Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/KfTHLdBCoNEAsAPK1aUvZktxRB4.roa
File: KfTHLdBCoNEAsAPK1aUvZktxRB4.roa (raw, json)
Hash identifier: HVDo9J/bB3nT7pMPwzsAIrNAWZh6/89tEO2kAi62MTw=
Subject key identifier: 29:F4:C7:2D:D0:42:A0:D1:00:B0:03:CA:D5:A5:2F:66:4B:71:44:1E
Certificate issuer: /CN=865122c0e562e407976823d94e19e2a794f8cb62
Certificate serial: 01856C9CC5B58B94B9977DAA8D98646B26B8
Authority key identifier: 86:51:22:C0:E5:62:E4:07:97:68:23:D9:4E:19:E2:A7:94:F8:CB:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hlEiwOVi5AeXaCPZThnip5T4y2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/KfTHLdBCoNEAsAPK1aUvZktxRB4.roa
Signing time: Sun 01 Jan 2023 09:14:51 +0000
ROA not before: Sun 01 Jan 2023 09:14:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205068
IP address blocks: 185.166.164.0/22 maxlen: 22
2a0d:3080::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:9c:c5:b5:8b:94:b9:97:7d:aa:8d:98:64:6b:26:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=865122c0e562e407976823d94e19e2a794f8cb62
Validity
Not Before: Jan 1 09:14:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=29f4c72dd042a0d100b003cad5a52f664b71441e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:c9:be:1e:66:46:6f:9a:a4:25:8e:75:01:ce:
d0:06:47:5b:bd:8e:58:fc:74:73:6d:ac:6d:dc:86:
6a:0c:aa:f0:4d:07:88:bf:b4:2b:e4:cc:58:49:a5:
c9:43:04:9c:ff:81:f2:ba:58:aa:dc:0c:87:bf:9d:
c8:f8:84:22:a3:19:f6:0e:a3:d5:04:1c:f9:7b:44:
56:41:4d:68:e7:d5:05:2f:14:91:c0:54:1a:28:2a:
16:68:c2:b7:1f:f1:d4:d0:f6:e3:3e:9a:7b:aa:05:
45:e5:29:b5:b8:fb:dd:59:4c:8b:7b:f3:1c:32:a4:
0b:e9:4e:7c:8c:fb:25:56:18:90:91:eb:f9:62:e2:
ba:7d:33:bc:4c:f5:86:9f:e6:67:bb:bd:b8:ca:81:
f5:9b:25:26:2b:06:46:f0:6e:ab:b6:00:17:20:65:
50:ab:f6:fd:65:58:30:32:9d:2a:bc:1c:0e:29:79:
67:73:f4:98:7d:00:30:d4:ca:dc:9a:71:47:6c:98:
5e:cf:5b:7a:d8:df:b1:3f:4d:1b:9a:56:33:31:0c:
bc:72:27:3c:27:88:b8:ed:d9:9b:63:12:0e:08:59:
4f:0a:28:d5:f6:11:1d:81:e3:11:8b:30:4a:60:6f:
e4:52:01:85:bc:bb:05:3f:7b:2b:c0:15:8a:3e:25:
e1:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:F4:C7:2D:D0:42:A0:D1:00:B0:03:CA:D5:A5:2F:66:4B:71:44:1E
X509v3 Authority Key Identifier:
keyid:86:51:22:C0:E5:62:E4:07:97:68:23:D9:4E:19:E2:A7:94:F8:CB:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hlEiwOVi5AeXaCPZThnip5T4y2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/KfTHLdBCoNEAsAPK1aUvZktxRB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/hlEiwOVi5AeXaCPZThnip5T4y2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.164.0/22
IPv6:
2a0d:3080::/29
Signature Algorithm: sha256WithRSAEncryption
91:a5:c6:f3:1f:95:11:cc:4f:e6:10:b3:0c:f4:74:41:b8:7b:
d0:75:cb:09:56:90:e8:05:69:9e:62:86:b5:8a:4b:72:a5:ad:
a2:d5:03:3e:7d:93:80:2b:8e:26:25:d6:80:d0:2b:69:a1:ba:
a3:d6:41:b7:bf:60:e6:0e:ec:7c:10:fa:10:00:f4:86:a6:ae:
da:f3:5d:0c:76:b6:67:fd:46:e3:64:3b:b6:24:b8:93:b0:d4:
e2:1a:a7:2d:c2:6e:a0:19:91:9e:f4:dc:31:10:f2:ba:c9:97:
d3:59:f4:4f:d8:e6:44:6a:5d:91:66:1d:cb:43:9e:f2:48:62:
6c:4b:7e:e3:15:36:17:9a:5d:1e:4f:cf:17:e9:42:02:62:d4:
c8:58:89:28:ed:40:82:a2:f9:63:6f:08:e4:13:14:62:09:3a:
b4:cb:02:4c:45:38:33:a6:aa:f0:ff:b4:48:c4:65:fc:a9:96:
ee:be:11:c8:57:c0:4e:c8:77:15:11:e4:94:b5:d6:08:71:3f:
3c:3a:af:40:2a:2e:0d:a5:d6:42:d3:fb:26:b9:47:fd:d3:69:
42:90:e1:6e:d2:eb:1c:9d:df:ea:35:24:cb:78:2a:25:de:80:
40:98:39:71:1c:fc:b7:29:11:bf:df:32:0f:ab:00:e2:74:a8:
b5:3e:93:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVsnMW1i5S5l32qjZhkaya4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NTEyMmMwZTU2MmU0MDc5NzY4MjNkOTRlMTllMmE3OTRm
OGNiNjIwHhcNMjMwMTAxMDkxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY0YzcyZGQwNDJhMGQxMDBiMDAzY2FkNWE1MmY2NjRiNzE0NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8m+HmZGb5qkJY51Ac7QBkdbvY5Y
/HRzbaxt3IZqDKrwTQeIv7Qr5MxYSaXJQwSc/4Hyuliq3AyHv53I+IQioxn2DqPV
BBz5e0RWQU1o59UFLxSRwFQaKCoWaMK3H/HU0PbjPpp7qgVF5Sm1uPvdWUyLe/Mc
MqQL6U58jPslVhiQkev5YuK6fTO8TPWGn+Znu724yoH1myUmKwZG8G6rtgAXIGVQ
q/b9ZVgwMp0qvBwOKXlnc/SYfQAw1MrcmnFHbJhez1t62N+xP00bmlYzMQy8cic8
J4i47dmbYxIOCFlPCijV9hEdgeMRizBKYG/kUgGFvLsFP3srwBWKPiXhcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCn0xy3QQqDRALADytWlL2ZLcUQeMB8GA1UdIwQY
MBaAFIZRIsDlYuQHl2gj2U4Z4qeU+MtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGxFaXdPVmk1QWVYYUNQWlRobmlwNVQ0eTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8wMjhiODItZmUwMy00MDI1LTk3NjUt
YjhkZDE4ZTQ4ZTg2LzEvS2ZUSExkQkNvTkVBc0FQSzFhVXZaa3R4UkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8wMjhiODItZmUwMy00MDI1LTk3NjUtYjhkZDE4ZTQ4ZTg2
LzEvaGxFaXdPVmk1QWVYYUNQWlRobmlwNVQ0eTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaakMA0E
AgACMAcDBQMqDTCAMA0GCSqGSIb3DQEBCwUAA4IBAQCRpcbzH5URzE/mELMM9HRB
uHvQdcsJVpDoBWmeYoa1iktypa2i1QM+fZOAK44mJdaA0Ctpobqj1kG3v2DmDux8
EPoQAPSGpq7a810MdrZn/UbjZDu2JLiTsNTiGqctwm6gGZGe9NwxEPK6yZfTWfRP
2OZEal2RZh3LQ57ySGJsS37jFTYXml0eT88X6UICYtTIWIko7UCCovljbwjkExRi
CTq0ywJMRTgzpqrw/7RIxGX8qZbuvhHIV8BOyHcVEeSUtdYIcT88Oq9AKi4NpdZC
0/smuUf902lCkOFu0uscnd/qNSTLeCol3oBAmDlxHPy3KRG/3zIPqwDidKi1PpOI
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:35 2025 by rpki-client