Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/tfx_MhlXh3gSUiR80o76B6W70-A.roa
File: tfx_MhlXh3gSUiR80o76B6W70-A.roa (raw, json)
Hash identifier: oLSFMZlmF7YsH7xmMG/BsZh1JhxSoBypMjF/OS5iamY=
Subject key identifier: B5:FC:7F:32:19:57:87:78:12:52:24:7C:D2:8E:FA:07:A5:BB:D3:E0
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 0186023450E1B4C50E7B1BAA489AB5343A6C
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/tfx_MhlXh3gSUiR80o76B6W70-A.roa
Signing time: Mon 30 Jan 2023 10:23:48 +0000
ROA not before: Mon 30 Jan 2023 10:23:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207713
IP address blocks: 89.23.103.0/24 maxlen: 24
89.23.107.0/24 maxlen: 24
89.23.108.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:02:34:50:e1:b4:c5:0e:7b:1b:aa:48:9a:b5:34:3a:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Jan 30 10:23:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b5fc7f32195787781252247cd28efa07a5bbd3e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:aa:c7:fd:56:82:2c:bf:f3:e4:9d:c4:51:60:
c8:0e:3c:b1:17:af:9e:6e:a6:36:21:75:0c:fd:fd:
4b:e9:4e:44:f0:d3:97:a7:d8:07:8c:4f:80:ef:46:
c8:38:02:93:e8:90:5c:c4:61:d7:e9:6f:c5:4a:61:
d2:7a:25:cc:a8:b9:8b:08:2a:62:91:99:9f:3e:cc:
10:52:7d:65:61:02:be:bc:31:a6:e7:86:76:a1:57:
22:be:c6:77:ff:34:24:e6:6e:5f:4c:9f:8c:10:b8:
fc:f3:ce:12:42:d5:7a:98:9c:1f:06:6d:9e:01:49:
d0:71:01:7c:04:4f:c1:16:45:fc:00:aa:1a:5f:0d:
eb:13:96:21:4e:0a:6c:34:2e:60:61:4c:93:cc:d9:
83:64:bf:52:b8:ef:84:ec:2b:a2:6c:09:e2:03:24:
6a:70:ad:0c:49:35:90:7d:e3:1d:a6:f5:3d:57:5a:
cf:eb:e3:25:14:8a:36:d2:ff:86:33:cf:5c:d2:9b:
20:d7:9c:04:fa:a8:e5:72:13:38:b9:89:56:e3:bb:
71:72:22:78:fb:44:83:fd:73:a9:3a:51:fe:34:bd:
f3:23:d4:7d:35:9a:55:92:a3:f8:b9:9b:7b:e6:53:
44:6b:d6:0e:68:09:d3:12:06:f8:50:b9:1d:1e:55:
b6:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:FC:7F:32:19:57:87:78:12:52:24:7C:D2:8E:FA:07:A5:BB:D3:E0
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/tfx_MhlXh3gSUiR80o76B6W70-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.23.103.0/24
89.23.107.0-89.23.108.255
Signature Algorithm: sha256WithRSAEncryption
7c:af:71:a5:69:4c:56:9f:8b:8f:cf:be:a1:a2:b8:fd:be:66:
c2:d4:43:d3:83:cf:c6:90:74:d2:5b:7b:ad:73:02:de:db:6a:
79:ed:1e:8a:04:5c:12:36:73:da:7e:37:1c:1f:2d:ed:b8:94:
a9:15:b1:0e:5e:4d:54:0c:db:50:08:95:53:15:70:87:77:a8:
f8:ca:24:8f:29:92:ad:18:fe:02:21:3c:b0:a3:13:dd:81:60:
48:63:97:7f:94:5d:c9:c7:7b:5a:92:ac:36:dd:4a:74:f5:a6:
4a:eb:08:11:dd:23:5b:f7:c6:2c:13:ef:61:bb:7f:48:b7:6d:
a4:b0:c6:c9:03:d9:35:47:3e:a8:a6:da:ed:65:a4:13:e3:c4:
44:1e:78:5a:c2:e9:41:ed:d2:5b:57:8d:3c:e4:fa:c9:62:df:
17:e4:76:b6:c0:d1:ad:db:e9:99:98:00:65:d2:e6:78:ff:bb:
c2:50:9d:dd:6b:47:5a:4b:04:5c:43:8c:75:f9:fe:19:50:a3:
d1:70:06:e0:7a:9a:61:29:53:73:87:63:93:c3:c6:69:16:dc:
bf:cc:8b:1f:71:a3:e6:a0:ca:f6:37:cc:90:77:59:fd:84:6b:
2f:d5:72:2a:6e:37:27:d0:ec:78:54:96:43:f7:f7:9c:62:49:
7a:43:41:26
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYYCNFDhtMUOexuqSJq1NDpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjMwMTMwMTAyMzQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZjN2YzMjE5NTc4Nzc4MTI1MjI0N2NkMjhlZmEwN2E1YmJkM2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6rH/VaCLL/z5J3EUWDIDjyxF6+e
bqY2IXUM/f1L6U5E8NOXp9gHjE+A70bIOAKT6JBcxGHX6W/FSmHSeiXMqLmLCCpi
kZmfPswQUn1lYQK+vDGm54Z2oVcivsZ3/zQk5m5fTJ+MELj8884SQtV6mJwfBm2e
AUnQcQF8BE/BFkX8AKoaXw3rE5YhTgpsNC5gYUyTzNmDZL9SuO+E7CuibAniAyRq
cK0MSTWQfeMdpvU9V1rP6+MlFIo20v+GM89c0psg15wE+qjlchM4uYlW47txciJ4
+0SD/XOpOlH+NL3zI9R9NZpVkqP4uZt75lNEa9YOaAnTEgb4ULkdHlW2IQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLX8fzIZV4d4ElIkfNKO+gelu9PgMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvdGZ4X01obFhoM2dTVWlSODBvNzZCNlc3MC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWRdnMAwD
BABZF2sDBABZF2wwDQYJKoZIhvcNAQELBQADggEBAHyvcaVpTFafi4/PvqGiuP2+
ZsLUQ9ODz8aQdNJbe61zAt7banntHooEXBI2c9p+NxwfLe24lKkVsQ5eTVQM21AI
lVMVcId3qPjKJI8pkq0Y/gIhPLCjE92BYEhjl3+UXcnHe1qSrDbdSnT1pkrrCBHd
I1v3xiwT72G7f0i3baSwxskD2TVHPqim2u1lpBPjxEQeeFrC6UHt0ltXjTzk+sli
3xfkdrbA0a3b6ZmYAGXS5nj/u8JQnd1rR1pLBFxDjHX5/hlQo9FwBuB6mmEpU3OH
Y5PDxmkW3L/Mix9xo+agyvY3zJB3Wf2Eay/VcipuNyfQ7HhUlkP395xiSXpDQSY=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:23:35 2025 by rpki-client