Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/562112-ad44-4d71-9cb9-fb7d7dca34a7/1/xZrxTvOmokV2yhUnTuJVzlBg0qo.roa
File: xZrxTvOmokV2yhUnTuJVzlBg0qo.roa (raw, json)
Hash identifier: 8aIuneLj/c7EQa7iABIY1dSN5OqtjXrBu8a0dwOkZzA=
Subject key identifier: C5:9A:F1:4E:F3:A6:A2:45:76:CA:15:27:4E:E2:55:CE:50:60:D2:AA
Certificate issuer: /CN=8da03e0d020efc944c1eebdaee5427d365b70076
Certificate serial: 01891FFAFF9159D0DE14F05B265B398CE67C
Authority key identifier: 8D:A0:3E:0D:02:0E:FC:94:4C:1E:EB:DA:EE:54:27:D3:65:B7:00:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jaA-DQIO_JRMHuva7lQn02W3AHY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/562112-ad44-4d71-9cb9-fb7d7dca34a7/1/xZrxTvOmokV2yhUnTuJVzlBg0qo.roa
Signing time: Tue 04 Jul 2023 08:18:10 +0000
ROA not before: Tue 04 Jul 2023 08:18:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202561
IP address blocks: 109.224.242.0/24 maxlen: 24
185.200.36.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:1f:fa:ff:91:59:d0:de:14:f0:5b:26:5b:39:8c:e6:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8da03e0d020efc944c1eebdaee5427d365b70076
Validity
Not Before: Jul 4 08:18:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c59af14ef3a6a24576ca15274ee255ce5060d2aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:69:16:70:e8:e1:84:7e:62:96:cb:4a:7a:d3:
d9:21:d5:1a:b7:8a:95:72:2d:b4:5d:ba:99:28:3c:
42:e6:34:0e:2a:ba:1c:b1:85:49:fe:4b:99:25:a4:
5c:c1:14:7f:39:6e:1a:24:f0:97:b3:82:b2:eb:2d:
42:b1:bd:92:a4:f8:b5:4b:5c:1d:9e:4c:e1:a0:d4:
35:39:c8:f2:fd:82:4c:a9:38:fc:24:98:8b:d1:0d:
07:ba:cb:42:ad:b8:0b:4d:37:77:20:b3:dc:7b:81:
b3:8d:46:71:c9:87:f6:8a:b4:48:1b:10:7c:f2:a8:
36:f2:8b:3b:11:f2:0d:c4:e5:9e:84:dd:28:10:8b:
b4:e6:0c:d3:7b:40:18:71:ed:ad:0c:64:75:9f:2a:
04:25:2e:a1:6e:bb:01:ba:b9:41:58:5c:4e:bc:43:
0f:6c:5c:80:36:f9:80:e1:72:7c:bc:38:6a:4d:aa:
e1:2f:59:96:43:48:28:be:29:b1:5a:6e:b1:bd:d3:
2c:24:e8:f2:53:57:94:61:8e:52:7c:d0:40:ac:8a:
29:a8:24:91:46:e9:89:43:a6:17:33:05:11:fb:8b:
aa:10:cd:cd:93:55:7f:fd:de:87:1e:76:b6:1e:32:
0c:b9:ca:12:12:31:bc:e4:57:20:83:f7:9c:0a:c3:
a8:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:9A:F1:4E:F3:A6:A2:45:76:CA:15:27:4E:E2:55:CE:50:60:D2:AA
X509v3 Authority Key Identifier:
keyid:8D:A0:3E:0D:02:0E:FC:94:4C:1E:EB:DA:EE:54:27:D3:65:B7:00:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jaA-DQIO_JRMHuva7lQn02W3AHY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/562112-ad44-4d71-9cb9-fb7d7dca34a7/1/xZrxTvOmokV2yhUnTuJVzlBg0qo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/562112-ad44-4d71-9cb9-fb7d7dca34a7/1/jaA-DQIO_JRMHuva7lQn02W3AHY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.242.0/24
185.200.36.0/22
Signature Algorithm: sha256WithRSAEncryption
19:bd:fd:91:4f:bc:60:dd:7d:15:db:ac:65:f5:d3:70:52:d0:
18:fb:c4:2a:a6:74:bc:fb:bc:c4:ef:b2:25:a1:6a:09:24:9c:
ab:70:50:ff:59:60:30:27:5e:8f:fe:80:78:b3:e9:89:f7:c3:
bb:25:e4:90:46:2d:57:cc:35:6b:c4:0c:72:37:c3:04:e3:ec:
59:96:66:46:79:84:56:bc:8f:3f:a6:a9:88:16:ce:f7:4c:17:
fe:09:c2:93:17:fd:0b:61:12:4a:14:2a:b6:e2:a3:71:46:27:
52:74:4a:9d:51:c9:13:bc:a6:54:55:cd:f4:ba:82:89:3b:62:
bb:e2:99:6a:20:8a:19:c2:9a:de:84:62:f6:e0:69:af:3d:57:
a3:39:99:c3:f7:23:3e:5f:75:5c:e1:c6:83:1f:41:3e:be:7e:
ef:39:75:ee:71:ac:48:ab:1a:40:ed:22:4e:d3:c9:0a:ff:76:
74:dc:54:ed:0a:81:6d:5a:71:21:3e:a1:e0:6f:45:cd:aa:a8:
91:e2:30:73:51:59:5b:4a:8d:cb:15:fb:3e:be:fc:1b:a2:6f:
71:6a:06:44:57:41:7b:6d:09:9b:6e:d9:14:86:25:73:fc:16:
33:8b:16:69:9a:41:3f:bc:02:f7:f5:c3:21:d5:7a:c4:be:7e:
50:c9:6f:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYkf+v+RWdDeFPBbJls5jOZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTAzZTBkMDIwZWZjOTQ0YzFlZWJkYWVlNTQyN2QzNjVi
NzAwNzYwHhcNMjMwNzA0MDgxODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTlhZjE0ZWYzYTZhMjQ1NzZjYTE1Mjc0ZWUyNTVjZTUwNjBkMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2kWcOjhhH5ilstKetPZIdUat4qV
ci20XbqZKDxC5jQOKrocsYVJ/kuZJaRcwRR/OW4aJPCXs4Ky6y1Csb2SpPi1S1wd
nkzhoNQ1Ocjy/YJMqTj8JJiL0Q0HustCrbgLTTd3ILPce4GzjUZxyYf2irRIGxB8
8qg28os7EfINxOWehN0oEIu05gzTe0AYce2tDGR1nyoEJS6hbrsBurlBWFxOvEMP
bFyANvmA4XJ8vDhqTarhL1mWQ0govimxWm6xvdMsJOjyU1eUYY5SfNBArIopqCSR
RumJQ6YXMwUR+4uqEM3Nk1V//d6HHna2HjIMucoSEjG85Fcgg/ecCsOoNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMWa8U7zpqJFdsoVJ07iVc5QYNKqMB8GA1UdIwQY
MBaAFI2gPg0CDvyUTB7r2u5UJ9NltwB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFBLURRSU9fSlJNSHV2YTdsUW4wMlczQUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS81NjIxMTItYWQ0NC00ZDcxLTljYjkt
ZmI3ZDdkY2EzNGE3LzEveFpyeFR2T21va1YyeWhVblR1SlZ6bEJnMHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS81NjIxMTItYWQ0NC00ZDcxLTljYjktZmI3ZDdkY2EzNGE3
LzEvamFBLURRSU9fSlJNSHV2YTdsUW4wMlczQUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbeDyAwQC
ucgkMA0GCSqGSIb3DQEBCwUAA4IBAQAZvf2RT7xg3X0V26xl9dNwUtAY+8QqpnS8
+7zE77IloWoJJJyrcFD/WWAwJ16P/oB4s+mJ98O7JeSQRi1XzDVrxAxyN8ME4+xZ
lmZGeYRWvI8/pqmIFs73TBf+CcKTF/0LYRJKFCq24qNxRidSdEqdUckTvKZUVc30
uoKJO2K74plqIIoZwprehGL24GmvPVejOZnD9yM+X3Vc4caDH0E+vn7vOXXucaxI
qxpA7SJO08kK/3Z03FTtCoFtWnEhPqHgb0XNqqiR4jBzUVlbSo3LFfs+vvwbom9x
agZEV0F7bQmbbtkUhiVz/BYzixZpmkE/vAL39cMh1XrEvn5QyW/G
-----END CERTIFICATE-----
Generated at Fri Apr 18 15:01:24 2025 by rpki-client