Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/IQRAB8tvmi9UiKacFjh1feWUc8M.roa
File: IQRAB8tvmi9UiKacFjh1feWUc8M.roa (raw, json)
Hash identifier: VpE/fw56IkpfBeABfYCfmD8mrDSO0zUqD/arol9zCGE=
Subject key identifier: 21:04:40:07:CB:6F:9A:2F:54:88:A6:9C:16:38:75:7D:E5:94:73:C3
Certificate issuer: /CN=aff35e383e9cd44a7249ac5d41b6dfadf4357b4f
Certificate serial: 018645C07F3DC423CB457808F60390367DDF
Authority key identifier: AF:F3:5E:38:3E:9C:D4:4A:72:49:AC:5D:41:B6:DF:AD:F4:35:7B:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r_NeOD6c1EpySaxdQbbfrfQ1e08.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/IQRAB8tvmi9UiKacFjh1feWUc8M.roa
Signing time: Sun 12 Feb 2023 13:11:28 +0000
ROA not before: Sun 12 Feb 2023 13:11:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44033
IP address blocks: 185.186.216.0/22 maxlen: 22
193.218.132.0/22 maxlen: 22
193.22.83.0/24 maxlen: 24
194.126.207.0/24 maxlen: 24
194.116.192.0/23 maxlen: 23
2001:67c:2118::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:45:c0:7f:3d:c4:23:cb:45:78:08:f6:03:90:36:7d:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aff35e383e9cd44a7249ac5d41b6dfadf4357b4f
Validity
Not Before: Feb 12 13:11:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21044007cb6f9a2f5488a69c1638757de59473c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:91:39:ed:7e:4a:33:aa:9e:ad:97:9a:c2:68:
b3:9d:5e:82:ad:9f:a7:18:be:ab:32:94:ed:9c:6a:
c3:43:dc:0f:31:90:28:5e:1c:d8:14:22:0a:3b:9e:
e1:97:ee:61:00:70:ec:a5:f4:d6:ba:22:30:31:dc:
b9:d1:dd:6e:34:18:1a:cb:75:5d:55:d7:32:25:1d:
1e:d4:27:91:da:5d:fb:84:0c:8b:0d:06:14:91:9f:
6c:6b:cc:c5:61:dc:aa:bc:b0:de:4f:81:c9:dc:e6:
ab:e7:16:bb:a2:95:6c:a2:96:a5:83:d2:2b:a3:e5:
19:97:ad:b9:cf:29:a4:b0:7c:1f:e1:73:8a:e5:9d:
48:51:41:5e:cf:82:4a:91:4f:f8:4f:5c:7f:4a:49:
fd:30:c1:f6:7d:6d:12:45:8e:26:09:4b:98:90:5e:
a0:da:b8:d1:1a:1a:06:2a:16:17:ec:e6:9d:7c:9c:
f7:88:b4:dc:20:6f:a8:ba:c9:c9:6f:4e:6a:72:d9:
d9:61:e7:3b:db:55:f8:1d:26:63:b4:e6:af:bc:e7:
19:1f:67:a9:56:5d:13:21:a8:9d:32:e9:bb:63:7a:
57:e9:60:49:70:25:fe:e2:4b:db:07:f7:d1:f4:42:
0b:a4:3c:fa:db:53:c9:2c:81:da:2f:a7:a2:5f:68:
6f:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:04:40:07:CB:6F:9A:2F:54:88:A6:9C:16:38:75:7D:E5:94:73:C3
X509v3 Authority Key Identifier:
keyid:AF:F3:5E:38:3E:9C:D4:4A:72:49:AC:5D:41:B6:DF:AD:F4:35:7B:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_NeOD6c1EpySaxdQbbfrfQ1e08.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/IQRAB8tvmi9UiKacFjh1feWUc8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/r_NeOD6c1EpySaxdQbbfrfQ1e08.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.186.216.0/22
193.22.83.0/24
193.218.132.0/22
194.116.192.0/23
194.126.207.0/24
IPv6:
2001:67c:2118::/48
Signature Algorithm: sha256WithRSAEncryption
1b:48:0f:f4:67:15:d9:cd:3e:6e:40:c1:c0:73:a3:40:3c:66:
ca:a3:19:8c:55:22:2c:e5:79:04:0d:23:84:85:90:01:82:ac:
0b:d2:af:94:c7:94:68:76:98:a4:ed:d1:14:a4:04:2a:4c:12:
f5:08:53:a0:4a:3e:62:12:e0:c2:af:4a:c7:96:6c:d4:ee:84:
85:ce:65:2c:42:e2:e3:83:1d:b9:5a:83:a3:b2:a2:cb:6b:a8:
eb:ed:9f:7b:57:fb:a9:42:d3:b7:e9:ec:56:ee:8e:3f:8d:de:
9e:a1:fb:ef:5c:b1:26:a2:75:37:52:4e:7e:90:4b:90:43:e8:
81:92:08:43:b0:43:ea:c0:a0:39:33:86:02:d5:67:48:cb:e6:
3d:be:8c:de:28:22:8b:44:b4:84:b8:50:5f:cc:00:40:bd:0a:
af:8a:21:ff:23:7f:64:4e:49:b5:8d:49:d2:b1:18:94:98:eb:
3f:35:a4:2b:3b:14:fe:10:fb:4b:0b:85:2f:ad:7a:bd:07:5c:
30:13:4e:8f:5f:0e:cb:bb:b6:57:9f:0f:9f:af:43:9c:b2:11:
bf:68:c9:98:ce:eb:fd:69:c1:57:ae:86:9a:4d:3a:08:42:15:
4e:22:95:4f:6c:c8:a7:5f:2a:9b:84:e0:c2:12:95:ec:b7:dd:
b4:1b:d3:2c
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYZFwH89xCPLRXgI9gOQNn3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjM1ZTM4M2U5Y2Q0NGE3MjQ5YWM1ZDQxYjZkZmFkZjQz
NTdiNGYwHhcNMjMwMjEyMTMxMTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA0NDAwN2NiNmY5YTJmNTQ4OGE2OWMxNjM4NzU3ZGU1OTQ3M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35E57X5KM6qerZeawmiznV6CrZ+n
GL6rMpTtnGrDQ9wPMZAoXhzYFCIKO57hl+5hAHDspfTWuiIwMdy50d1uNBgay3Vd
VdcyJR0e1CeR2l37hAyLDQYUkZ9sa8zFYdyqvLDeT4HJ3Oar5xa7opVsopalg9Ir
o+UZl625zymksHwf4XOK5Z1IUUFez4JKkU/4T1x/Skn9MMH2fW0SRY4mCUuYkF6g
2rjRGhoGKhYX7OadfJz3iLTcIG+ousnJb05qctnZYec721X4HSZjtOavvOcZH2ep
Vl0TIaidMum7Y3pX6WBJcCX+4kvbB/fR9EILpDz621PJLIHaL6eiX2hvuwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCEEQAfLb5ovVIimnBY4dX3llHPDMB8GA1UdIwQY
MBaAFK/zXjg+nNRKckmsXUG23630NXtPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9OZU9ENmMxRXB5U2F4ZFFiYmZyZlExZTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNTAyODItYzllMC00NGUzLWFhMTIt
NTcwYWVkNThjMTk0LzEvSVFSQUI4dHZtaTlVaUthY0ZqaDFmZVdVYzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNTAyODItYzllMC00NGUzLWFhMTItNTcwYWVkNThjMTk0
LzEvcl9OZU9ENmMxRXB5U2F4ZFFiYmZyZlExZTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQCubrYAwQA
wRZTAwQCwdqEAwQBwnTAAwQAwn7PMA8EAgACMAkDBwAgAQZ8IRgwDQYJKoZIhvcN
AQELBQADggEBABtID/RnFdnNPm5AwcBzo0A8ZsqjGYxVIizleQQNI4SFkAGCrAvS
r5THlGh2mKTt0RSkBCpMEvUIU6BKPmIS4MKvSseWbNTuhIXOZSxC4uODHblag6Oy
ostrqOvtn3tX+6lC07fp7Fbujj+N3p6h++9csSaidTdSTn6QS5BD6IGSCEOwQ+rA
oDkzhgLVZ0jL5j2+jN4oIotEtIS4UF/MAEC9Cq+KIf8jf2ROSbWNSdKxGJSY6z81
pCs7FP4Q+0sLhS+ter0HXDATTo9fDsu7tlefD5+vQ5yyEb9oyZjO6/1pwVeuhppN
OghCFU4ilU9syKdfKpuE4MISley33bQb0yw=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:31:34 2025 by rpki-client