Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/3dc72e-0861-4316-a4be-a295813f1f82/1/IPc83ipag0qOWGe2lCcDFL3P8PI.roa
File: IPc83ipag0qOWGe2lCcDFL3P8PI.roa (raw, json)
Hash identifier: OtASEKN6AaxncxCN5WHkLnJeQpPjlPjL4AeVk2ZLweo=
Subject key identifier: 20:F7:3C:DE:2A:5A:83:4A:8E:58:67:B6:94:27:03:14:BD:CF:F0:F2
Certificate issuer: /CN=0c1e6d5e72daf4108cf60bd47e936df1a1e97226
Certificate serial: 01856D4ADF4FCAA7E0B2CA22EFCF3673B6EC
Authority key identifier: 0C:1E:6D:5E:72:DA:F4:10:8C:F6:0B:D4:7E:93:6D:F1:A1:E9:72:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DB5tXnLa9BCM9gvUfpNt8aHpciY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/3dc72e-0861-4316-a4be-a295813f1f82/1/IPc83ipag0qOWGe2lCcDFL3P8PI.roa
Signing time: Sun 01 Jan 2023 12:25:01 +0000
ROA not before: Sun 01 Jan 2023 12:25:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206211
IP address blocks: 185.247.240.0/24 maxlen: 24
185.247.243.0/24 maxlen: 24
2a0d:d180::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:df:4f:ca:a7:e0:b2:ca:22:ef:cf:36:73:b6:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c1e6d5e72daf4108cf60bd47e936df1a1e97226
Validity
Not Before: Jan 1 12:25:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20f73cde2a5a834a8e5867b694270314bdcff0f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:92:7f:f3:3d:c9:22:b3:ef:14:db:d5:6f:9e:
1c:c1:e8:0e:60:78:5e:8e:f3:af:9d:f3:e7:d8:4a:
1d:0d:1b:ad:db:19:56:1d:24:bb:59:bc:24:11:c9:
06:92:8f:df:eb:63:42:e5:c7:77:9f:75:41:ef:d1:
e8:e4:67:dd:b5:45:66:5b:5e:c9:a0:0d:f9:64:d8:
cb:e6:1f:61:58:b3:46:03:cc:34:de:01:84:85:8c:
34:29:b1:fa:7c:e2:dd:d0:23:ff:eb:d1:1a:eb:a8:
ac:d2:70:2f:4a:4d:7f:0a:99:6d:59:92:19:fb:a4:
9c:7c:55:d9:3d:a5:3a:2c:c8:e0:1d:15:c7:48:b1:
09:ef:2c:68:41:1e:33:8a:9e:af:ef:80:12:06:4e:
45:6e:85:cd:22:e4:12:10:06:1d:0d:a9:fc:65:cf:
70:60:5e:74:f1:b4:d0:52:a6:bd:60:ba:32:1f:71:
51:d0:35:ec:19:ae:8e:8f:d8:2e:d0:15:f9:95:1c:
65:d5:82:5e:b4:6f:08:9f:62:ed:a2:de:ce:e4:9f:
99:00:38:25:b1:62:c0:11:65:d1:18:9b:c7:be:9f:
49:6d:da:1b:25:df:11:70:a6:59:e2:a8:1c:a5:fb:
d8:aa:08:06:ce:04:b4:3b:7a:96:cf:40:e7:61:19:
8e:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F7:3C:DE:2A:5A:83:4A:8E:58:67:B6:94:27:03:14:BD:CF:F0:F2
X509v3 Authority Key Identifier:
keyid:0C:1E:6D:5E:72:DA:F4:10:8C:F6:0B:D4:7E:93:6D:F1:A1:E9:72:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DB5tXnLa9BCM9gvUfpNt8aHpciY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3dc72e-0861-4316-a4be-a295813f1f82/1/IPc83ipag0qOWGe2lCcDFL3P8PI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3dc72e-0861-4316-a4be-a295813f1f82/1/DB5tXnLa9BCM9gvUfpNt8aHpciY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.247.240.0/24
185.247.243.0/24
IPv6:
2a0d:d180::/29
Signature Algorithm: sha256WithRSAEncryption
cc:87:6a:ea:b4:9a:3d:02:28:00:d0:49:15:87:6b:ec:d1:c8:
22:82:30:8e:d6:d1:3a:68:7e:a1:b6:49:c4:35:d4:f1:60:62:
dc:19:ec:f4:87:93:98:80:20:92:59:cb:73:48:41:1a:15:6e:
27:e7:71:5c:fb:fb:02:97:07:f9:59:57:a6:53:f6:b7:33:dc:
dc:38:ac:28:93:0a:94:29:91:da:72:4f:0c:b2:dc:34:f4:1a:
ed:d6:2c:c1:e0:83:cb:9a:00:fd:03:86:6d:47:29:15:31:c0:
43:d5:cf:0c:c2:78:8e:db:e4:e0:d0:95:42:a9:eb:13:22:bf:
e4:4f:16:27:f1:15:5d:35:01:23:e9:b9:0c:64:30:eb:2c:76:
25:04:39:79:27:46:2f:00:65:f7:b1:97:ec:49:87:6b:9c:dc:
18:73:d4:4e:70:24:56:a3:1f:de:42:f6:ff:24:fa:be:76:38:
3b:bf:59:5f:65:0a:4b:bf:5e:ca:51:9a:7f:29:08:f9:2e:b9:
a1:cb:18:fd:39:62:25:df:22:f0:c3:36:cf:42:75:aa:06:bd:
b1:52:f3:d1:35:09:dd:70:c4:cf:bb:e0:48:38:01:7b:11:95:
70:d0:7e:2a:41:e6:2b:b7:4b:46:31:eb:e8:9a:c5:80:08:d8:
22:cd:9c:fd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtSt9Pyqfgssoi7882c7bsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMWU2ZDVlNzJkYWY0MTA4Y2Y2MGJkNDdlOTM2ZGYxYTFl
OTcyMjYwHhcNMjMwMTAxMTIyNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY3M2NkZTJhNWE4MzRhOGU1ODY3YjY5NDI3MDMxNGJkY2ZmMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JJ/8z3JIrPvFNvVb54cwegOYHhe
jvOvnfPn2EodDRut2xlWHSS7WbwkEckGko/f62NC5cd3n3VB79Ho5GfdtUVmW17J
oA35ZNjL5h9hWLNGA8w03gGEhYw0KbH6fOLd0CP/69Ea66is0nAvSk1/CpltWZIZ
+6ScfFXZPaU6LMjgHRXHSLEJ7yxoQR4zip6v74ASBk5FboXNIuQSEAYdDan8Zc9w
YF508bTQUqa9YLoyH3FR0DXsGa6Oj9gu0BX5lRxl1YJetG8In2Ltot7O5J+ZADgl
sWLAEWXRGJvHvp9JbdobJd8RcKZZ4qgcpfvYqggGzgS0O3qWz0DnYRmOLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCD3PN4qWoNKjlhntpQnAxS9z/DyMB8GA1UdIwQY
MBaAFAwebV5y2vQQjPYL1H6TbfGh6XImMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREI1dFhuTGE5QkNNOWd2VWZwTnQ4YUhwY2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zZGM3MmUtMDg2MS00MzE2LWE0YmUt
YTI5NTgxM2YxZjgyLzEvSVBjODNpcGFnMHFPV0dlMmxDY0RGTDNQOFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zZGM3MmUtMDg2MS00MzE2LWE0YmUtYTI5NTgxM2YxZjgy
LzEvREI1dFhuTGE5QkNNOWd2VWZwTnQ4YUhwY2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuffwAwQA
uffzMA0EAgACMAcDBQMqDdGAMA0GCSqGSIb3DQEBCwUAA4IBAQDMh2rqtJo9AigA
0EkVh2vs0cgigjCO1tE6aH6htknENdTxYGLcGez0h5OYgCCSWctzSEEaFW4n53Fc
+/sClwf5WVemU/a3M9zcOKwokwqUKZHack8Mstw09Brt1izB4IPLmgD9A4ZtRykV
McBD1c8MwniO2+Tg0JVCqesTIr/kTxYn8RVdNQEj6bkMZDDrLHYlBDl5J0YvAGX3
sZfsSYdrnNwYc9ROcCRWox/eQvb/JPq+djg7v1lfZQpLv17KUZp/KQj5Lrmhyxj9
OWIl3yLwwzbPQnWqBr2xUvPRNQndcMTPu+BIOAF7EZVw0H4qQeYrt0tGMevomsWA
CNgizZz9
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:20:31 2025 by rpki-client