Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4Kr0b8F7sVasV8t79Yav97-qzvw.roa
File: 4Kr0b8F7sVasV8t79Yav97-qzvw.roa (raw, json)
Hash identifier: jm5JNjU722iFfe32XmsmZrzKbNbV4LREbHAENX2Fbro=
Subject key identifier: E0:AA:F4:6F:C1:7B:B1:56:AC:57:CB:7B:F5:86:AF:F7:BF:AA:CE:FC
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 018B6722F9D8EE0C7E6253557492B325344C
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4Kr0b8F7sVasV8t79Yav97-qzvw.roa
Signing time: Wed 25 Oct 2023 14:00:27 +0000
ROA not before: Wed 25 Oct 2023 14:00:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199527
IP address blocks: 213.252.242.0/24 maxlen: 24
213.252.251.0/24 maxlen: 24
213.252.253.0/24 maxlen: 24
213.252.250.0/24 maxlen: 24
185.189.152.0/24 maxlen: 24
213.252.209.0/24 maxlen: 24
213.252.208.0/24 maxlen: 24
2a00:f501:a001::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:67:22:f9:d8:ee:0c:7e:62:53:55:74:92:b3:25:34:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Oct 25 14:00:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0aaf46fc17bb156ac57cb7bf586aff7bfaacefc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:23:bb:c6:3e:71:ec:5e:f6:ea:10:13:72:60:
b4:0c:fb:62:2d:33:15:52:06:9f:97:f2:47:39:8d:
39:2c:c8:33:d8:dd:ff:7f:9a:b7:e3:5e:b8:dc:54:
55:0e:7b:99:f8:86:21:b0:92:70:6c:f1:50:36:2e:
c3:8c:7b:6b:93:91:4b:5b:4f:80:5d:57:d3:2a:a3:
5d:3c:89:21:b2:da:e6:3b:37:43:d0:c7:fa:d1:7b:
03:80:ab:a8:00:42:9a:f5:c6:da:0d:d0:62:ea:bb:
c9:49:30:d8:79:7f:45:0d:12:64:fd:0d:0d:3b:f3:
4d:02:1e:c1:c9:7e:8b:15:15:4c:ad:fc:dd:e3:e6:
61:52:1d:4e:c5:4d:cb:e8:43:d1:cb:03:fb:54:a9:
aa:63:37:3f:87:e0:1b:f5:f9:b7:59:3d:7a:1b:0f:
ed:ca:2a:fe:35:3d:f0:90:8d:8a:69:c0:cb:2f:26:
72:da:8a:2f:58:d1:c3:13:82:20:0b:c3:3a:c5:c8:
5b:39:be:de:55:4a:0e:0e:3d:ed:1d:e2:7f:72:36:
fc:8e:08:4e:7f:2e:77:4f:85:67:04:1b:81:d8:b1:
05:d6:0c:33:a9:e6:23:ab:91:76:83:2a:32:76:07:
99:d7:e9:24:2d:ca:fa:3c:7a:eb:6d:46:9f:82:89:
f5:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:AA:F4:6F:C1:7B:B1:56:AC:57:CB:7B:F5:86:AF:F7:BF:AA:CE:FC
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4Kr0b8F7sVasV8t79Yav97-qzvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.189.152.0/24
213.252.208.0/23
213.252.242.0/24
213.252.250.0/23
213.252.253.0/24
IPv6:
2a00:f501:a001::/48
Signature Algorithm: sha256WithRSAEncryption
09:1d:0e:f0:32:21:e1:b8:97:ff:40:fb:81:c1:80:6d:fc:ba:
45:c6:13:d5:53:2d:4d:a3:fd:44:95:53:5b:fd:2d:4b:6c:b0:
af:a3:45:cb:9f:ce:e3:06:b8:bf:35:ae:c9:88:48:73:15:93:
7f:dc:b8:d4:71:1b:a0:b9:2e:95:07:b0:b4:ba:e2:12:97:ef:
65:a4:52:f5:1c:e2:4f:d2:02:f3:47:60:73:5f:8b:03:10:43:
55:3c:68:fb:62:0c:2d:81:25:d7:58:21:5c:64:71:4d:40:6a:
94:2d:37:7a:6b:ed:57:73:8c:eb:59:eb:b9:9a:53:e4:a5:19:
cf:20:e7:ac:5f:13:a8:51:5e:e6:c7:fd:9d:47:36:34:3c:18:
15:c3:04:fd:c0:0b:70:8a:ca:a3:76:f9:b1:ea:d8:d2:9c:d3:
4d:18:2e:1d:5f:47:51:8a:60:88:7e:46:fd:75:5a:f4:17:59:
90:a2:e3:09:d7:aa:21:85:2c:4e:4b:8f:e7:9e:62:50:09:a9:
ef:d5:be:60:06:77:c8:34:f7:5e:3c:1e:21:df:39:ab:d4:ca:
ad:a3:68:2b:bf:80:80:37:74:21:16:e6:5a:f9:1a:20:04:94:
25:f3:60:94:74:72:07:26:4f:2d:82:8c:89:be:6f:1f:6a:3f:
ec:f1:87:a7
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYtnIvnY7gx+YlNVdJKzJTRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjMxMDI1MTQwMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGFhZjQ2ZmMxN2JiMTU2YWM1N2NiN2JmNTg2YWZmN2JmYWFjZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiO7xj5x7F726hATcmC0DPtiLTMV
Ugafl/JHOY05LMgz2N3/f5q341643FRVDnuZ+IYhsJJwbPFQNi7DjHtrk5FLW0+A
XVfTKqNdPIkhstrmOzdD0Mf60XsDgKuoAEKa9cbaDdBi6rvJSTDYeX9FDRJk/Q0N
O/NNAh7ByX6LFRVMrfzd4+ZhUh1OxU3L6EPRywP7VKmqYzc/h+Ab9fm3WT16Gw/t
yir+NT3wkI2KacDLLyZy2oovWNHDE4IgC8M6xchbOb7eVUoODj3tHeJ/cjb8jghO
fy53T4VnBBuB2LEF1gwzqeYjq5F2gyoydgeZ1+kkLcr6PHrrbUafgon1NQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFOCq9G/Be7FWrFfLe/WGr/e/qs78MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvNEtyMGI4RjdzVmFzVjh0NzlZYXY5Ny1xenZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQAub2YAwQB
1fzQAwQA1fzyAwQB1fz6AwQA1fz9MA8EAgACMAkDBwAqAPUBoAEwDQYJKoZIhvcN
AQELBQADggEBAAkdDvAyIeG4l/9A+4HBgG38ukXGE9VTLU2j/USVU1v9LUtssK+j
RcufzuMGuL81rsmISHMVk3/cuNRxG6C5LpUHsLS64hKX72WkUvUc4k/SAvNHYHNf
iwMQQ1U8aPtiDC2BJddYIVxkcU1AapQtN3pr7VdzjOtZ67maU+SlGc8g56xfE6hR
XubH/Z1HNjQ8GBXDBP3AC3CKyqN2+bHq2NKc000YLh1fR1GKYIh+Rv11WvQXWZCi
4wnXqiGFLE5Lj+eeYlAJqe/VvmAGd8g09148HiHfOavUyq2jaCu/gIA3dCEW5lr5
GiAElCXzYJR0cgcmTy2CjIm+bx9qP+zxh6c=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:06:50 2025 by rpki-client