Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/ca99d8-8527-45b8-af6a-765262f29eaf/1/8ufW6aLGoHatZIBhWcPJMqa7b3A.roa
File: 8ufW6aLGoHatZIBhWcPJMqa7b3A.roa (raw, json)
Hash identifier: vop5zFi035Odbt43gcvYZEoK47xVVuZEFES/LjINy8g=
Subject key identifier: F2:E7:D6:E9:A2:C6:A0:76:AD:64:80:61:59:C3:C9:32:A6:BB:6F:70
Certificate issuer: /CN=a1ea8de31ceca55803cf3af14d4a7279ae8446d0
Certificate serial: 018573CD1FAA36C83539C39CFF7E86200639
Authority key identifier: A1:EA:8D:E3:1C:EC:A5:58:03:CF:3A:F1:4D:4A:72:79:AE:84:46:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oeqN4xzspVgDzzrxTUpyea6ERtA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/ca99d8-8527-45b8-af6a-765262f29eaf/1/8ufW6aLGoHatZIBhWcPJMqa7b3A.roa
Signing time: Mon 02 Jan 2023 18:45:00 +0000
ROA not before: Mon 02 Jan 2023 18:45:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206492
IP address blocks: 185.185.32.0/22 maxlen: 22
185.185.32.0/24 maxlen: 24
5.154.170.0/24 maxlen: 24
2a0b:4d80::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:cd:1f:aa:36:c8:35:39:c3:9c:ff:7e:86:20:06:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a1ea8de31ceca55803cf3af14d4a7279ae8446d0
Validity
Not Before: Jan 2 18:45:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f2e7d6e9a2c6a076ad64806159c3c932a6bb6f70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:3e:7b:24:05:8a:c2:b3:c5:60:2a:ed:7b:8f:
23:84:0b:45:7d:a0:71:44:31:9c:48:4e:6f:33:87:
e8:5b:e2:8a:40:9c:6c:71:cd:70:fe:b6:84:bf:ff:
70:cc:e2:0c:69:5f:5f:17:6e:3e:45:27:f1:b3:f6:
33:4d:9e:e4:ec:95:83:bf:07:0b:6d:99:6d:21:bf:
85:8e:89:ce:c7:fa:9d:d6:a7:6c:03:5a:e8:f6:12:
37:d5:59:8d:8f:13:5c:9d:ea:8b:11:b6:86:40:6d:
6e:76:fa:e8:f0:86:42:cb:15:cd:da:6f:ed:58:7f:
d8:a5:a2:62:8f:a3:60:b6:c9:24:91:bf:70:0a:39:
31:7b:f5:56:9f:2d:0a:b7:6d:dd:65:a9:39:49:00:
3d:66:18:b7:4d:ce:58:a7:b2:ca:67:c9:d6:21:63:
00:5d:44:fc:d5:10:59:cf:e2:a8:fe:20:60:7f:c3:
dc:b6:96:03:5c:3a:a9:30:58:8d:1c:04:2f:8d:16:
e4:2a:ff:1d:ac:46:53:45:de:79:e1:e1:83:e5:b9:
21:74:6e:61:9b:ad:bb:f1:6f:08:f3:bb:4e:d3:a6:
09:7e:66:e5:1c:c6:00:b4:3e:4b:55:c8:d1:2d:47:
16:bd:9f:ae:73:02:20:51:11:7b:00:6b:75:06:41:
26:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:E7:D6:E9:A2:C6:A0:76:AD:64:80:61:59:C3:C9:32:A6:BB:6F:70
X509v3 Authority Key Identifier:
keyid:A1:EA:8D:E3:1C:EC:A5:58:03:CF:3A:F1:4D:4A:72:79:AE:84:46:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oeqN4xzspVgDzzrxTUpyea6ERtA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ca99d8-8527-45b8-af6a-765262f29eaf/1/8ufW6aLGoHatZIBhWcPJMqa7b3A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ca99d8-8527-45b8-af6a-765262f29eaf/1/oeqN4xzspVgDzzrxTUpyea6ERtA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.154.170.0/24
185.185.32.0/22
IPv6:
2a0b:4d80::/29
Signature Algorithm: sha256WithRSAEncryption
44:a2:5a:03:8f:bc:3d:10:0e:24:f8:03:9c:87:db:50:c5:18:
af:a2:2a:6a:5f:9e:21:40:f4:16:a0:b3:85:80:56:10:21:09:
54:26:df:61:1a:45:94:1a:ec:90:ce:30:f8:2c:bd:7c:0b:ba:
41:d5:00:2b:bd:25:23:e6:8d:94:1c:d7:ac:05:e5:ef:28:af:
aa:c4:3c:5f:bf:0b:18:d0:2b:33:9f:e7:0c:fb:19:91:5c:08:
09:78:0f:d7:5f:88:c4:3c:39:84:cf:9d:6c:01:4b:90:a4:c5:
f3:e2:c6:01:d1:b0:83:8c:bd:ba:bd:7a:7d:e9:23:ea:c7:4c:
15:bb:86:06:47:9b:33:cb:00:41:3a:64:41:57:1d:dd:9f:ac:
8c:96:24:8f:f8:d1:02:81:fa:9f:cd:43:16:b1:b1:19:e5:eb:
fc:dc:90:77:87:87:2c:7d:5e:7f:ea:c8:b6:49:d3:ed:24:24:
b6:ce:66:f9:a3:01:15:77:50:1d:8f:4f:3d:5c:af:4e:ba:5c:
d9:5b:f2:5f:5e:72:3d:33:d9:77:c2:7f:2d:78:88:3d:d5:1a:
20:da:55:71:a8:46:27:df:21:b3:bb:f6:28:65:ae:d0:0c:e0:
56:70:d8:94:18:6c:79:a9:18:28:f2:7f:27:38:fa:ef:a2:db:
b7:b0:6e:82
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVzzR+qNsg1OcOc/36GIAY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZWE4ZGUzMWNlY2E1NTgwM2NmM2FmMTRkNGE3Mjc5YWU4
NDQ2ZDAwHhcNMjMwMTAyMTg0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmU3ZDZlOWEyYzZhMDc2YWQ2NDgwNjE1OWMzYzkzMmE2YmI2ZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiT57JAWKwrPFYCrte48jhAtFfaBx
RDGcSE5vM4foW+KKQJxscc1w/raEv/9wzOIMaV9fF24+RSfxs/YzTZ7k7JWDvwcL
bZltIb+FjonOx/qd1qdsA1ro9hI31VmNjxNcneqLEbaGQG1udvro8IZCyxXN2m/t
WH/YpaJij6Ngtskkkb9wCjkxe/VWny0Kt23dZak5SQA9Zhi3Tc5Yp7LKZ8nWIWMA
XUT81RBZz+Ko/iBgf8PctpYDXDqpMFiNHAQvjRbkKv8drEZTRd554eGD5bkhdG5h
m6278W8I87tO06YJfmblHMYAtD5LVcjRLUcWvZ+ucwIgURF7AGt1BkEmawIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPLn1umixqB2rWSAYVnDyTKmu29wMB8GA1UdIwQY
MBaAFKHqjeMc7KVYA8868U1KcnmuhEbQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2VxTjR4enNwVmdEenpyeFRVcHllYTZFUnRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jYTk5ZDgtODUyNy00NWI4LWFmNmEt
NzY1MjYyZjI5ZWFmLzEvOHVmVzZhTEdvSGF0WklCaFdjUEpNcWE3YjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jYTk5ZDgtODUyNy00NWI4LWFmNmEtNzY1MjYyZjI5ZWFm
LzEvb2VxTjR4enNwVmdEenpyeFRVcHllYTZFUnRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQABZqqAwQC
ubkgMA0EAgACMAcDBQMqC02AMA0GCSqGSIb3DQEBCwUAA4IBAQBEoloDj7w9EA4k
+AOch9tQxRivoipqX54hQPQWoLOFgFYQIQlUJt9hGkWUGuyQzjD4LL18C7pB1QAr
vSUj5o2UHNesBeXvKK+qxDxfvwsY0Cszn+cM+xmRXAgJeA/XX4jEPDmEz51sAUuQ
pMXz4sYB0bCDjL26vXp96SPqx0wVu4YGR5szywBBOmRBVx3dn6yMliSP+NECgfqf
zUMWsbEZ5ev83JB3h4csfV5/6si2SdPtJCS2zmb5owEVd1Adj089XK9OulzZW/Jf
XnI9M9l3wn8teIg91Rog2lVxqEYn3yGzu/YoZa7QDOBWcNiUGGx5qRgo8n8nOPrv
otu3sG6C
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:53:21 2025 by rpki-client