Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/20c187-00fd-459e-aae4-467f4f7f5ded/1/hfzr6ms1Q96hBO0nLK009-zs5xY.roa
File: hfzr6ms1Q96hBO0nLK009-zs5xY.roa (raw, json)
Hash identifier: pekTgysABauj4EJhvF7Rq8Sbxn75DDwLVa0D01nI37U=
Subject key identifier: 85:FC:EB:EA:6B:35:43:DE:A1:04:ED:27:2C:AD:34:F7:EC:EC:E7:16
Certificate issuer: /CN=dfd524a05d477b82fbca93e7a504aa31a3ad6863
Certificate serial: 01856F5DDC733BADAFEEBB1E67B94E1177BD
Authority key identifier: DF:D5:24:A0:5D:47:7B:82:FB:CA:93:E7:A5:04:AA:31:A3:AD:68:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/39UkoF1He4L7ypPnpQSqMaOtaGM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/20c187-00fd-459e-aae4-467f4f7f5ded/1/hfzr6ms1Q96hBO0nLK009-zs5xY.roa
Signing time: Sun 01 Jan 2023 22:05:00 +0000
ROA not before: Sun 01 Jan 2023 22:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201021
IP address blocks: 185.106.20.0/24 maxlen: 24
185.106.23.0/24 maxlen: 24
185.106.22.0/24 maxlen: 24
185.106.21.0/24 maxlen: 24
185.28.61.0/24 maxlen: 24
185.28.60.0/24 maxlen: 24
185.103.197.0/24 maxlen: 24
185.103.196.0/24 maxlen: 24
185.103.198.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:5d:dc:73:3b:ad:af:ee:bb:1e:67:b9:4e:11:77:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dfd524a05d477b82fbca93e7a504aa31a3ad6863
Validity
Not Before: Jan 1 22:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=85fcebea6b3543dea104ed272cad34f7ecece716
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:09:1d:81:3c:7b:ed:4d:49:31:ea:98:72:5c:
8c:9b:63:c2:71:a4:9d:75:6f:b9:87:5a:fa:fb:0e:
84:ac:f9:81:15:f6:e0:bc:fe:1c:07:fd:a8:9a:55:
47:7a:40:8a:d7:b4:e5:9d:a9:96:f9:86:19:16:50:
2c:2e:8e:c9:34:38:4b:99:16:ec:21:34:2d:23:aa:
d9:b8:ad:1b:55:3f:da:7a:23:bc:ac:0f:ed:0c:30:
91:80:f9:b9:c7:39:b8:43:bd:c6:d5:b0:b1:fb:39:
8f:a9:19:33:bf:4d:09:8e:c5:5b:08:f1:de:f0:7a:
0d:5f:14:1f:f6:ff:9a:d6:09:1e:e6:a9:c7:d0:0c:
d0:00:9d:89:06:d6:94:d3:b6:19:2e:56:f1:3b:76:
19:ce:72:6c:de:c1:29:90:06:79:d1:2c:b1:83:94:
6c:dd:bb:cd:fa:f0:78:2c:a4:14:77:99:69:c6:a3:
02:d1:3d:68:32:0c:92:9c:a8:37:11:25:72:df:38:
43:0c:07:07:4a:cd:e4:88:ff:42:8f:6d:74:8b:df:
a8:2f:1a:d8:71:87:2a:25:5f:61:16:80:68:11:c9:
51:e3:84:cf:a4:21:a7:7d:e5:5e:ca:87:e6:6f:75:
1f:5f:13:02:11:a6:2f:ca:22:9e:04:49:6e:6f:74:
a7:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:FC:EB:EA:6B:35:43:DE:A1:04:ED:27:2C:AD:34:F7:EC:EC:E7:16
X509v3 Authority Key Identifier:
keyid:DF:D5:24:A0:5D:47:7B:82:FB:CA:93:E7:A5:04:AA:31:A3:AD:68:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39UkoF1He4L7ypPnpQSqMaOtaGM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/20c187-00fd-459e-aae4-467f4f7f5ded/1/hfzr6ms1Q96hBO0nLK009-zs5xY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/20c187-00fd-459e-aae4-467f4f7f5ded/1/39UkoF1He4L7ypPnpQSqMaOtaGM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.28.60.0/23
185.103.196.0-185.103.198.255
185.106.20.0/22
Signature Algorithm: sha256WithRSAEncryption
44:21:d4:44:ce:29:c2:af:2d:13:10:97:c7:76:98:1e:d7:4e:
ee:93:99:3e:2c:ae:da:fe:fb:4b:67:5e:10:7f:fc:3a:08:e8:
53:cb:3c:ee:42:f2:92:1d:9e:29:8e:5b:0b:6d:f6:cc:58:cc:
c5:d1:85:38:39:25:9b:c7:2f:37:1e:61:5f:74:dd:65:3a:46:
ed:14:8f:ac:c3:41:20:62:b5:03:d0:01:9a:f2:91:a2:dc:01:
c9:1f:ad:d9:83:c2:2e:8e:97:d8:32:dc:0c:84:04:d3:75:c9:
e2:92:da:86:f6:42:d5:d8:a8:d8:51:ee:83:86:bc:3b:44:47:
e0:f0:4c:94:13:8d:0f:23:7f:6a:bd:8f:7d:d2:6b:47:62:43:
fa:51:be:c7:a1:bf:b1:46:68:56:bd:02:f9:b7:3a:d6:7d:d1:
40:85:71:ef:e7:d8:41:23:d7:87:b8:ad:43:d7:2c:23:cf:db:
6c:52:e2:ff:e3:ee:b7:84:0d:9f:49:77:03:91:5e:d9:24:d2:
7a:14:01:f8:18:cf:7f:6c:75:79:ef:41:29:2b:26:58:d7:18:
44:3f:b2:42:f0:cf:a1:b5:cd:e1:7e:47:43:a4:c1:50:a4:d8:
bf:1b:3a:43:2f:77:3a:91:87:c3:00:84:1c:ba:30:68:9f:5d:
bb:f7:bd:02
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVvXdxzO62v7rseZ7lOEXe9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDUyNGEwNWQ0NzdiODJmYmNhOTNlN2E1MDRhYTMxYTNh
ZDY4NjMwHhcNMjMwMTAxMjIwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZjZWJlYTZiMzU0M2RlYTEwNGVkMjcyY2FkMzRmN2VjZWNlNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgkdgTx77U1JMeqYclyMm2PCcaSd
dW+5h1r6+w6ErPmBFfbgvP4cB/2omlVHekCK17TlnamW+YYZFlAsLo7JNDhLmRbs
ITQtI6rZuK0bVT/aeiO8rA/tDDCRgPm5xzm4Q73G1bCx+zmPqRkzv00JjsVbCPHe
8HoNXxQf9v+a1gke5qnH0AzQAJ2JBtaU07YZLlbxO3YZznJs3sEpkAZ50Syxg5Rs
3bvN+vB4LKQUd5lpxqMC0T1oMgySnKg3ESVy3zhDDAcHSs3kiP9Cj210i9+oLxrY
cYcqJV9hFoBoEclR44TPpCGnfeVeyofmb3UfXxMCEaYvyiKeBElub3SnwQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIX86+prNUPeoQTtJyytNPfs7OcWMB8GA1UdIwQY
MBaAFN/VJKBdR3uC+8qT56UEqjGjrWhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzlVa29GMUhlNEw3eXBQbnBRU3FNYU90YUdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yMGMxODctMDBmZC00NTllLWFhZTQt
NDY3ZjRmN2Y1ZGVkLzEvaGZ6cjZtczFROTZoQk8wbkxLMDA5LXpzNXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yMGMxODctMDBmZC00NTllLWFhZTQtNDY3ZjRmN2Y1ZGVk
LzEvMzlVa29GMUhlNEw3eXBQbnBRU3FNYU90YUdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBuRw8MAwD
BAK5Z8QDBAC5Z8YDBAK5ahQwDQYJKoZIhvcNAQELBQADggEBAEQh1ETOKcKvLRMQ
l8d2mB7XTu6TmT4srtr++0tnXhB//DoI6FPLPO5C8pIdnimOWwtt9sxYzMXRhTg5
JZvHLzceYV903WU6Ru0Uj6zDQSBitQPQAZrykaLcAckfrdmDwi6Ol9gy3AyEBNN1
yeKS2ob2QtXYqNhR7oOGvDtER+DwTJQTjQ8jf2q9j33Sa0diQ/pRvsehv7FGaFa9
Avm3OtZ90UCFce/n2EEj14e4rUPXLCPP22xS4v/j7reEDZ9JdwORXtkk0noUAfgY
z39sdXnvQSkrJljXGEQ/skLwz6G1zeF+R0OkwVCk2L8bOkMvdzqRh8MAhBy6MGif
Xbv3vQI=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:44:55 2025 by rpki-client