Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/yxzz6me-PjExMxzQAbSVsRcXlbs.roa
File: yxzz6me-PjExMxzQAbSVsRcXlbs.roa (raw, json)
Hash identifier: PCDR5S6xf0KALVaGkYFAY/BosPaxp7i1nV4Qcpw1QIU=
Subject key identifier: CB:1C:F3:EA:67:BE:3E:31:31:33:1C:D0:01:B4:95:B1:17:17:95:BB
Certificate issuer: /CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Certificate serial: 018598B332F9B8AF3A144265A1211D04126C
Authority key identifier: FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/yxzz6me-PjExMxzQAbSVsRcXlbs.roa
Signing time: Mon 09 Jan 2023 22:42:38 +0000
ROA not before: Mon 09 Jan 2023 22:42:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50272
IP address blocks: 185.41.64.0/22 maxlen: 24
62.24.32.0/19 maxlen: 19
185.155.140.0/22 maxlen: 24
185.155.140.0/24 maxlen: 24
185.155.143.0/24 maxlen: 24
185.155.142.0/24 maxlen: 24
185.155.141.0/24 maxlen: 24
2a03:1400::/32 maxlen: 32
2a07:33c0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:98:b3:32:f9:b8:af:3a:14:42:65:a1:21:1d:04:12:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Validity
Not Before: Jan 9 22:42:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cb1cf3ea67be3e3131331cd001b495b1171795bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:96:60:d3:26:87:82:65:a4:84:03:78:2b:04:
36:22:b2:d5:47:99:62:4a:e8:d2:3f:55:38:d9:de:
7f:ad:93:66:c9:3f:59:ea:8a:21:3e:dc:c6:6a:e9:
de:8e:d4:04:50:54:93:ca:9a:e7:2b:75:63:59:11:
d2:4e:96:30:4c:2f:16:73:47:9e:ac:9a:90:e5:dc:
b9:b0:7a:15:a1:85:4f:89:e5:64:ce:69:5d:ec:b2:
63:bb:4a:d5:4f:f2:87:78:a9:cf:52:f8:5d:67:92:
4e:69:53:c6:ff:ff:93:5d:47:79:f1:e7:e6:09:9c:
10:83:77:86:6e:7b:50:d0:19:2c:c0:c9:1f:44:ae:
d0:f3:95:9e:de:08:2e:b4:e1:8a:58:de:67:7a:59:
94:67:ad:d8:f9:88:cb:07:33:eb:92:55:9c:8b:07:
f7:77:27:d0:6c:3e:17:7f:0f:7f:b5:bd:94:a9:85:
ce:f6:c6:8d:9b:8c:64:f1:bf:cd:29:9d:71:58:78:
14:39:5c:c6:a5:7a:5d:ba:a6:0c:90:70:76:27:ed:
00:f5:3b:fb:93:3c:a0:90:13:ac:0c:8e:58:02:9b:
7e:45:d8:84:5d:b6:16:28:2d:ae:cc:96:50:93:c5:
6e:14:f3:33:94:58:d9:d6:bb:2a:0d:d8:5f:af:b6:
5b:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:1C:F3:EA:67:BE:3E:31:31:33:1C:D0:01:B4:95:B1:17:17:95:BB
X509v3 Authority Key Identifier:
keyid:FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/yxzz6me-PjExMxzQAbSVsRcXlbs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.24.32.0/19
185.41.64.0/22
185.155.140.0/22
IPv6:
2a03:1400::/32
2a07:33c0::/29
Signature Algorithm: sha256WithRSAEncryption
4b:e9:d9:9f:c2:bf:75:81:7c:70:10:73:5f:2c:6d:63:74:cc:
f2:ab:be:a7:8d:ff:1c:e9:56:55:a4:57:20:ec:28:3b:81:8a:
e3:f8:28:20:85:cc:7c:b0:c7:f2:21:b7:cc:b9:6a:a0:58:a5:
17:30:a0:33:d9:82:1e:ef:c6:3b:cb:b4:bd:64:2e:ac:04:2f:
77:12:47:a1:da:7a:ff:9e:b9:1d:d9:1d:97:ec:6f:4e:f4:1c:
8e:f3:49:d0:8a:5c:bb:6a:6d:b4:27:70:35:30:7a:f9:b8:08:
0c:2d:8e:67:0a:40:07:0a:4e:66:59:a2:7f:f4:8b:a1:4e:1d:
5a:0c:57:76:26:3c:e3:8b:5c:09:63:8a:fc:cc:25:2b:e9:5b:
35:5e:1a:59:a9:4a:21:da:85:b0:f0:b8:e9:00:51:0b:ef:67:
a7:48:d4:1c:da:86:f2:61:51:a3:4b:dd:4a:d1:7d:0c:2f:7b:
a8:50:3b:4b:e5:ee:23:3a:70:b0:53:cf:cd:7f:0e:61:4a:7a:
ec:b4:56:68:fb:a8:9c:ff:47:fa:1b:51:61:ce:8f:5c:ea:e7:
52:2e:44:14:22:aa:3e:ec:2e:fb:17:67:19:b7:d7:02:65:c0:
fc:23:92:b4:44:a7:27:b8:3b:44:12:95:b5:75:fb:a5:e1:91:
34:2f:7d:ef
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYWYszL5uK86FEJloSEdBBJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTk4YjFkMGVjY2NjNGY2ZmYxYTdlN2RiODRiNGJiMmY1
NWIwOGQwHhcNMjMwMTA5MjI0MjM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjFjZjNlYTY3YmUzZTMxMzEzMzFjZDAwMWI0OTViMTE3MTc5NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppZg0yaHgmWkhAN4KwQ2IrLVR5li
SujSP1U42d5/rZNmyT9Z6oohPtzGaunejtQEUFSTyprnK3VjWRHSTpYwTC8Wc0ee
rJqQ5dy5sHoVoYVPieVkzmld7LJju0rVT/KHeKnPUvhdZ5JOaVPG//+TXUd58efm
CZwQg3eGbntQ0BkswMkfRK7Q85We3ggutOGKWN5nelmUZ63Y+YjLBzPrklWciwf3
dyfQbD4Xfw9/tb2UqYXO9saNm4xk8b/NKZ1xWHgUOVzGpXpduqYMkHB2J+0A9Tv7
kzygkBOsDI5YApt+RdiEXbYWKC2uzJZQk8VuFPMzlFjZ1rsqDdhfr7ZbzwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFMsc8+pnvj4xMTMc0AG0lbEXF5W7MB8GA1UdIwQY
MBaAFPypix0OzMxPb/Gn59uEtLsvVbCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzIt
NThmMGYzMjVjMmI4LzEveXh6ejZtZS1QakV4TXh6UUFiU1ZzUmNYbGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzItNThmMGYzMjVjMmI4
LzEvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQFPhggAwQC
uSlAAwQCuZuMMBQEAgACMA4DBQAqAxQAAwUDKgczwDANBgkqhkiG9w0BAQsFAAOC
AQEAS+nZn8K/dYF8cBBzXyxtY3TM8qu+p43/HOlWVaRXIOwoO4GK4/goIIXMfLDH
8iG3zLlqoFilFzCgM9mCHu/GO8u0vWQurAQvdxJHodp6/565Hdkdl+xvTvQcjvNJ
0Ipcu2pttCdwNTB6+bgIDC2OZwpABwpOZlmif/SLoU4dWgxXdiY844tcCWOK/Mwl
K+lbNV4aWalKIdqFsPC46QBRC+9np0jUHNqG8mFRo0vdStF9DC97qFA7S+XuIzpw
sFPPzX8OYUp67LRWaPuonP9H+htRYc6PXOrnUi5EFCKqPuwu+xdnGbfXAmXA/COS
tESnJ7g7RBKVtXX7peGRNC997w==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:39:04 2025 by rpki-client