
Jq+htWEf99WBnlJlwmK4btfYV226HLjy3dVLwhdgk6fFHeWXwVY4CERCqvtgur6e
GaxlzFcpTGUPSqCzYxtqqg1pamCEH1VXt643aJsOZtGzXI2jG+IhrvSYJ79Y++hA
vCBY45/gVHmG2TD1DyOsipGaN78ejENb9ag8C26JnW03jVenRVSjEXAqQU1rbe2q
Y8IPuwyD7PX+WNhZRJ8=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:29:34 2025 by rpki-client