Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/kKBOJakSriexVdhDb3bs0yGJXhw.roa
File: kKBOJakSriexVdhDb3bs0yGJXhw.roa (raw, json)
Hash identifier: jRK2fPvDjWMD3Wux3IBeByuruZWlyYQ9Z8lbAw7Uvxg=
Subject key identifier: 90:A0:4E:25:A9:12:AE:27:B1:55:D8:43:6F:76:EC:D3:21:89:5E:1C
Certificate issuer: /CN=03a5e95abb91d64d73b9148c0aaf59b3af3f4e6a
Certificate serial: 01856D4A9A6929774FC1301A2D0256F1D9F6
Authority key identifier: 03:A5:E9:5A:BB:91:D6:4D:73:B9:14:8C:0A:AF:59:B3:AF:3F:4E:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A6XpWruR1k1zuRSMCq9Zs68_Tmo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/kKBOJakSriexVdhDb3bs0yGJXhw.roa
Signing time: Sun 01 Jan 2023 12:24:43 +0000
ROA not before: Sun 01 Jan 2023 12:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1930
IP address blocks: 192.138.86.0/24 maxlen: 24
192.26.236.0/24 maxlen: 24
192.195.195.0/24 maxlen: 24
192.68.186.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:9a:69:29:77:4f:c1:30:1a:2d:02:56:f1:d9:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=03a5e95abb91d64d73b9148c0aaf59b3af3f4e6a
Validity
Not Before: Jan 1 12:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90a04e25a912ae27b155d8436f76ecd321895e1c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:06:2f:8c:e0:ec:96:e0:3c:ae:d2:40:4b:24:
46:2c:b1:64:64:c6:bd:4a:63:92:10:48:a7:07:d6:
bb:74:ed:d6:cb:44:14:88:4e:82:29:7d:40:87:61:
b1:ba:0f:2e:37:49:72:6e:86:1b:c5:49:ab:7e:c5:
e9:b3:bb:be:a6:2d:8f:64:e5:98:03:35:4d:d7:e0:
3b:8e:5f:8d:d5:1c:a3:1e:b2:ed:7b:7d:b8:35:fa:
2c:da:a2:16:62:36:17:08:54:ba:b1:c1:d9:07:f2:
58:22:72:cd:47:cc:d1:80:20:47:d0:04:0a:53:37:
2d:59:09:c8:7b:a9:49:67:0c:89:35:d1:2a:77:d1:
9a:53:b5:31:56:41:3b:9d:c0:29:a2:31:98:d9:fa:
b7:cd:01:57:c4:5a:37:9f:66:76:17:9d:12:a5:de:
c5:3c:04:c7:c1:c9:ec:7f:df:7e:7b:50:33:5e:a2:
9c:cc:09:61:3b:e0:ae:9f:74:91:8e:49:12:89:db:
dc:6b:a8:b7:e3:cd:b6:da:19:61:12:b4:02:e5:01:
2e:b4:62:d8:db:59:c9:da:62:43:b7:2f:23:2b:b3:
25:b5:44:58:cf:22:2c:87:2b:d9:5d:15:3b:97:4b:
5a:69:6a:76:79:3e:25:0e:a3:df:d7:8a:ab:ef:14:
b3:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:A0:4E:25:A9:12:AE:27:B1:55:D8:43:6F:76:EC:D3:21:89:5E:1C
X509v3 Authority Key Identifier:
keyid:03:A5:E9:5A:BB:91:D6:4D:73:B9:14:8C:0A:AF:59:B3:AF:3F:4E:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A6XpWruR1k1zuRSMCq9Zs68_Tmo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/kKBOJakSriexVdhDb3bs0yGJXhw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/A6XpWruR1k1zuRSMCq9Zs68_Tmo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.26.236.0/24
192.68.186.0/24
192.138.86.0/24
192.195.195.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:06:bf:c5:8f:2e:2f:4b:23:ff:1c:6f:fa:84:ae:17:7e:6d:
73:b4:0d:f3:56:3a:97:69:ea:b7:28:8e:27:b0:df:91:02:28:
80:7b:f0:bf:52:41:39:df:3e:17:96:b6:49:35:ab:0c:cd:0f:
07:7e:e8:58:b6:c2:c9:5c:a8:f8:ed:bf:a2:21:cc:7a:6f:c6:
65:14:20:f7:79:32:17:d9:4f:df:b0:a2:eb:c1:57:40:6c:fa:
e0:41:31:91:d9:ce:9d:bc:60:ef:6d:7d:8c:84:28:37:d5:5f:
09:72:db:21:85:14:a4:31:b8:8b:40:69:54:b5:62:de:3c:cc:
28:b2:f9:91:c2:33:c3:37:f0:a0:fb:b3:11:cc:7d:93:74:99:
e4:ab:db:c2:04:59:e8:0c:41:e1:a3:2e:f1:64:02:83:38:e6:
ce:0c:8a:41:28:27:2e:54:0d:fd:79:b8:ff:d4:26:b0:c9:b9:
94:50:9d:a8:13:52:33:c2:2c:bb:22:34:8a:3b:77:f2:93:b6:
44:df:17:65:6a:8a:8d:06:e1:a0:b1:e3:56:5e:96:47:43:af:
33:f3:85:34:c8:80:13:fe:d2:eb:ad:ad:62:64:f4:fb:15:24:
48:38:01:f3:3d:e1:1d:d3:45:ca:ba:11:aa:81:b3:74:28:88:
eb:e1:08:c3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtSpppKXdPwTAaLQJW8dn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYTVlOTVhYmI5MWQ2NGQ3M2I5MTQ4YzBhYWY1OWIzYWYz
ZjRlNmEwHhcNMjMwMTAxMTIyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGEwNGUyNWE5MTJhZTI3YjE1NWQ4NDM2Zjc2ZWNkMzIxODk1ZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggYvjODsluA8rtJASyRGLLFkZMa9
SmOSEEinB9a7dO3Wy0QUiE6CKX1Ah2Gxug8uN0lyboYbxUmrfsXps7u+pi2PZOWY
AzVN1+A7jl+N1RyjHrLte324Nfos2qIWYjYXCFS6scHZB/JYInLNR8zRgCBH0AQK
UzctWQnIe6lJZwyJNdEqd9GaU7UxVkE7ncApojGY2fq3zQFXxFo3n2Z2F50Spd7F
PATHwcnsf99+e1AzXqKczAlhO+Cun3SRjkkSidvca6i348222hlhErQC5QEutGLY
21nJ2mJDty8jK7MltURYzyIshyvZXRU7l0taaWp2eT4lDqPf14qr7xSzrwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJCgTiWpEq4nsVXYQ2927NMhiV4cMB8GA1UdIwQY
MBaAFAOl6Vq7kdZNc7kUjAqvWbOvP05qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTZYcFdydVIxazF6dVJTTUNxOVpzNjhfVG1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni81YWEyODQtMjQxNC00NTU4LWJlYjYt
N2Q0YmUwNjhjOWE1LzEva0tCT0pha1NyaWV4VmRoRGIzYnMweUdKWGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni81YWEyODQtMjQxNC00NTU4LWJlYjYtN2Q0YmUwNjhjOWE1
LzEvQTZYcFdydVIxazF6dVJTTUNxOVpzNjhfVG1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwBrsAwQA
wES6AwQAwIpWAwQAwMPDMA0GCSqGSIb3DQEBCwUAA4IBAQClBr/Fjy4vSyP/HG/6
hK4Xfm1ztA3zVjqXaeq3KI4nsN+RAiiAe/C/UkE53z4XlrZJNasMzQ8HfuhYtsLJ
XKj47b+iIcx6b8ZlFCD3eTIX2U/fsKLrwVdAbPrgQTGR2c6dvGDvbX2MhCg31V8J
ctshhRSkMbiLQGlUtWLePMwosvmRwjPDN/Cg+7MRzH2TdJnkq9vCBFnoDEHhoy7x
ZAKDOObODIpBKCcuVA39ebj/1CawybmUUJ2oE1Izwiy7IjSKO3fyk7ZE3xdlaoqN
BuGgseNWXpZHQ68z84U0yIAT/tLrra1iZPT7FSRIOAHzPeEd00XKuhGqgbN0KIjr
4QjD
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:17 2025 by rpki-client