Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/yKtb0RhM2gu6b9AhhQSOG1u3ANY.roa
File: yKtb0RhM2gu6b9AhhQSOG1u3ANY.roa (raw, json)
Hash identifier: 1AKV5eyPOJApttyUzA85rD2GKf6vBeS6a7xvDZYx0kc=
Subject key identifier: C8:AB:5B:D1:18:4C:DA:0B:BA:6F:D0:21:85:04:8E:1B:5B:B7:00:D6
Certificate issuer: /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial: 07F28CC9
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/yKtb0RhM2gu6b9AhhQSOG1u3ANY.roa
Signing time: Sat 01 Jan 2022 13:57:04 +0000
ROA not before: Sat 01 Jan 2022 13:57:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 57073
IP address blocks: 185.138.253.0/24 maxlen: 24
185.138.252.0/24 maxlen: 24
185.138.252.0/22 maxlen: 24
185.62.200.0/23 maxlen: 24
185.138.254.0/24 maxlen: 24
185.138.255.0/24 maxlen: 24
185.62.202.0/24 maxlen: 24
91.230.107.0/24 maxlen: 24
194.1.214.0/24 maxlen: 24
2a03:720::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 133336265 (0x7f28cc9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Validity
Not Before: Jan 1 13:57:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c8ab5bd1184cda0bba6fd02185048e1b5bb700d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:54:5f:55:f8:08:42:a4:c8:21:41:c1:dc:53:
bb:1d:72:15:06:33:5c:17:47:ec:3a:aa:fa:8a:eb:
4d:4c:66:e0:f4:e5:b7:92:27:bc:4d:2f:f0:bf:35:
a4:a2:9f:ad:a7:96:f0:09:10:cb:55:2f:a3:1e:41:
00:7b:a8:dc:59:b1:5a:b5:db:57:c8:01:c8:e8:e2:
1a:0f:dd:73:ac:54:7f:57:28:00:9d:73:e6:ca:0b:
b1:e3:8d:57:05:35:71:f2:a1:7d:0f:bb:89:55:96:
46:f7:8f:dd:99:39:31:9f:60:cc:ff:14:e0:cc:9d:
07:35:f2:61:36:f9:7d:60:e4:6c:09:1a:7c:4f:6e:
21:3a:c3:18:6a:58:c6:8d:15:01:b4:7c:1a:db:8e:
41:2d:cb:fd:c7:1e:6e:5c:5b:50:12:40:89:41:18:
34:73:cd:e3:59:bd:c1:4e:36:bd:91:8b:17:d1:2d:
fb:62:a4:08:27:4f:bc:5e:c2:af:18:92:57:d2:e7:
f8:33:a5:4a:47:f3:5e:a7:bd:a2:6b:6e:dc:3a:bc:
49:93:97:52:c4:89:0f:52:2c:5c:d6:5b:a8:c1:47:
2e:31:26:37:e9:2b:4b:bf:88:89:25:7f:73:c8:88:
db:b9:4c:77:a7:78:92:c8:b8:92:72:77:cd:63:4e:
a0:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:AB:5B:D1:18:4C:DA:0B:BA:6F:D0:21:85:04:8E:1B:5B:B7:00:D6
X509v3 Authority Key Identifier:
keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/yKtb0RhM2gu6b9AhhQSOG1u3ANY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.230.107.0/24
185.62.200.0-185.62.202.255
185.138.252.0/22
194.1.214.0/24
IPv6:
2a03:720::/32
Signature Algorithm: sha256WithRSAEncryption
57:35:63:80:a0:12:df:55:d0:eb:3d:98:9e:03:5c:78:b0:eb:
ca:f6:f7:0a:36:cd:6c:ef:a5:ef:aa:f0:6d:fa:6c:20:18:be:
8e:69:85:30:dc:40:ca:27:9b:e8:46:53:f1:04:62:3f:ab:6f:
b7:c8:0d:2c:72:7f:24:8e:2e:b5:f4:29:c1:2c:dd:71:b7:9e:
ec:b3:99:6c:f4:53:1a:ab:21:bf:d1:b6:65:15:3d:66:82:28:
68:71:0d:eb:be:04:6e:c6:19:d5:f7:b4:4e:95:72:ce:37:c3:
d6:3c:77:68:28:48:e0:e6:13:4d:61:40:77:b7:f1:41:40:48:
f0:11:b1:93:54:00:90:1b:45:d5:3a:89:e6:12:79:8a:ff:24:
4a:6d:f6:f0:3b:9f:d0:33:50:35:dc:b6:cd:82:a7:6a:b2:ec:
34:56:1c:ff:a9:d3:a8:4e:9f:54:a4:1d:80:ab:1a:e4:86:a1:
83:17:ce:d6:a4:e0:a7:8e:50:e2:83:2e:b3:40:fc:61:ad:ea:
91:7f:d8:27:b3:9f:3f:05:89:63:c7:54:a3:10:bf:a8:8b:df:
04:ea:f3:13:f7:a6:cc:ff:52:cc:2b:5b:a4:19:89:cd:20:65:
b0:c1:7a:13:66:ad:78:a0:e1:99:87:df:fa:59:de:10:4b:78:
58:5f:66:c3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEB/KMyTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NmJhM2Y4MDAzOWI5ZTc4NGNmYjI0YmYyYzdkZGIyNGUxOTAwYTc2MB4XDTIyMDEw
MTEzNTcwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzhhYjViZDExODRj
ZGEwYmJhNmZkMDIxODUwNDhlMWI1YmI3MDBkNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALpUX1X4CEKkyCFBwdxTux1yFQYzXBdH7Dqq+orrTUxm4PTl
t5InvE0v8L81pKKfraeW8AkQy1Uvox5BAHuo3FmxWrXbV8gByOjiGg/dc6xUf1co
AJ1z5soLseONVwU1cfKhfQ+7iVWWRveP3Zk5MZ9gzP8U4MydBzXyYTb5fWDkbAka
fE9uITrDGGpYxo0VAbR8GtuOQS3L/cceblxbUBJAiUEYNHPN41m9wU42vZGLF9Et
+2KkCCdPvF7CrxiSV9Ln+DOlSkfzXqe9omtu3Dq8SZOXUsSJD1IsXNZbqMFHLjEm
N+krS7+IiSV/c8iI27lMd6d4ksi4knJ3zWNOoGcCAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBTIq1vRGEzaC7pv0CGFBI4bW7cA1jAfBgNVHSMEGDAWgBRGuj+AA5ueeEz7
JL8sfdsk4ZAKdjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1Jyb19nQU9ibm5oTS15U19MSDNiSk9HUUNuWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODUvY2ZhMmFlLWU1MjQtNGJkMC04NzViLTg5YWNlMzgyMjBmYi8x
L3lLdGIwUmhNMmd1NmI5QWhoUVNPRzF1M0FOWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUv
Y2ZhMmFlLWU1MjQtNGJkMC04NzViLTg5YWNlMzgyMjBmYi8xL1Jyb19nQU9ibm5o
TS15U19MSDNiSk9HUUNuWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwJgQCAAEwIAMEAFvmazAMAwQDuT7IAwQAuT7KAwQC
uYr8AwQAwgHWMA0EAgACMAcDBQAqAwcgMA0GCSqGSIb3DQEBCwUAA4IBAQBXNWOA
oBLfVdDrPZieA1x4sOvK9vcKNs1s76XvqvBt+mwgGL6OaYUw3EDKJ5voRlPxBGI/
q2+3yA0scn8kji619CnBLN1xt57ss5ls9FMaqyG/0bZlFT1mgihocQ3rvgRuxhnV
97ROlXLON8PWPHdoKEjg5hNNYUB3t/FBQEjwEbGTVACQG0XVOonmEnmK/yRKbfbw
O5/QM1A13LbNgqdqsuw0Vhz/qdOoTp9UpB2AqxrkhqGDF87WpOCnjlDigy6zQPxh
reqRf9gns58/BYljx1SjEL+oi98E6vMT96bM/1LMK1ukGYnNIGWwwXoTZq14oOGZ
h9/6Wd4QS3hYX2bD
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:15:57 2025 by rpki-client