Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/nfVtyWxdES1Sfyogcxwl2CZSIuw.roa
File: nfVtyWxdES1Sfyogcxwl2CZSIuw.roa (raw, json)
Hash identifier: hJ1R7UJ/dwbvK7R48ZfSJx9X+m7VdR7KE2xeKKk35CU=
Subject key identifier: 9D:F5:6D:C9:6C:5D:11:2D:52:7F:2A:20:73:1C:25:D8:26:52:22:EC
Certificate issuer: /CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
Certificate serial: 0185724C7B6B1C9556BE6BF6DECC5034EC57
Authority key identifier: 4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/nfVtyWxdES1Sfyogcxwl2CZSIuw.roa
Signing time: Mon 02 Jan 2023 11:44:52 +0000
ROA not before: Mon 02 Jan 2023 11:44:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16019
IP address blocks: 185.168.149.0/24 maxlen: 24
2a12:b7c0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:4c:7b:6b:1c:95:56:be:6b:f6:de:cc:50:34:ec:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
Validity
Not Before: Jan 2 11:44:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9df56dc96c5d112d527f2a20731c25d8265222ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:69:cb:25:6b:77:d1:1d:bf:16:98:10:e5:cd:
70:10:dd:50:c7:e2:a2:92:90:38:3a:31:c1:c1:a3:
c0:1e:74:61:0f:28:7a:b9:09:d3:dc:ac:56:d2:64:
5c:54:c9:ec:f1:99:93:5f:6b:5d:31:8c:07:b7:d3:
72:41:d7:6e:70:c1:41:02:0b:5b:e1:bd:7d:40:37:
97:ad:40:ee:19:5a:d8:d2:79:de:73:99:6e:9a:5d:
8d:a6:7a:96:e9:cb:bf:93:51:af:11:04:ea:ce:5d:
ee:8c:ad:ff:5d:a8:86:d6:3e:c5:99:79:b9:3b:8d:
b0:3b:ce:16:d2:f0:a4:ec:76:3b:e6:67:6e:b3:d5:
a0:82:77:19:e4:67:65:08:a9:2f:ce:8c:ad:97:5f:
a3:c5:3d:5c:c9:c0:71:50:da:e3:5c:14:19:80:5a:
b6:1f:c3:6f:e8:11:62:f3:db:74:ba:e3:7f:a1:6b:
e3:57:85:23:05:76:a1:01:51:e6:c0:0e:5f:0e:0f:
5e:1b:d6:77:f7:d3:d9:fa:fc:d6:63:83:f7:4b:ce:
91:0b:ec:32:30:cf:ec:e5:11:9d:16:cb:70:89:b6:
b6:5b:6d:ba:ee:e3:f9:fb:25:7d:05:06:ca:22:0f:
17:51:bd:e3:0a:cd:64:f0:2f:42:4b:79:8d:ff:9c:
07:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:F5:6D:C9:6C:5D:11:2D:52:7F:2A:20:73:1C:25:D8:26:52:22:EC
X509v3 Authority Key Identifier:
keyid:4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/nfVtyWxdES1Sfyogcxwl2CZSIuw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.168.149.0/24
IPv6:
2a12:b7c0::/29
Signature Algorithm: sha256WithRSAEncryption
7a:ac:05:6f:ae:51:59:46:50:56:8d:08:d6:ca:f2:a3:5d:eb:
19:f4:61:0a:44:03:c4:92:b7:76:a0:22:8d:74:5c:57:69:f6:
6d:31:e8:79:e4:8c:30:91:68:bd:9c:f1:50:52:a6:b7:14:1a:
92:8e:2f:6c:c3:f8:4a:13:6a:e4:7a:e1:02:b0:b3:98:80:50:
07:95:cb:45:3a:e4:5c:1f:53:da:7b:c6:62:c9:a1:be:38:52:
10:51:89:c0:f2:d0:aa:62:2f:3a:b3:af:0f:6f:95:3a:b0:27:
51:0a:27:1d:ee:5c:17:6c:74:40:2c:94:09:10:11:de:17:93:
17:9e:c4:0a:9e:95:1f:81:fe:74:00:c4:34:45:87:0f:74:e4:
de:c9:bd:33:48:af:0d:98:7c:59:f5:ce:ab:f5:94:97:fa:55:
71:7d:a8:8b:ba:c0:24:f9:6f:7a:f8:25:69:68:8c:f1:ad:4e:
8e:5a:77:47:65:35:29:c2:46:76:50:09:d9:88:61:1c:92:fc:
22:9b:3e:83:22:30:ee:05:cd:a0:6b:8a:84:c5:77:0c:e2:47:
97:6a:23:ed:cc:04:c7:65:a4:86:18:c7:cb:17:cb:90:a5:4c:
58:0c:02:a8:0f:33:a8:02:28:11:33:ad:9f:9a:e0:b4:99:8a:
e6:ef:7e:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyTHtrHJVWvmv23sxQNOxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZGQ0MmNjZDEzZDdmOGE3YzNlZGE1YjU1MDJkOGQ2ZGNi
YmJlMTEwHhcNMjMwMTAyMTE0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGY1NmRjOTZjNWQxMTJkNTI3ZjJhMjA3MzFjMjVkODI2NTIyMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumnLJWt30R2/FpgQ5c1wEN1Qx+Ki
kpA4OjHBwaPAHnRhDyh6uQnT3KxW0mRcVMns8ZmTX2tdMYwHt9NyQdducMFBAgtb
4b19QDeXrUDuGVrY0nnec5luml2NpnqW6cu/k1GvEQTqzl3ujK3/XaiG1j7FmXm5
O42wO84W0vCk7HY75mdus9WggncZ5GdlCKkvzoytl1+jxT1cycBxUNrjXBQZgFq2
H8Nv6BFi89t0uuN/oWvjV4UjBXahAVHmwA5fDg9eG9Z399PZ+vzWY4P3S86RC+wy
MM/s5RGdFstwiba2W2267uP5+yV9BQbKIg8XUb3jCs1k8C9CS3mN/5wHVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ31bclsXREtUn8qIHMcJdgmUiLsMB8GA1UdIwQY
MBaAFEvdQszRPX+KfD7aW1UC2Nbcu74RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzkxQ3pORTlmNHA4UHRwYlZRTFkxdHk3dmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mYzhlMjItOWEzYi00NjQ2LWJhYmUt
MWNhMjEyMGVlNDM2LzEvbmZWdHlXeGRFUzFTZnlvZ2N4d2wyQ1pTSXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mYzhlMjItOWEzYi00NjQ2LWJhYmUtMWNhMjEyMGVlNDM2
LzEvUzkxQ3pORTlmNHA4UHRwYlZRTFkxdHk3dmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaiVMA0E
AgACMAcDBQMqErfAMA0GCSqGSIb3DQEBCwUAA4IBAQB6rAVvrlFZRlBWjQjWyvKj
XesZ9GEKRAPEkrd2oCKNdFxXafZtMeh55IwwkWi9nPFQUqa3FBqSji9sw/hKE2rk
euECsLOYgFAHlctFOuRcH1Pae8ZiyaG+OFIQUYnA8tCqYi86s68Pb5U6sCdRCicd
7lwXbHRALJQJEBHeF5MXnsQKnpUfgf50AMQ0RYcPdOTeyb0zSK8NmHxZ9c6r9ZSX
+lVxfaiLusAk+W96+CVpaIzxrU6OWndHZTUpwkZ2UAnZiGEckvwimz6DIjDuBc2g
a4qExXcM4keXaiPtzATHZaSGGMfLF8uQpUxYDAKoDzOoAigRM62fmuC0mYrm734n
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:44:53 2025 by rpki-client