Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/CZhhOIVfcghlmxwAnxjlvRtZPp8.roa
File: CZhhOIVfcghlmxwAnxjlvRtZPp8.roa (raw, json)
Hash identifier: cnNiZkn9R5LV3lK58FKwGOLZwhq8zHDm6leE9lSi+xo=
Subject key identifier: 09:98:61:38:85:5F:72:08:65:9B:1C:00:9F:18:E5:BD:1B:59:3E:9F
Certificate issuer: /CN=ebb016f46de2db5cc3116599ee871c76c2c834c6
Certificate serial: 01857102F9C7228F8732DC3AA3085975C979
Authority key identifier: EB:B0:16:F4:6D:E2:DB:5C:C3:11:65:99:EE:87:1C:76:C2:C8:34:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/67AW9G3i21zDEWWZ7occdsLINMY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/CZhhOIVfcghlmxwAnxjlvRtZPp8.roa
Signing time: Mon 02 Jan 2023 05:44:58 +0000
ROA not before: Mon 02 Jan 2023 05:44:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209102
IP address blocks: 2.56.130.0/24 maxlen: 24
2.56.128.0/22 maxlen: 22
2.56.129.0/24 maxlen: 24
2.56.131.0/24 maxlen: 24
2.56.128.0/24 maxlen: 24
2a09:c3c0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:02:f9:c7:22:8f:87:32:dc:3a:a3:08:59:75:c9:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebb016f46de2db5cc3116599ee871c76c2c834c6
Validity
Not Before: Jan 2 05:44:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=09986138855f7208659b1c009f18e5bd1b593e9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:d6:cb:b9:9d:26:f1:d6:4f:54:79:8c:74:28:
f2:b2:08:dc:76:71:93:ee:29:3b:9d:84:a7:b0:a4:
f8:3d:b8:2b:19:02:c7:0e:9d:78:62:a1:77:09:18:
fa:0a:38:46:2e:c7:28:e0:04:77:33:4b:11:68:ac:
8b:c1:da:3c:9d:32:58:1c:6f:26:ad:63:53:75:31:
f3:2c:21:cf:2b:0f:f4:ec:ed:a8:f7:35:c1:fa:22:
d6:fb:7d:43:96:de:2c:a3:ef:d0:e3:59:83:d3:28:
50:6f:0d:b6:b5:da:26:ba:31:5f:c6:58:47:18:62:
63:78:c8:5e:fa:53:24:f7:39:f3:46:db:f8:25:c3:
c5:20:48:16:4f:93:73:bf:24:1e:16:01:ab:15:1d:
07:ef:43:cc:8e:3b:9c:de:f9:44:5f:ad:3c:bf:66:
e2:08:5e:ae:52:09:6d:7f:47:53:0e:b6:33:2d:c3:
9a:92:60:fc:e7:28:da:76:1c:ec:1e:db:0e:22:d3:
39:9b:ff:f8:93:b1:e3:7f:97:19:f2:2d:f4:aa:40:
1b:df:3a:eb:ee:9c:96:a1:d1:4c:07:39:6e:21:51:
f1:d9:d1:6a:f9:b5:1f:00:46:d4:a5:3c:b1:5a:41:
d4:7d:c8:c7:1d:7f:b2:76:0d:5d:4d:0a:7b:0f:17:
a9:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:98:61:38:85:5F:72:08:65:9B:1C:00:9F:18:E5:BD:1B:59:3E:9F
X509v3 Authority Key Identifier:
keyid:EB:B0:16:F4:6D:E2:DB:5C:C3:11:65:99:EE:87:1C:76:C2:C8:34:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67AW9G3i21zDEWWZ7occdsLINMY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/CZhhOIVfcghlmxwAnxjlvRtZPp8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/67AW9G3i21zDEWWZ7occdsLINMY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.128.0/22
IPv6:
2a09:c3c0::/29
Signature Algorithm: sha256WithRSAEncryption
aa:d2:15:af:38:ff:c6:e0:cd:03:b3:33:07:51:00:bc:9f:20:
2a:1c:48:cd:be:00:66:c2:5b:e9:32:75:c3:10:e0:fd:42:0b:
7d:99:64:cb:6d:b9:5a:0c:66:cb:f5:a0:2a:6a:b8:61:af:8a:
f5:1c:9f:da:de:38:e6:ce:11:ce:24:8a:9b:c0:35:fb:9f:40:
91:55:69:d5:0c:bc:f0:6e:3b:ab:7d:4e:15:d3:53:7c:3a:f2:
4e:c4:2a:95:79:3b:bf:e7:1a:cd:e2:40:ca:8c:86:19:17:ea:
f9:fc:c4:5c:9a:d5:37:f9:de:a6:dc:e1:05:d1:4d:44:47:58:
e4:79:41:9a:78:ea:9f:14:f4:1b:14:5e:a2:1c:99:7a:07:1b:
c4:c9:fd:d0:9d:4a:1e:0a:be:7e:0e:93:ba:67:bc:0b:3b:8d:
2f:f2:cc:d3:47:08:89:26:b6:7c:e8:07:1d:2b:60:e6:79:54:
02:e1:93:0f:50:a8:21:99:e5:80:79:4e:9c:07:26:01:4d:5a:
75:5e:bc:a4:17:43:c2:04:ed:94:57:ed:f5:a9:46:72:af:75:
cd:a8:3b:f3:55:95:68:8f:f4:df:ef:6d:4f:e1:e7:8a:fe:9f:
8d:07:60:71:ff:9c:e3:aa:00:5b:cb:66:ee:49:97:4c:64:f7:
37:47:66:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxAvnHIo+HMtw6owhZdcl5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYjAxNmY0NmRlMmRiNWNjMzExNjU5OWVlODcxYzc2YzJj
ODM0YzYwHhcNMjMwMTAyMDU0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTk4NjEzODg1NWY3MjA4NjU5YjFjMDA5ZjE4ZTViZDFiNTkzZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdbLuZ0m8dZPVHmMdCjysgjcdnGT
7ik7nYSnsKT4PbgrGQLHDp14YqF3CRj6CjhGLsco4AR3M0sRaKyLwdo8nTJYHG8m
rWNTdTHzLCHPKw/07O2o9zXB+iLW+31Dlt4so+/Q41mD0yhQbw22tdomujFfxlhH
GGJjeMhe+lMk9znzRtv4JcPFIEgWT5NzvyQeFgGrFR0H70PMjjuc3vlEX608v2bi
CF6uUgltf0dTDrYzLcOakmD85yjadhzsHtsOItM5m//4k7Hjf5cZ8i30qkAb3zrr
7pyWodFMBzluIVHx2dFq+bUfAEbUpTyxWkHUfcjHHX+ydg1dTQp7DxeprQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAmYYTiFX3IIZZscAJ8Y5b0bWT6fMB8GA1UdIwQY
MBaAFOuwFvRt4ttcwxFlme6HHHbCyDTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjdBVzlHM2kyMXpERVdXWjdvY2Nkc0xJTk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8zZDAxM2UtOWU1OC00NjVlLTg3YmIt
MDcyZmNhNWZmZWJlLzEvQ1poaE9JVmZjZ2hsbXh3QW54amx2UnRaUHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8zZDAxM2UtOWU1OC00NjVlLTg3YmItMDcyZmNhNWZmZWJl
LzEvNjdBVzlHM2kyMXpERVdXWjdvY2Nkc0xJTk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjiAMA0E
AgACMAcDBQMqCcPAMA0GCSqGSIb3DQEBCwUAA4IBAQCq0hWvOP/G4M0DszMHUQC8
nyAqHEjNvgBmwlvpMnXDEOD9Qgt9mWTLbblaDGbL9aAqarhhr4r1HJ/a3jjmzhHO
JIqbwDX7n0CRVWnVDLzwbjurfU4V01N8OvJOxCqVeTu/5xrN4kDKjIYZF+r5/MRc
mtU3+d6m3OEF0U1ER1jkeUGaeOqfFPQbFF6iHJl6BxvEyf3QnUoeCr5+DpO6Z7wL
O40v8szTRwiJJrZ86AcdK2DmeVQC4ZMPUKghmeWAeU6cByYBTVp1XrykF0PCBO2U
V+31qUZyr3XNqDvzVZVoj/Tf721P4eeK/p+NB2Bx/5zjqgBby2buSZdMZPc3R2aL
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:11:48 2025 by rpki-client