Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/hzGNDLAzvY7l5l1GizUXX6EwmtU.roa
File: hzGNDLAzvY7l5l1GizUXX6EwmtU.roa (raw, json)
Hash identifier: dLo7kD8rKMdcQmFUvcG2q+0VyvGzrTDjwaxiAV4f3Fg=
Subject key identifier: 87:31:8D:0C:B0:33:BD:8E:E5:E6:5D:46:8B:35:17:5F:A1:30:9A:D5
Certificate issuer: /CN=15ab3e72f7340da856e93d62ee8d023f1d7c8ee7
Certificate serial: 0185728C6C9C9481CC70E9A98CCCC731ED89
Authority key identifier: 15:AB:3E:72:F7:34:0D:A8:56:E9:3D:62:EE:8D:02:3F:1D:7C:8E:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Fas-cvc0DahW6T1i7o0CPx18juc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/hzGNDLAzvY7l5l1GizUXX6EwmtU.roa
Signing time: Mon 02 Jan 2023 12:54:43 +0000
ROA not before: Mon 02 Jan 2023 12:54:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209549
IP address blocks: 185.149.38.0/24 maxlen: 24
185.149.37.0/24 maxlen: 24
185.149.36.0/24 maxlen: 24
185.149.36.0/22 maxlen: 22
2a0d:b780::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:8c:6c:9c:94:81:cc:70:e9:a9:8c:cc:c7:31:ed:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15ab3e72f7340da856e93d62ee8d023f1d7c8ee7
Validity
Not Before: Jan 2 12:54:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=87318d0cb033bd8ee5e65d468b35175fa1309ad5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:a8:61:4a:71:fd:68:df:c3:ba:dc:be:51:d7:
2b:c1:d4:15:18:f0:18:6a:5e:ee:b4:0d:b9:2b:d6:
7f:49:a6:6c:ce:3e:fb:6e:ee:d1:d8:62:80:58:97:
21:f7:aa:e4:f3:e8:5e:7d:24:2a:52:03:29:17:10:
b0:9a:a6:ab:12:b6:45:2c:5f:63:08:52:2a:62:2d:
3c:43:fa:22:3d:ed:89:f7:4e:4d:3d:0e:24:6e:d8:
d1:9a:05:a8:f6:9d:3d:90:d9:58:15:0e:f1:5f:3f:
24:09:fd:37:2e:bb:ff:1c:df:03:e3:d8:07:77:1a:
ca:78:30:6c:b0:4c:90:18:c9:a9:3c:30:2f:d6:62:
2e:0d:e1:a2:40:5d:af:9b:c8:38:50:11:9b:12:56:
c3:30:79:39:c0:99:31:b0:e0:62:f8:b9:cf:90:ee:
72:5d:85:b2:45:7a:20:08:2e:1a:de:e6:3a:2c:85:
2c:7b:07:4a:6e:2e:92:c1:63:08:38:ad:9a:a4:6b:
b1:0e:a1:dc:3a:b6:54:28:16:bc:f1:49:22:05:51:
46:e7:e6:74:9a:0c:93:52:af:82:9d:93:c5:e2:a5:
37:98:84:7b:b5:1b:4a:68:11:81:3f:b3:70:8f:f0:
b2:ae:c1:96:bf:a4:77:2b:cc:3f:0b:0e:ad:6d:72:
9a:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:31:8D:0C:B0:33:BD:8E:E5:E6:5D:46:8B:35:17:5F:A1:30:9A:D5
X509v3 Authority Key Identifier:
keyid:15:AB:3E:72:F7:34:0D:A8:56:E9:3D:62:EE:8D:02:3F:1D:7C:8E:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fas-cvc0DahW6T1i7o0CPx18juc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/hzGNDLAzvY7l5l1GizUXX6EwmtU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/Fas-cvc0DahW6T1i7o0CPx18juc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.36.0/22
IPv6:
2a0d:b780::/29
Signature Algorithm: sha256WithRSAEncryption
23:49:1b:c1:e8:75:77:03:de:07:40:4e:82:74:10:25:87:7e:
bc:f0:07:15:b6:ae:0e:15:51:75:ea:57:10:94:31:a0:e8:64:
33:96:a6:3f:82:25:ac:ee:1a:c9:69:73:f8:b5:dd:a0:e2:38:
f2:39:7d:48:bd:84:b9:07:6c:38:bb:f1:92:e0:d0:bf:c4:fd:
e8:95:50:9c:2c:a7:a6:70:d8:26:94:be:d9:3d:c5:88:e4:cc:
dd:fc:38:e0:3e:2d:0f:cc:ff:7e:7c:66:e5:bd:f5:9e:2b:e3:
c4:c7:a3:41:6b:83:da:04:0e:bb:91:a0:ed:c0:7b:79:19:31:
f3:b6:a2:02:f7:2f:80:b1:60:04:a3:24:b8:f2:30:38:3b:93:
b2:83:2e:22:b3:b9:bf:bb:14:43:c9:f8:be:ab:3e:bc:cc:08:
1d:18:5f:f7:2a:73:94:16:c8:1c:51:1c:3d:cb:1a:c3:61:4c:
78:a7:c0:9b:ff:d5:76:4c:c8:43:e0:b1:6b:2a:ec:37:a3:e2:
90:ef:ff:22:ad:2e:2d:af:9e:2a:6e:bb:a2:7b:87:9d:1c:e8:
29:f9:a4:f8:3a:6e:a5:2c:f7:7e:a2:bb:57:fb:30:a4:96:22:
16:6c:2c:42:99:03:bb:63:9a:44:99:89:2e:22:a2:c9:6c:d8:
e3:e4:83:a2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyjGyclIHMcOmpjMzHMe2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YWIzZTcyZjczNDBkYTg1NmU5M2Q2MmVlOGQwMjNmMWQ3
YzhlZTcwHhcNMjMwMTAyMTI1NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMxOGQwY2IwMzNiZDhlZTVlNjVkNDY4YjM1MTc1ZmExMzA5YWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqhhSnH9aN/Duty+UdcrwdQVGPAY
al7utA25K9Z/SaZszj77bu7R2GKAWJch96rk8+hefSQqUgMpFxCwmqarErZFLF9j
CFIqYi08Q/oiPe2J905NPQ4kbtjRmgWo9p09kNlYFQ7xXz8kCf03Lrv/HN8D49gH
dxrKeDBssEyQGMmpPDAv1mIuDeGiQF2vm8g4UBGbElbDMHk5wJkxsOBi+LnPkO5y
XYWyRXogCC4a3uY6LIUsewdKbi6SwWMIOK2apGuxDqHcOrZUKBa88UkiBVFG5+Z0
mgyTUq+CnZPF4qU3mIR7tRtKaBGBP7Nwj/CyrsGWv6R3K8w/Cw6tbXKaiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIcxjQywM72O5eZdRos1F1+hMJrVMB8GA1UdIwQY
MBaAFBWrPnL3NA2oVuk9Yu6NAj8dfI7nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmFzLWN2YzBEYWhXNlQxaTdvMENQeDE4anVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85YzEzMGItZTE1ZS00YjZkLWI1ZmIt
NzE5YjA0OTdlN2NjLzEvaHpHTkRMQXp2WTdsNWwxR2l6VVhYNkV3bXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85YzEzMGItZTE1ZS00YjZkLWI1ZmItNzE5YjA0OTdlN2Nj
LzEvRmFzLWN2YzBEYWhXNlQxaTdvMENQeDE4anVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZUkMA0E
AgACMAcDBQMqDbeAMA0GCSqGSIb3DQEBCwUAA4IBAQAjSRvB6HV3A94HQE6CdBAl
h3688AcVtq4OFVF16lcQlDGg6GQzlqY/giWs7hrJaXP4td2g4jjyOX1IvYS5B2w4
u/GS4NC/xP3olVCcLKemcNgmlL7ZPcWI5Mzd/DjgPi0PzP9+fGblvfWeK+PEx6NB
a4PaBA67kaDtwHt5GTHztqIC9y+AsWAEoyS48jA4O5Oygy4is7m/uxRDyfi+qz68
zAgdGF/3KnOUFsgcURw9yxrDYUx4p8Cb/9V2TMhD4LFrKuw3o+KQ7/8irS4tr54q
bruie4edHOgp+aT4Om6lLPd+ortX+zCkliIWbCxCmQO7Y5pEmYkuIqLJbNjj5IOi
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:31 2025 by rpki-client