Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/9616ee-381d-4afe-890c-6ee514b29115/1/C04PznBLh-lRzqSLzmc6AYDb1d8.roa
File: C04PznBLh-lRzqSLzmc6AYDb1d8.roa (raw, json)
Hash identifier: 3mI+p3O0jEPgj6gSikOyW5PcLx+kUJCWq7yJ1eUpr7Q=
Subject key identifier: 0B:4E:0F:CE:70:4B:87:E9:51:CE:A4:8B:CE:67:3A:01:80:DB:D5:DF
Certificate issuer: /CN=a4d32269302e1cbccbaac0e0e5af8a864498a135
Certificate serial: 01856DDD22BF0C269B3D5F55D54F7E09A1CE
Authority key identifier: A4:D3:22:69:30:2E:1C:BC:CB:AA:C0:E0:E5:AF:8A:86:44:98:A1:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pNMiaTAuHLzLqsDg5a-KhkSYoTU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/9616ee-381d-4afe-890c-6ee514b29115/1/C04PznBLh-lRzqSLzmc6AYDb1d8.roa
Signing time: Sun 01 Jan 2023 15:04:46 +0000
ROA not before: Sun 01 Jan 2023 15:04:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34741
IP address blocks: 185.174.242.0/24 maxlen: 24
185.174.241.0/24 maxlen: 24
185.174.240.0/24 maxlen: 24
2a07:f100:1000::/36 maxlen: 36
2a07:f100::/36 maxlen: 36
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:dd:22:bf:0c:26:9b:3d:5f:55:d5:4f:7e:09:a1:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4d32269302e1cbccbaac0e0e5af8a864498a135
Validity
Not Before: Jan 1 15:04:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0b4e0fce704b87e951cea48bce673a0180dbd5df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:01:d5:97:59:e9:ee:61:8d:ab:dd:5f:ac:fe:
6a:12:ee:59:7e:43:64:c9:df:e4:83:24:3d:85:12:
ee:4d:9a:39:bd:dd:7e:b4:4c:cf:41:d2:fb:c4:2b:
a0:61:20:07:8f:64:a3:19:62:a3:83:81:a1:94:d2:
52:1d:fd:a2:e8:ca:2f:3d:64:b1:2b:c5:6a:0d:a7:
8d:3f:31:9c:ac:25:ed:73:db:1e:6e:61:c3:4e:51:
d2:8c:54:00:dd:67:cb:5a:8c:3f:9a:e0:90:b8:45:
5b:cf:05:3c:e9:fe:bd:7e:83:ad:c8:64:88:7c:0b:
79:67:c2:5f:ce:1c:62:62:e4:6f:a0:af:70:cb:64:
bc:34:57:dc:18:e9:c8:ce:2d:ab:98:94:ed:7d:d0:
04:54:80:49:ed:aa:87:f1:ee:13:c9:3f:1f:40:f3:
37:9b:10:40:e8:d7:8e:50:76:ca:09:ce:3a:17:bd:
bb:ad:cf:7b:14:58:8a:8b:8b:03:46:26:2b:d5:a0:
cf:c6:09:d8:8d:2d:d3:fc:fa:2b:f3:c6:3a:81:e5:
a5:55:a0:10:55:e4:8c:d7:02:26:1f:77:e4:93:d7:
c9:9e:70:60:1e:62:e0:33:6f:b7:2f:05:26:99:6c:
ab:b3:b1:3c:9e:e7:db:4d:6e:20:02:87:bf:46:af:
04:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:4E:0F:CE:70:4B:87:E9:51:CE:A4:8B:CE:67:3A:01:80:DB:D5:DF
X509v3 Authority Key Identifier:
keyid:A4:D3:22:69:30:2E:1C:BC:CB:AA:C0:E0:E5:AF:8A:86:44:98:A1:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pNMiaTAuHLzLqsDg5a-KhkSYoTU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9616ee-381d-4afe-890c-6ee514b29115/1/C04PznBLh-lRzqSLzmc6AYDb1d8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9616ee-381d-4afe-890c-6ee514b29115/1/pNMiaTAuHLzLqsDg5a-KhkSYoTU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.174.240.0-185.174.242.255
IPv6:
2a07:f100::/35
Signature Algorithm: sha256WithRSAEncryption
38:e3:3b:91:aa:01:00:fd:04:1f:c4:d7:4b:b0:df:ce:19:94:
10:ab:c8:b7:91:96:2d:44:57:98:7d:a3:be:1e:b7:e6:ea:a7:
7e:90:e4:73:05:b5:0e:40:12:80:38:10:41:60:1f:bb:c1:17:
b5:e7:20:3c:3a:0b:70:f5:2d:77:fd:2f:8f:24:1e:06:76:6a:
96:8a:67:04:ff:e5:85:23:4d:0c:35:b3:bc:ea:8d:93:c7:4c:
da:95:7e:60:76:4c:2d:83:72:1a:44:48:9e:07:ab:8f:50:f3:
f9:a2:8b:92:31:56:d1:14:01:8e:e8:20:88:35:3f:5e:3b:04:
e9:3f:62:8f:0c:a9:67:ed:3d:f5:21:c3:79:a5:ea:04:f8:c0:
87:2c:64:9b:cc:c8:47:b5:6b:bf:7f:49:cd:b8:18:89:7e:81:
3d:0b:dc:15:c5:cb:51:3b:36:84:aa:8f:3d:06:cf:0d:44:bc:
b0:82:35:f3:59:bc:bf:8f:ea:07:e6:c8:3f:5a:95:23:18:57:
4e:a0:5d:a0:7f:2a:13:d1:5e:b2:96:f4:a4:5a:9e:b5:b3:0e:
31:00:5f:81:3d:6e:30:13:e6:dd:d5:5c:1d:07:93:9b:be:de:
97:33:5d:63:f0:b0:73:dc:58:34:3d:f0:0a:c3:c2:4d:8e:3d:
50:d6:87:0b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVt3SK/DCabPV9V1U9+CaHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZDMyMjY5MzAyZTFjYmNjYmFhYzBlMGU1YWY4YTg2NDQ5
OGExMzUwHhcNMjMwMTAxMTUwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRlMGZjZTcwNGI4N2U5NTFjZWE0OGJjZTY3M2EwMTgwZGJkNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwHVl1np7mGNq91frP5qEu5ZfkNk
yd/kgyQ9hRLuTZo5vd1+tEzPQdL7xCugYSAHj2SjGWKjg4GhlNJSHf2i6MovPWSx
K8VqDaeNPzGcrCXtc9sebmHDTlHSjFQA3WfLWow/muCQuEVbzwU86f69foOtyGSI
fAt5Z8JfzhxiYuRvoK9wy2S8NFfcGOnIzi2rmJTtfdAEVIBJ7aqH8e4TyT8fQPM3
mxBA6NeOUHbKCc46F727rc97FFiKi4sDRiYr1aDPxgnYjS3T/Por88Y6geWlVaAQ
VeSM1wImH3fkk9fJnnBgHmLgM2+3LwUmmWyrs7E8nufbTW4gAoe/Rq8E3wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAtOD85wS4fpUc6ki85nOgGA29XfMB8GA1UdIwQY
MBaAFKTTImkwLhy8y6rA4OWvioZEmKE1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE5NaWFUQXVITHpMcXNEZzVhLUtoa1NZb1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85NjE2ZWUtMzgxZC00YWZlLTg5MGMt
NmVlNTE0YjI5MTE1LzEvQzA0UHpuQkxoLWxSenFTTHptYzZBWURiMWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85NjE2ZWUtMzgxZC00YWZlLTg5MGMtNmVlNTE0YjI5MTE1
LzEvcE5NaWFUQXVITHpMcXNEZzVhLUtoa1NZb1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAS5rvAD
BAC5rvIwDgQCAAIwCAMGBSoH8QAAMA0GCSqGSIb3DQEBCwUAA4IBAQA44zuRqgEA
/QQfxNdLsN/OGZQQq8i3kZYtRFeYfaO+Hrfm6qd+kORzBbUOQBKAOBBBYB+7wRe1
5yA8Ogtw9S13/S+PJB4GdmqWimcE/+WFI00MNbO86o2Tx0zalX5gdkwtg3IaREie
B6uPUPP5oouSMVbRFAGO6CCINT9eOwTpP2KPDKln7T31IcN5peoE+MCHLGSbzMhH
tWu/f0nNuBiJfoE9C9wVxctROzaEqo89Bs8NRLywgjXzWby/j+oH5sg/WpUjGFdO
oF2gfyoT0V6ylvSkWp61sw4xAF+BPW4wE+bd1VwdB5Obvt6XM11j8LBz3Fg0PfAK
w8JNjj1Q1ocL
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:40:05 2025 by rpki-client