Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/INpzeTCG5HpFzhm5iBInFIOUzzs.roa
File: INpzeTCG5HpFzhm5iBInFIOUzzs.roa (raw, json)
Hash identifier: BF8eX0PH1VMCqoYcJJZOMHsYXTwdONN6qLWfvZV4Tkk=
Subject key identifier: 20:DA:73:79:30:86:E4:7A:45:CE:19:B9:88:12:27:14:83:94:CF:3B
Certificate issuer: /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial: 018A5007F90208BC8AA03D1623C9E1CAA453
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/INpzeTCG5HpFzhm5iBInFIOUzzs.roa
Signing time: Fri 01 Sep 2023 09:16:54 +0000
ROA not before: Fri 01 Sep 2023 09:16:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8860
IP address blocks: 79.98.104.0/21 maxlen: 24
185.228.24.0/22 maxlen: 24
185.55.228.0/22 maxlen: 24
185.239.124.0/24 maxlen: 24
185.239.126.0/24 maxlen: 24
194.145.63.0/24 maxlen: 24
185.199.37.0/24 maxlen: 24
185.199.38.0/24 maxlen: 24
185.52.204.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:50:07:f9:02:08:bc:8a:a0:3d:16:23:c9:e1:ca:a4:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Validity
Not Before: Sep 1 09:16:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20da73793086e47a45ce19b9881227148394cf3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:9c:f7:d1:4d:ed:3c:8a:19:4e:f7:e9:fe:99:
58:4f:87:f1:bc:f5:51:73:cd:3b:22:04:da:29:db:
16:16:7b:7c:3e:50:62:05:78:c9:13:65:e8:e5:dc:
6c:1e:c4:90:00:91:96:bf:aa:d2:ac:e5:94:8a:cf:
be:16:60:01:7f:ab:c2:bd:ce:78:3c:12:4c:3c:08:
67:2e:a4:7d:aa:7a:0b:84:0d:24:19:c3:2e:4d:48:
94:ec:0b:36:5f:ea:ee:cd:dc:de:50:3c:34:18:83:
98:9a:eb:2d:3f:96:eb:9f:a8:fd:f7:0e:c7:f3:82:
b0:13:d9:98:24:1a:1a:5f:66:2d:6e:ad:00:2a:0c:
e3:a6:6e:d8:13:d0:47:1c:64:f8:66:aa:c7:41:c6:
e8:cd:20:4d:aa:13:6a:a2:97:cb:c6:8d:b1:f1:b9:
86:ce:8d:02:7e:70:41:36:e5:e5:98:84:ec:ef:25:
d2:d6:85:2d:11:04:76:72:dc:39:fb:51:80:58:7e:
91:f6:a8:e4:b3:72:e6:01:94:35:b7:0d:ce:5c:39:
b6:66:e8:72:14:31:d4:80:08:f5:31:0f:b0:b1:00:
f8:5f:9b:6d:1c:e2:73:85:19:a3:4d:84:7f:82:fa:
58:84:87:92:9e:7b:4a:40:dd:06:25:9b:2c:bc:be:
b2:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:DA:73:79:30:86:E4:7A:45:CE:19:B9:88:12:27:14:83:94:CF:3B
X509v3 Authority Key Identifier:
keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/INpzeTCG5HpFzhm5iBInFIOUzzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.98.104.0/21
185.52.204.0/22
185.55.228.0/22
185.199.37.0-185.199.38.255
185.228.24.0/22
185.239.124.0/24
185.239.126.0/24
194.145.63.0/24
Signature Algorithm: sha256WithRSAEncryption
bd:e1:3e:f7:20:45:2d:fa:95:1c:2b:45:11:70:3f:ba:00:ad:
57:dc:48:b0:e3:5e:74:90:84:14:6a:da:1f:d9:1c:b6:fb:a3:
96:fd:9d:2b:9d:be:cc:1f:41:0a:5b:9f:ce:c0:0d:94:04:a6:
95:14:75:e6:f4:74:10:fb:cb:80:01:ab:ec:1b:a7:c0:49:e4:
d3:88:be:ef:3a:86:48:0c:9c:e4:7a:bb:c0:dd:7f:2d:81:91:
43:b5:49:ca:16:ea:b2:f5:72:9f:94:3d:e1:f6:10:03:40:d1:
80:10:1a:04:18:43:1c:99:e8:c0:ad:a0:2c:e3:a3:36:86:d8:
e0:19:45:6f:30:09:47:23:db:81:fc:ac:b2:a6:e1:03:31:9a:
3d:e0:17:36:51:cc:56:95:ff:3f:10:a1:f1:31:e8:79:c3:b3:
70:d3:34:4f:8e:92:fc:4f:5e:9f:db:c3:b5:85:de:18:1c:8c:
cc:35:63:e6:12:65:82:43:76:f4:0e:6a:64:60:b4:54:94:9f:
d7:fe:2b:9c:72:14:4e:8a:8e:b7:5c:d7:47:f8:53:3a:4d:d8:
d3:40:dc:c3:cb:54:6a:8e:f2:e3:7a:50:2b:0b:ed:e0:5f:aa:
1d:ec:56:bc:31:32:9a:8d:84:f1:93:8b:7b:0e:68:c9:ca:27:
b9:f2:29:60
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYpQB/kCCLyKoD0WI8nhyqRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjMwOTAxMDkxNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGRhNzM3OTMwODZlNDdhNDVjZTE5Yjk4ODEyMjcxNDgzOTRjZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopz30U3tPIoZTvfp/plYT4fxvPVR
c807IgTaKdsWFnt8PlBiBXjJE2Xo5dxsHsSQAJGWv6rSrOWUis++FmABf6vCvc54
PBJMPAhnLqR9qnoLhA0kGcMuTUiU7As2X+ruzdzeUDw0GIOYmustP5brn6j99w7H
84KwE9mYJBoaX2Ytbq0AKgzjpm7YE9BHHGT4ZqrHQcbozSBNqhNqopfLxo2x8bmG
zo0CfnBBNuXlmITs7yXS1oUtEQR2ctw5+1GAWH6R9qjks3LmAZQ1tw3OXDm2Zuhy
FDHUgAj1MQ+wsQD4X5ttHOJzhRmjTYR/gvpYhIeSnntKQN0GJZssvL6y5QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCDac3kwhuR6Rc4ZuYgSJxSDlM87MB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEvSU5wemVUQ0c1SHBGemhtNWlCSW5GSU9VenpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQDT2JoAwQC
uTTMAwQCuTfkMAwDBAC5xyUDBAC5xyYDBAK55BgDBAC573wDBAC5734DBADCkT8w
DQYJKoZIhvcNAQELBQADggEBAL3hPvcgRS36lRwrRRFwP7oArVfcSLDjXnSQhBRq
2h/ZHLb7o5b9nSudvswfQQpbn87ADZQEppUUdeb0dBD7y4ABq+wbp8BJ5NOIvu86
hkgMnOR6u8Ddfy2BkUO1ScoW6rL1cp+UPeH2EANA0YAQGgQYQxyZ6MCtoCzjozaG
2OAZRW8wCUcj24H8rLKm4QMxmj3gFzZRzFaV/z8QofEx6HnDs3DTNE+OkvxPXp/b
w7WF3hgcjMw1Y+YSZYJDdvQOamRgtFSUn9f+K5xyFE6Kjrdc10f4UzpN2NNA3MPL
VGqO8uN6UCsL7eBfqh3sVrwxMpqNhPGTi3sOaMnKJ7nyKWA=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:36:15 2025 by rpki-client