Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/Z3PjwPQ-0mhhQ_z1YnNmDo8Uao4.roa
File: Z3PjwPQ-0mhhQ_z1YnNmDo8Uao4.roa (raw, json)
Hash identifier: nnR9i09JNDzdUo1ANwHfsv6oB/RhOXLUPMmHeLHorPM=
Subject key identifier: 67:73:E3:C0:F4:3E:D2:68:61:43:FC:F5:62:73:66:0E:8F:14:6A:8E
Certificate issuer: /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial: 0184F51626ABCB3EFB99174CDD7139645DAA
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/Z3PjwPQ-0mhhQ_z1YnNmDo8Uao4.roa
Signing time: Fri 09 Dec 2022 04:13:00 +0000
ROA not before: Fri 09 Dec 2022 04:13:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 996
IP address blocks: 92.240.201.0/24 maxlen: 24
92.240.205.0/24 maxlen: 24
92.240.214.0/24 maxlen: 24
92.240.216.0/24 maxlen: 24
89.185.86.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:f5:16:26:ab:cb:3e:fb:99:17:4c:dd:71:39:64:5d:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Validity
Not Before: Dec 9 04:13:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6773e3c0f43ed2686143fcf56273660e8f146a8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:3a:e6:b3:94:f5:d9:aa:51:92:b5:b3:db:4d:
49:0a:37:a1:76:ec:d2:4c:94:18:91:39:af:60:66:
b4:bb:fb:e8:35:98:b3:20:a9:09:90:29:03:d8:b7:
75:e5:92:2b:c8:52:5f:6e:43:75:f4:aa:5d:53:9b:
93:b0:98:7a:11:90:37:60:bd:97:f4:b9:88:2d:47:
7c:30:4d:0c:b5:d8:8e:5d:09:64:78:e2:1a:bd:1a:
f5:56:0e:31:78:fb:46:11:0a:89:18:44:ab:a6:4d:
10:7c:27:d0:17:0f:c8:c2:b2:50:22:e5:c5:61:b0:
f5:fa:a5:be:68:49:29:4a:86:8f:03:fe:48:5a:e2:
5b:80:71:a0:c2:e7:ae:e2:00:86:f2:be:84:5a:77:
47:93:dc:40:54:46:9e:a6:0a:1e:38:13:cf:c0:01:
d8:6e:b7:3d:5e:6d:69:56:fd:fa:c1:54:b0:5e:19:
14:b5:95:60:16:94:3d:af:8d:1b:01:c8:d3:fa:db:
a5:18:6b:93:cd:2c:fb:fa:99:b4:a3:7a:8b:d5:37:
3e:6e:e5:f0:5d:84:a6:62:21:b4:17:e7:dd:8f:06:
84:f6:31:37:c2:00:1a:b7:52:5f:40:ac:d6:46:80:
f1:9b:42:21:7c:92:4d:c6:08:d9:c4:d5:32:1e:dc:
7c:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:73:E3:C0:F4:3E:D2:68:61:43:FC:F5:62:73:66:0E:8F:14:6A:8E
X509v3 Authority Key Identifier:
keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/Z3PjwPQ-0mhhQ_z1YnNmDo8Uao4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.185.86.0/23
92.240.201.0/24
92.240.205.0/24
92.240.214.0/24
92.240.216.0/24
Signature Algorithm: sha256WithRSAEncryption
76:89:c5:31:b8:bb:98:f0:21:ca:d2:61:8a:b9:c3:6e:cf:bb:
36:9b:44:e5:ae:25:5f:3a:cf:e7:96:e5:23:86:c8:07:cd:91:
56:db:bf:b9:1d:97:6a:4d:6a:a2:dc:b8:2f:f1:6c:e1:2d:fb:
e1:6d:a2:c1:7c:08:1a:ad:85:a7:17:24:b6:fa:e8:56:cc:01:
f3:b2:a6:bd:4b:a9:68:01:bd:a4:b2:1e:2e:b3:bd:d3:c4:3e:
be:16:4a:b1:74:e0:07:eb:51:96:e0:ed:8a:5d:bc:8b:e0:54:
ae:56:51:37:b2:2c:a7:04:7d:3c:58:8f:65:cb:bc:93:b9:d6:
38:0d:b4:d5:e5:5c:66:bb:ba:91:8b:22:a7:8b:f8:37:e5:62:
d2:55:68:f5:b1:bc:52:40:6b:70:39:58:5a:74:41:e8:02:39:
12:fd:13:65:64:b3:f3:4a:68:12:42:cd:6a:d3:c5:2c:e1:0f:
8d:51:a7:5f:eb:62:44:81:c4:a1:55:8a:09:ce:25:ee:c6:f3:
a9:54:f0:60:db:53:fa:29:35:b9:ad:e3:61:e0:c9:99:6d:c3:
1c:fc:2f:aa:26:5f:fd:4f:7a:77:e7:c7:60:6e:3a:4b:bb:a7:
da:44:fa:10:a7:b9:51:9a:5c:6a:80:8e:fc:0e:6a:1c:3e:fb:
2a:2c:a3:5a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYT1Fiaryz77mRdM3XE5ZF2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjIxMjA5MDQxMzAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzczZTNjMGY0M2VkMjY4NjE0M2ZjZjU2MjczNjYwZThmMTQ2YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzrms5T12apRkrWz201JCjehduzS
TJQYkTmvYGa0u/voNZizIKkJkCkD2Ld15ZIryFJfbkN19KpdU5uTsJh6EZA3YL2X
9LmILUd8ME0MtdiOXQlkeOIavRr1Vg4xePtGEQqJGESrpk0QfCfQFw/IwrJQIuXF
YbD1+qW+aEkpSoaPA/5IWuJbgHGgwueu4gCG8r6EWndHk9xAVEaepgoeOBPPwAHY
brc9Xm1pVv36wVSwXhkUtZVgFpQ9r40bAcjT+tulGGuTzSz7+pm0o3qL1Tc+buXw
XYSmYiG0F+fdjwaE9jE3wgAat1JfQKzWRoDxm0IhfJJNxgjZxNUyHtx8AwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGdz48D0PtJoYUP89WJzZg6PFGqOMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvWjNQandQUS0wbWhoUV96MVluTm1EbzhVYW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBWblWAwQA
XPDJAwQAXPDNAwQAXPDWAwQAXPDYMA0GCSqGSIb3DQEBCwUAA4IBAQB2icUxuLuY
8CHK0mGKucNuz7s2m0TlriVfOs/nluUjhsgHzZFW27+5HZdqTWqi3Lgv8WzhLfvh
baLBfAgarYWnFyS2+uhWzAHzsqa9S6loAb2ksh4us73TxD6+FkqxdOAH61GW4O2K
XbyL4FSuVlE3siynBH08WI9ly7yTudY4DbTV5Vxmu7qRiyKni/g35WLSVWj1sbxS
QGtwOVhadEHoAjkS/RNlZLPzSmgSQs1q08Us4Q+NUadf62JEgcShVYoJziXuxvOp
VPBg21P6KTW5reNh4MmZbcMc/C+qJl/9T3p358dgbjpLu6faRPoQp7lRmlxqgI78
DmocPvsqLKNa
-----END CERTIFICATE-----
Generated at Sun Apr 20 05:02:57 2025 by rpki-client