Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/tZF9VBoZuuDgFMxVoxYs9MDu1bQ.roa
File: tZF9VBoZuuDgFMxVoxYs9MDu1bQ.roa (raw, json)
Hash identifier: IuBRpfrMxlNbsahfwSHAhFIympqpqHZTxwD7+lg6qho=
Subject key identifier: B5:91:7D:54:1A:19:BA:E0:E0:14:CC:55:A3:16:2C:F4:C0:EE:D5:B4
Certificate issuer: /CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
Certificate serial: 0185737189C6114FD876DF0267E1B36D3C2A
Authority key identifier: 64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/tZF9VBoZuuDgFMxVoxYs9MDu1bQ.roa
Signing time: Mon 02 Jan 2023 17:04:58 +0000
ROA not before: Mon 02 Jan 2023 17:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 24953
IP address blocks: 194.34.224.0/24 maxlen: 24
194.34.227.0/24 maxlen: 24
2a0d:f9c3::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:71:89:c6:11:4f:d8:76:df:02:67:e1:b3:6d:3c:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
Validity
Not Before: Jan 2 17:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b5917d541a19bae0e014cc55a3162cf4c0eed5b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:7c:6a:39:88:93:2e:6b:cb:36:43:96:df:cb:
c3:d3:0b:ba:03:28:80:b6:94:40:15:ae:47:44:85:
1b:26:a3:b3:43:54:d7:9b:92:07:e8:d4:46:89:b4:
04:da:0b:9c:cd:e3:c8:68:c8:02:1f:28:19:08:56:
ba:80:56:0d:d7:f1:ab:0a:11:a5:d9:c3:a1:59:0f:
c9:b0:28:d8:95:2a:37:56:54:21:cb:ba:7d:49:a8:
a1:eb:7e:07:86:d3:b5:a3:a2:30:ff:19:97:43:69:
7e:50:55:f9:3f:a6:3b:c9:57:fe:a9:06:19:58:b6:
21:2f:09:27:f4:69:fb:0e:95:34:43:25:7b:62:2f:
91:ee:60:8f:de:af:77:7a:a1:f0:fa:2f:4c:ab:b4:
e9:29:c3:d8:49:7d:3c:8c:e1:3d:cd:8d:3e:bf:63:
59:97:58:45:72:f6:a7:72:c0:38:f3:00:84:7d:28:
7a:28:be:33:9f:66:c1:ea:e4:e3:df:32:93:aa:56:
ad:59:39:a4:5d:8f:30:e9:d9:c7:f2:84:77:95:ac:
fc:c5:ed:3a:63:c4:92:4d:9d:60:69:85:82:f6:cd:
09:be:fc:0b:4b:0f:59:a2:23:8d:a5:92:e5:c2:c6:
49:45:08:b4:7e:9c:5c:12:53:86:72:b5:ea:cf:6b:
4c:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:91:7D:54:1A:19:BA:E0:E0:14:CC:55:A3:16:2C:F4:C0:EE:D5:B4
X509v3 Authority Key Identifier:
keyid:64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/tZF9VBoZuuDgFMxVoxYs9MDu1bQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.34.224.0/24
194.34.227.0/24
IPv6:
2a0d:f9c3::/32
Signature Algorithm: sha256WithRSAEncryption
4e:40:68:df:f6:37:93:11:87:8d:4a:e1:0b:e9:1e:6f:f4:ce:
53:e5:fb:43:02:af:36:45:32:a7:ad:da:83:1d:ba:c4:0e:44:
4b:42:e8:2f:09:c9:e3:e5:6c:cd:e4:d9:5b:82:19:d6:b1:17:
e3:d9:2e:9b:b9:13:ba:53:48:97:8e:f0:82:fc:9c:f3:0e:a4:
be:b9:89:f8:8b:06:14:6e:83:fe:de:5b:80:2e:35:fa:dd:6b:
24:e0:07:13:6e:e8:b6:64:6f:b7:c5:4f:75:cc:a3:df:32:40:
49:49:58:8b:3e:7f:3c:db:ac:a2:5f:43:4f:9e:69:05:93:12:
a4:9d:68:5f:5a:13:3b:ec:6f:35:8a:88:8b:fa:fc:ed:2d:6f:
e3:2d:30:d0:f4:dc:c3:3c:b8:f8:89:ec:bb:c9:e3:16:c2:2c:
c7:e5:b6:a1:8e:45:eb:21:de:55:e9:36:68:e5:e0:49:1c:fb:
09:d7:67:cd:ff:64:f8:49:72:b5:ac:5e:fa:f7:cd:2e:1d:7d:
b1:8d:52:12:a2:55:73:90:2f:c7:20:52:f5:c9:5e:6a:18:f3:
04:aa:30:52:8b:78:4f:3c:f1:fa:ed:7a:bc:95:ab:9d:7b:0f:
6a:fa:99:63:c8:f4:47:bb:1c:ce:15:6b:da:a1:0d:8b:68:e0:
b3:31:20:81
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVzcYnGEU/Ydt8CZ+GzbTwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0M2UxYmE5MWM1NjlhOGIyMWE2ZDJkNjdmNWRiYmQ2YzA0
ZTQzZWEwHhcNMjMwMTAyMTcwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTkxN2Q1NDFhMTliYWUwZTAxNGNjNTVhMzE2MmNmNGMwZWVkNWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHxqOYiTLmvLNkOW38vD0wu6AyiA
tpRAFa5HRIUbJqOzQ1TXm5IH6NRGibQE2guczePIaMgCHygZCFa6gFYN1/GrChGl
2cOhWQ/JsCjYlSo3VlQhy7p9Saih634HhtO1o6Iw/xmXQ2l+UFX5P6Y7yVf+qQYZ
WLYhLwkn9Gn7DpU0QyV7Yi+R7mCP3q93eqHw+i9Mq7TpKcPYSX08jOE9zY0+v2NZ
l1hFcvancsA48wCEfSh6KL4zn2bB6uTj3zKTqlatWTmkXY8w6dnH8oR3laz8xe06
Y8SSTZ1gaYWC9s0JvvwLSw9ZoiONpZLlwsZJRQi0fpxcElOGcrXqz2tMDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLWRfVQaGbrg4BTMVaMWLPTA7tW0MB8GA1UdIwQY
MBaAFGQ+G6kcVpqLIabS1n9du9bATkPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAt
ZmVhMGFmZjM1OWY1LzEvdFpGOVZCb1p1dURnRk14Vm94WXM5TUR1MWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAtZmVhMGFmZjM1OWY1
LzEvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwiLgAwQA
wiLjMA0EAgACMAcDBQAqDfnDMA0GCSqGSIb3DQEBCwUAA4IBAQBOQGjf9jeTEYeN
SuEL6R5v9M5T5ftDAq82RTKnrdqDHbrEDkRLQugvCcnj5WzN5NlbghnWsRfj2S6b
uRO6U0iXjvCC/JzzDqS+uYn4iwYUboP+3luALjX63Wsk4AcTbui2ZG+3xU91zKPf
MkBJSViLPn8826yiX0NPnmkFkxKknWhfWhM77G81ioiL+vztLW/jLTDQ9NzDPLj4
iey7yeMWwizH5bahjkXrId5V6TZo5eBJHPsJ12fN/2T4SXK1rF76980uHX2xjVIS
olVzkC/HIFL1yV5qGPMEqjBSi3hPPPH67Xq8laudew9q+pljyPRHuxzOFWvaoQ2L
aOCzMSCB
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:17 2025 by rpki-client