Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/nC6jlHSm_TnKgYRGRAr2aaUKkv0.roa
File: nC6jlHSm_TnKgYRGRAr2aaUKkv0.roa (raw, json)
Hash identifier: LzLz+KpqBR2wIB5bkVW/XD3xqy+iNeLxFoImqZEtvio=
Subject key identifier: 9C:2E:A3:94:74:A6:FD:39:CA:81:84:46:44:0A:F6:69:A5:0A:92:FD
Certificate issuer: /CN=1b78dbf3e859582fd1eda2f2dcde5422295146f1
Certificate serial: 01856B4A2F1AC7470E25D4EC13F5AD58C9CA
Authority key identifier: 1B:78:DB:F3:E8:59:58:2F:D1:ED:A2:F2:DC:DE:54:22:29:51:46:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G3jb8-hZWC_R7aLy3N5UIilRRvE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/nC6jlHSm_TnKgYRGRAr2aaUKkv0.roa
Signing time: Sun 01 Jan 2023 03:05:01 +0000
ROA not before: Sun 01 Jan 2023 03:05:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15600
IP address blocks: 5.172.128.0/20 maxlen: 20
185.74.136.0/22 maxlen: 22
2a00:d4e0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:4a:2f:1a:c7:47:0e:25:d4:ec:13:f5:ad:58:c9:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b78dbf3e859582fd1eda2f2dcde5422295146f1
Validity
Not Before: Jan 1 03:05:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9c2ea39474a6fd39ca818446440af669a50a92fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:fc:b2:ee:ab:43:d6:bc:d1:34:c0:fb:8f:cf:
e1:ad:23:68:7e:15:42:e0:2f:92:fb:4f:29:ed:dc:
dd:4f:69:fa:40:91:af:0c:79:96:3a:64:5f:bc:86:
6e:81:ae:45:4f:9b:97:86:98:70:22:3d:32:e1:66:
c8:c3:0d:e1:6e:87:8a:d8:aa:c0:a3:3b:e8:ae:2f:
92:23:54:16:ef:89:2c:43:d0:d3:01:d8:9c:22:e5:
52:30:44:cd:a6:58:71:68:1d:6e:24:f7:ea:06:70:
38:8f:0b:0e:0d:6c:28:79:0a:7d:c0:d7:3c:b6:f0:
61:f1:32:ac:0c:37:d9:53:46:43:37:66:63:ca:1d:
5a:00:07:8c:31:6a:0a:dd:6c:f0:b0:bc:ea:30:8e:
a0:82:54:83:77:bf:5c:31:70:2e:9b:1e:04:84:48:
4a:d8:90:52:c7:77:6b:1f:97:2b:fc:57:47:ca:ef:
ff:ae:79:a5:76:29:32:52:5c:fc:53:b5:f3:f3:88:
f9:c9:0e:11:5f:60:79:a0:92:8d:b5:b5:fb:97:7c:
84:3f:e8:e9:95:19:47:82:7c:55:fe:96:8f:f9:04:
64:83:3c:1b:19:12:6c:37:83:7d:ba:c9:29:1d:d6:
27:dc:3f:b9:87:de:d4:1b:ad:c6:a7:3e:1f:42:2e:
f3:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:2E:A3:94:74:A6:FD:39:CA:81:84:46:44:0A:F6:69:A5:0A:92:FD
X509v3 Authority Key Identifier:
keyid:1B:78:DB:F3:E8:59:58:2F:D1:ED:A2:F2:DC:DE:54:22:29:51:46:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G3jb8-hZWC_R7aLy3N5UIilRRvE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/nC6jlHSm_TnKgYRGRAr2aaUKkv0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/G3jb8-hZWC_R7aLy3N5UIilRRvE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.128.0/20
185.74.136.0/22
IPv6:
2a00:d4e0::/29
Signature Algorithm: sha256WithRSAEncryption
69:cf:1b:f0:1b:dc:e0:42:9b:f2:d6:f2:9c:1e:9a:03:22:e7:
97:9a:2f:e0:16:9d:4d:f4:84:5e:d0:53:55:87:de:fd:90:22:
de:a0:4c:96:d2:cd:0c:60:66:6e:82:a7:2b:54:98:0b:50:50:
cc:5b:23:e3:36:1e:41:6c:00:26:fb:27:e9:58:d0:d4:bb:b7:
1f:f8:08:2c:9a:c6:83:a8:58:96:e3:31:7e:21:47:13:b0:24:
88:92:ad:87:bb:51:2e:22:42:dd:e9:d3:07:10:fc:22:26:64:
dd:1c:7d:d0:58:93:15:ae:b2:fc:b0:a4:29:05:ba:a2:53:c7:
ca:0e:39:9c:bd:45:f7:b7:87:25:74:e6:ad:1d:22:f4:7c:44:
6c:2f:f7:a7:01:14:d7:55:80:3d:a1:fb:f0:43:a5:4b:f2:11:
7b:1a:9d:c8:b2:e5:56:bd:b6:8f:ed:9e:19:37:3e:31:ff:08:
9b:4a:81:14:21:94:92:9e:14:ac:c7:dc:65:f6:67:c1:7e:3f:
9a:09:c1:34:3c:95:b0:dd:43:6b:b8:da:a7:0f:20:5b:7f:6d:
87:8d:19:f4:7d:12:27:61:ab:85:a9:cf:02:c7:22:01:c4:78:
9f:7e:b7:99:92:6c:d7:96:5d:ca:40:57:79:15:5f:df:18:f9:
e4:32:6a:cf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVrSi8ax0cOJdTsE/WtWMnKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNzhkYmYzZTg1OTU4MmZkMWVkYTJmMmRjZGU1NDIyMjk1
MTQ2ZjEwHhcNMjMwMTAxMDMwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzJlYTM5NDc0YTZmZDM5Y2E4MTg0NDY0NDBhZjY2OWE1MGE5MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/yy7qtD1rzRNMD7j8/hrSNofhVC
4C+S+08p7dzdT2n6QJGvDHmWOmRfvIZuga5FT5uXhphwIj0y4WbIww3hboeK2KrA
ozvori+SI1QW74ksQ9DTAdicIuVSMETNplhxaB1uJPfqBnA4jwsODWwoeQp9wNc8
tvBh8TKsDDfZU0ZDN2Zjyh1aAAeMMWoK3WzwsLzqMI6gglSDd79cMXAumx4EhEhK
2JBSx3drH5cr/FdHyu//rnmldikyUlz8U7Xz84j5yQ4RX2B5oJKNtbX7l3yEP+jp
lRlHgnxV/paP+QRkgzwbGRJsN4N9uskpHdYn3D+5h97UG63Gpz4fQi7z5QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJwuo5R0pv05yoGERkQK9mmlCpL9MB8GA1UdIwQY
MBaAFBt42/PoWVgv0e2i8tzeVCIpUUbxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzNqYjgtaFpXQ19SN2FMeTNONVVJaWxSUnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85OWI1MzUtYzQyYi00ZTAxLTg3OTMt
NzIyMjk0NzgzZTllLzEvbkM2amxIU21fVG5LZ1lSR1JBcjJhYVVLa3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85OWI1MzUtYzQyYi00ZTAxLTg3OTMtNzIyMjk0NzgzZTll
LzEvRzNqYjgtaFpXQ19SN2FMeTNONVVJaWxSUnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEBayAAwQC
uUqIMA0EAgACMAcDBQMqANTgMA0GCSqGSIb3DQEBCwUAA4IBAQBpzxvwG9zgQpvy
1vKcHpoDIueXmi/gFp1N9IRe0FNVh979kCLeoEyW0s0MYGZugqcrVJgLUFDMWyPj
Nh5BbAAm+yfpWNDUu7cf+AgsmsaDqFiW4zF+IUcTsCSIkq2Hu1EuIkLd6dMHEPwi
JmTdHH3QWJMVrrL8sKQpBbqiU8fKDjmcvUX3t4cldOatHSL0fERsL/enARTXVYA9
ofvwQ6VL8hF7Gp3IsuVWvbaP7Z4ZNz4x/wibSoEUIZSSnhSsx9xl9mfBfj+aCcE0
PJWw3UNruNqnDyBbf22HjRn0fRInYauFqc8CxyIBxHiffreZkmzXll3KQFd5FV/f
GPnkMmrP
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:00:11 2025 by rpki-client