Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/5I9vd6JY-GmrX3JjxMAH16cZoxo.roa
File: 5I9vd6JY-GmrX3JjxMAH16cZoxo.roa (raw, json)
Hash identifier: qZlzGVxEmXXkfuv1SUUG/zh19pn/0u3i3Vp1N8Y+0uw=
Subject key identifier: E4:8F:6F:77:A2:58:F8:69:AB:5F:72:63:C4:C0:07:D7:A7:19:A3:1A
Certificate issuer: /CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
Certificate serial: 018571FA14427E346918EFAFDCD8F10CD6F1
Authority key identifier: AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/5I9vd6JY-GmrX3JjxMAH16cZoxo.roa
Signing time: Mon 02 Jan 2023 10:14:52 +0000
ROA not before: Mon 02 Jan 2023 10:14:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206478
IP address blocks: 185.174.32.0/22 maxlen: 22
195.225.200.0/22 maxlen: 22
2a10:4140::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:fa:14:42:7e:34:69:18:ef:af:dc:d8:f1:0c:d6:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
Validity
Not Before: Jan 2 10:14:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e48f6f77a258f869ab5f7263c4c007d7a719a31a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:49:f7:e8:02:bb:e7:d0:cb:12:de:cb:8d:34:
4e:4a:2a:c3:c2:06:77:1c:12:77:2e:82:93:e6:69:
ad:6d:5e:6d:22:5a:72:05:a9:7d:d9:a8:ca:d8:44:
a0:e8:2e:13:c0:e6:ac:11:94:0e:c9:37:aa:27:20:
cd:57:73:33:88:2a:45:23:54:b8:15:b4:6f:73:ff:
5b:ce:0c:38:e7:73:c3:5a:98:55:8c:13:dc:e2:a1:
12:8d:1e:2a:65:1b:da:99:b1:ed:30:b3:9a:48:00:
24:8f:3e:0c:42:9a:a0:ce:f4:2d:3d:ff:e4:d0:f6:
7d:14:e3:56:96:e7:ee:0a:a8:cf:2f:b6:fe:74:93:
70:0c:d4:2f:dc:bf:a9:d7:eb:26:20:6f:69:77:d8:
41:16:65:30:6e:3f:ec:f3:04:9a:de:59:26:65:bc:
80:04:46:89:d4:15:71:a3:07:8e:92:03:ec:a5:73:
5b:14:bb:68:33:b0:7b:ee:08:50:46:8a:eb:cc:e0:
d9:6d:05:1a:ca:40:a9:c4:e9:59:25:41:ae:58:67:
4a:2c:ef:7a:ea:58:02:b7:de:00:5a:2b:28:f3:ec:
04:a8:3e:cf:60:ae:fd:20:e9:25:fe:34:ea:b9:8d:
66:f0:c8:b1:0d:f6:8b:90:a4:ce:1e:00:83:ea:56:
4b:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:8F:6F:77:A2:58:F8:69:AB:5F:72:63:C4:C0:07:D7:A7:19:A3:1A
X509v3 Authority Key Identifier:
keyid:AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/5I9vd6JY-GmrX3JjxMAH16cZoxo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.174.32.0/22
195.225.200.0/22
IPv6:
2a10:4140::/29
Signature Algorithm: sha256WithRSAEncryption
59:c2:84:71:af:cb:1a:86:60:f3:2e:c1:91:8c:b6:16:25:69:
ab:91:2c:64:10:f8:ed:f8:4d:b1:77:0e:1e:38:08:ec:06:03:
bf:ba:af:49:01:6f:5d:41:ce:53:f4:e0:5e:3f:bc:fc:fd:ce:
80:01:20:79:09:43:b5:6d:73:e2:26:d5:3f:96:0a:2e:d6:f8:
41:0b:4f:fb:27:a3:7e:e4:0a:c1:be:45:d2:9b:61:f6:79:1c:
74:e5:d7:87:21:e2:60:bf:35:b4:08:45:4c:cc:b5:70:99:7b:
c5:74:d1:4c:1b:e9:97:c5:63:75:95:f9:8d:b6:59:81:77:01:
26:89:55:50:66:b0:99:a4:a3:d9:ca:a0:08:2a:39:3a:8b:d7:
da:a8:8c:c2:f6:00:66:20:0b:de:e1:15:ad:17:43:a3:ed:e7:
d4:7a:05:2c:6f:09:5b:77:23:83:da:ea:5c:41:81:61:c9:2e:
11:34:37:7b:a5:fe:7e:17:17:38:cb:d2:cd:7d:a8:3e:ae:75:
31:eb:06:25:36:84:14:ba:9b:81:c4:44:e3:ca:22:bf:98:c7:
65:56:8d:d9:21:88:95:c4:56:70:cc:35:7c:78:02:c6:22:f7:
61:9e:71:4b:84:4e:e2:c1:fe:32:60:af:e9:86:3d:62:4b:6e:
c0:b8:ef:a5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVx+hRCfjRpGO+v3NjxDNbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzU3NWNhZmEwMGJjNDFkNTdjNDk0YWMxZjVkYmNmZWU3
ODMzMmUwHhcNMjMwMTAyMTAxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDhmNmY3N2EyNThmODY5YWI1ZjcyNjNjNGMwMDdkN2E3MTlhMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUn36AK759DLEt7LjTROSirDwgZ3
HBJ3LoKT5mmtbV5tIlpyBal92ajK2ESg6C4TwOasEZQOyTeqJyDNV3MziCpFI1S4
FbRvc/9bzgw453PDWphVjBPc4qESjR4qZRvambHtMLOaSAAkjz4MQpqgzvQtPf/k
0PZ9FONWlufuCqjPL7b+dJNwDNQv3L+p1+smIG9pd9hBFmUwbj/s8wSa3lkmZbyA
BEaJ1BVxoweOkgPspXNbFLtoM7B77ghQRorrzODZbQUaykCpxOlZJUGuWGdKLO96
6lgCt94AWiso8+wEqD7PYK79IOkl/jTquY1m8MixDfaLkKTOHgCD6lZLYQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOSPb3eiWPhpq19yY8TAB9enGaMaMB8GA1UdIwQY
MBaAFKrFdcr6ALxB1XxJSsH128/ueDMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYt
OGY5MTNlMjY5NmU1LzEvNUk5dmQ2SlktR21yWDNKanhNQUgxNmNab3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYtOGY5MTNlMjY5NmU1
LzEvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCua4gAwQC
w+HIMA0EAgACMAcDBQMqEEFAMA0GCSqGSIb3DQEBCwUAA4IBAQBZwoRxr8sahmDz
LsGRjLYWJWmrkSxkEPjt+E2xdw4eOAjsBgO/uq9JAW9dQc5T9OBeP7z8/c6AASB5
CUO1bXPiJtU/lgou1vhBC0/7J6N+5ArBvkXSm2H2eRx05deHIeJgvzW0CEVMzLVw
mXvFdNFMG+mXxWN1lfmNtlmBdwEmiVVQZrCZpKPZyqAIKjk6i9faqIzC9gBmIAve
4RWtF0Oj7efUegUsbwlbdyOD2upcQYFhyS4RNDd7pf5+Fxc4y9LNfag+rnUx6wYl
NoQUupuBxETjyiK/mMdlVo3ZIYiVxFZwzDV8eALGIvdhnnFLhE7iwf4yYK/phj1i
S27AuO+l
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:21 2025 by rpki-client