Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/wriYShBztgttoFTs5YhofbIqubw.roa
File: wriYShBztgttoFTs5YhofbIqubw.roa (raw, json)
Hash identifier: 8ABwM6y4FnGY6vC2LAGm7jSEOXlRvZ21cbWwZEXs+co=
Subject key identifier: C2:B8:98:4A:10:73:B6:0B:6D:A0:54:EC:E5:88:68:7D:B2:2A:B9:BC
Certificate issuer: /CN=9dc00e9e3046591f8ba5524480ddf7c6fc4c60e0
Certificate serial: 01856BB7F0E628F4915B2FBE4A54AC52B304
Authority key identifier: 9D:C0:0E:9E:30:46:59:1F:8B:A5:52:44:80:DD:F7:C6:FC:4C:60:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ncAOnjBGWR-LpVJEgN33xvxMYOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/wriYShBztgttoFTs5YhofbIqubw.roa
Signing time: Sun 01 Jan 2023 05:04:54 +0000
ROA not before: Sun 01 Jan 2023 05:04:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16298
IP address blocks: 217.119.0.0/20 maxlen: 20
185.190.232.0/22 maxlen: 22
2a02:29b0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:b7:f0:e6:28:f4:91:5b:2f:be:4a:54:ac:52:b3:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dc00e9e3046591f8ba5524480ddf7c6fc4c60e0
Validity
Not Before: Jan 1 05:04:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c2b8984a1073b60b6da054ece588687db22ab9bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:70:bf:67:fb:27:4c:66:13:c3:4b:8a:49:a3:
a6:9b:5c:e4:b6:aa:6d:77:1c:4d:c9:8c:c0:ce:b3:
cf:c7:d9:a2:3e:9e:ee:b4:df:a9:c0:45:dc:38:50:
4b:7e:f2:85:be:64:47:0a:cc:4f:c5:f4:dd:d8:4a:
87:ed:d5:1f:46:20:8b:b7:ff:24:1a:da:92:0b:a4:
0b:19:d9:2b:a9:3b:97:bb:30:1a:64:fd:b4:3b:64:
d9:35:7b:54:14:a7:50:d0:67:a4:17:ca:f4:ca:d3:
dd:20:93:46:00:a7:02:87:33:a3:09:32:1f:3d:63:
55:79:3b:80:cf:41:e6:9a:f4:fb:4e:92:37:ad:c2:
81:7d:99:fe:d2:86:9f:03:a1:d3:ec:ce:ce:44:72:
ce:54:84:ea:83:0a:b1:5c:1b:9f:a5:74:17:ca:7f:
56:93:25:01:5e:48:2f:10:41:0d:4c:d6:d4:ae:24:
e4:00:42:20:6c:5f:f6:f0:bc:e2:d2:5b:db:f2:36:
9c:ae:b3:44:07:7d:15:a9:d7:b4:37:8a:c3:f3:0c:
20:ba:0d:69:ec:88:9f:14:24:09:39:88:9a:82:35:
6b:51:6c:eb:bd:ba:ab:67:65:cf:31:a8:43:30:03:
c5:96:d6:a8:2c:65:39:bd:52:fc:c2:28:73:cf:6d:
90:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:B8:98:4A:10:73:B6:0B:6D:A0:54:EC:E5:88:68:7D:B2:2A:B9:BC
X509v3 Authority Key Identifier:
keyid:9D:C0:0E:9E:30:46:59:1F:8B:A5:52:44:80:DD:F7:C6:FC:4C:60:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncAOnjBGWR-LpVJEgN33xvxMYOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/wriYShBztgttoFTs5YhofbIqubw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/ncAOnjBGWR-LpVJEgN33xvxMYOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.232.0/22
217.119.0.0/20
IPv6:
2a02:29b0::/32
Signature Algorithm: sha256WithRSAEncryption
4f:e7:03:e3:07:71:f2:25:31:bd:20:82:c5:25:4b:05:bf:ed:
d2:a8:39:e2:67:4e:fe:8f:6f:6c:6c:0c:42:56:16:30:e8:ab:
50:eb:b5:2c:b7:81:ac:f1:9a:5b:98:90:48:38:14:7e:f9:9e:
1c:b5:ee:a3:c2:6e:5f:c5:78:bc:77:f5:4f:bb:09:c0:c3:74:
3a:c4:09:14:23:67:e1:d3:5a:66:87:76:f6:ca:a8:91:a8:3c:
10:54:9a:a7:86:99:94:c3:ed:ed:68:35:75:bc:48:ff:0a:eb:
35:b9:e7:1b:2a:50:37:2a:f5:b7:bf:5d:f7:2f:bc:2f:22:af:
4a:cb:36:91:32:1e:55:68:0f:4b:65:68:28:07:1b:57:bc:dd:
21:fc:d2:06:da:bd:16:b0:ba:ce:33:a9:b7:31:1a:53:d5:d2:
91:99:86:74:12:65:5f:57:94:d8:9a:a2:74:ad:c8:06:83:7c:
2c:a9:0e:5d:5d:e7:ff:bb:6b:67:63:63:d8:58:71:ac:84:1f:
99:40:d5:b8:96:73:c0:b9:37:2f:10:13:be:ab:6d:5e:ef:d2:
5d:ed:7f:30:28:15:43:41:57:96:b8:6d:f4:05:91:5e:fb:e4:
2b:bd:b2:ae:61:1c:eb:67:8b:c0:aa:ed:4c:bc:1a:b9:f7:eb:
b8:dc:8d:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVrt/DmKPSRWy++SlSsUrMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzAwZTllMzA0NjU5MWY4YmE1NTI0NDgwZGRmN2M2ZmM0
YzYwZTAwHhcNMjMwMTAxMDUwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI4OTg0YTEwNzNiNjBiNmRhMDU0ZWNlNTg4Njg3ZGIyMmFiOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXC/Z/snTGYTw0uKSaOmm1zktqpt
dxxNyYzAzrPPx9miPp7utN+pwEXcOFBLfvKFvmRHCsxPxfTd2EqH7dUfRiCLt/8k
GtqSC6QLGdkrqTuXuzAaZP20O2TZNXtUFKdQ0GekF8r0ytPdIJNGAKcChzOjCTIf
PWNVeTuAz0HmmvT7TpI3rcKBfZn+0oafA6HT7M7ORHLOVITqgwqxXBufpXQXyn9W
kyUBXkgvEEENTNbUriTkAEIgbF/28Lzi0lvb8jacrrNEB30Vqde0N4rD8wwgug1p
7IifFCQJOYiagjVrUWzrvbqrZ2XPMahDMAPFltaoLGU5vVL8wihzz22Q4wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMK4mEoQc7YLbaBU7OWIaH2yKrm8MB8GA1UdIwQY
MBaAFJ3ADp4wRlkfi6VSRIDd98b8TGDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNBT25qQkdXUi1McFZKRWdOMzN4dnhNWU9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84YWQ1NzMtNTk3Ny00ZDc2LTgzZWIt
YmIwMzE5MjEzYTI5LzEvd3JpWVNoQnp0Z3R0b0ZUczVZaG9mYklxdWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84YWQ1NzMtNTk3Ny00ZDc2LTgzZWItYmIwMzE5MjEzYTI5
LzEvbmNBT25qQkdXUi1McFZKRWdOMzN4dnhNWU9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCub7oAwQE
2XcAMA0EAgACMAcDBQAqAimwMA0GCSqGSIb3DQEBCwUAA4IBAQBP5wPjB3HyJTG9
IILFJUsFv+3SqDniZ07+j29sbAxCVhYw6KtQ67Ust4Gs8ZpbmJBIOBR++Z4cte6j
wm5fxXi8d/VPuwnAw3Q6xAkUI2fh01pmh3b2yqiRqDwQVJqnhpmUw+3taDV1vEj/
Cus1uecbKlA3KvW3v133L7wvIq9KyzaRMh5VaA9LZWgoBxtXvN0h/NIG2r0WsLrO
M6m3MRpT1dKRmYZ0EmVfV5TYmqJ0rcgGg3wsqQ5dXef/u2tnY2PYWHGshB+ZQNW4
lnPAuTcvEBO+q21e79Jd7X8wKBVDQVeWuG30BZFe++QrvbKuYRzrZ4vAqu1MvBq5
9+u43I3Q
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:01:28 2025 by rpki-client