Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/df75a7-ed57-4ed0-a12e-9564a4722e78/1/9k8hM5KbUVOotOePZiaqqeAN7dY.roa
File: 9k8hM5KbUVOotOePZiaqqeAN7dY.roa (raw, json)
Hash identifier: hfJa6z4LS+BHUDCkU/n/CFcfJqtZb+cibG9AyFNE4tY=
Subject key identifier: F6:4F:21:33:92:9B:51:53:A8:B4:E7:8F:66:26:AA:A9:E0:0D:ED:D6
Certificate issuer: /CN=f781ad3233d9c2c189d9499da1177b57101a5ef4
Certificate serial: 018570D52696F94E65E113694F994A4EA1A1
Authority key identifier: F7:81:AD:32:33:D9:C2:C1:89:D9:49:9D:A1:17:7B:57:10:1A:5E:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/94GtMjPZwsGJ2UmdoRd7VxAaXvQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/df75a7-ed57-4ed0-a12e-9564a4722e78/1/9k8hM5KbUVOotOePZiaqqeAN7dY.roa
Signing time: Mon 02 Jan 2023 04:54:55 +0000
ROA not before: Mon 02 Jan 2023 04:54:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12853
IP address blocks: 79.98.224.0/21 maxlen: 24
185.251.4.0/22 maxlen: 24
212.68.96.0/19 maxlen: 24
2001:940::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:d5:26:96:f9:4e:65:e1:13:69:4f:99:4a:4e:a1:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f781ad3233d9c2c189d9499da1177b57101a5ef4
Validity
Not Before: Jan 2 04:54:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f64f2133929b5153a8b4e78f6626aaa9e00dedd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:76:82:86:16:e6:88:ee:ab:79:ba:d1:8f:c2:
d0:b3:93:71:db:aa:25:87:b9:14:17:17:f6:45:bf:
ef:a8:a9:55:40:c5:0e:53:15:71:fd:ac:a4:0f:c8:
28:c1:ca:3c:c2:a6:dd:3b:58:c9:47:09:d7:09:af:
af:f1:e5:e5:ec:c1:14:86:ec:4b:96:80:a7:86:ca:
99:85:4b:00:56:1b:60:ae:6d:bc:bb:ae:d2:92:ba:
2c:91:cf:68:ff:ab:96:91:66:cd:ad:8e:0c:8a:26:
30:80:f9:b4:61:5d:aa:f0:93:16:dd:94:19:db:5d:
7f:18:a6:3f:02:73:b7:80:72:f3:d7:1e:57:76:c4:
c0:eb:5c:74:00:34:55:72:9e:0e:90:70:f3:98:6e:
a6:fb:f1:9e:8b:7d:a8:40:a3:16:a2:28:2e:40:f0:
37:b8:cc:a4:3f:73:a6:15:af:26:ff:b8:57:9a:52:
0b:1d:31:ec:56:65:99:18:c7:ce:a6:5a:74:6f:ea:
cd:5e:b1:23:3f:b1:34:cd:56:af:23:f3:cb:2e:17:
33:3f:26:09:34:23:11:75:18:b0:45:1a:02:74:16:
a7:1b:be:ba:24:ca:cd:66:45:d8:4c:ef:42:89:17:
a7:af:7d:a3:64:db:41:b3:96:23:c5:a4:73:0d:c5:
7e:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:4F:21:33:92:9B:51:53:A8:B4:E7:8F:66:26:AA:A9:E0:0D:ED:D6
X509v3 Authority Key Identifier:
keyid:F7:81:AD:32:33:D9:C2:C1:89:D9:49:9D:A1:17:7B:57:10:1A:5E:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/94GtMjPZwsGJ2UmdoRd7VxAaXvQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/df75a7-ed57-4ed0-a12e-9564a4722e78/1/9k8hM5KbUVOotOePZiaqqeAN7dY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/df75a7-ed57-4ed0-a12e-9564a4722e78/1/94GtMjPZwsGJ2UmdoRd7VxAaXvQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.98.224.0/21
185.251.4.0/22
212.68.96.0/19
IPv6:
2001:940::/32
Signature Algorithm: sha256WithRSAEncryption
53:f5:e7:b1:1e:3e:29:cc:f6:69:b8:24:8d:57:9b:1e:4f:1e:
73:b8:64:fc:60:78:4d:54:7b:a7:e0:b1:72:1e:26:44:f3:92:
42:67:50:a6:5e:b3:88:a9:dd:1a:f5:c0:6b:83:50:ac:b1:54:
8f:1c:82:dc:f4:dc:f4:df:01:e1:fb:a8:5b:40:9d:f4:64:a8:
37:bf:39:bd:7b:0d:8a:48:07:73:be:86:86:4a:e8:0b:cf:3e:
a8:79:6c:79:92:9c:2e:02:e2:8b:a7:ff:59:19:f5:5e:54:cc:
d6:d3:08:43:7d:83:b0:78:97:f9:7a:bf:29:3a:d4:3f:e8:f7:
b1:8b:a7:af:1b:54:aa:e5:3a:de:9a:68:0f:0d:ce:8b:7b:8e:
a3:ba:4d:2c:6f:c9:8f:35:2c:52:1e:54:d3:eb:e4:06:12:81:
b1:75:e5:75:d5:9c:e2:ac:8a:e0:05:85:cc:8d:8b:b8:a7:f4:
50:8a:1e:70:a7:ee:85:07:00:d1:f6:e9:84:98:ef:4f:5e:e4:
5a:08:0c:92:b9:bd:24:f8:07:7e:61:ff:d1:1d:41:4a:e3:1f:
28:8d:bf:4d:38:33:3a:30:06:95:45:12:ba:ad:7d:b4:65:69:
c3:eb:23:43:b6:4f:c7:06:a9:70:b4:c5:39:52:8e:3b:c6:3a:
1b:18:bc:ed
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVw1SaW+U5l4RNpT5lKTqGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ODFhZDMyMzNkOWMyYzE4OWQ5NDk5ZGExMTc3YjU3MTAx
YTVlZjQwHhcNMjMwMTAyMDQ1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRmMjEzMzkyOWI1MTUzYThiNGU3OGY2NjI2YWFhOWUwMGRlZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHaChhbmiO6rebrRj8LQs5Nx26ol
h7kUFxf2Rb/vqKlVQMUOUxVx/aykD8gowco8wqbdO1jJRwnXCa+v8eXl7MEUhuxL
loCnhsqZhUsAVhtgrm28u67Skroskc9o/6uWkWbNrY4MiiYwgPm0YV2q8JMW3ZQZ
211/GKY/AnO3gHLz1x5XdsTA61x0ADRVcp4OkHDzmG6m+/Gei32oQKMWoiguQPA3
uMykP3OmFa8m/7hXmlILHTHsVmWZGMfOplp0b+rNXrEjP7E0zVavI/PLLhczPyYJ
NCMRdRiwRRoCdBanG766JMrNZkXYTO9CiRenr32jZNtBs5YjxaRzDcV+cQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPZPITOSm1FTqLTnj2YmqqngDe3WMB8GA1UdIwQY
MBaAFPeBrTIz2cLBidlJnaEXe1cQGl70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTRHdE1qUFp3c0dKMlVtZG9SZDdWeEFhWHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9kZjc1YTctZWQ1Ny00ZWQwLWExMmUt
OTU2NGE0NzIyZTc4LzEvOWs4aE01S2JVVk9vdE9lUFppYXFxZUFON2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9kZjc1YTctZWQ1Ny00ZWQwLWExMmUtOTU2NGE0NzIyZTc4
LzEvOTRHdE1qUFp3c0dKMlVtZG9SZDdWeEFhWHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDT2LgAwQC
ufsEAwQF1ERgMA0EAgACMAcDBQAgAQlAMA0GCSqGSIb3DQEBCwUAA4IBAQBT9eex
Hj4pzPZpuCSNV5seTx5zuGT8YHhNVHun4LFyHiZE85JCZ1CmXrOIqd0a9cBrg1Cs
sVSPHILc9Nz03wHh+6hbQJ30ZKg3vzm9ew2KSAdzvoaGSugLzz6oeWx5kpwuAuKL
p/9ZGfVeVMzW0whDfYOweJf5er8pOtQ/6Pexi6evG1Sq5TremmgPDc6Le46juk0s
b8mPNSxSHlTT6+QGEoGxdeV11ZzirIrgBYXMjYu4p/RQih5wp+6FBwDR9umEmO9P
XuRaCAySub0k+Ad+Yf/RHUFK4x8ojb9NODM6MAaVRRK6rX20ZWnD6yNDtk/HBqlw
tMU5Uo47xjobGLzt
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:45 2025 by rpki-client