Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/0dZylZcAUnXFzAtVN6q3CLrx3fo.roa
File: 0dZylZcAUnXFzAtVN6q3CLrx3fo.roa (raw, json)
Hash identifier: 2Mnl2O1xSHDX5lznG76r4I8Bfvy8jZA7lvMznMOoQ8A=
Subject key identifier: D1:D6:72:95:97:00:52:75:C5:CC:0B:55:37:AA:B7:08:BA:F1:DD:FA
Certificate issuer: /CN=8146de8cec01d052536c0f08dfe7a8b53f9aaec2
Certificate serial: 018612996BF62FD84001EF650F27F3A48AD6
Authority key identifier: 81:46:DE:8C:EC:01:D0:52:53:6C:0F:08:DF:E7:A8:B5:3F:9A:AE:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/0dZylZcAUnXFzAtVN6q3CLrx3fo.roa
Signing time: Thu 02 Feb 2023 14:48:09 +0000
ROA not before: Thu 02 Feb 2023 14:48:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209846
IP address blocks: 185.227.158.0/24 maxlen: 24
185.227.157.0/24 maxlen: 24
185.227.156.0/24 maxlen: 24
185.227.159.0/24 maxlen: 24
2a0c:be00::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:12:99:6b:f6:2f:d8:40:01:ef:65:0f:27:f3:a4:8a:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8146de8cec01d052536c0f08dfe7a8b53f9aaec2
Validity
Not Before: Feb 2 14:48:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d1d6729597005275c5cc0b5537aab708baf1ddfa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:a5:1b:f3:f4:da:1d:8c:0c:dd:d4:0c:85:e4:
dd:e2:09:ff:81:a6:1f:dd:a8:1c:84:38:f1:da:6b:
7f:47:c6:8c:ca:b5:88:06:ec:36:f0:09:24:33:fe:
ce:dd:ca:90:76:3f:da:9d:37:2f:af:55:0e:11:75:
c3:3c:3f:96:2b:db:2e:f4:01:0a:4a:21:a3:dc:b6:
76:4f:90:9a:a7:47:0f:a8:f9:63:e0:f2:f5:f2:59:
9f:e2:c3:85:46:56:12:bb:20:cb:8e:bb:6f:10:98:
4b:b9:95:dc:2d:55:fe:f3:33:bc:4e:7c:72:c1:4c:
f7:66:62:90:a7:7f:39:4f:44:7e:54:6c:1e:a2:f2:
7c:7c:02:aa:ed:4c:21:b2:8c:c8:c8:c4:a9:78:61:
c5:f4:2f:8f:5a:75:51:60:ea:00:93:b4:4a:c2:ce:
15:58:40:97:16:f2:8e:67:7d:57:66:8d:51:37:b9:
8d:c0:bd:e5:3e:b1:6d:de:49:b0:35:9b:c1:17:ef:
ef:e7:bc:0f:90:8d:e3:2e:a2:97:f4:92:ab:db:a3:
39:b7:a9:0c:37:5a:3d:00:0a:4c:b3:7b:dd:1b:d3:
88:ef:04:47:46:7a:d9:56:4f:35:94:5b:c6:bb:8a:
35:b9:7f:82:41:dd:3a:e1:44:23:02:af:86:35:11:
27:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:D6:72:95:97:00:52:75:C5:CC:0B:55:37:AA:B7:08:BA:F1:DD:FA
X509v3 Authority Key Identifier:
keyid:81:46:DE:8C:EC:01:D0:52:53:6C:0F:08:DF:E7:A8:B5:3F:9A:AE:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/0dZylZcAUnXFzAtVN6q3CLrx3fo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.227.156.0/22
IPv6:
2a0c:be00::/32
Signature Algorithm: sha256WithRSAEncryption
69:1c:50:32:c0:ab:dd:8d:56:a4:d0:9c:2b:06:ba:62:ee:9a:
3b:d0:fa:68:e4:14:7b:3a:38:70:5d:5f:1e:3e:46:8a:61:aa:
27:44:c4:73:14:9b:9a:77:71:db:4b:74:96:fa:8a:7f:c3:b6:
18:49:09:88:fa:b6:d2:29:5a:5f:74:c3:40:ba:bd:ec:45:83:
6b:6f:1c:cc:40:b1:49:b1:a7:ed:03:5d:09:8f:96:cf:ba:6c:
b3:c7:9c:75:82:63:f6:48:2a:92:78:2b:10:8f:16:1b:86:f7:
b7:c2:7b:e2:09:38:b3:4d:0f:2f:88:04:c5:2e:8a:a7:a8:07:
b8:ec:64:2d:0d:d0:2c:f9:71:52:0f:75:e4:59:76:1a:11:88:
ca:c6:c4:3a:4b:94:a5:7a:14:c1:d9:bf:4b:a8:08:44:19:24:
30:29:a0:d9:4d:29:44:06:38:32:09:c3:38:29:33:d8:79:7b:
59:1f:1f:b0:56:79:88:aa:f1:d4:a8:35:11:44:26:fc:85:69:
b4:22:24:1a:20:45:e0:c6:ea:21:7e:c7:e4:a3:f3:09:6a:b5:
09:31:4f:c4:bb:6d:4c:35:ac:a8:28:61:f3:69:d0:2f:b6:8b:
18:c8:39:d2:55:b6:76:b8:08:7e:65:9f:3f:63:ed:b5:39:d0:
84:90:25:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYYSmWv2L9hAAe9lDyfzpIrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNDZkZThjZWMwMWQwNTI1MzZjMGYwOGRmZTdhOGI1M2Y5
YWFlYzIwHhcNMjMwMjAyMTQ0ODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQ2NzI5NTk3MDA1Mjc1YzVjYzBiNTUzN2FhYjcwOGJhZjFkZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6Ub8/TaHYwM3dQMheTd4gn/gaYf
3agchDjx2mt/R8aMyrWIBuw28AkkM/7O3cqQdj/anTcvr1UOEXXDPD+WK9su9AEK
SiGj3LZ2T5Cap0cPqPlj4PL18lmf4sOFRlYSuyDLjrtvEJhLuZXcLVX+8zO8Tnxy
wUz3ZmKQp385T0R+VGweovJ8fAKq7UwhsozIyMSpeGHF9C+PWnVRYOoAk7RKws4V
WECXFvKOZ31XZo1RN7mNwL3lPrFt3kmwNZvBF+/v57wPkI3jLqKX9JKr26M5t6kM
N1o9AApMs3vdG9OI7wRHRnrZVk81lFvGu4o1uX+CQd064UQjAq+GNREnUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNHWcpWXAFJ1xcwLVTeqtwi68d36MB8GA1UdIwQY
MBaAFIFG3ozsAdBSU2wPCN/nqLU/mq7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ViZWpPd0IwRkpUYkE4STMtZW90VC1hcnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjhkOWEtOGRkYi00NGIzLTlhYzAt
Y2Q1NzJmZDA0NGVlLzEvMGRaeWxaY0FVblhGekF0Vk42cTNDTHJ4M2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjhkOWEtOGRkYi00NGIzLTlhYzAtY2Q1NzJmZDA0NGVl
LzEvZ1ViZWpPd0IwRkpUYkE4STMtZW90VC1hcnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueOcMA0E
AgACMAcDBQAqDL4AMA0GCSqGSIb3DQEBCwUAA4IBAQBpHFAywKvdjVak0JwrBrpi
7po70Ppo5BR7OjhwXV8ePkaKYaonRMRzFJuad3HbS3SW+op/w7YYSQmI+rbSKVpf
dMNAur3sRYNrbxzMQLFJsaftA10Jj5bPumyzx5x1gmP2SCqSeCsQjxYbhve3wnvi
CTizTQ8viATFLoqnqAe47GQtDdAs+XFSD3XkWXYaEYjKxsQ6S5SlehTB2b9LqAhE
GSQwKaDZTSlEBjgyCcM4KTPYeXtZHx+wVnmIqvHUqDURRCb8hWm0IiQaIEXgxuoh
fsfko/MJarUJMU/Eu21MNayoKGHzadAvtosYyDnSVbZ2uAh+ZZ8/Y+21OdCEkCWM
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:51:18 2025 by rpki-client