Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/QPN-bh9gqH14eyjcWrZe73Kdtpg.roa
File: QPN-bh9gqH14eyjcWrZe73Kdtpg.roa (raw, json)
Hash identifier: j5xl2ohOX9QqmLKGzTafDWQ3IVeyGME0Dkyf0c0F3pA=
Subject key identifier: 40:F3:7E:6E:1F:60:A8:7D:78:7B:28:DC:5A:B6:5E:EF:72:9D:B6:98
Certificate issuer: /CN=677b43f538f0ae720e527b2a6c0b8a876d96c947
Certificate serial: 01856FCB9F579C0E69F2701126B568B26E76
Authority key identifier: 67:7B:43:F5:38:F0:AE:72:0E:52:7B:2A:6C:0B:8A:87:6D:96:C9:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/QPN-bh9gqH14eyjcWrZe73Kdtpg.roa
Signing time: Mon 02 Jan 2023 00:04:53 +0000
ROA not before: Mon 02 Jan 2023 00:04:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62113
IP address blocks: 185.38.172.0/23 maxlen: 24
185.38.174.0/24 maxlen: 24
2a01:4260::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:cb:9f:57:9c:0e:69:f2:70:11:26:b5:68:b2:6e:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=677b43f538f0ae720e527b2a6c0b8a876d96c947
Validity
Not Before: Jan 2 00:04:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40f37e6e1f60a87d787b28dc5ab65eef729db698
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:8e:5f:01:01:c1:72:c8:ce:fd:24:18:b9:90:
84:78:20:27:00:57:54:9c:da:0c:3a:00:1c:4d:86:
dd:75:ab:90:e9:10:25:e2:73:a4:c4:c8:10:ba:c1:
53:a9:16:13:4a:63:6f:9e:e0:c7:39:3f:4c:33:a1:
1f:c2:7c:0a:3f:8e:ce:13:4b:7d:6d:b9:0a:5d:d1:
a5:4b:cf:af:c1:83:8e:20:a8:39:7b:de:04:e1:d0:
cd:f6:75:aa:f0:2d:c1:9e:10:b2:fb:f6:61:30:49:
39:a1:ea:36:68:f5:b9:ee:6d:e6:b7:21:2b:41:28:
4e:ec:3a:3e:1f:db:f9:80:db:79:57:a3:ba:69:12:
c2:f1:18:56:0d:ce:e4:da:39:48:79:f2:9f:06:16:
26:06:db:16:ef:61:cf:f7:b6:75:39:51:f0:18:7c:
b8:e8:ab:db:fd:39:9b:b0:c8:99:a2:89:7e:18:16:
49:5c:9e:ec:be:05:b9:be:f3:d9:ac:cf:97:6b:da:
4b:63:6b:67:88:4a:53:83:e8:c1:c4:11:90:0a:d1:
e5:16:87:2d:fb:f6:dc:67:69:13:e9:43:a9:5f:eb:
59:34:e1:25:41:d4:26:50:ad:c5:f3:fa:77:7e:9c:
85:16:d5:7d:03:70:55:39:f2:f8:8c:4e:19:c6:d7:
e5:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:F3:7E:6E:1F:60:A8:7D:78:7B:28:DC:5A:B6:5E:EF:72:9D:B6:98
X509v3 Authority Key Identifier:
keyid:67:7B:43:F5:38:F0:AE:72:0E:52:7B:2A:6C:0B:8A:87:6D:96:C9:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/QPN-bh9gqH14eyjcWrZe73Kdtpg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.38.172.0-185.38.174.255
IPv6:
2a01:4260::/29
Signature Algorithm: sha256WithRSAEncryption
07:ee:52:1e:cf:35:ba:82:5c:43:3a:1e:ff:45:d5:08:6b:8b:
2d:d0:c1:e7:44:90:41:45:30:28:0f:bd:a9:a9:3f:c2:88:e5:
9a:fb:9a:1e:6b:20:4f:90:be:78:27:c7:f2:35:0d:de:8d:a4:
c4:6a:74:d2:dc:14:d5:dc:f3:58:b5:cc:6b:97:7f:3f:7d:de:
5c:bf:3d:63:de:e9:ce:69:ee:98:68:b9:dd:ae:d4:5e:37:81:
3a:43:6e:3b:51:55:d2:0b:c2:9a:23:ce:7b:37:e4:bb:75:4f:
dc:a9:05:ae:e5:93:a3:28:41:72:8c:03:b3:89:55:7f:8d:19:
2e:14:af:cb:ea:2c:e7:7e:a6:47:25:6c:e3:e0:e3:44:b0:ca:
cf:77:72:57:ac:54:7e:63:0b:1c:cd:ac:65:99:2c:72:85:0b:
08:70:3e:7c:e8:88:cc:c1:b0:11:a4:41:a4:ea:80:f9:9d:ba:
4a:70:58:b7:cb:37:be:96:d0:7a:b7:a5:b7:b2:a2:b6:b2:32:
f5:f0:63:10:35:e6:65:a8:e9:72:e4:20:e6:71:e5:97:d8:a1:
9b:4f:e4:1a:96:67:f6:67:c5:0d:05:d1:ce:12:b9:97:2e:15:
f0:8c:79:56:2a:e4:8c:10:86:1f:da:2d:9b:d5:cb:f5:86:4c:
ab:2a:bb:c4
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVvy59XnA5p8nARJrVosm52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3N2I0M2Y1MzhmMGFlNzIwZTUyN2IyYTZjMGI4YTg3NmQ5
NmM5NDcwHhcNMjMwMTAyMDAwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGYzN2U2ZTFmNjBhODdkNzg3YjI4ZGM1YWI2NWVlZjcyOWRiNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY5fAQHBcsjO/SQYuZCEeCAnAFdU
nNoMOgAcTYbddauQ6RAl4nOkxMgQusFTqRYTSmNvnuDHOT9MM6EfwnwKP47OE0t9
bbkKXdGlS8+vwYOOIKg5e94E4dDN9nWq8C3BnhCy+/ZhMEk5oeo2aPW57m3mtyEr
QShO7Do+H9v5gNt5V6O6aRLC8RhWDc7k2jlIefKfBhYmBtsW72HP97Z1OVHwGHy4
6Kvb/TmbsMiZool+GBZJXJ7svgW5vvPZrM+Xa9pLY2tniEpTg+jBxBGQCtHlFoct
+/bcZ2kT6UOpX+tZNOElQdQmUK3F8/p3fpyFFtV9A3BVOfL4jE4ZxtfllQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEDzfm4fYKh9eHso3Fq2Xu9ynbaYMB8GA1UdIwQY
MBaAFGd7Q/U48K5yDlJ7KmwLiodtlslHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjN0RDlUandybklPVW5zcWJBdUtoMjJXeVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YTZlZWUtYTA5YS00NGUxLTg4ZGIt
Mjg3ODIwM2EwMDlkLzEvUVBOLWJoOWdxSDE0ZXlqY1dyWmU3M0tkdHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YTZlZWUtYTA5YS00NGUxLTg4ZGItMjg3ODIwM2EwMDlk
LzEvWjN0RDlUandybklPVW5zcWJBdUtoMjJXeVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5JqwD
BAC5Jq4wDQQCAAIwBwMFAyoBQmAwDQYJKoZIhvcNAQELBQADggEBAAfuUh7PNbqC
XEM6Hv9F1Qhriy3QwedEkEFFMCgPvampP8KI5Zr7mh5rIE+Qvngnx/I1Dd6NpMRq
dNLcFNXc81i1zGuXfz993ly/PWPe6c5p7phoud2u1F43gTpDbjtRVdILwpojzns3
5Lt1T9ypBa7lk6MoQXKMA7OJVX+NGS4Ur8vqLOd+pkclbOPg40Swys93clesVH5j
CxzNrGWZLHKFCwhwPnzoiMzBsBGkQaTqgPmdukpwWLfLN76W0Hq3pbeyorayMvXw
YxA15mWo6XLkIOZx5ZfYoZtP5BqWZ/ZnxQ0F0c4SuZcuFfCMeVYq5IwQhh/aLZvV
y/WGTKsqu8Q=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:28:01 2025 by rpki-client