Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/soCsw6eXPNJNVGE0JJNDmM8QXD0.roa
File: soCsw6eXPNJNVGE0JJNDmM8QXD0.roa (raw, json)
Hash identifier: DG/2xoDHH5p3qp2maqvdjlBMO544rTScNRNKi86YBms=
Subject key identifier: B2:80:AC:C3:A7:97:3C:D2:4D:54:61:34:24:93:43:98:CF:10:5C:3D
Certificate issuer: /CN=afcc1d30edeeab54b5812a990a943e3e8fe8391d
Certificate serial: 01856D4AB178564B7398368D4DB77046BE8C
Authority key identifier: AF:CC:1D:30:ED:EE:AB:54:B5:81:2A:99:0A:94:3E:3E:8F:E8:39:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/soCsw6eXPNJNVGE0JJNDmM8QXD0.roa
Signing time: Sun 01 Jan 2023 12:24:49 +0000
ROA not before: Sun 01 Jan 2023 12:24:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199298
IP address blocks: 185.21.220.0/22 maxlen: 22
2a00:5c20::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:b1:78:56:4b:73:98:36:8d:4d:b7:70:46:be:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=afcc1d30edeeab54b5812a990a943e3e8fe8391d
Validity
Not Before: Jan 1 12:24:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b280acc3a7973cd24d54613424934398cf105c3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:cf:50:0a:d1:1d:3d:41:aa:0c:18:d9:45:f7:
90:b4:24:b3:cb:d8:13:be:58:47:b2:e9:7d:91:01:
89:47:a6:92:9e:85:cd:8d:1a:a8:f0:7d:33:ee:49:
05:45:b0:ff:0f:9d:c6:3e:36:50:0e:5b:1e:1c:78:
36:29:1e:61:80:18:27:41:dd:22:4f:a2:c5:f7:f2:
3b:29:0d:f9:51:7b:30:38:da:e9:3e:df:24:64:ff:
e0:7e:e3:6a:65:c7:bf:7a:94:2c:0e:64:ac:e3:89:
c3:f2:4b:ac:ae:2f:3a:97:7d:dd:8f:0b:9c:48:da:
54:84:2f:f7:8a:5e:bd:ca:40:77:65:bd:d3:a2:55:
98:7d:8f:37:ed:8d:ec:e9:db:30:9e:c4:6b:21:2e:
dc:fd:fd:95:7c:26:f9:25:5c:3a:e8:3d:72:5d:19:
c5:da:54:ee:ff:39:4b:b6:22:4e:ba:a3:8e:6e:9c:
b8:55:dc:47:65:64:0f:b6:df:8a:6d:48:72:eb:59:
eb:89:f8:1e:17:16:59:95:17:26:54:c2:30:5b:92:
c3:b9:dc:25:76:4c:ff:84:29:b6:bb:61:67:38:5b:
86:63:76:92:f0:3c:3b:ba:5c:c1:f2:80:86:0b:b7:
8e:d9:e0:df:41:43:7e:4d:5c:c6:2f:08:86:1b:af:
0e:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:80:AC:C3:A7:97:3C:D2:4D:54:61:34:24:93:43:98:CF:10:5C:3D
X509v3 Authority Key Identifier:
keyid:AF:CC:1D:30:ED:EE:AB:54:B5:81:2A:99:0A:94:3E:3E:8F:E8:39:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/soCsw6eXPNJNVGE0JJNDmM8QXD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.21.220.0/22
IPv6:
2a00:5c20::/32
Signature Algorithm: sha256WithRSAEncryption
bf:06:49:a6:84:cf:22:1b:87:29:24:bb:ea:77:60:bc:61:2f:
0e:02:db:aa:3c:b9:67:32:27:c5:21:7f:ad:f7:bc:48:76:d1:
c4:48:9e:58:4f:68:1c:9f:4e:f2:c3:2b:7a:7b:39:1c:11:d6:
05:0f:8f:60:76:35:8c:32:76:6b:31:86:a1:db:61:1b:f5:29:
46:27:29:fe:49:a6:53:06:82:51:68:d0:51:35:ba:78:78:4d:
37:15:97:f0:07:48:b6:43:da:95:54:16:68:f8:b9:55:6f:fc:
8e:60:6c:8e:21:e7:6d:cb:51:ed:ef:de:28:18:ac:52:3d:e4:
f2:2f:98:5c:28:72:7b:87:c1:51:37:d1:45:5f:ce:03:a6:a8:
e6:a5:9f:4a:16:86:b0:24:c1:bd:90:39:79:32:2e:f7:26:cf:
fb:d5:1d:0a:9e:1c:a8:ad:52:e3:bf:1d:94:70:0b:eb:ef:a0:
27:37:59:64:de:e8:88:bb:0b:a6:7c:ab:e2:18:51:26:45:f0:
51:2d:ea:37:25:37:33:ba:73:52:53:c8:81:67:da:01:de:d0:
fd:a4:4d:aa:47:4d:11:39:fa:23:aa:b5:90:89:7d:5a:37:3e:
98:3c:99:ac:9c:4b:1c:73:1a:4a:8f:ab:c4:8a:dd:85:35:5b:
a2:ba:e8:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtSrF4VktzmDaNTbdwRr6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmY2MxZDMwZWRlZWFiNTRiNTgxMmE5OTBhOTQzZTNlOGZl
ODM5MWQwHhcNMjMwMTAxMTIyNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjgwYWNjM2E3OTczY2QyNGQ1NDYxMzQyNDkzNDM5OGNmMTA1YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgM9QCtEdPUGqDBjZRfeQtCSzy9gT
vlhHsul9kQGJR6aSnoXNjRqo8H0z7kkFRbD/D53GPjZQDlseHHg2KR5hgBgnQd0i
T6LF9/I7KQ35UXswONrpPt8kZP/gfuNqZce/epQsDmSs44nD8kusri86l33djwuc
SNpUhC/3il69ykB3Zb3TolWYfY837Y3s6dswnsRrIS7c/f2VfCb5JVw66D1yXRnF
2lTu/zlLtiJOuqOObpy4VdxHZWQPtt+KbUhy61nrifgeFxZZlRcmVMIwW5LDudwl
dkz/hCm2u2FnOFuGY3aS8Dw7ulzB8oCGC7eO2eDfQUN+TVzGLwiGG68OnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLKArMOnlzzSTVRhNCSTQ5jPEFw9MB8GA1UdIwQY
MBaAFK/MHTDt7qtUtYEqmQqUPj6P6DkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjh3ZE1PM3VxMVMxZ1NxWkNwUS1Qb19vT1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wMjE3YzItNzM1NC00MDYxLTllZjct
YTIyMGZlNmEyYTI1LzEvc29Dc3c2ZVhQTkpOVkdFMEpKTkRtTThRWEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wMjE3YzItNzM1NC00MDYxLTllZjctYTIyMGZlNmEyYTI1
LzEvcjh3ZE1PM3VxMVMxZ1NxWkNwUS1Qb19vT1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRXcMA0E
AgACMAcDBQAqAFwgMA0GCSqGSIb3DQEBCwUAA4IBAQC/BkmmhM8iG4cpJLvqd2C8
YS8OAtuqPLlnMifFIX+t97xIdtHESJ5YT2gcn07ywyt6ezkcEdYFD49gdjWMMnZr
MYah22Eb9SlGJyn+SaZTBoJRaNBRNbp4eE03FZfwB0i2Q9qVVBZo+LlVb/yOYGyO
Iedty1Ht794oGKxSPeTyL5hcKHJ7h8FRN9FFX84DpqjmpZ9KFoawJMG9kDl5Mi73
Js/71R0KnhyorVLjvx2UcAvr76AnN1lk3uiIuwumfKviGFEmRfBRLeo3JTczunNS
U8iBZ9oB3tD9pE2qR00ROfojqrWQiX1aNz6YPJmsnEsccxpKj6vEit2FNVuiuuiP
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:11:42 2025 by rpki-client