Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/zyh1fMl2OHtfmsJOpKeH7om5Bc4.roa
File: zyh1fMl2OHtfmsJOpKeH7om5Bc4.roa (raw, json)
Hash identifier: 8QTqYaMR3WFXxvIGxoTTT3XUj/YBnNibI4uvWxLlrgg=
Subject key identifier: CF:28:75:7C:C9:76:38:7B:5F:9A:C2:4E:A4:A7:87:EE:89:B9:05:CE
Certificate issuer: /CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Certificate serial: 018C64F0B76EDE266B6A21EC8A023A6E68F0
Authority key identifier: 6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/zyh1fMl2OHtfmsJOpKeH7om5Bc4.roa
Signing time: Wed 13 Dec 2023 20:49:06 +0000
ROA not before: Wed 13 Dec 2023 20:49:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43949
IP address blocks: 168.168.80.0/20 maxlen: 20
168.168.96.0/19 maxlen: 19
168.168.0.0/21 maxlen: 21
168.168.8.0/22 maxlen: 22
168.168.12.0/23 maxlen: 23
168.168.15.0/24 maxlen: 24
168.168.14.0/24 maxlen: 24
168.168.32.0/22 maxlen: 22
2.58.180.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:64:f0:b7:6e:de:26:6b:6a:21:ec:8a:02:3a:6e:68:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Validity
Not Before: Dec 13 20:49:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf28757cc976387b5f9ac24ea4a787ee89b905ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:67:d0:85:1e:07:9d:0f:05:1d:81:24:42:05:
50:93:8c:4f:a0:ad:53:fe:4b:24:70:b7:2f:c4:00:
e7:9c:e5:3d:ac:c6:a5:6b:27:73:ef:b1:2a:1f:95:
0d:65:ec:91:03:41:56:bb:2b:67:a7:09:5d:54:f0:
c7:75:29:b4:68:03:69:d2:49:7b:fc:08:a5:8f:b9:
20:c6:c7:d6:0d:6b:e9:04:27:ae:7d:5a:72:ad:ba:
ef:03:70:3f:26:5d:da:ee:77:70:11:ea:0b:ea:04:
cf:60:00:03:45:64:0b:6d:df:59:60:ae:4b:2a:1f:
f6:ae:a5:e1:b0:ca:5b:b8:32:1d:c4:e4:f3:d3:6f:
b1:1a:33:e7:a1:55:00:1b:f4:1d:2b:e9:a0:f7:f3:
ef:f1:16:ef:70:22:3e:e3:87:47:7b:4e:a5:fa:25:
9b:36:c6:ff:0e:12:75:25:c9:f7:3c:83:89:f1:a0:
ab:7a:81:18:e1:e1:22:f8:43:ab:4b:bf:47:bd:aa:
99:bf:54:0e:3e:2b:6e:61:43:c1:a1:be:de:c3:03:
31:f3:fe:20:14:38:5c:76:48:61:7a:f5:1e:ab:08:
18:db:90:da:7d:0d:1f:30:ca:68:29:ee:f8:4b:e8:
45:c5:b5:c3:f9:16:0d:7d:f3:b3:6b:31:c2:9d:a6:
c4:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:28:75:7C:C9:76:38:7B:5F:9A:C2:4E:A4:A7:87:EE:89:B9:05:CE
X509v3 Authority Key Identifier:
keyid:6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/zyh1fMl2OHtfmsJOpKeH7om5Bc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.180.0/22
168.168.0.0/20
168.168.32.0/22
168.168.80.0-168.168.127.255
Signature Algorithm: sha256WithRSAEncryption
39:ec:19:ac:aa:b0:d5:fc:51:4e:aa:39:de:e5:4e:f7:95:ba:
4d:a5:eb:09:db:45:8c:ba:26:9b:48:51:ec:0c:c6:e6:3e:70:
b1:fc:94:75:fd:a8:0a:9b:d3:08:cd:82:53:24:87:94:8d:fa:
bf:b5:b6:16:75:fc:bf:94:40:9e:b6:e7:4a:d9:99:59:28:63:
e6:cb:4d:41:ec:f3:86:e2:d7:e5:c3:05:3f:d3:9d:52:cc:81:
03:83:b7:af:c6:99:cd:74:c4:26:e0:d7:4a:80:7f:04:a8:6e:
4e:e6:c2:6e:5f:b0:8a:76:51:b3:e9:0e:92:60:04:fe:35:a6:
3b:c9:3d:1f:92:5d:df:1e:40:17:76:66:7d:43:69:25:a0:d5:
d5:ca:6d:90:d2:1b:2f:0a:92:33:f8:2c:be:59:b1:38:27:26:
15:fc:41:55:91:b0:ed:82:b2:7b:90:08:bc:72:3e:c7:2f:8d:
43:ca:33:e2:76:25:7b:6b:11:b4:10:b0:e1:2c:9d:20:2c:54:
25:52:6f:39:01:7f:5c:ef:f5:74:b7:46:97:ea:ac:03:40:39:
d6:16:62:ea:3f:ee:20:06:49:81:3a:ba:0d:a3:3a:54:de:3a:
d3:ea:9f:a7:e8:e2:33:ab:3a:1a:e2:a1:b7:71:30:21:af:d9:
00:33:bf:3f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYxk8Ldu3iZraiHsigI6bmjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiOTJjZjMzOTBjYWE1ODc5ZTc1OTcyOWNkOTAwOGM2ZWNh
NTVhMjcwHhcNMjMxMjEzMjA0OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjI4NzU3Y2M5NzYzODdiNWY5YWMyNGVhNGE3ODdlZTg5YjkwNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWfQhR4HnQ8FHYEkQgVQk4xPoK1T
/kskcLcvxADnnOU9rMalaydz77EqH5UNZeyRA0FWuytnpwldVPDHdSm0aANp0kl7
/Ailj7kgxsfWDWvpBCeufVpyrbrvA3A/Jl3a7ndwEeoL6gTPYAADRWQLbd9ZYK5L
Kh/2rqXhsMpbuDIdxOTz02+xGjPnoVUAG/QdK+mg9/Pv8RbvcCI+44dHe06l+iWb
Nsb/DhJ1Jcn3PIOJ8aCreoEY4eEi+EOrS79HvaqZv1QOPituYUPBob7ewwMx8/4g
FDhcdkhhevUeqwgY25DafQ0fMMpoKe74S+hFxbXD+RYNffOzazHCnabEuQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFM8odXzJdjh7X5rCTqSnh+6JuQXOMB8GA1UdIwQY
MBaAFGuSzzOQyqWHnnWXKc2QCMbspVonMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTIt
MmEwNjIyMzYyM2UwLzEvenloMWZNbDJPSHRmbXNKT3BLZUg3b201QmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTItMmEwNjIyMzYyM2Uw
LzEvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCAjq0AwQE
qKgAAwQCqKggMAwDBASoqFADBAeoqAAwDQYJKoZIhvcNAQELBQADggEBADnsGayq
sNX8UU6qOd7lTveVuk2l6wnbRYy6JptIUewMxuY+cLH8lHX9qAqb0wjNglMkh5SN
+r+1thZ1/L+UQJ6250rZmVkoY+bLTUHs84bi1+XDBT/TnVLMgQODt6/Gmc10xCbg
10qAfwSobk7mwm5fsIp2UbPpDpJgBP41pjvJPR+SXd8eQBd2Zn1DaSWg1dXKbZDS
Gy8KkjP4LL5ZsTgnJhX8QVWRsO2CsnuQCLxyPscvjUPKM+J2JXtrEbQQsOEsnSAs
VCVSbzkBf1zv9XS3RpfqrANAOdYWYuo/7iAGSYE6ug2jOlTeOtPqn6fo4jOrOhri
obdxMCGv2QAzvz8=
-----END CERTIFICATE-----
Generated at Wed Apr 16 15:52:33 2025 by rpki-client