Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/edbf44-3732-44ff-a944-e21974a294ba/1/H3onsBqlaDdh-hi5ZYjBKEYGp1E.roa
File: H3onsBqlaDdh-hi5ZYjBKEYGp1E.roa (raw, json)
Hash identifier: UDfBQRosZ2sZhowZqPOG8v9RfsvaD/I3V7hw2l2UID0=
Subject key identifier: 1F:7A:27:B0:1A:A5:68:37:61:FA:18:B9:65:88:C1:28:46:06:A7:51
Certificate issuer: /CN=a1a2d637cb0accf8721f43e266ce213f8eddd26a
Certificate serial: 018571B0CD34023A1FC437C254195726F2D9
Authority key identifier: A1:A2:D6:37:CB:0A:CC:F8:72:1F:43:E2:66:CE:21:3F:8E:DD:D2:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oaLWN8sKzPhyH0PiZs4hP47d0mo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/edbf44-3732-44ff-a944-e21974a294ba/1/H3onsBqlaDdh-hi5ZYjBKEYGp1E.roa
Signing time: Mon 02 Jan 2023 08:54:50 +0000
ROA not before: Mon 02 Jan 2023 08:54:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209975
IP address blocks: 212.60.9.0/24 maxlen: 24
212.60.8.0/24 maxlen: 24
212.60.8.0/22 maxlen: 22
212.60.11.0/24 maxlen: 24
212.60.10.0/24 maxlen: 24
2a09:800::/35 maxlen: 35
2a09:800:2000::/35 maxlen: 35
2a09:800:4000::/35 maxlen: 35
2a09:800::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:b0:cd:34:02:3a:1f:c4:37:c2:54:19:57:26:f2:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a1a2d637cb0accf8721f43e266ce213f8eddd26a
Validity
Not Before: Jan 2 08:54:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1f7a27b01aa5683761fa18b96588c1284606a751
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:72:de:01:2a:cd:8b:9a:2a:14:86:5d:ad:a4:
5b:4f:19:29:a5:d4:d5:82:e6:3a:1b:b2:49:96:92:
68:35:50:ba:ea:1b:f4:a8:af:bf:77:3d:6e:08:31:
46:e4:21:4c:4d:9a:7a:a8:5e:72:29:9b:05:0b:9d:
ab:2e:0d:81:ee:d6:2c:a6:d7:94:83:33:e8:db:74:
82:e1:4e:81:a8:f5:06:65:7c:ac:dd:56:3d:b8:a5:
6e:9f:d7:ae:37:24:78:67:a8:0f:8d:cd:5b:2a:2f:
2d:e5:8a:d1:c7:d1:a0:44:63:d5:f9:74:01:1f:36:
6c:b9:bb:bf:d1:84:fc:ab:7d:19:bd:7d:24:9c:a7:
4b:f5:3f:28:07:78:03:44:e7:b5:77:ed:54:8e:a0:
5b:b3:b1:05:f6:a1:02:4e:89:6c:59:69:f6:ff:e0:
c1:f6:44:2a:32:ee:05:36:99:3a:ba:e5:34:a8:01:
0c:7e:4b:bb:f3:df:b0:ec:9b:80:16:cb:2f:78:c7:
f2:c6:b2:35:b7:c4:52:1d:e1:aa:28:ee:16:d5:ec:
0e:77:e2:9f:24:76:a0:89:52:91:1d:cc:d1:9c:ba:
41:54:92:57:64:e3:ca:37:15:f2:c7:5a:27:9b:b6:
5d:62:87:cc:ab:b4:c2:c3:a0:3b:ae:5e:57:ce:a8:
b5:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:7A:27:B0:1A:A5:68:37:61:FA:18:B9:65:88:C1:28:46:06:A7:51
X509v3 Authority Key Identifier:
keyid:A1:A2:D6:37:CB:0A:CC:F8:72:1F:43:E2:66:CE:21:3F:8E:DD:D2:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oaLWN8sKzPhyH0PiZs4hP47d0mo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/edbf44-3732-44ff-a944-e21974a294ba/1/H3onsBqlaDdh-hi5ZYjBKEYGp1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/edbf44-3732-44ff-a944-e21974a294ba/1/oaLWN8sKzPhyH0PiZs4hP47d0mo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.60.8.0/22
IPv6:
2a09:800::/29
Signature Algorithm: sha256WithRSAEncryption
3d:52:1e:49:f8:00:82:41:0a:bb:a7:2e:9c:d4:a8:fe:60:e7:
be:66:81:02:a8:25:47:01:e6:ec:6f:fa:69:ed:e1:f0:fc:ec:
49:16:89:37:e5:b6:1b:32:19:61:83:39:07:0c:0d:2f:39:48:
26:04:10:05:38:9d:b9:e9:0f:8c:c7:e1:95:ec:87:28:f5:37:
0f:99:a5:48:47:5b:23:23:4a:66:41:45:0e:66:50:6a:ef:79:
22:82:3a:97:b3:87:81:d9:c4:d6:90:9c:31:7e:00:3e:1c:da:
98:0b:d2:3f:52:eb:f3:bd:28:2c:d1:68:74:c4:37:8f:90:7d:
a0:de:ab:24:e7:f1:55:47:fc:df:1d:2c:91:f5:ff:28:5d:ce:
08:1e:b7:3e:96:5b:ce:b5:12:54:b7:b4:3c:99:de:8c:ff:7c:
31:c1:e5:b9:86:ce:0c:7e:c9:1d:1c:70:95:21:b5:07:c3:33:
43:3c:3e:54:be:77:b6:32:f6:dc:83:88:7a:2e:d4:8c:8d:ba:
86:ea:66:8a:dc:ff:4a:9c:a3:0a:4f:3a:af:46:1c:74:dd:82:
36:27:d0:a5:56:df:a2:22:9d:1c:ff:9e:fa:20:0d:9b:7b:46:
66:6a:df:2f:5a:b9:75:6f:23:ea:f6:54:60:e0:d4:63:75:9b:
5e:02:f2:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxsM00AjofxDfCVBlXJvLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYTJkNjM3Y2IwYWNjZjg3MjFmNDNlMjY2Y2UyMTNmOGVk
ZGQyNmEwHhcNMjMwMTAyMDg1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdhMjdiMDFhYTU2ODM3NjFmYTE4Yjk2NTg4YzEyODQ2MDZhNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3LeASrNi5oqFIZdraRbTxkppdTV
guY6G7JJlpJoNVC66hv0qK+/dz1uCDFG5CFMTZp6qF5yKZsFC52rLg2B7tYspteU
gzPo23SC4U6BqPUGZXys3VY9uKVun9euNyR4Z6gPjc1bKi8t5YrRx9GgRGPV+XQB
HzZsubu/0YT8q30ZvX0knKdL9T8oB3gDROe1d+1UjqBbs7EF9qECTolsWWn2/+DB
9kQqMu4FNpk6uuU0qAEMfku789+w7JuAFssveMfyxrI1t8RSHeGqKO4W1ewOd+Kf
JHagiVKRHczRnLpBVJJXZOPKNxXyx1onm7ZdYofMq7TCw6A7rl5Xzqi1OQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB96J7AapWg3YfoYuWWIwShGBqdRMB8GA1UdIwQY
MBaAFKGi1jfLCsz4ch9D4mbOIT+O3dJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2FMV044c0t6UGh5SDBQaVpzNGhQNDdkMG1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9lZGJmNDQtMzczMi00NGZmLWE5NDQt
ZTIxOTc0YTI5NGJhLzEvSDNvbnNCcWxhRGRoLWhpNVpZakJLRVlHcDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9lZGJmNDQtMzczMi00NGZmLWE5NDQtZTIxOTc0YTI5NGJh
LzEvb2FMV044c0t6UGh5SDBQaVpzNGhQNDdkMG1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1DwIMA0E
AgACMAcDBQMqCQgAMA0GCSqGSIb3DQEBCwUAA4IBAQA9Uh5J+ACCQQq7py6c1Kj+
YOe+ZoECqCVHAebsb/pp7eHw/OxJFok35bYbMhlhgzkHDA0vOUgmBBAFOJ256Q+M
x+GV7Ico9TcPmaVIR1sjI0pmQUUOZlBq73kigjqXs4eB2cTWkJwxfgA+HNqYC9I/
UuvzvSgs0Wh0xDePkH2g3qsk5/FVR/zfHSyR9f8oXc4IHrc+llvOtRJUt7Q8md6M
/3wxweW5hs4MfskdHHCVIbUHwzNDPD5Uvne2Mvbcg4h6LtSMjbqG6maK3P9KnKMK
TzqvRhx03YI2J9ClVt+iIp0c/576IA2be0Zmat8vWrl1byPq9lRg4NRjdZteAvLF
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:12:31 2025 by rpki-client