Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b83ab5-cdb2-4174-8093-802d09cfc835/1/MZU0pK8ZShoIjWIsHKvcaPRR6iQ.roa
File: MZU0pK8ZShoIjWIsHKvcaPRR6iQ.roa (raw, json)
Hash identifier: zKuCDZr7ULXIBokmiACIkUHpAL+mkgEvkdx0Elhg82c=
Subject key identifier: 31:95:34:A4:AF:19:4A:1A:08:8D:62:2C:1C:AB:DC:68:F4:51:EA:24
Certificate issuer: /CN=5a8f81366ffc43c71f5bb521f81501760ebeb074
Certificate serial: 018570C2E4355856273328A0B300D723004A
Authority key identifier: 5A:8F:81:36:6F:FC:43:C7:1F:5B:B5:21:F8:15:01:76:0E:BE:B0:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Wo-BNm_8Q8cfW7Uh-BUBdg6-sHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/b83ab5-cdb2-4174-8093-802d09cfc835/1/MZU0pK8ZShoIjWIsHKvcaPRR6iQ.roa
Signing time: Mon 02 Jan 2023 04:34:58 +0000
ROA not before: Mon 02 Jan 2023 04:34:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61345
IP address blocks: 185.144.76.0/22 maxlen: 24
185.8.12.0/22 maxlen: 24
185.144.248.0/22 maxlen: 24
2a03:3140::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:c2:e4:35:58:56:27:33:28:a0:b3:00:d7:23:00:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a8f81366ffc43c71f5bb521f81501760ebeb074
Validity
Not Before: Jan 2 04:34:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=319534a4af194a1a088d622c1cabdc68f451ea24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:05:b5:bc:b9:c2:39:e4:1c:9d:2e:07:7e:95:
8a:a2:21:04:9c:3d:a8:94:cb:ab:05:ca:6b:0a:e3:
2f:6e:5a:de:08:50:b6:e2:d3:11:f0:1f:d4:1f:ed:
14:9c:9c:e0:4b:ea:ac:61:c5:cd:c3:c3:f8:44:ec:
7c:4d:b7:37:53:27:4f:99:69:29:5a:92:5d:42:25:
bc:e3:ab:32:aa:f2:89:db:c2:9f:95:86:b8:4b:89:
7a:a4:ff:bf:5d:6e:9a:46:b5:53:ba:53:f9:ac:83:
57:e6:d1:1f:b7:86:ed:a5:fd:70:f1:4c:8e:7c:85:
3e:7b:f5:fd:c9:ba:4f:bf:f6:f2:93:3f:f4:21:dd:
ce:f8:67:d7:f5:a3:90:b7:e8:45:af:45:ba:e4:f5:
95:a5:ed:e2:f5:0b:eb:1f:4a:44:a8:4c:67:f3:70:
e9:50:3c:9f:9e:e6:c8:e9:b0:98:a9:25:6b:25:2e:
2b:63:29:cc:6d:da:19:e0:f9:f1:86:c7:8b:86:17:
ff:1c:2d:18:44:ef:c1:23:4e:6a:66:2b:3d:1b:a0:
39:b4:bd:af:f4:c1:53:2a:99:f4:5e:73:bc:b8:e5:
9b:94:e2:c6:ce:f7:34:3a:06:3f:21:ac:fc:02:6c:
a7:85:5f:18:84:11:45:d4:9f:5d:99:9c:7a:b6:b4:
e1:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:95:34:A4:AF:19:4A:1A:08:8D:62:2C:1C:AB:DC:68:F4:51:EA:24
X509v3 Authority Key Identifier:
keyid:5A:8F:81:36:6F:FC:43:C7:1F:5B:B5:21:F8:15:01:76:0E:BE:B0:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wo-BNm_8Q8cfW7Uh-BUBdg6-sHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b83ab5-cdb2-4174-8093-802d09cfc835/1/MZU0pK8ZShoIjWIsHKvcaPRR6iQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b83ab5-cdb2-4174-8093-802d09cfc835/1/Wo-BNm_8Q8cfW7Uh-BUBdg6-sHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.8.12.0/22
185.144.76.0/22
185.144.248.0/22
IPv6:
2a03:3140::/32
Signature Algorithm: sha256WithRSAEncryption
6e:49:31:34:4f:b4:7a:0f:6d:ea:b8:ef:eb:e8:26:4e:e2:f5:
7f:9c:ed:d6:e3:2b:a3:71:73:f1:3b:f7:ac:f9:ae:f3:e6:cb:
bf:61:7d:1a:81:18:5a:0b:36:2d:09:be:60:d7:4c:05:21:b0:
c3:ee:ce:cd:37:2a:e4:01:26:b3:fe:ab:e8:cd:fe:cc:7b:1a:
4f:d3:de:da:57:29:18:97:85:e2:10:3f:c2:4c:d2:56:4a:dc:
5a:d4:94:bc:67:7f:09:4c:17:0e:7d:88:60:95:a1:55:8f:77:
77:8a:3b:8f:c7:67:b7:30:d6:86:c1:0a:17:14:45:7a:e9:70:
59:fd:99:e8:8f:52:81:b8:e4:f2:fb:be:db:66:fa:24:40:5f:
14:b4:50:59:b6:d7:a0:47:13:65:dc:d8:0f:bd:96:6e:84:ed:
d7:e4:31:1f:38:ab:05:0a:3f:c3:97:a5:69:c9:bd:be:f7:70:
86:08:f7:78:ee:4b:60:3e:e2:21:70:3e:e5:c7:7f:b8:72:8a:
16:8c:87:b4:34:e5:0c:df:0d:dc:44:84:6a:3e:8d:b3:0d:8f:
00:84:fb:93:6d:a8:b0:8a:f4:7d:78:86:24:eb:0e:12:18:22:
a2:38:20:7a:e8:57:16:74:3c:ac:b8:21:65:07:34:14:33:89:
0e:62:c3:3c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVwwuQ1WFYnMyigswDXIwBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOGY4MTM2NmZmYzQzYzcxZjViYjUyMWY4MTUwMTc2MGVi
ZWIwNzQwHhcNMjMwMTAyMDQzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTk1MzRhNGFmMTk0YTFhMDg4ZDYyMmMxY2FiZGM2OGY0NTFlYTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAW1vLnCOeQcnS4HfpWKoiEEnD2o
lMurBcprCuMvblreCFC24tMR8B/UH+0UnJzgS+qsYcXNw8P4ROx8Tbc3UydPmWkp
WpJdQiW846syqvKJ28KflYa4S4l6pP+/XW6aRrVTulP5rINX5tEft4btpf1w8UyO
fIU+e/X9ybpPv/bykz/0Id3O+GfX9aOQt+hFr0W65PWVpe3i9QvrH0pEqExn83Dp
UDyfnubI6bCYqSVrJS4rYynMbdoZ4PnxhseLhhf/HC0YRO/BI05qZis9G6A5tL2v
9MFTKpn0XnO8uOWblOLGzvc0OgY/Iaz8AmynhV8YhBFF1J9dmZx6trThZQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDGVNKSvGUoaCI1iLByr3Gj0UeokMB8GA1UdIwQY
MBaAFFqPgTZv/EPHH1u1IfgVAXYOvrB0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV28tQk5tXzhROGNmVzdVaC1CVUJkZzYtc0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iODNhYjUtY2RiMi00MTc0LTgwOTMt
ODAyZDA5Y2ZjODM1LzEvTVpVMHBLOFpTaG9JaldJc0hLdmNhUFJSNmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iODNhYjUtY2RiMi00MTc0LTgwOTMtODAyZDA5Y2ZjODM1
LzEvV28tQk5tXzhROGNmVzdVaC1CVUJkZzYtc0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuQgMAwQC
uZBMAwQCuZD4MA0EAgACMAcDBQAqAzFAMA0GCSqGSIb3DQEBCwUAA4IBAQBuSTE0
T7R6D23quO/r6CZO4vV/nO3W4yujcXPxO/es+a7z5su/YX0agRhaCzYtCb5g10wF
IbDD7s7NNyrkASaz/qvozf7MexpP097aVykYl4XiED/CTNJWStxa1JS8Z38JTBcO
fYhglaFVj3d3ijuPx2e3MNaGwQoXFEV66XBZ/Znoj1KBuOTy+77bZvokQF8UtFBZ
ttegRxNl3NgPvZZuhO3X5DEfOKsFCj/Dl6Vpyb2+93CGCPd47ktgPuIhcD7lx3+4
cooWjIe0NOUM3w3cRIRqPo2zDY8AhPuTbaiwivR9eIYk6w4SGCKiOCB66FcWdDys
uCFlBzQUM4kOYsM8
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:59:04 2025 by rpki-client