Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/hFJCNOCz8YAb3VCBO96HFNdEL0Y.roa
File: hFJCNOCz8YAb3VCBO96HFNdEL0Y.roa (raw, json)
Hash identifier: PXUTcZBckAquiNgm+IFDQXz7TwTWNplK8XlQkH74dGQ=
Subject key identifier: 84:52:42:34:E0:B3:F1:80:1B:DD:50:81:3B:DE:87:14:D7:44:2F:46
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0187E6F07A87716D4C8D2708BAA54408E3B7
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/hFJCNOCz8YAb3VCBO96HFNdEL0Y.roa
Signing time: Thu 04 May 2023 13:25:32 +0000
ROA not before: Thu 04 May 2023 13:25:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211434
IP address blocks: 192.71.206.0/24 maxlen: 24
194.71.106.0/24 maxlen: 24
194.68.22.0/23 maxlen: 23
193.181.200.0/21 maxlen: 24
194.132.172.0/23 maxlen: 24
192.36.200.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:e6:f0:7a:87:71:6d:4c:8d:27:08:ba:a5:44:08:e3:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: May 4 13:25:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84524234e0b3f1801bdd50813bde8714d7442f46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:69:b3:b4:dd:6b:2c:c7:bf:88:f6:9e:78:e1:
eb:c6:c9:a9:1c:55:89:da:dd:f9:85:ee:b5:e9:d6:
20:f8:b4:16:c8:42:9d:4b:7f:e2:6e:13:94:4e:62:
60:36:8d:97:aa:aa:c5:a6:b5:39:3d:32:b5:ac:b3:
3d:bf:b9:fc:1a:f8:97:83:bd:aa:84:d3:68:07:80:
75:2b:d8:c7:3b:ab:10:83:d8:50:83:93:10:23:84:
29:5c:2e:58:b7:bb:19:98:cf:e1:cf:d3:09:cd:74:
97:62:1c:6f:cf:02:13:60:b3:19:b0:d0:71:5c:d3:
7e:2e:02:c4:a8:da:dd:0b:cf:28:fc:3e:a9:2c:cc:
87:1f:a2:d7:c8:20:bd:bf:0a:27:58:ad:21:00:f0:
fd:8f:7a:52:f3:d9:1c:2b:89:11:7f:ce:5f:21:2d:
4f:c3:da:a4:ad:ad:a4:b1:31:77:29:99:21:03:5b:
72:65:83:ea:5e:e2:c1:0f:cd:13:0f:2e:dd:ae:1f:
2a:7b:26:7e:0c:26:f9:36:e8:19:3f:37:2c:6b:e3:
e6:bd:20:12:0b:d1:1a:81:c1:60:16:e3:ee:26:2b:
61:9e:8d:25:f6:67:c9:ef:72:1a:c0:b8:a9:03:13:
53:b7:b1:cf:11:e2:6f:bc:38:3b:8e:6c:5e:b0:2f:
d8:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:52:42:34:E0:B3:F1:80:1B:DD:50:81:3B:DE:87:14:D7:44:2F:46
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/hFJCNOCz8YAb3VCBO96HFNdEL0Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.200.0/24
192.71.206.0/24
193.181.200.0/21
194.68.22.0/23
194.71.106.0/24
194.132.172.0/23
Signature Algorithm: sha256WithRSAEncryption
c8:a1:4f:a5:44:39:14:ee:8c:4a:89:09:a3:e5:25:1a:d0:85:
34:11:ef:09:f0:fa:e9:35:b7:25:74:a4:df:a1:0a:ad:3f:66:
97:f5:f2:ca:f5:c7:a3:bb:9a:17:16:b4:1b:ae:7a:cb:1e:61:
24:71:8b:5e:7a:db:8c:e9:4c:02:1b:c1:a5:72:2a:9c:2f:4a:
1a:c1:77:f6:44:46:d9:11:75:40:de:54:d8:17:32:dd:b8:e6:
64:e0:75:77:0f:96:58:c7:1b:35:10:41:87:6e:c7:68:7e:f2:
07:e6:08:19:00:79:35:0f:e2:9d:9f:9d:29:54:99:61:4f:70:
1a:4a:3c:78:e8:a8:17:4f:15:76:f7:d5:68:ed:46:c1:10:29:
a6:01:a7:4d:d2:51:6f:f2:7c:46:fd:74:1f:18:cd:e9:ed:be:
ba:a6:81:e1:99:15:00:c2:a2:12:a5:6e:e7:68:c7:4a:db:d9:
92:68:51:30:52:9c:b9:c2:09:2d:12:10:0e:dc:b5:60:c4:c0:
43:ad:28:be:1f:b1:42:93:8e:68:c3:9a:43:38:38:70:59:b8:
17:9a:cf:f4:76:26:4f:1e:b7:b1:14:85:dc:3e:eb:7d:a0:2a:
c7:57:a0:9c:5f:e7:2a:6f:93:99:31:e5:e9:96:c1:a2:cb:fb:
36:ca:d4:45
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYfm8HqHcW1MjScIuqVECOO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjMwNTA0MTMyNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDUyNDIzNGUwYjNmMTgwMWJkZDUwODEzYmRlODcxNGQ3NDQyZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmmztN1rLMe/iPaeeOHrxsmpHFWJ
2t35he616dYg+LQWyEKdS3/ibhOUTmJgNo2XqqrFprU5PTK1rLM9v7n8GviXg72q
hNNoB4B1K9jHO6sQg9hQg5MQI4QpXC5Yt7sZmM/hz9MJzXSXYhxvzwITYLMZsNBx
XNN+LgLEqNrdC88o/D6pLMyHH6LXyCC9vwonWK0hAPD9j3pS89kcK4kRf85fIS1P
w9qkra2ksTF3KZkhA1tyZYPqXuLBD80TDy7drh8qeyZ+DCb5NugZPzcsa+PmvSAS
C9EagcFgFuPuJithno0l9mfJ73IawLipAxNTt7HPEeJvvDg7jmxesC/Y1wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIRSQjTgs/GAG91QgTvehxTXRC9GMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvaEZKQ05PQ3o4WUFiM1ZDQk85NkhGTmRFTDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwCTIAwQA
wEfOAwQDwbXIAwQBwkQWAwQAwkdqAwQBwoSsMA0GCSqGSIb3DQEBCwUAA4IBAQDI
oU+lRDkU7oxKiQmj5SUa0IU0Ee8J8PrpNbcldKTfoQqtP2aX9fLK9ceju5oXFrQb
rnrLHmEkcYteetuM6UwCG8GlciqcL0oawXf2REbZEXVA3lTYFzLduOZk4HV3D5ZY
xxs1EEGHbsdofvIH5ggZAHk1D+Kdn50pVJlhT3AaSjx46KgXTxV299Vo7UbBECmm
AadN0lFv8nxG/XQfGM3p7b66poHhmRUAwqISpW7naMdK29mSaFEwUpy5wgktEhAO
3LVgxMBDrSi+H7FCk45ow5pDODhwWbgXms/0diZPHrexFIXcPut9oCrHV6CcX+cq
b5OZMeXplsGiy/s2ytRF
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:05:33 2025 by rpki-client