Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/z0mItzP3iJNY0IvJwirepWxRbcw.roa
File: z0mItzP3iJNY0IvJwirepWxRbcw.roa (raw, json)
Hash identifier: O30Fg/e0WW2tQ2elr7x5Kb3pgCYOR8BfSu1rNDTn6/8=
Subject key identifier: CF:49:88:B7:33:F7:88:93:58:D0:8B:C9:C2:2A:DE:A5:6C:51:6D:CC
Certificate issuer: /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial: 0186119A7DE3DCB7E3B98651DE10C27DCECB
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/z0mItzP3iJNY0IvJwirepWxRbcw.roa
Signing time: Thu 02 Feb 2023 10:09:42 +0000
ROA not before: Thu 02 Feb 2023 10:09:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199270
IP address blocks: 141.226.249.0/24 maxlen: 24
185.23.172.0/24 maxlen: 24
185.23.172.0/23 maxlen: 23
185.23.174.0/24 maxlen: 24
2a00:66a0::/35 maxlen: 35
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:11:9a:7d:e3:dc:b7:e3:b9:86:51:de:10:c2:7d:ce:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
Validity
Not Before: Feb 2 10:09:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf4988b733f7889358d08bc9c22adea56c516dcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:f6:98:9f:d3:43:d4:1a:f2:83:e8:f0:b7:8b:
77:02:6b:29:b1:c8:ff:6c:f8:85:30:05:ef:c6:a8:
a5:99:ef:14:0b:7b:c1:6a:ba:07:a1:d9:d9:1f:f7:
8d:87:c7:6c:de:c1:df:38:b8:35:0b:f7:a1:9c:30:
d8:82:8e:72:a5:4c:2f:e3:ea:82:94:df:fe:bc:8e:
24:23:21:13:84:d2:bb:67:ea:30:86:4a:ab:6b:72:
f7:58:b0:45:e8:a8:1a:0e:b3:d5:f1:8c:13:79:36:
38:a6:d3:c5:a6:a5:56:2a:77:6a:5a:72:fd:9f:8f:
7b:bc:5a:a7:e7:84:4f:e5:35:83:38:cf:2b:d6:42:
ad:51:3f:12:28:88:00:6d:f0:32:67:d7:22:4f:e0:
33:00:47:ee:0f:1d:e0:4c:a6:fc:80:4f:b4:9d:bd:
25:8d:65:8d:eb:8b:6f:e0:07:16:91:c3:de:75:44:
18:b5:f6:17:b8:d8:aa:c9:e4:44:30:68:d1:74:73:
24:65:e7:78:68:16:36:e4:89:e6:c6:3a:f6:4c:02:
75:1a:f7:c1:87:df:cf:88:97:c7:47:f9:3f:67:89:
40:c4:fb:ef:a4:91:b8:3b:9d:f8:bc:a2:75:49:37:
6f:d2:c4:1b:80:57:9e:ef:36:0e:24:46:51:d4:ee:
48:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:49:88:B7:33:F7:88:93:58:D0:8B:C9:C2:2A:DE:A5:6C:51:6D:CC
X509v3 Authority Key Identifier:
keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/z0mItzP3iJNY0IvJwirepWxRbcw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.226.249.0/24
185.23.172.0-185.23.174.255
IPv6:
2a00:66a0::/35
Signature Algorithm: sha256WithRSAEncryption
00:13:ca:5d:69:f9:d4:c4:35:58:ff:16:06:56:40:41:44:61:
a6:90:e1:a6:62:77:54:d7:6e:f8:ab:3f:c5:3e:02:97:dd:2a:
72:21:e9:f3:45:5a:3b:01:86:e3:19:8e:1e:ee:a7:40:4b:c4:
c2:bf:ed:5d:51:df:3b:70:ee:7a:cf:da:b2:5d:82:48:16:96:
c9:56:28:4f:26:24:41:5a:b4:82:91:c8:9b:34:9a:de:52:bd:
a9:d0:72:0a:4b:22:59:68:c5:63:25:a0:88:d9:46:fd:5c:e4:
20:96:92:11:60:64:ac:0b:bb:63:eb:fd:51:44:dd:a8:3e:a5:
43:b7:89:e1:60:c2:4c:db:3a:0b:1e:13:48:18:12:ae:80:0e:
04:74:29:49:d4:53:be:3b:53:d3:43:0e:bc:95:e1:56:86:6c:
43:f6:86:23:09:02:22:71:6b:11:56:c8:7b:0a:05:31:ad:b3:
33:79:91:9b:12:87:ac:8c:41:af:29:98:13:99:93:b3:5c:5f:
9f:98:42:c4:fe:d9:14:32:5b:5f:fd:dc:ce:a3:0e:76:4e:3d:
a7:1e:e3:7b:9a:00:12:b7:f6:a9:dc:c3:16:77:36:5d:44:43:
af:8a:e0:84:a3:77:f0:63:6c:d6:db:5d:51:f7:25:cb:6b:96:
bd:65:5a:5d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYYRmn3j3LfjuYZR3hDCfc7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjMwMjAyMTAwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ5ODhiNzMzZjc4ODkzNThkMDhiYzljMjJhZGVhNTZjNTE2ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPaYn9ND1Bryg+jwt4t3Amspscj/
bPiFMAXvxqilme8UC3vBaroHodnZH/eNh8ds3sHfOLg1C/ehnDDYgo5ypUwv4+qC
lN/+vI4kIyEThNK7Z+owhkqra3L3WLBF6KgaDrPV8YwTeTY4ptPFpqVWKndqWnL9
n497vFqn54RP5TWDOM8r1kKtUT8SKIgAbfAyZ9ciT+AzAEfuDx3gTKb8gE+0nb0l
jWWN64tv4AcWkcPedUQYtfYXuNiqyeREMGjRdHMkZed4aBY25Inmxjr2TAJ1GvfB
h9/PiJfHR/k/Z4lAxPvvpJG4O534vKJ1STdv0sQbgFee7zYOJEZR1O5IRQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFM9JiLcz94iTWNCLycIq3qVsUW3MMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvejBtSXR6UDNpSk5ZMEl2SndpcmVwV3hSYmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAaBAIAATAUAwQAjeL5MAwD
BAK5F6wDBAC5F64wDgQCAAIwCAMGBSoAZqAAMA0GCSqGSIb3DQEBCwUAA4IBAQAA
E8pdafnUxDVY/xYGVkBBRGGmkOGmYndU1274qz/FPgKX3SpyIenzRVo7AYbjGY4e
7qdAS8TCv+1dUd87cO56z9qyXYJIFpbJVihPJiRBWrSCkcibNJreUr2p0HIKSyJZ
aMVjJaCI2Ub9XOQglpIRYGSsC7tj6/1RRN2oPqVDt4nhYMJM2zoLHhNIGBKugA4E
dClJ1FO+O1PTQw68leFWhmxD9oYjCQIicWsRVsh7CgUxrbMzeZGbEoesjEGvKZgT
mZOzXF+fmELE/tkUMltf/dzOow52Tj2nHuN7mgASt/ap3MMWdzZdREOviuCEo3fw
Y2zW211R9yXLa5a9ZVpd
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:31:32 2025 by rpki-client