Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/cd504a-0189-4554-b501-639dc4d5f370/1/pw4nyVMzd28j3v2MREX-Qht5OIk.roa
File: pw4nyVMzd28j3v2MREX-Qht5OIk.roa (raw, json)
Hash identifier: gNeX6s9to9m4hd3riCKg93ngOr+dPOWI45rkf033Y1Q=
Subject key identifier: A7:0E:27:C9:53:33:77:6F:23:DE:FD:8C:44:45:FE:42:1B:79:38:89
Certificate issuer: /CN=33339e64a58514c9b091e9b2e68e29371e43e3df
Certificate serial: 0184FB6F859669A897A104F0A6090ADC4F51
Authority key identifier: 33:33:9E:64:A5:85:14:C9:B0:91:E9:B2:E6:8E:29:37:1E:43:E3:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MzOeZKWFFMmwkemy5o4pNx5D498.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/cd504a-0189-4554-b501-639dc4d5f370/1/pw4nyVMzd28j3v2MREX-Qht5OIk.roa
Signing time: Sat 10 Dec 2022 09:48:20 +0000
ROA not before: Sat 10 Dec 2022 09:48:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 206077
IP address blocks: 185.196.253.0/24 maxlen: 24
185.196.252.0/23 maxlen: 23
185.196.252.0/22 maxlen: 22
185.196.252.0/24 maxlen: 24
185.196.254.0/23 maxlen: 23
185.196.255.0/24 maxlen: 24
185.196.254.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:fb:6f:85:96:69:a8:97:a1:04:f0:a6:09:0a:dc:4f:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33339e64a58514c9b091e9b2e68e29371e43e3df
Validity
Not Before: Dec 10 09:48:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a70e27c95333776f23defd8c4445fe421b793889
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:b6:ac:9d:cb:92:f0:3e:05:81:2d:3a:8a:a2:
f4:cb:32:33:83:7a:8d:44:c9:9e:70:8e:e4:89:df:
2a:bc:f5:e2:02:c5:15:8b:30:e4:09:cb:0a:83:8d:
55:37:98:03:ad:f9:b7:ae:8a:9e:51:08:e9:d0:f8:
7c:01:08:60:ca:4b:24:f2:20:26:8c:49:27:63:98:
35:2c:13:92:85:56:a8:b5:ea:c4:ac:7f:4d:be:98:
63:ec:c0:aa:6f:d8:e4:59:90:2b:ce:36:cc:18:ab:
b1:9b:7c:ee:4d:d9:e4:52:1d:22:f9:1b:f2:ba:90:
e0:aa:67:0b:44:6b:f2:34:57:cf:1a:19:64:8b:b9:
de:21:1f:67:90:18:87:ef:37:31:9b:ab:01:ac:04:
d9:a0:cf:15:cf:11:d5:ab:e0:5b:62:39:17:61:96:
4a:e0:63:16:52:c3:9f:93:34:cb:4c:fe:a3:d8:c7:
94:17:a1:78:f2:4e:9b:64:d1:ed:ba:7a:3b:a0:ce:
d8:d8:bf:9f:e3:c0:9a:8d:12:51:51:01:07:a6:f0:
36:2d:ed:e6:6d:2a:b1:ef:6d:e5:4a:1a:53:1c:19:
e6:91:78:c6:e5:4c:63:14:90:0c:d9:12:1e:87:d5:
b5:06:43:17:40:fa:76:50:f2:61:34:c2:5c:45:d6:
79:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:0E:27:C9:53:33:77:6F:23:DE:FD:8C:44:45:FE:42:1B:79:38:89
X509v3 Authority Key Identifier:
keyid:33:33:9E:64:A5:85:14:C9:B0:91:E9:B2:E6:8E:29:37:1E:43:E3:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzOeZKWFFMmwkemy5o4pNx5D498.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/cd504a-0189-4554-b501-639dc4d5f370/1/pw4nyVMzd28j3v2MREX-Qht5OIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/cd504a-0189-4554-b501-639dc4d5f370/1/MzOeZKWFFMmwkemy5o4pNx5D498.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.196.252.0/22
Signature Algorithm: sha256WithRSAEncryption
68:34:2a:51:3c:af:56:79:da:97:88:c0:0c:b4:d5:65:45:c0:
38:3e:14:78:bb:03:36:50:d3:77:5b:f1:8f:e9:d5:e2:07:d1:
70:b8:c1:db:8b:89:74:c3:d8:10:17:fb:96:e8:26:a9:cd:39:
18:8d:ef:da:78:81:f6:ff:a0:31:64:f8:c8:0d:59:a3:c6:92:
9f:62:75:25:74:00:f6:03:d3:35:64:e7:c9:0c:df:2d:2c:71:
9e:cc:e5:78:9f:4c:16:71:41:9c:2a:ba:2c:ab:ce:64:f7:1a:
cd:81:59:1d:34:92:2b:e7:f6:ce:65:0e:1b:fc:21:44:75:72:
3b:cb:19:c9:be:f8:f5:81:b4:c8:aa:6c:f6:02:fe:06:18:76:
03:d0:ef:e7:7c:6c:51:4b:af:73:ba:ea:07:3c:61:ee:31:81:
80:3d:3a:a5:66:50:54:46:6e:d3:33:f9:b0:1f:5f:a7:54:32:
d4:ed:76:30:e6:7d:7d:f2:94:43:aa:f1:31:20:bd:b6:91:c6:
a8:37:a1:db:19:05:6a:5a:64:f5:fc:13:52:2c:d4:d2:0f:54:
4b:18:8e:62:aa:aa:25:03:00:08:ca:f0:d2:3a:91:96:e6:bf:
98:3f:94:9d:5e:25:29:93:6a:9c:dc:7f:df:e9:c8:73:5d:a0:
33:5c:66:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYT7b4WWaaiXoQTwpgkK3E9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM5ZTY0YTU4NTE0YzliMDkxZTliMmU2OGUyOTM3MWU0
M2UzZGYwHhcNMjIxMjEwMDk0ODIwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzBlMjdjOTUzMzM3NzZmMjNkZWZkOGM0NDQ1ZmU0MjFiNzkzODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLasncuS8D4FgS06iqL0yzIzg3qN
RMmecI7kid8qvPXiAsUVizDkCcsKg41VN5gDrfm3roqeUQjp0Ph8AQhgyksk8iAm
jEknY5g1LBOShVaoterErH9Nvphj7MCqb9jkWZArzjbMGKuxm3zuTdnkUh0i+Rvy
upDgqmcLRGvyNFfPGhlki7neIR9nkBiH7zcxm6sBrATZoM8VzxHVq+BbYjkXYZZK
4GMWUsOfkzTLTP6j2MeUF6F48k6bZNHtuno7oM7Y2L+f48CajRJRUQEHpvA2Le3m
bSqx723lShpTHBnmkXjG5UxjFJAM2RIeh9W1BkMXQPp2UPJhNMJcRdZ5pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcOJ8lTM3dvI979jERF/kIbeTiJMB8GA1UdIwQY
MBaAFDMznmSlhRTJsJHpsuaOKTceQ+PfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpPZVpLV0ZGTW13a2VteTVvNHBOeDVENDk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jZDUwNGEtMDE4OS00NTU0LWI1MDEt
NjM5ZGM0ZDVmMzcwLzEvcHc0bnlWTXpkMjhqM3YyTVJFWC1RaHQ1T0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jZDUwNGEtMDE4OS00NTU0LWI1MDEtNjM5ZGM0ZDVmMzcw
LzEvTXpPZVpLV0ZGTW13a2VteTVvNHBOeDVENDk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucT8MA0G
CSqGSIb3DQEBCwUAA4IBAQBoNCpRPK9WedqXiMAMtNVlRcA4PhR4uwM2UNN3W/GP
6dXiB9FwuMHbi4l0w9gQF/uW6CapzTkYje/aeIH2/6AxZPjIDVmjxpKfYnUldAD2
A9M1ZOfJDN8tLHGezOV4n0wWcUGcKrosq85k9xrNgVkdNJIr5/bOZQ4b/CFEdXI7
yxnJvvj1gbTIqmz2Av4GGHYD0O/nfGxRS69zuuoHPGHuMYGAPTqlZlBURm7TM/mw
H1+nVDLU7XYw5n198pRDqvExIL22kcaoN6HbGQVqWmT1/BNSLNTSD1RLGI5iqqol
AwAIyvDSOpGW5r+YP5SdXiUpk2qc3H/f6chzXaAzXGZC
-----END CERTIFICATE-----
Generated at Mon Apr 7 18:38:20 2025 by rpki-client