Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/c9iRIEH2Ol1dsxowcMrjSisKvAI.roa
File: c9iRIEH2Ol1dsxowcMrjSisKvAI.roa (raw, json)
Hash identifier: lCPnqrLLhJz0HjV2wuXVplMezU0X9zVRu5iJKKxzTNg=
Subject key identifier: 73:D8:91:20:41:F6:3A:5D:5D:B3:1A:30:70:CA:E3:4A:2B:0A:BC:02
Certificate issuer: /CN=e6fc17bea555b6d38321f94028e515fba4fa74dc
Certificate serial: 01856D13D03F23FCA3083E15E7E2676C7A84
Authority key identifier: E6:FC:17:BE:A5:55:B6:D3:83:21:F9:40:28:E5:15:FB:A4:FA:74:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/c9iRIEH2Ol1dsxowcMrjSisKvAI.roa
Signing time: Sun 01 Jan 2023 11:24:53 +0000
ROA not before: Sun 01 Jan 2023 11:24:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203409
IP address blocks: 185.135.68.0/24 maxlen: 24
185.135.69.0/24 maxlen: 24
185.135.70.0/23 maxlen: 23
185.135.70.0/24 maxlen: 24
185.135.68.0/23 maxlen: 23
185.135.68.0/22 maxlen: 22
185.135.71.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:13:d0:3f:23:fc:a3:08:3e:15:e7:e2:67:6c:7a:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e6fc17bea555b6d38321f94028e515fba4fa74dc
Validity
Not Before: Jan 1 11:24:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=73d8912041f63a5d5db31a3070cae34a2b0abc02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:99:10:70:24:3c:16:51:63:19:6c:cf:81:d1:
cb:9e:bb:e1:f2:93:8e:d5:be:4d:17:a4:53:3d:52:
f4:4e:a2:e1:7e:fe:1d:59:c3:6a:64:71:9e:fc:92:
27:b5:ef:43:76:91:69:df:d5:aa:76:f1:96:6e:b1:
03:4c:cd:6b:04:e5:5f:51:db:5b:a8:4e:ee:47:a1:
26:8f:b7:d3:ae:ff:44:98:27:cd:09:95:7c:38:4f:
fd:7d:b3:42:e4:38:63:fc:78:4d:a3:04:b9:4c:ee:
e6:3b:26:2c:7b:44:ba:59:25:ac:bb:06:fb:5b:8b:
be:34:41:89:88:a3:f1:52:0d:73:29:7f:c7:f6:4a:
a0:8e:df:11:86:cb:00:d6:bf:f9:14:69:25:71:96:
80:4f:4f:72:71:95:0f:8d:1f:8d:28:b8:59:ca:91:
69:41:07:a9:17:d4:ac:ba:3e:b5:f1:cc:aa:8d:e3:
bf:84:4f:dd:9d:de:61:e9:a5:bb:a0:a5:bc:f9:b1:
b0:00:80:fb:b5:a4:e7:96:85:c3:ce:fc:87:17:02:
82:2a:e4:59:14:dc:0a:0c:5b:35:7b:ac:02:37:08:
43:9e:ab:01:1f:8d:65:b7:3c:98:98:fd:fc:d9:0b:
26:34:80:3b:18:69:32:3d:8b:c9:2a:18:53:33:31:
76:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:D8:91:20:41:F6:3A:5D:5D:B3:1A:30:70:CA:E3:4A:2B:0A:BC:02
X509v3 Authority Key Identifier:
keyid:E6:FC:17:BE:A5:55:B6:D3:83:21:F9:40:28:E5:15:FB:A4:FA:74:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/c9iRIEH2Ol1dsxowcMrjSisKvAI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.68.0/22
Signature Algorithm: sha256WithRSAEncryption
7e:5b:79:ec:a7:0b:93:0d:84:da:09:a2:94:31:f6:43:3c:d5:
5d:c2:54:84:78:58:89:7b:55:cf:6a:51:dc:15:c9:50:2b:74:
81:1f:fe:d2:fc:6b:a8:27:09:19:55:9b:7a:12:b1:4f:23:c8:
c6:67:ab:7b:d1:8f:a7:f2:b8:a8:73:54:c2:43:40:ec:06:29:
a4:9f:b3:13:9d:2c:14:2a:22:9f:ef:22:13:1d:e8:7b:35:57:
ad:de:6e:0c:45:55:f6:42:55:e3:6d:80:60:71:b4:e0:fe:e5:
f5:c9:14:80:26:da:b8:12:29:92:0b:75:03:e1:ab:59:09:d1:
eb:94:0e:94:81:70:c4:78:49:1e:30:65:ac:d3:a0:7e:c4:74:
ed:6e:64:d0:96:63:c1:cd:6b:9d:0d:7d:13:8d:91:a8:8c:20:
98:5d:53:c5:96:fe:d9:2e:53:51:55:be:52:33:55:21:34:d1:
78:85:37:02:3d:48:3c:b4:32:16:c7:5b:1f:28:bf:2b:cf:ab:
77:79:55:37:aa:9f:81:07:1c:ab:48:a5:f4:87:cf:4e:f2:3e:
59:ea:a1:2b:5a:53:15:2a:2b:ee:5f:1f:3d:64:42:aa:3f:bc:
95:09:5d:ff:81:0e:a2:df:08:9f:7a:c4:26:be:2d:01:df:7a:
9b:bf:05:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtE9A/I/yjCD4V5+JnbHqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZmMxN2JlYTU1NWI2ZDM4MzIxZjk0MDI4ZTUxNWZiYTRm
YTc0ZGMwHhcNMjMwMTAxMTEyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Q4OTEyMDQxZjYzYTVkNWRiMzFhMzA3MGNhZTM0YTJiMGFiYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpkQcCQ8FlFjGWzPgdHLnrvh8pOO
1b5NF6RTPVL0TqLhfv4dWcNqZHGe/JInte9DdpFp39WqdvGWbrEDTM1rBOVfUdtb
qE7uR6Emj7fTrv9EmCfNCZV8OE/9fbNC5Dhj/HhNowS5TO7mOyYse0S6WSWsuwb7
W4u+NEGJiKPxUg1zKX/H9kqgjt8RhssA1r/5FGklcZaAT09ycZUPjR+NKLhZypFp
QQepF9Ssuj618cyqjeO/hE/dnd5h6aW7oKW8+bGwAID7taTnloXDzvyHFwKCKuRZ
FNwKDFs1e6wCNwhDnqsBH41ltzyYmP382QsmNIA7GGkyPYvJKhhTMzF2ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPYkSBB9jpdXbMaMHDK40orCrwCMB8GA1UdIwQY
MBaAFOb8F76lVbbTgyH5QCjlFfuk+nTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZ3WHZxVlZ0dE9ESWZsQUtPVVYtNlQ2ZE53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMGQ0NjMtYTE3NC00ZjVkLWI0ZWUt
OTY5NjdmY2Q0MmU5LzEvYzlpUklFSDJPbDFkc3hvd2NNcmpTaXNLdkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMGQ0NjMtYTE3NC00ZjVkLWI0ZWUtOTY5NjdmY2Q0MmU5
LzEvNXZ3WHZxVlZ0dE9ESWZsQUtPVVYtNlQ2ZE53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYdEMA0G
CSqGSIb3DQEBCwUAA4IBAQB+W3nspwuTDYTaCaKUMfZDPNVdwlSEeFiJe1XPalHc
FclQK3SBH/7S/GuoJwkZVZt6ErFPI8jGZ6t70Y+n8rioc1TCQ0DsBimkn7MTnSwU
KiKf7yITHeh7NVet3m4MRVX2QlXjbYBgcbTg/uX1yRSAJtq4EimSC3UD4atZCdHr
lA6UgXDEeEkeMGWs06B+xHTtbmTQlmPBzWudDX0TjZGojCCYXVPFlv7ZLlNRVb5S
M1UhNNF4hTcCPUg8tDIWx1sfKL8rz6t3eVU3qp+BBxyrSKX0h89O8j5Z6qErWlMV
KivuXx89ZEKqP7yVCV3/gQ6i3wifesQmvi0B33qbvwVi
-----END CERTIFICATE-----
Generated at Tue Mar 11 19:17:32 2025 by rpki-client