Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/Cq89IjRoDM6w7bSfZLFKRhBJgH4.roa
File: Cq89IjRoDM6w7bSfZLFKRhBJgH4.roa (raw, json)
Hash identifier: SxIb1Bd2wgkPoBjoOXdyCJsA4X+gMs27a2FIDRFVynA=
Subject key identifier: 0A:AF:3D:22:34:68:0C:CE:B0:ED:B4:9F:64:B1:4A:46:10:49:80:7E
Certificate issuer: /CN=b4a2085c7de3b598216b89fb0f2b1d930de66c19
Certificate serial: 05F596DD
Authority key identifier: B4:A2:08:5C:7D:E3:B5:98:21:6B:89:FB:0F:2B:1D:93:0D:E6:6C:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tKIIXH3jtZgha4n7Dysdkw3mbBk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/Cq89IjRoDM6w7bSfZLFKRhBJgH4.roa
Signing time: Sun 30 Jan 2022 06:38:38 +0000
ROA not before: Sun 30 Jan 2022 06:38:38 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 205059
IP address blocks: 185.129.17.0/24 maxlen: 24
185.129.16.0/24 maxlen: 24
185.231.108.0/24 maxlen: 24
185.231.109.0/24 maxlen: 24
185.231.110.0/24 maxlen: 24
185.231.111.0/24 maxlen: 24
2a0f:aac0::/48 maxlen: 48
2a0f:aac0:3::/48 maxlen: 48
2a0f:aac0:1::/48 maxlen: 48
2a0f:aac0:4::/48 maxlen: 48
2a0f:aac0:2::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 99981021 (0x5f596dd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4a2085c7de3b598216b89fb0f2b1d930de66c19
Validity
Not Before: Jan 30 06:38:38 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0aaf3d2234680cceb0edb49f64b14a461049807e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a2:42:71:30:97:09:2c:ed:d9:4f:08:60:a1:
cf:cb:af:a1:b3:01:98:c5:b9:f7:05:29:58:bd:b7:
2b:05:a6:d7:64:bf:9e:ec:ad:52:70:8d:6f:e7:8b:
9d:58:ba:a4:9a:5c:f6:ae:b0:1a:4c:d2:b2:94:f1:
54:d6:9c:3f:bd:68:a4:dc:bc:f3:72:06:6a:af:6c:
1c:66:42:2f:90:73:fc:1b:97:e7:4e:0f:73:4b:17:
b0:2e:e9:83:8d:99:cb:d5:b7:6b:e9:f9:c2:ad:aa:
f6:ba:4d:a8:8d:55:e9:64:03:23:3a:34:7a:3f:95:
85:5e:ca:19:54:02:65:f7:96:9a:8a:e4:ae:e9:8e:
5c:58:bb:d4:a0:7d:50:f5:bd:c2:f0:2e:c9:81:eb:
ef:80:fd:0a:7c:3d:10:dc:3c:9c:75:9c:07:fe:44:
f9:b8:12:f0:86:6d:ca:14:49:21:27:c0:1c:3f:f7:
61:8f:2b:3c:3e:f1:f6:57:80:54:25:e4:55:b3:55:
e1:f5:44:e9:94:d0:31:34:90:fb:77:95:81:4a:5f:
98:94:de:fd:18:da:0b:aa:39:e7:d3:f5:a0:4d:b5:
55:be:30:1b:59:e6:69:be:c5:cb:de:fc:cc:a6:82:
f1:75:2c:37:13:13:21:78:46:2a:55:ee:dd:ea:49:
2b:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:AF:3D:22:34:68:0C:CE:B0:ED:B4:9F:64:B1:4A:46:10:49:80:7E
X509v3 Authority Key Identifier:
keyid:B4:A2:08:5C:7D:E3:B5:98:21:6B:89:FB:0F:2B:1D:93:0D:E6:6C:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tKIIXH3jtZgha4n7Dysdkw3mbBk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/Cq89IjRoDM6w7bSfZLFKRhBJgH4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/tKIIXH3jtZgha4n7Dysdkw3mbBk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.129.16.0/23
185.231.108.0/22
IPv6:
2a0f:aac0::-2a0f:aac0:4:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
39:90:44:be:d2:8f:22:d0:f9:29:0f:d6:f5:b4:8c:16:df:28:
60:32:55:a0:a1:8a:d6:9e:70:63:12:f6:5f:d3:89:61:e1:3d:
25:35:73:ce:0d:c8:99:61:17:80:93:34:b8:26:e8:bb:cb:05:
09:09:8f:a9:a1:e2:21:c0:6e:96:cf:70:ee:d0:a9:1c:5d:56:
06:6f:cc:40:84:29:af:61:88:79:a1:bf:b5:53:6f:eb:f5:0f:
f3:57:d6:fc:bc:4c:ac:1a:ff:94:e4:f2:4f:05:8e:b6:c0:af:
43:bd:82:2a:0b:32:b5:d5:bd:eb:2d:7d:63:ee:58:87:44:25:
94:cb:c1:e7:8b:27:f5:02:17:c3:28:f2:c9:14:14:51:dd:be:
ef:ff:bd:df:b9:10:5e:e7:31:ba:a3:f5:81:36:9c:06:b1:5a:
c8:85:ef:25:e2:b9:e2:83:bf:0c:d8:6e:4e:55:bb:82:01:6b:
26:c1:5a:24:5d:ee:b8:f4:08:ab:e5:4d:78:46:f1:74:96:49:
34:44:c5:44:92:10:20:f0:18:67:80:c5:eb:70:f7:49:e1:b8:
f3:90:f2:d2:8b:7b:7a:eb:1f:c3:b5:e7:6c:64:57:73:b9:19:
77:a4:35:18:84:b0:c8:92:0c:9a:e1:96:8b:8b:13:97:b8:64:
58:cf:fb:27
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEBfWW3TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGEyMDg1YzdkZTNiNTk4MjE2Yjg5ZmIwZjJiMWQ5MzBkZTY2YzE5MB4XDTIyMDEz
MDA2MzgzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGFhZjNkMjIzNDY4
MGNjZWIwZWRiNDlmNjRiMTRhNDYxMDQ5ODA3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGiQnEwlwks7dlPCGChz8uvobMBmMW59wUpWL23KwWm12S/
nuytUnCNb+eLnVi6pJpc9q6wGkzSspTxVNacP71opNy883IGaq9sHGZCL5Bz/BuX
504Pc0sXsC7pg42Zy9W3a+n5wq2q9rpNqI1V6WQDIzo0ej+VhV7KGVQCZfeWmork
rumOXFi71KB9UPW9wvAuyYHr74D9Cnw9ENw8nHWcB/5E+bgS8IZtyhRJISfAHD/3
YY8rPD7x9leAVCXkVbNV4fVE6ZTQMTSQ+3eVgUpfmJTe/RjaC6o559P1oE21Vb4w
G1nmab7Fy978zKaC8XUsNxMTIXhGKlXu3epJK9sCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBQKrz0iNGgMzrDttJ9ksUpGEEmAfjAfBgNVHSMEGDAWgBS0oghcfeO1mCFr
ifsPKx2TDeZsGTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RLSUlYSDNqdFpnaGE0bjdEeXNka3czbWJCay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvZDY1MTNkLTJkNTMtNDAyMi04MzYwLTMxMTc5ODk2MDFhZC8x
L0NxODlJalJvRE02dzdiU2ZaTEZLUmhCSmdINC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
ZDY1MTNkLTJkNTMtNDAyMi04MzYwLTMxMTc5ODk2MDFhZC8xL3RLSUlYSDNqdFpn
aGE0bjdEeXNka3czbWJCay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wEgQCAAEwDAMEAbmBEAMEArnnbDAYBAIAAjASMBAD
BQYqD6rAAwcAKg+qwAAEMA0GCSqGSIb3DQEBCwUAA4IBAQA5kES+0o8i0PkpD9b1
tIwW3yhgMlWgoYrWnnBjEvZf04lh4T0lNXPODciZYReAkzS4Jui7ywUJCY+poeIh
wG6Wz3Du0KkcXVYGb8xAhCmvYYh5ob+1U2/r9Q/zV9b8vEysGv+U5PJPBY62wK9D
vYIqCzK11b3rLX1j7liHRCWUy8Hniyf1AhfDKPLJFBRR3b7v/73fuRBe5zG6o/WB
NpwGsVrIhe8l4rnig78M2G5OVbuCAWsmwVokXe649Air5U14RvF0lkk0RMVEkhAg
8BhngMXrcPdJ4bjzkPLSi3t66x/DtedsZFdzuRl3pDUYhLDIkgya4ZaLixOXuGRY
z/sn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:53 2024 by rpki-client on console-ams.rpki-client.org