Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/jsYtFuSnOrI3Az-MS6sUCdPgMJc.roa
File: jsYtFuSnOrI3Az-MS6sUCdPgMJc.roa (raw, json)
Hash identifier: u0o94153mggy07qDUKNjU2XR7NJUBj5PVcRn6adlYX8=
Subject key identifier: 8E:C6:2D:16:E4:A7:3A:B2:37:03:3F:8C:4B:AB:14:09:D3:E0:30:97
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 018CB12B0FF39ABFE86B0117B6E3225DCC7E
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/jsYtFuSnOrI3Az-MS6sUCdPgMJc.roa
Signing time: Thu 28 Dec 2023 16:03:58 +0000
ROA not before: Thu 28 Dec 2023 16:03:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206170
IP address blocks: 192.121.140.0/24 maxlen: 24
192.71.246.0/24 maxlen: 24
192.165.9.0/24 maxlen: 24
192.121.182.0/24 maxlen: 24
194.68.59.0/24 maxlen: 24
192.36.176.0/24 maxlen: 24
194.14.207.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b1:2b:0f:f3:9a:bf:e8:6b:01:17:b6:e3:22:5d:cc:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Dec 28 16:03:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8ec62d16e4a73ab237033f8c4bab1409d3e03097
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:64:a6:ad:19:a7:18:29:13:df:be:bd:08:5f:
41:39:93:09:2a:1a:53:1c:f2:b5:a4:e8:c5:52:e5:
9f:88:70:e0:40:a3:f3:96:79:7a:44:e5:d6:72:85:
7d:37:24:78:ba:cf:8a:52:0a:03:64:69:db:5b:1f:
e0:1f:5e:ec:04:9d:bc:73:9b:eb:4f:21:72:04:f9:
3f:c0:db:72:29:92:50:3b:c7:d0:2a:88:15:4f:91:
c6:8f:00:34:56:d9:46:b4:ba:2b:82:b2:ce:5f:cb:
2a:7d:6b:43:23:16:10:99:cc:7e:3d:23:dd:e4:6b:
65:26:78:62:76:c7:c1:8b:fa:8b:0c:72:10:a5:4a:
8c:ef:13:55:24:96:58:d5:f9:12:65:3d:c1:59:65:
56:85:d1:a1:35:3f:29:73:42:ea:a0:90:e7:56:cc:
03:ff:08:d3:60:53:f9:d9:0c:45:6f:42:f3:eb:ce:
2c:59:fd:e1:27:41:60:05:77:5a:be:d9:ea:b2:72:
e0:aa:27:b4:5b:59:1e:ee:1c:bf:13:5e:d1:cd:e2:
a0:94:e6:a8:24:02:8c:15:d1:db:fd:27:d8:e7:8b:
a1:10:9c:18:43:f0:11:23:a2:ae:23:d3:3a:07:9e:
ba:2e:c7:b1:2b:58:cd:bf:6b:ae:1a:d6:d6:c2:ce:
43:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:C6:2D:16:E4:A7:3A:B2:37:03:3F:8C:4B:AB:14:09:D3:E0:30:97
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/jsYtFuSnOrI3Az-MS6sUCdPgMJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.176.0/24
192.71.246.0/24
192.121.140.0/24
192.121.182.0/24
192.165.9.0/24
194.14.207.0/24
194.68.59.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:07:f2:3d:40:a4:7d:95:0b:69:0d:83:1c:38:15:58:b4:6b:
78:58:8f:b4:31:b9:c0:0d:d5:3f:f9:0d:1b:9c:37:21:9c:11:
f0:9e:72:03:05:39:a7:2e:bd:f4:e0:4a:de:3c:65:25:9e:57:
01:04:54:f0:31:88:30:1e:10:f7:3c:ca:20:cf:e5:13:f3:d7:
87:fc:0e:43:d1:6f:a6:0f:2e:7e:f2:4b:a2:66:63:53:5d:8e:
c0:39:18:56:49:e3:ec:28:fb:de:fd:41:74:db:63:33:ce:58:
87:61:09:43:a8:49:98:c1:35:f9:35:93:f3:59:bd:14:df:9c:
90:24:3f:2e:51:a6:56:90:42:bb:46:4f:db:64:a7:42:50:66:
64:71:76:68:1c:69:98:8a:c9:d2:2c:05:2f:7c:02:81:d2:1a:
c6:f7:10:e3:56:99:6c:7e:a9:41:04:7a:fb:d0:47:9e:e1:e9:
3a:96:62:86:44:c8:26:de:7d:a9:0a:9b:3f:0b:01:b8:5e:a3:
86:ad:37:71:d3:eb:ac:3d:19:af:15:f9:54:76:8a:ca:af:34:
85:60:c3:48:f3:7f:ae:c2:f0:77:0e:cb:ec:b9:0b:7b:08:b7:
23:91:4a:5a:56:fb:1e:cf:1d:fb:e7:c5:02:7f:9a:57:81:19:
5d:0b:4d:5b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYyxKw/zmr/oawEXtuMiXcx+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjMxMjI4MTYwMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWM2MmQxNmU0YTczYWIyMzcwMzNmOGM0YmFiMTQwOWQzZTAzMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWSmrRmnGCkT3769CF9BOZMJKhpT
HPK1pOjFUuWfiHDgQKPzlnl6ROXWcoV9NyR4us+KUgoDZGnbWx/gH17sBJ28c5vr
TyFyBPk/wNtyKZJQO8fQKogVT5HGjwA0VtlGtLorgrLOX8sqfWtDIxYQmcx+PSPd
5GtlJnhidsfBi/qLDHIQpUqM7xNVJJZY1fkSZT3BWWVWhdGhNT8pc0LqoJDnVswD
/wjTYFP52QxFb0Lz684sWf3hJ0FgBXdavtnqsnLgqie0W1ke7hy/E17RzeKglOao
JAKMFdHb/SfY54uhEJwYQ/ARI6KuI9M6B566LsexK1jNv2uuGtbWws5DFQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFI7GLRbkpzqyNwM/jEurFAnT4DCXMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvanNZdEZ1U25PckkzQXotTVM2c1VDZFBnTUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwCSwAwQA
wEf2AwQAwHmMAwQAwHm2AwQAwKUJAwQAwg7PAwQAwkQ7MA0GCSqGSIb3DQEBCwUA
A4IBAQAsB/I9QKR9lQtpDYMcOBVYtGt4WI+0MbnADdU/+Q0bnDchnBHwnnIDBTmn
Lr304ErePGUlnlcBBFTwMYgwHhD3PMogz+UT89eH/A5D0W+mDy5+8kuiZmNTXY7A
ORhWSePsKPve/UF022MzzliHYQlDqEmYwTX5NZPzWb0U35yQJD8uUaZWkEK7Rk/b
ZKdCUGZkcXZoHGmYisnSLAUvfAKB0hrG9xDjVplsfqlBBHr70Eee4ek6lmKGRMgm
3n2pCps/CwG4XqOGrTdx0+usPRmvFflUdorKrzSFYMNI83+uwvB3DsvsuQt7CLcj
kUpaVvsezx3758UCf5pXgRldC01b
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:11:54 2025 by rpki-client