Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/942022-4fb3-461d-b456-1526cb9abf9b/1/aFx7xm9cVi6_d-dQUgvZvjSOhTc.roa
File: aFx7xm9cVi6_d-dQUgvZvjSOhTc.roa (raw, json)
Hash identifier: B6buNfBuDjFFk2WkT/5nmBVMDuMcjrdT+jnuHPuIWEQ=
Subject key identifier: 68:5C:7B:C6:6F:5C:56:2E:BF:77:E7:50:52:0B:D9:BE:34:8E:85:37
Certificate issuer: /CN=300777c3b44144fd3056bf4b845450cb7fab9c2d
Certificate serial: 018572FA57FF8216B3D08894461A2D5D453D
Authority key identifier: 30:07:77:C3:B4:41:44:FD:30:56:BF:4B:84:54:50:CB:7F:AB:9C:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MAd3w7RBRP0wVr9LhFRQy3-rnC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/942022-4fb3-461d-b456-1526cb9abf9b/1/aFx7xm9cVi6_d-dQUgvZvjSOhTc.roa
Signing time: Mon 02 Jan 2023 14:54:47 +0000
ROA not before: Mon 02 Jan 2023 14:54:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211721
IP address blocks: 194.153.135.0/24 maxlen: 24
2a10:9f42::/31 maxlen: 31
2a10:9f46::/31 maxlen: 31
2a10:9f40::/31 maxlen: 31
2a10:9f44::/31 maxlen: 31
2a10:9f40::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:fa:57:ff:82:16:b3:d0:88:94:46:1a:2d:5d:45:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=300777c3b44144fd3056bf4b845450cb7fab9c2d
Validity
Not Before: Jan 2 14:54:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=685c7bc66f5c562ebf77e750520bd9be348e8537
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:4a:02:68:e8:70:0c:7d:61:07:81:9e:54:78:
84:33:e9:ca:70:23:5f:a7:6e:58:4e:e8:b0:c5:ed:
90:26:c6:49:3b:6d:b1:aa:9e:3c:2e:84:00:40:bc:
61:bb:3b:73:21:fb:ea:30:46:b2:ee:2d:e2:7d:38:
91:98:05:43:c1:e1:de:40:f4:11:6f:ed:6a:f8:b1:
1a:7c:ee:79:fc:18:b2:90:b0:62:c5:eb:3b:45:88:
e6:0a:56:4d:7e:51:8a:25:bb:85:ce:53:2c:8f:4d:
8d:11:51:0d:b8:63:91:fd:a5:15:9a:70:dc:78:f4:
0e:d1:49:76:cc:ab:11:a0:95:cf:a3:af:ff:5e:4a:
89:e4:b7:4c:2f:94:46:5f:cd:c0:10:f9:ba:af:0b:
26:e1:65:0c:01:af:ed:39:df:8a:bc:db:ee:6d:de:
9e:34:63:05:87:4c:bb:d1:6b:15:5f:6e:4f:e3:28:
9d:bd:89:b4:07:1f:81:9f:c3:76:c5:b3:70:63:56:
e7:8d:48:7d:5f:97:8c:fe:b6:a6:ea:5a:cb:bc:3b:
34:74:1a:0a:67:d4:6c:79:80:05:7e:86:cf:aa:ba:
00:69:c6:69:62:bc:23:74:36:6f:c5:8c:5a:8c:cc:
7a:09:04:6d:e5:db:dc:ef:dd:b3:b7:a8:20:46:d3:
17:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:5C:7B:C6:6F:5C:56:2E:BF:77:E7:50:52:0B:D9:BE:34:8E:85:37
X509v3 Authority Key Identifier:
keyid:30:07:77:C3:B4:41:44:FD:30:56:BF:4B:84:54:50:CB:7F:AB:9C:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MAd3w7RBRP0wVr9LhFRQy3-rnC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/942022-4fb3-461d-b456-1526cb9abf9b/1/aFx7xm9cVi6_d-dQUgvZvjSOhTc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/942022-4fb3-461d-b456-1526cb9abf9b/1/MAd3w7RBRP0wVr9LhFRQy3-rnC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.153.135.0/24
IPv6:
2a10:9f40::/29
Signature Algorithm: sha256WithRSAEncryption
56:cc:0e:b1:b7:36:45:a6:4d:7f:94:59:9c:66:10:c8:8d:9b:
16:1a:da:bc:84:f2:af:13:1a:0d:1a:f7:a3:f7:32:a4:09:c8:
a1:c6:2e:5d:d9:0e:5b:e2:ab:fe:2a:c3:f6:0f:8b:e3:43:77:
3f:50:d0:c8:a0:64:bb:f2:8a:b7:95:ef:b0:43:f7:f1:c0:10:
44:87:3f:bc:82:9b:f6:8e:86:60:ed:58:8e:96:c0:35:fe:fb:
78:0e:97:2f:3c:f6:cf:a4:1e:cc:84:81:bd:21:44:8c:fd:6a:
48:21:82:cd:ef:a0:08:b5:73:5f:67:c5:08:a3:5b:b1:7c:ac:
b8:ea:e6:40:3e:f4:39:bf:21:0e:ad:99:3a:0b:89:c6:16:b9:
90:40:dc:cc:ec:59:5c:47:38:6b:f1:d2:9a:37:bb:78:f5:10:
9b:93:56:9c:d9:55:01:67:41:9d:11:d3:05:a3:cb:3a:47:99:
f3:04:65:3d:e1:fb:e5:0e:8c:bc:ca:42:29:50:66:06:a3:cd:
7f:ef:bc:07:f5:da:4e:52:00:97:4c:ff:2e:68:b9:0a:57:56:
83:db:6a:5b:7b:a1:c1:5a:b4:fe:07:e9:c1:d5:05:d5:e3:67:
48:0b:2a:ef:c1:45:6f:72:c6:3f:93:fa:80:f7:e2:c1:0a:cc:
2b:67:65:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVy+lf/ghaz0IiURhotXUU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMDc3N2MzYjQ0MTQ0ZmQzMDU2YmY0Yjg0NTQ1MGNiN2Zh
YjljMmQwHhcNMjMwMTAyMTQ1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODVjN2JjNjZmNWM1NjJlYmY3N2U3NTA1MjBiZDliZTM0OGU4NTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUoCaOhwDH1hB4GeVHiEM+nKcCNf
p25YTuiwxe2QJsZJO22xqp48LoQAQLxhuztzIfvqMEay7i3ifTiRmAVDweHeQPQR
b+1q+LEafO55/BiykLBixes7RYjmClZNflGKJbuFzlMsj02NEVENuGOR/aUVmnDc
ePQO0Ul2zKsRoJXPo6//XkqJ5LdML5RGX83AEPm6rwsm4WUMAa/tOd+KvNvubd6e
NGMFh0y70WsVX25P4yidvYm0Bx+Bn8N2xbNwY1bnjUh9X5eM/ram6lrLvDs0dBoK
Z9RseYAFfobPqroAacZpYrwjdDZvxYxajMx6CQRt5dvc792zt6ggRtMXdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGhce8ZvXFYuv3fnUFIL2b40joU3MB8GA1UdIwQY
MBaAFDAHd8O0QUT9MFa/S4RUUMt/q5wtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUFkM3c3UkJSUDB3VnI5TGhGUlF5My1ybkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85NDIwMjItNGZiMy00NjFkLWI0NTYt
MTUyNmNiOWFiZjliLzEvYUZ4N3htOWNWaTZfZC1kUVVndlp2alNPaFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85NDIwMjItNGZiMy00NjFkLWI0NTYtMTUyNmNiOWFiZjli
LzEvTUFkM3c3UkJSUDB3VnI5TGhGUlF5My1ybkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwpmHMA0E
AgACMAcDBQMqEJ9AMA0GCSqGSIb3DQEBCwUAA4IBAQBWzA6xtzZFpk1/lFmcZhDI
jZsWGtq8hPKvExoNGvej9zKkCcihxi5d2Q5b4qv+KsP2D4vjQ3c/UNDIoGS78oq3
le+wQ/fxwBBEhz+8gpv2joZg7ViOlsA1/vt4DpcvPPbPpB7MhIG9IUSM/WpIIYLN
76AItXNfZ8UIo1uxfKy46uZAPvQ5vyEOrZk6C4nGFrmQQNzM7FlcRzhr8dKaN7t4
9RCbk1ac2VUBZ0GdEdMFo8s6R5nzBGU94fvlDoy8ykIpUGYGo81/77wH9dpOUgCX
TP8uaLkKV1aD22pbe6HBWrT+B+nB1QXV42dICyrvwUVvcsY/k/qA9+LBCswrZ2UH
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:29:50 2025 by rpki-client