Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/9a694b-c61b-41b2-93ce-4dc2f793c3cd/1/KctNJVOxwDu3H_HRQVLwcxdNwU4.roa
File: KctNJVOxwDu3H_HRQVLwcxdNwU4.roa (raw, json)
Hash identifier: Y7QaDaHEvptOGq0/kwcWDmRa265krFK7bZOcRwhacPc=
Subject key identifier: 29:CB:4D:25:53:B1:C0:3B:B7:1F:F1:D1:41:52:F0:73:17:4D:C1:4E
Certificate issuer: /CN=c32a16b207e3b6f6f72d3d0ad5fceba8ea103636
Certificate serial: 01882325F1FFD822958B003679045FF2C6B8
Authority key identifier: C3:2A:16:B2:07:E3:B6:F6:F7:2D:3D:0A:D5:FC:EB:A8:EA:10:36:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wyoWsgfjtvb3LT0K1fzrqOoQNjY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/9a694b-c61b-41b2-93ce-4dc2f793c3cd/1/KctNJVOxwDu3H_HRQVLwcxdNwU4.roa
Signing time: Tue 16 May 2023 06:01:09 +0000
ROA not before: Tue 16 May 2023 06:01:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198290
IP address blocks: 193.169.158.0/23 maxlen: 23
193.169.158.0/24 maxlen: 24
193.169.159.0/24 maxlen: 24
185.44.56.0/24 maxlen: 24
185.44.57.0/24 maxlen: 24
185.44.58.0/24 maxlen: 24
185.44.56.0/22 maxlen: 22
185.44.59.0/24 maxlen: 24
2a01:7360::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:23:25:f1:ff:d8:22:95:8b:00:36:79:04:5f:f2:c6:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c32a16b207e3b6f6f72d3d0ad5fceba8ea103636
Validity
Not Before: May 16 06:01:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=29cb4d2553b1c03bb71ff1d14152f073174dc14e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:0d:09:74:dd:e7:82:4c:af:90:bd:31:ac:8b:
7c:d7:dc:57:56:ab:8f:5d:89:75:32:ef:e7:f9:60:
ba:e4:3b:df:7d:b5:4d:64:ab:c3:1b:c9:0e:b0:6a:
66:48:a9:bc:ec:aa:c3:7a:0f:e3:ae:50:97:39:04:
5d:7d:de:39:e2:3c:1b:49:73:76:56:8b:f1:3a:26:
cd:9c:4d:a2:20:8a:0d:5e:47:f1:14:56:ef:f8:2c:
f3:05:b9:de:01:52:f8:6b:78:04:61:1a:3a:34:0d:
34:2c:3e:eb:fa:31:40:6a:f2:e0:17:3d:a1:65:27:
a4:a6:f5:a9:b2:ff:f4:5d:6f:ad:76:dd:6f:07:bc:
86:47:38:6c:4c:0d:7d:76:9e:67:bc:60:ed:a2:ed:
47:db:05:c2:e7:ee:54:54:77:04:5e:a2:ae:9b:26:
b4:f9:72:ac:35:61:13:ed:1a:b9:93:6f:ee:db:bd:
91:ac:02:e3:d9:6f:69:f5:22:4b:99:02:7a:a3:40:
ea:d6:79:f3:18:a9:a7:6b:90:c7:80:20:3e:42:ab:
bf:38:70:67:5b:bf:52:3c:57:b5:9b:7b:1d:af:78:
76:7d:a1:dc:53:ae:cc:2b:81:01:07:5b:df:f1:cc:
fb:01:a6:84:d6:be:c2:5d:74:06:7d:6d:a2:92:ee:
68:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:CB:4D:25:53:B1:C0:3B:B7:1F:F1:D1:41:52:F0:73:17:4D:C1:4E
X509v3 Authority Key Identifier:
keyid:C3:2A:16:B2:07:E3:B6:F6:F7:2D:3D:0A:D5:FC:EB:A8:EA:10:36:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wyoWsgfjtvb3LT0K1fzrqOoQNjY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9a694b-c61b-41b2-93ce-4dc2f793c3cd/1/KctNJVOxwDu3H_HRQVLwcxdNwU4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9a694b-c61b-41b2-93ce-4dc2f793c3cd/1/wyoWsgfjtvb3LT0K1fzrqOoQNjY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.44.56.0/22
193.169.158.0/23
IPv6:
2a01:7360::/32
Signature Algorithm: sha256WithRSAEncryption
5b:73:20:90:24:ac:c8:9c:74:f2:78:74:dd:06:6e:10:05:10:
fc:11:d2:00:67:b9:69:c5:12:ca:1b:42:f0:d0:54:09:c2:78:
ba:e0:91:48:ed:d9:71:30:b1:94:00:45:ce:ad:0d:a3:65:06:
5c:ca:ed:13:fd:79:68:56:3a:98:4b:1c:dd:fb:6e:df:93:de:
30:48:4a:e2:10:24:89:75:60:56:9c:68:18:ac:50:b5:ad:bf:
cb:29:fd:0a:98:0a:78:b5:31:a1:2f:8c:97:22:46:b2:a5:1d:
74:21:a5:f6:e6:dc:e7:b1:c7:ce:c4:b8:1d:f0:77:7d:c7:c6:
b1:56:a5:eb:5b:ea:6a:0d:e2:e6:34:ce:cb:87:34:3e:60:b6:
a7:cd:b4:49:9a:09:c8:6f:2e:08:5d:5d:b9:41:59:21:4b:ab:
13:f1:3f:3c:1d:fc:fb:9e:25:0a:58:c4:6f:82:5a:64:8e:e5:
b6:2c:90:87:b4:1a:16:e1:44:65:70:3f:92:df:e4:43:9c:ca:
6c:bd:3f:52:0d:27:9f:11:6e:62:ba:0f:a2:0c:7a:f4:d6:34:
a8:2d:61:33:a0:a4:82:ab:42:a8:90:33:7a:b3:bc:42:7a:02:
b7:99:b1:4d:d8:6d:d2:0e:04:0b:37:93:f3:fa:b0:46:80:5b:
9c:fb:af:07
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYgjJfH/2CKViwA2eQRf8sa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMmExNmIyMDdlM2I2ZjZmNzJkM2QwYWQ1ZmNlYmE4ZWEx
MDM2MzYwHhcNMjMwNTE2MDYwMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNiNGQyNTUzYjFjMDNiYjcxZmYxZDE0MTUyZjA3MzE3NGRjMTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Q0JdN3ngkyvkL0xrIt819xXVquP
XYl1Mu/n+WC65DvffbVNZKvDG8kOsGpmSKm87KrDeg/jrlCXOQRdfd454jwbSXN2
VovxOibNnE2iIIoNXkfxFFbv+CzzBbneAVL4a3gEYRo6NA00LD7r+jFAavLgFz2h
ZSekpvWpsv/0XW+tdt1vB7yGRzhsTA19dp5nvGDtou1H2wXC5+5UVHcEXqKumya0
+XKsNWET7Rq5k2/u272RrALj2W9p9SJLmQJ6o0Dq1nnzGKmna5DHgCA+Qqu/OHBn
W79SPFe1m3sdr3h2faHcU67MK4EBB1vf8cz7AaaE1r7CXXQGfW2iku5oQwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCnLTSVTscA7tx/x0UFS8HMXTcFOMB8GA1UdIwQY
MBaAFMMqFrIH47b29y09CtX866jqEDY2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3lvV3NnZmp0dmIzTFQwSzFmenJxT29RTmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC85YTY5NGItYzYxYi00MWIyLTkzY2Ut
NGRjMmY3OTNjM2NkLzEvS2N0TkpWT3h3RHUzSF9IUlFWTHdjeGROd1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC85YTY5NGItYzYxYi00MWIyLTkzY2UtNGRjMmY3OTNjM2Nk
LzEvd3lvV3NnZmp0dmIzTFQwSzFmenJxT29RTmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSw4AwQB
wameMA0EAgACMAcDBQAqAXNgMA0GCSqGSIb3DQEBCwUAA4IBAQBbcyCQJKzInHTy
eHTdBm4QBRD8EdIAZ7lpxRLKG0Lw0FQJwni64JFI7dlxMLGUAEXOrQ2jZQZcyu0T
/XloVjqYSxzd+27fk94wSEriECSJdWBWnGgYrFC1rb/LKf0KmAp4tTGhL4yXIkay
pR10IaX25tznscfOxLgd8Hd9x8axVqXrW+pqDeLmNM7LhzQ+YLanzbRJmgnIby4I
XV25QVkhS6sT8T88Hfz7niUKWMRvglpkjuW2LJCHtBoW4URlcD+S3+RDnMpsvT9S
DSefEW5iug+iDHr01jSoLWEzoKSCq0KokDN6s7xCegK3mbFN2G3SDgQLN5Pz+rBG
gFuc+68H
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:29:15 2025 by rpki-client