Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/z9kgDBMTbY1w_vdfTbzdbNFN_nw.roa
File: z9kgDBMTbY1w_vdfTbzdbNFN_nw.roa (raw, json)
Hash identifier: UgJVM9UasdjQTnl1q0vxiDWi4q8reHIPA//I9IbXrs8=
Subject key identifier: CF:D9:20:0C:13:13:6D:8D:70:FE:F7:5F:4D:BC:DD:6C:D1:4D:FE:7C
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 018CB9C0531F2D3707DECCD57B434EBDFD68
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/z9kgDBMTbY1w_vdfTbzdbNFN_nw.roa
Signing time: Sat 30 Dec 2023 08:03:58 +0000
ROA not before: Sat 30 Dec 2023 08:03:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 6898
IP address blocks: 185.155.176.0/22 maxlen: 22
2a00:bd00::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b9:c0:53:1f:2d:37:07:de:cc:d5:7b:43:4e:bd:fd:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Dec 30 08:03:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cfd9200c13136d8d70fef75f4dbcdd6cd14dfe7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:89:f5:fa:fe:76:24:2b:1c:50:52:e4:9e:ab:
91:2d:38:7a:a9:ac:70:45:c3:b5:f2:ca:60:c7:cc:
80:47:37:a1:9a:68:97:5d:06:a7:73:34:4f:30:b0:
04:8f:9d:3f:be:b7:7b:d2:91:db:6a:f9:64:7a:73:
4f:1a:93:cd:94:02:6d:9f:40:eb:51:ce:27:ff:83:
fd:4a:52:48:5c:34:1e:cd:46:38:07:6c:bf:04:74:
6a:ee:6a:30:f7:c4:66:ee:3c:b4:4f:22:bf:4c:a0:
23:ec:b7:25:2b:53:38:56:96:d4:d2:9f:0d:d9:77:
f8:1a:e4:d6:51:23:50:ea:78:96:81:de:09:5d:fd:
c0:20:dc:76:eb:f8:c5:7e:6a:96:1f:d6:2c:0b:b3:
64:67:e3:df:e7:d9:89:6f:03:bf:c4:4c:6e:c1:09:
0d:4f:01:ac:92:9b:81:a4:01:08:69:74:d6:11:dc:
8d:71:0d:ff:ea:d4:3b:72:60:f0:02:26:39:ce:cb:
24:85:3c:46:59:fe:4c:56:99:96:48:19:20:03:d3:
9d:5a:33:e4:4b:8a:9a:95:05:bb:be:80:46:6e:3c:
67:a9:4b:b8:d2:5f:bd:91:c5:e0:e4:1d:8e:d5:82:
d7:fb:00:b3:00:85:8b:5d:7d:3f:6f:65:6c:9b:48:
60:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:D9:20:0C:13:13:6D:8D:70:FE:F7:5F:4D:BC:DD:6C:D1:4D:FE:7C
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/z9kgDBMTbY1w_vdfTbzdbNFN_nw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.155.176.0/22
IPv6:
2a00:bd00::/32
Signature Algorithm: sha256WithRSAEncryption
37:7c:01:7c:71:26:f7:46:34:02:60:42:bc:4f:f9:53:ed:4d:
7a:73:1f:ce:27:57:55:0f:e9:f0:20:1e:f9:70:1f:e1:5d:51:
23:af:f9:3e:19:6d:49:86:0a:a1:3c:fb:59:ca:a6:0a:0b:42:
dd:0a:26:72:53:d5:0c:87:06:e4:d8:1c:62:e2:90:d0:08:d5:
09:56:52:4b:6b:37:15:1d:71:27:1a:e6:37:d2:a6:66:d6:d5:
8c:26:5a:c4:7d:b2:b6:fe:15:ab:5e:57:fb:b9:8d:30:a1:57:
68:34:fb:33:e9:a9:58:e5:11:5c:42:5b:5c:9c:31:ac:96:c5:
18:c0:d1:4a:a4:e9:5e:b8:32:d9:96:85:9c:43:d0:7e:4f:81:
c9:d7:47:c7:41:d5:7a:45:87:d7:0c:8e:dd:89:c1:ec:e4:35:
70:95:0b:ed:8f:a6:1f:e1:5c:75:7b:34:46:e5:ed:97:cf:cf:
10:53:08:c5:ba:36:d1:78:ab:12:d6:5e:81:ce:2e:eb:86:a7:
16:26:d3:af:59:46:14:28:dc:d2:02:62:da:e2:78:18:85:c1:
2d:e6:a5:c3:e6:70:be:50:f7:62:b0:77:ad:2e:93:a5:4a:54:
0e:43:21:5c:7a:dd:04:33:f8:70:5c:d9:3b:74:03:a2:7e:de:
25:68:41:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYy5wFMfLTcH3szVe0NOvf1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMjMwMDgwMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ5MjAwYzEzMTM2ZDhkNzBmZWY3NWY0ZGJjZGQ2Y2QxNGRmZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYn1+v52JCscUFLknquRLTh6qaxw
RcO18spgx8yARzehmmiXXQanczRPMLAEj50/vrd70pHbavlkenNPGpPNlAJtn0Dr
Uc4n/4P9SlJIXDQezUY4B2y/BHRq7mow98Rm7jy0TyK/TKAj7LclK1M4VpbU0p8N
2Xf4GuTWUSNQ6niWgd4JXf3AINx26/jFfmqWH9YsC7NkZ+Pf59mJbwO/xExuwQkN
TwGskpuBpAEIaXTWEdyNcQ3/6tQ7cmDwAiY5zsskhTxGWf5MVpmWSBkgA9OdWjPk
S4qalQW7voBGbjxnqUu40l+9kcXg5B2O1YLX+wCzAIWLXX0/b2Vsm0hgVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM/ZIAwTE22NcP73X0283WzRTf58MB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvejlrZ0RCTVRiWTF3X3ZkZlRiemRiTkZOX253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZuwMA0E
AgACMAcDBQAqAL0AMA0GCSqGSIb3DQEBCwUAA4IBAQA3fAF8cSb3RjQCYEK8T/lT
7U16cx/OJ1dVD+nwIB75cB/hXVEjr/k+GW1JhgqhPPtZyqYKC0LdCiZyU9UMhwbk
2Bxi4pDQCNUJVlJLazcVHXEnGuY30qZm1tWMJlrEfbK2/hWrXlf7uY0woVdoNPsz
6alY5RFcQltcnDGslsUYwNFKpOleuDLZloWcQ9B+T4HJ10fHQdV6RYfXDI7dicHs
5DVwlQvtj6Yf4Vx1ezRG5e2Xz88QUwjFujbReKsS1l6Bzi7rhqcWJtOvWUYUKNzS
AmLa4ngYhcEt5qXD5nC+UPdisHetLpOlSlQOQyFcet0EM/hwXNk7dAOift4laEEN
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:15:26 2025 by rpki-client