Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/P4pRQQiu0_2e0VuQgOCYsBQUW0U.roa
File: P4pRQQiu0_2e0VuQgOCYsBQUW0U.roa (raw, json)
Hash identifier: FNXKOW1DdGU608FSAfwL2vTq80w/Ij/dQ3SjD0NBJ4g=
Subject key identifier: 3F:8A:51:41:08:AE:D3:FD:9E:D1:5B:90:80:E0:98:B0:14:14:5B:45
Certificate issuer: /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial: 01856F14B06609468EB3795FDC2A872AA181
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/P4pRQQiu0_2e0VuQgOCYsBQUW0U.roa
Signing time: Sun 01 Jan 2023 20:45:04 +0000
ROA not before: Sun 01 Jan 2023 20:45:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207875
IP address blocks: 192.109.248.0/24 maxlen: 24
192.109.253.0/24 maxlen: 24
192.109.250.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:14:b0:66:09:46:8e:b3:79:5f:dc:2a:87:2a:a1:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Validity
Not Before: Jan 1 20:45:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3f8a514108aed3fd9ed15b9080e098b014145b45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:1c:ae:37:60:de:da:f7:1b:e9:1b:69:05:50:
77:e2:45:26:02:02:ee:35:49:42:ac:d1:15:b5:bc:
fc:bc:3e:de:65:7d:6b:17:c2:4b:f8:76:83:67:a7:
37:c5:8c:71:e9:a7:06:1f:d2:0e:98:80:26:82:3b:
89:fd:38:d1:ea:da:96:b3:e2:03:77:ff:67:57:8f:
44:1d:e3:90:8a:67:90:21:cf:33:fd:97:93:92:c4:
63:75:d6:2f:f4:d7:73:fd:62:07:5d:f1:fa:cf:55:
2a:44:f9:62:a1:73:0b:0b:65:59:91:ea:c3:4b:bb:
52:76:ec:b1:1a:83:40:bb:2a:78:72:a7:96:4e:28:
be:31:35:8f:bd:0c:39:53:f3:af:32:03:56:7a:af:
9d:73:c6:a7:b0:0b:1c:05:87:d0:a6:68:58:33:29:
f1:e9:5c:85:67:fc:e6:ee:40:e1:b0:18:4b:cb:08:
34:cd:6d:5d:fd:05:7b:e9:4d:f9:04:22:8c:67:d4:
12:4a:7e:62:1a:7c:b2:f3:b8:3a:56:56:19:81:4b:
3b:91:54:c2:9b:2c:c6:fc:39:28:99:da:e9:f1:43:
4f:ca:87:80:51:e8:91:66:18:ee:83:2f:d2:7b:3a:
41:52:d3:83:7b:ee:0f:79:50:c9:56:fc:f0:45:26:
48:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:8A:51:41:08:AE:D3:FD:9E:D1:5B:90:80:E0:98:B0:14:14:5B:45
X509v3 Authority Key Identifier:
keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/P4pRQQiu0_2e0VuQgOCYsBQUW0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.109.248.0/24
192.109.250.0/24
192.109.253.0/24
Signature Algorithm: sha256WithRSAEncryption
13:01:9a:ec:97:9c:fd:9b:cd:b9:73:85:e9:d8:a0:0f:4c:8e:
78:98:0b:84:52:0b:c8:da:df:98:1d:a8:47:80:e8:59:db:89:
80:ee:2f:2d:be:fc:7f:ac:a5:31:5d:a6:9c:78:db:13:54:a5:
f7:89:4b:05:13:9b:59:f9:89:c3:09:c6:d8:cf:16:dd:bb:17:
4e:58:37:18:c1:b4:3d:f2:81:57:bd:ba:f6:b7:dc:55:a5:b0:
d7:ac:48:c7:16:b9:94:83:73:74:a7:45:32:bf:ac:ad:89:ae:
1a:44:20:79:ad:1b:d4:2c:3a:d0:a5:1b:b1:84:1a:10:f6:cb:
47:d1:8f:30:63:52:88:5c:5a:86:96:eb:73:ac:25:7c:1f:71:
ed:5d:aa:b1:38:9e:59:50:ea:cc:0c:f5:1c:84:35:9a:6e:66:
53:e3:31:25:21:23:30:4e:e3:0f:ab:28:23:b4:55:5b:82:d6:
58:38:42:30:cb:bb:fe:10:30:a2:e1:77:73:df:49:de:49:4d:
62:3f:1b:85:e6:63:d2:8e:25:5d:34:03:4d:da:cd:a1:2f:d0:
97:0d:34:2d:a0:f1:e8:f6:89:93:f4:84:19:08:f3:34:35:15:
f0:48:92:ff:44:1b:b0:fd:b0:95:4f:b3:3c:1e:ef:e2:b3:36:
38:95:4a:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVvFLBmCUaOs3lf3CqHKqGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjMwMTAxMjA0NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhhNTE0MTA4YWVkM2ZkOWVkMTViOTA4MGUwOThiMDE0MTQ1YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghyuN2De2vcb6RtpBVB34kUmAgLu
NUlCrNEVtbz8vD7eZX1rF8JL+HaDZ6c3xYxx6acGH9IOmIAmgjuJ/TjR6tqWs+ID
d/9nV49EHeOQimeQIc8z/ZeTksRjddYv9Ndz/WIHXfH6z1UqRPlioXMLC2VZkerD
S7tSduyxGoNAuyp4cqeWTii+MTWPvQw5U/OvMgNWeq+dc8ansAscBYfQpmhYMynx
6VyFZ/zm7kDhsBhLywg0zW1d/QV76U35BCKMZ9QSSn5iGnyy87g6VlYZgUs7kVTC
myzG/Dkomdrp8UNPyoeAUeiRZhjugy/SezpBUtODe+4PeVDJVvzwRSZIUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD+KUUEIrtP9ntFbkIDgmLAUFFtFMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvUDRwUlFRaXUwXzJlMFZ1UWdPQ1lzQlFVVzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwG34AwQA
wG36AwQAwG39MA0GCSqGSIb3DQEBCwUAA4IBAQATAZrsl5z9m825c4Xp2KAPTI54
mAuEUgvI2t+YHahHgOhZ24mA7i8tvvx/rKUxXaaceNsTVKX3iUsFE5tZ+YnDCcbY
zxbduxdOWDcYwbQ98oFXvbr2t9xVpbDXrEjHFrmUg3N0p0Uyv6ytia4aRCB5rRvU
LDrQpRuxhBoQ9stH0Y8wY1KIXFqGlutzrCV8H3HtXaqxOJ5ZUOrMDPUchDWabmZT
4zElISMwTuMPqygjtFVbgtZYOEIwy7v+EDCi4Xdz30neSU1iPxuF5mPSjiVdNANN
2s2hL9CXDTQtoPHo9omT9IQZCPM0NRXwSJL/RBuw/bCVT7M8Hu/iszY4lUo6
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:17:12 2025 by rpki-client