Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/u3y8t9K7xsn-waaSm6daGA6rg7g.roa
File: u3y8t9K7xsn-waaSm6daGA6rg7g.roa (raw, json)
Hash identifier: OBcQFUX/f0S6hJVTTWaKWLkWhG9oqtNjOU6fEOTC9u8=
Subject key identifier: BB:7C:BC:B7:D2:BB:C6:C9:FE:C1:A6:92:9B:A7:5A:18:0E:AB:83:B8
Certificate issuer: /CN=8bdea2d4ab1380f0a3b7fe7d4fa7828e1c943558
Certificate serial: 0185720C47BCBF0BD48DACCDA1848C4A1151
Authority key identifier: 8B:DE:A2:D4:AB:13:80:F0:A3:B7:FE:7D:4F:A7:82:8E:1C:94:35:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i96i1KsTgPCjt_59T6eCjhyUNVg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/u3y8t9K7xsn-waaSm6daGA6rg7g.roa
Signing time: Mon 02 Jan 2023 10:34:45 +0000
ROA not before: Mon 02 Jan 2023 10:34:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43824
IP address blocks: 185.252.102.0/24 maxlen: 24
185.252.101.0/24 maxlen: 24
185.252.100.0/24 maxlen: 24
185.252.103.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:0c:47:bc:bf:0b:d4:8d:ac:cd:a1:84:8c:4a:11:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bdea2d4ab1380f0a3b7fe7d4fa7828e1c943558
Validity
Not Before: Jan 2 10:34:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bb7cbcb7d2bbc6c9fec1a6929ba75a180eab83b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:66:9c:e3:22:d2:d8:0e:ba:0c:ea:c9:63:d4:
c0:aa:3f:bf:11:1a:fb:93:4b:f7:c7:0b:bc:14:cf:
e0:36:ec:71:a6:93:d1:b7:ba:12:ee:a5:34:5e:16:
f5:7c:50:a8:a3:9b:34:2c:28:71:95:50:23:31:b3:
f4:7a:59:02:b9:9a:57:e4:81:aa:53:23:81:69:93:
59:4c:05:27:7e:0b:d5:b0:03:1f:f3:58:31:00:51:
c2:97:a8:45:eb:8d:b2:03:d3:b1:6d:42:e8:46:f4:
98:62:30:67:b8:4a:c2:14:f6:3b:e6:0c:53:0d:b4:
88:c7:88:73:d7:33:99:9e:bd:3c:b1:bd:06:c9:7c:
16:9c:b0:8d:96:56:5a:be:53:2e:43:5f:12:17:37:
ef:48:59:4d:89:ab:2a:1c:9b:11:2e:f4:55:d5:0e:
f2:49:7f:8f:b4:dd:13:96:1b:7e:2f:8b:82:c8:05:
90:49:d3:cd:81:27:93:97:6b:16:cd:37:c1:7c:a9:
50:38:c4:50:ff:1e:39:ec:e8:23:4b:79:68:51:be:
43:69:c6:15:a5:2f:71:35:d6:ed:c5:9c:81:4f:80:
50:a9:1c:01:0f:22:4f:6c:cf:4a:9c:3f:05:55:31:
1f:b5:3f:0f:c0:1f:ef:28:ff:c6:e5:ea:46:d6:69:
82:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:7C:BC:B7:D2:BB:C6:C9:FE:C1:A6:92:9B:A7:5A:18:0E:AB:83:B8
X509v3 Authority Key Identifier:
keyid:8B:DE:A2:D4:AB:13:80:F0:A3:B7:FE:7D:4F:A7:82:8E:1C:94:35:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i96i1KsTgPCjt_59T6eCjhyUNVg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/u3y8t9K7xsn-waaSm6daGA6rg7g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/i96i1KsTgPCjt_59T6eCjhyUNVg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.252.100.0/22
Signature Algorithm: sha256WithRSAEncryption
2b:89:3a:f9:3b:fc:05:aa:5e:4e:c4:77:c5:55:4a:d6:06:23:
c6:6c:17:5d:6b:b6:32:a7:8c:84:15:c2:67:cb:2b:4d:34:59:
d3:7e:c8:41:0f:21:3e:70:5a:43:96:4f:d8:b0:38:b7:8b:c4:
72:19:b8:63:d3:20:7d:31:39:d5:9f:e2:d7:a4:ad:f1:36:ac:
be:95:ea:03:45:1e:e0:36:41:ee:b3:1b:09:a7:b3:57:1d:9a:
71:b0:48:0f:2e:55:94:85:bd:bb:9b:58:e5:ee:09:68:72:07:
2b:c1:22:f7:06:b9:fa:25:67:d3:49:60:50:89:4c:d2:ee:0e:
af:32:45:97:31:3a:d1:c8:33:da:19:0d:bc:c3:2a:0f:7e:c1:
30:8b:65:5c:7a:3e:45:6f:6a:a2:77:41:21:3f:04:ef:8f:1e:
f9:30:15:23:50:af:b2:5e:33:ba:71:4b:c0:43:23:9d:38:7b:
3a:e9:f1:2a:ef:2b:ec:71:83:bb:07:fa:b3:7f:45:4f:96:00:
82:e6:e8:86:a5:a7:6a:0c:58:95:9f:bb:09:06:b1:71:57:7e:
9a:6b:5b:ff:64:a1:1f:7c:cf:66:77:e2:19:34:c7:7e:fd:82:
9c:71:be:24:b5:e8:6d:3c:d7:8b:45:86:28:b6:10:35:9b:cb:
e0:ba:3b:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVyDEe8vwvUjazNoYSMShFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGVhMmQ0YWIxMzgwZjBhM2I3ZmU3ZDRmYTc4MjhlMWM5
NDM1NTgwHhcNMjMwMTAyMTAzNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjdjYmNiN2QyYmJjNmM5ZmVjMWE2OTI5YmE3NWExODBlYWI4M2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2ac4yLS2A66DOrJY9TAqj+/ERr7
k0v3xwu8FM/gNuxxppPRt7oS7qU0Xhb1fFCoo5s0LChxlVAjMbP0elkCuZpX5IGq
UyOBaZNZTAUnfgvVsAMf81gxAFHCl6hF642yA9OxbULoRvSYYjBnuErCFPY75gxT
DbSIx4hz1zOZnr08sb0GyXwWnLCNllZavlMuQ18SFzfvSFlNiasqHJsRLvRV1Q7y
SX+PtN0Tlht+L4uCyAWQSdPNgSeTl2sWzTfBfKlQOMRQ/x457OgjS3loUb5DacYV
pS9xNdbtxZyBT4BQqRwBDyJPbM9KnD8FVTEftT8PwB/vKP/G5epG1mmC+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLt8vLfSu8bJ/sGmkpunWhgOq4O4MB8GA1UdIwQY
MBaAFIveotSrE4Dwo7f+fU+ngo4clDVYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk2aTFLc1RnUENqdF81OVQ2ZUNqaHlVTlZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9jNjdkOTAtZDMwNC00ODFiLThhNjQt
MWUzMjZkZWJhNGQwLzEvdTN5OHQ5Szd4c24td2FhU202ZGFHQTZyZzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9jNjdkOTAtZDMwNC00ODFiLThhNjQtMWUzMjZkZWJhNGQw
LzEvaTk2aTFLc1RnUENqdF81OVQ2ZUNqaHlVTlZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufxkMA0G
CSqGSIb3DQEBCwUAA4IBAQAriTr5O/wFql5OxHfFVUrWBiPGbBdda7Yyp4yEFcJn
yytNNFnTfshBDyE+cFpDlk/YsDi3i8RyGbhj0yB9MTnVn+LXpK3xNqy+leoDRR7g
NkHusxsJp7NXHZpxsEgPLlWUhb27m1jl7glocgcrwSL3Brn6JWfTSWBQiUzS7g6v
MkWXMTrRyDPaGQ28wyoPfsEwi2Vcej5Fb2qid0EhPwTvjx75MBUjUK+yXjO6cUvA
QyOdOHs66fEq7yvscYO7B/qzf0VPlgCC5uiGpadqDFiVn7sJBrFxV36aa1v/ZKEf
fM9md+IZNMd+/YKccb4ktehtPNeLRYYothA1m8vgujuR
-----END CERTIFICATE-----
Generated at Mon Apr 28 10:51:13 2025 by rpki-client