Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/cKsIQPzhjn32ppFiE4WHk8V6AXE.roa
File: cKsIQPzhjn32ppFiE4WHk8V6AXE.roa (raw, json)
Hash identifier: FmNxYC74zv94MiD/zDXBG/dkZEW9ZjKK5PeLpk2fQfI=
Subject key identifier: 70:AB:08:40:FC:E1:8E:7D:F6:A6:91:62:13:85:87:93:C5:7A:01:71
Certificate issuer: /CN=84184ce919023640bb9256c2d8d1a049fa102520
Certificate serial: 01856FA704A70671BA1D26AA0AB77E93825E
Authority key identifier: 84:18:4C:E9:19:02:36:40:BB:92:56:C2:D8:D1:A0:49:FA:10:25:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hBhM6RkCNkC7klbC2NGgSfoQJSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/cKsIQPzhjn32ppFiE4WHk8V6AXE.roa
Signing time: Sun 01 Jan 2023 23:24:54 +0000
ROA not before: Sun 01 Jan 2023 23:24:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 64489
IP address blocks: 185.11.68.0/22 maxlen: 22
2a0b:3000::/29 maxlen: 29
2a06:e080::/29 maxlen: 29
2a03:9080::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:a7:04:a7:06:71:ba:1d:26:aa:0a:b7:7e:93:82:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84184ce919023640bb9256c2d8d1a049fa102520
Validity
Not Before: Jan 1 23:24:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=70ab0840fce18e7df6a6916213858793c57a0171
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:1f:28:53:05:ce:58:ad:94:ba:56:95:28:e3:
16:d1:c5:e0:e8:07:ab:78:46:45:af:25:ef:5c:2a:
95:ed:d0:7a:b7:37:19:d4:0c:56:a6:59:43:49:a6:
36:28:2e:75:55:d9:b2:d7:f0:52:17:90:74:71:5a:
af:73:51:f0:9a:4f:9e:96:7e:86:96:8a:ba:88:a7:
32:07:be:99:61:cd:81:a2:f3:f1:d6:4a:55:e1:7c:
be:35:eb:cd:39:88:65:28:aa:8d:08:09:b7:b5:f2:
71:39:94:9a:22:4a:00:bd:18:d4:99:c4:23:b9:d7:
c1:2a:cc:95:21:72:93:b6:61:22:ed:d2:68:23:14:
fb:6b:99:14:33:64:49:f4:2a:09:08:f5:f2:61:02:
5c:62:43:ca:2d:6e:68:e8:1b:f6:7d:df:c8:e6:42:
85:0e:da:91:9e:3f:3c:be:63:03:d0:bb:26:82:e8:
b8:4d:40:49:50:e2:08:a2:a8:11:cc:eb:7c:88:0a:
54:29:0e:e9:8b:60:0f:1f:29:ca:bd:4d:3a:13:34:
28:48:9c:73:07:e7:5a:41:14:4a:8b:2c:10:c2:82:
1f:cb:a2:71:1c:fd:80:63:eb:62:76:64:33:60:34:
9f:37:65:cd:14:58:d0:6f:00:31:47:0e:b3:22:c0:
19:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:AB:08:40:FC:E1:8E:7D:F6:A6:91:62:13:85:87:93:C5:7A:01:71
X509v3 Authority Key Identifier:
keyid:84:18:4C:E9:19:02:36:40:BB:92:56:C2:D8:D1:A0:49:FA:10:25:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hBhM6RkCNkC7klbC2NGgSfoQJSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/cKsIQPzhjn32ppFiE4WHk8V6AXE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/hBhM6RkCNkC7klbC2NGgSfoQJSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.11.68.0/22
IPv6:
2a03:9080::/32
2a06:e080::/29
2a0b:3000::/29
Signature Algorithm: sha256WithRSAEncryption
b3:3a:41:5c:b7:fe:bf:09:4f:53:5f:02:a1:bf:12:1a:9c:ba:
b5:91:fa:fa:93:7a:8e:20:8f:38:99:74:aa:60:d4:b7:c1:6e:
94:00:83:5e:9c:3c:10:a5:d2:ba:0b:06:de:f2:a5:1b:82:3a:
82:eb:02:1f:ea:ef:3b:8a:ea:df:3f:80:6e:7b:56:c7:62:0e:
49:9b:75:4a:a7:c8:91:8e:08:7b:df:84:9f:62:74:e4:e2:da:
62:4f:40:75:dc:f5:84:c8:4a:17:58:cd:8f:a9:77:36:87:3c:
72:f7:81:33:fe:94:50:3c:55:b3:ff:79:6d:b5:11:43:66:f8:
6d:57:54:45:1b:5e:48:d7:5a:a3:e4:e6:aa:52:cb:7e:cc:5a:
e6:df:3f:f0:d3:3e:c8:b0:bc:82:2b:16:39:49:8b:70:83:6a:
31:74:0a:4e:61:f4:37:98:42:62:fe:89:f2:8c:81:e5:a7:63:
f3:33:ec:0c:80:43:9d:0e:16:c1:76:fc:e8:ed:cf:cb:93:b5:
d3:ae:1e:7c:ee:73:a7:2c:75:fa:da:fb:81:f2:19:52:f5:0b:
d6:f3:ae:fa:64:5a:11:74:99:2d:a5:02:7b:3e:c7:e1:82:c9:
b2:6a:ee:e6:d5:94:5b:b1:b8:27:a4:5a:60:0c:48:0f:a9:e0:
d4:44:42:ca
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVvpwSnBnG6HSaqCrd+k4JeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MTg0Y2U5MTkwMjM2NDBiYjkyNTZjMmQ4ZDFhMDQ5ZmEx
MDI1MjAwHhcNMjMwMTAxMjMyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGFiMDg0MGZjZTE4ZTdkZjZhNjkxNjIxMzg1ODc5M2M1N2EwMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh8oUwXOWK2UulaVKOMW0cXg6Aer
eEZFryXvXCqV7dB6tzcZ1AxWpllDSaY2KC51Vdmy1/BSF5B0cVqvc1Hwmk+eln6G
loq6iKcyB76ZYc2BovPx1kpV4Xy+NevNOYhlKKqNCAm3tfJxOZSaIkoAvRjUmcQj
udfBKsyVIXKTtmEi7dJoIxT7a5kUM2RJ9CoJCPXyYQJcYkPKLW5o6Bv2fd/I5kKF
DtqRnj88vmMD0Lsmgui4TUBJUOIIoqgRzOt8iApUKQ7pi2APHynKvU06EzQoSJxz
B+daQRRKiywQwoIfy6JxHP2AY+tidmQzYDSfN2XNFFjQbwAxRw6zIsAZAwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFHCrCED84Y599qaRYhOFh5PFegFxMB8GA1UdIwQY
MBaAFIQYTOkZAjZAu5JWwtjRoEn6ECUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEJoTTZSa0NOa0M3a2xiQzJOR2dTZm9RSlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8yOTIyY2YtMTg2MS00MTlkLTllZWEt
MGE3OWQ1NDk2NWE5LzEvY0tzSVFQemhqbjMycHBGaUU0V0hrOFY2QVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8yOTIyY2YtMTg2MS00MTlkLTllZWEtMGE3OWQ1NDk2NWE5
LzEvaEJoTTZSa0NOa0M3a2xiQzJOR2dTZm9RSlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAMBAIAATAGAwQCuQtEMBsE
AgACMBUDBQAqA5CAAwUDKgbggAMFAyoLMAAwDQYJKoZIhvcNAQELBQADggEBALM6
QVy3/r8JT1NfAqG/EhqcurWR+vqTeo4gjziZdKpg1LfBbpQAg16cPBCl0roLBt7y
pRuCOoLrAh/q7zuK6t8/gG57VsdiDkmbdUqnyJGOCHvfhJ9idOTi2mJPQHXc9YTI
ShdYzY+pdzaHPHL3gTP+lFA8VbP/eW21EUNm+G1XVEUbXkjXWqPk5qpSy37MWubf
P/DTPsiwvIIrFjlJi3CDajF0Ck5h9DeYQmL+ifKMgeWnY/Mz7AyAQ50OFsF2/Ojt
z8uTtdOuHnzuc6csdfra+4HyGVL1C9bzrvpkWhF0mS2lAns+x+GCybJq7ubVlFux
uCekWmAMSA+p4NREQso=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:18:40 2025 by rpki-client