Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/PnBrfK0lxZgHHidZse-knfX3K4k.roa
File: PnBrfK0lxZgHHidZse-knfX3K4k.roa (raw, json)
Hash identifier: 9uSTiZjGfvh7dlEKr2tj+sxrnZzQKEbkF4knKaneaH4=
Subject key identifier: 3E:70:6B:7C:AD:25:C5:98:07:1E:27:59:B1:EF:A4:9D:F5:F7:2B:89
Certificate issuer: /CN=60635e04c34c2f781ee980a1651ff66e5132bc44
Certificate serial: 018571954D51B73193E93815E53108379DB0
Authority key identifier: 60:63:5E:04:C3:4C:2F:78:1E:E9:80:A1:65:1F:F6:6E:51:32:BC:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGNeBMNML3ge6YChZR_2blEyvEQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/PnBrfK0lxZgHHidZse-knfX3K4k.roa
Signing time: Mon 02 Jan 2023 08:24:48 +0000
ROA not before: Mon 02 Jan 2023 08:24:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60717
IP address blocks: 185.57.252.0/22 maxlen: 22
84.243.128.0/18 maxlen: 24
2a02:6060::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:4d:51:b7:31:93:e9:38:15:e5:31:08:37:9d:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60635e04c34c2f781ee980a1651ff66e5132bc44
Validity
Not Before: Jan 2 08:24:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e706b7cad25c598071e2759b1efa49df5f72b89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:6d:25:49:ce:1d:de:00:44:d1:18:75:0e:65:
ce:b5:46:4f:e3:14:02:1d:6f:83:5a:70:59:8e:0f:
9d:a5:49:c2:32:81:4d:b0:29:75:56:9b:9b:40:a4:
d6:2c:08:bf:80:93:7f:b8:de:9c:c6:b4:06:59:74:
a6:21:bd:5c:69:fc:d5:44:88:af:32:0a:b8:de:17:
eb:60:13:15:47:b0:5c:68:03:e4:2c:cb:df:f0:60:
96:52:82:f2:34:e2:50:4c:f8:25:07:dd:30:2b:1a:
7e:22:2d:d0:35:7d:d3:c3:5c:fa:3c:e0:81:06:e7:
4e:ba:3b:0b:3c:19:cc:36:2e:05:9d:b5:02:84:77:
99:1a:a8:6f:77:97:28:57:11:4e:7b:fb:c5:a8:ca:
4a:45:80:07:2f:d9:3b:ea:82:d2:15:dc:c2:ec:54:
f5:d5:c9:cd:d0:44:07:3e:3d:dc:26:d7:72:4e:a8:
e2:ed:6a:5c:a5:f0:83:49:d3:85:b4:b7:97:32:cd:
7d:cb:de:4b:d4:44:95:c1:6a:6b:e3:18:2f:dc:47:
ca:58:f3:7d:c8:e9:cb:9a:9e:28:f0:57:6f:78:18:
37:c0:3c:e6:ad:1d:d5:c7:94:1a:3b:8f:67:b8:4a:
a7:5e:c3:b3:58:0f:67:df:23:2c:47:15:cf:d9:ed:
cf:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:70:6B:7C:AD:25:C5:98:07:1E:27:59:B1:EF:A4:9D:F5:F7:2B:89
X509v3 Authority Key Identifier:
keyid:60:63:5E:04:C3:4C:2F:78:1E:E9:80:A1:65:1F:F6:6E:51:32:BC:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGNeBMNML3ge6YChZR_2blEyvEQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/PnBrfK0lxZgHHidZse-knfX3K4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/YGNeBMNML3ge6YChZR_2blEyvEQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.243.128.0/18
185.57.252.0/22
IPv6:
2a02:6060::/32
Signature Algorithm: sha256WithRSAEncryption
4c:dc:e4:e1:10:ee:60:12:ca:ec:0a:29:fb:1b:e1:95:cb:4d:
e9:c5:79:ab:9a:5e:c8:7a:75:04:c1:e9:95:35:4c:35:4a:b4:
92:d4:e4:cc:85:d6:74:84:bd:f4:a2:9b:cc:79:26:a1:d7:7a:
9e:6a:8f:15:2f:bc:e9:37:f0:95:a3:a4:fa:e0:b3:43:50:d6:
ab:fb:dd:5c:5a:e4:2d:8a:c0:0e:e6:48:10:87:43:a4:f2:f1:
9d:95:69:ad:25:cd:61:a7:70:5d:aa:02:0d:b1:24:c2:83:ae:
9a:12:b2:03:08:b7:98:97:0c:88:db:88:72:05:af:ef:30:3c:
f5:46:f6:7b:4a:32:5e:c0:7b:6c:fa:cc:94:5f:7e:0a:e0:4d:
46:77:23:25:26:b7:2a:81:0a:21:cf:7a:97:23:b9:01:a0:0d:
bc:86:73:86:ce:e6:d1:61:10:4b:58:8b:aa:c9:c2:ae:fc:c2:
0d:6f:7f:b6:26:29:48:19:8a:b7:7a:86:a7:ed:78:16:d6:e4:
1e:79:83:91:32:ab:08:4a:cc:b4:92:04:ab:e7:32:d4:a7:07:
45:5b:a6:ce:b5:fb:2c:1c:de:16:d4:57:50:52:48:8d:18:0b:
13:ef:c5:d2:a9:31:27:e0:c5:be:d3:16:ad:0d:52:57:1c:59:
38:d8:79:7b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxlU1RtzGT6TgV5TEIN52wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjM1ZTA0YzM0YzJmNzgxZWU5ODBhMTY1MWZmNjZlNTEz
MmJjNDQwHhcNMjMwMTAyMDgyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTcwNmI3Y2FkMjVjNTk4MDcxZTI3NTliMWVmYTQ5ZGY1ZjcyYjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh20lSc4d3gBE0Rh1DmXOtUZP4xQC
HW+DWnBZjg+dpUnCMoFNsCl1VpubQKTWLAi/gJN/uN6cxrQGWXSmIb1cafzVRIiv
Mgq43hfrYBMVR7BcaAPkLMvf8GCWUoLyNOJQTPglB90wKxp+Ii3QNX3Tw1z6POCB
BudOujsLPBnMNi4FnbUChHeZGqhvd5coVxFOe/vFqMpKRYAHL9k76oLSFdzC7FT1
1cnN0EQHPj3cJtdyTqji7WpcpfCDSdOFtLeXMs19y95L1ESVwWpr4xgv3EfKWPN9
yOnLmp4o8FdveBg3wDzmrR3Vx5QaO49nuEqnXsOzWA9n3yMsRxXP2e3PdQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD5wa3ytJcWYBx4nWbHvpJ319yuJMB8GA1UdIwQY
MBaAFGBjXgTDTC94HumAoWUf9m5RMrxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdOZUJNTk1MM2dlNllDaFpSXzJibEV5dkVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85OTI4NmEtNDViMy00Y2VlLThkYjUt
OTM3MDgxYTljZWZhLzEvUG5CcmZLMGx4WmdISGlkWnNlLWtuZlgzSzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS85OTI4NmEtNDViMy00Y2VlLThkYjUtOTM3MDgxYTljZWZh
LzEvWUdOZUJNTk1MM2dlNllDaFpSXzJibEV5dkVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGVPOAAwQC
uTn8MA0EAgACMAcDBQAqAmBgMA0GCSqGSIb3DQEBCwUAA4IBAQBM3OThEO5gEsrs
Cin7G+GVy03pxXmrml7IenUEwemVNUw1SrSS1OTMhdZ0hL30opvMeSah13qeao8V
L7zpN/CVo6T64LNDUNar+91cWuQtisAO5kgQh0Ok8vGdlWmtJc1hp3BdqgINsSTC
g66aErIDCLeYlwyI24hyBa/vMDz1RvZ7SjJewHts+syUX34K4E1GdyMlJrcqgQoh
z3qXI7kBoA28hnOGzubRYRBLWIuqycKu/MINb3+2JilIGYq3eoan7XgW1uQeeYOR
MqsISsy0kgSr5zLUpwdFW6bOtfssHN4W1FdQUkiNGAsT78XSqTEn4MW+0xatDVJX
HFk42Hl7
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:11:09 2025 by rpki-client