Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/zROaK9Hb8-ffBkoWnkGZKFlGI3w.roa
File: zROaK9Hb8-ffBkoWnkGZKFlGI3w.roa (raw, json)
Hash identifier: VbJLRPUx3FDEobuGfmPsWarO5xyftS7tYJy8/0Jg8RA=
Subject key identifier: CD:13:9A:2B:D1:DB:F3:E7:DF:06:4A:16:9E:41:99:28:59:46:23:7C
Certificate issuer: /CN=a16b0d8ab49436550b6abf45b79035aec6aff23c
Certificate serial: 0189F83D35482AF4BF4DD3AC65217883918B
Authority key identifier: A1:6B:0D:8A:B4:94:36:55:0B:6A:BF:45:B7:90:35:AE:C6:AF:F2:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oWsNirSUNlULar9Ft5A1rsav8jw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/zROaK9Hb8-ffBkoWnkGZKFlGI3w.roa
Signing time: Tue 15 Aug 2023 08:08:28 +0000
ROA not before: Tue 15 Aug 2023 08:08:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20836
IP address blocks: 95.157.96.0/19 maxlen: 24
217.171.32.0/20 maxlen: 24
95.157.64.0/19 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:f8:3d:35:48:2a:f4:bf:4d:d3:ac:65:21:78:83:91:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a16b0d8ab49436550b6abf45b79035aec6aff23c
Validity
Not Before: Aug 15 08:08:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cd139a2bd1dbf3e7df064a169e4199285946237c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:be:8c:94:fd:c0:e5:aa:7d:8a:87:8a:7d:5e:
4f:4f:2c:71:f0:06:b5:21:4d:c6:c9:36:56:59:de:
05:c0:1f:78:a4:ad:36:4b:ec:75:cf:0d:96:25:fc:
f0:01:16:12:c9:1c:bb:19:2d:46:dd:9e:87:ed:59:
15:02:f6:33:37:9e:9b:4a:c6:fe:90:a6:27:0d:fa:
fd:0f:74:7a:7b:3e:45:ec:1f:b0:ac:ec:60:01:bd:
4b:af:31:41:45:ee:7b:8c:cd:54:8f:e2:a7:94:2e:
26:3a:e8:a2:2a:b8:2e:42:5d:99:7e:f7:7f:eb:11:
b0:9d:e5:b6:4d:d0:05:d6:93:09:f0:96:76:36:5e:
74:a1:9c:6e:92:db:3c:f3:7d:52:28:e5:b7:6f:85:
2d:6d:d1:25:69:b6:68:13:f5:cb:ba:9f:03:c0:6b:
bb:33:89:63:57:99:b9:ee:b1:a2:12:28:4f:6f:b3:
65:5b:52:54:dd:24:a5:1d:47:72:5d:d7:44:90:22:
36:54:83:c0:f5:16:5f:ca:fc:ab:2a:98:71:27:17:
2c:eb:92:cc:52:ac:ee:00:bf:d5:16:5b:50:57:c8:
23:24:11:a2:44:6a:e6:21:f0:af:13:0e:49:df:b9:
fc:2b:57:a6:20:56:88:90:37:40:f4:35:2f:1b:3b:
4d:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:13:9A:2B:D1:DB:F3:E7:DF:06:4A:16:9E:41:99:28:59:46:23:7C
X509v3 Authority Key Identifier:
keyid:A1:6B:0D:8A:B4:94:36:55:0B:6A:BF:45:B7:90:35:AE:C6:AF:F2:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWsNirSUNlULar9Ft5A1rsav8jw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/zROaK9Hb8-ffBkoWnkGZKFlGI3w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/oWsNirSUNlULar9Ft5A1rsav8jw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.157.64.0/18
217.171.32.0/20
Signature Algorithm: sha256WithRSAEncryption
8b:b4:2d:a2:81:e4:48:d8:2c:06:af:b9:49:f5:fc:b4:f6:2a:
8e:f0:c6:f3:63:02:85:ad:07:cc:f2:fa:30:09:31:72:70:8a:
92:3b:3b:1b:11:c6:52:ee:dc:8e:b8:8c:cc:73:5d:14:db:5f:
01:20:32:37:ab:10:93:07:97:cf:31:8d:e3:90:11:d7:0d:2e:
d5:a1:40:ae:71:0a:87:a5:a7:e5:11:b2:72:13:ef:06:a4:97:
5f:15:c4:d9:86:08:58:e7:a9:0c:9d:6f:54:63:e2:8a:7b:68:
a0:bf:b9:15:e1:41:56:f0:be:db:cf:74:25:b5:10:59:52:7e:
5e:33:54:fa:8d:7f:6f:ed:eb:db:8b:bc:9e:48:f9:29:47:2b:
81:8f:2a:3c:2c:23:a5:f7:70:a6:3b:c6:67:27:d2:33:29:17:
75:9b:87:85:2b:81:0d:8a:8a:8b:2f:40:a6:38:c2:c1:6a:2f:
c8:7e:5a:f5:85:8d:23:f2:94:95:83:34:6d:9b:11:35:b3:81:
22:25:a9:ec:cd:fd:7b:72:20:3b:79:a5:7d:4e:2b:e1:44:c3:
8d:8f:8b:cc:e4:ad:ca:54:18:d6:6c:84:1a:f9:41:3b:8f:1a:
f4:50:56:3c:53:a1:c8:67:30:fc:9a:4e:40:b4:40:de:a6:ea:
14:97:d0:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYn4PTVIKvS/TdOsZSF4g5GLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNmIwZDhhYjQ5NDM2NTUwYjZhYmY0NWI3OTAzNWFlYzZh
ZmYyM2MwHhcNMjMwODE1MDgwODI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDEzOWEyYmQxZGJmM2U3ZGYwNjRhMTY5ZTQxOTkyODU5NDYyMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgL6MlP3A5ap9ioeKfV5PTyxx8Aa1
IU3GyTZWWd4FwB94pK02S+x1zw2WJfzwARYSyRy7GS1G3Z6H7VkVAvYzN56bSsb+
kKYnDfr9D3R6ez5F7B+wrOxgAb1LrzFBRe57jM1Uj+KnlC4mOuiiKrguQl2Zfvd/
6xGwneW2TdAF1pMJ8JZ2Nl50oZxukts8831SKOW3b4UtbdElabZoE/XLup8DwGu7
M4ljV5m57rGiEihPb7NlW1JU3SSlHUdyXddEkCI2VIPA9RZfyvyrKphxJxcs65LM
UqzuAL/VFltQV8gjJBGiRGrmIfCvEw5J37n8K1emIFaIkDdA9DUvGztNiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM0TmivR2/Pn3wZKFp5BmShZRiN8MB8GA1UdIwQY
MBaAFKFrDYq0lDZVC2q/RbeQNa7Gr/I8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dzTmlyU1VObFVMYXI5RnQ1QTFyc2F2OGp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81ZjQ1MTgtODJlOS00MjkyLWE1NGUt
MTVjYzlkYzdiZDg3LzEvelJPYUs5SGI4LWZmQmtvV25rR1pLRmxHSTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81ZjQ1MTgtODJlOS00MjkyLWE1NGUtMTVjYzlkYzdiZDg3
LzEvb1dzTmlyU1VObFVMYXI5RnQ1QTFyc2F2OGp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGX51AAwQE
2asgMA0GCSqGSIb3DQEBCwUAA4IBAQCLtC2igeRI2CwGr7lJ9fy09iqO8MbzYwKF
rQfM8vowCTFycIqSOzsbEcZS7tyOuIzMc10U218BIDI3qxCTB5fPMY3jkBHXDS7V
oUCucQqHpaflEbJyE+8GpJdfFcTZhghY56kMnW9UY+KKe2igv7kV4UFW8L7bz3Ql
tRBZUn5eM1T6jX9v7evbi7yeSPkpRyuBjyo8LCOl93CmO8ZnJ9IzKRd1m4eFK4EN
ioqLL0CmOMLBai/Iflr1hY0j8pSVgzRtmxE1s4EiJanszf17ciA7eaV9TivhRMON
j4vM5K3KVBjWbIQa+UE7jxr0UFY8U6HIZzD8mk5AtEDepuoUl9Ca
-----END CERTIFICATE-----
Generated at Tue Apr 29 12:50:10 2025 by rpki-client