Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/yorA7Ii2XLoHDe6hoFH01Vtm2yw.roa
File: yorA7Ii2XLoHDe6hoFH01Vtm2yw.roa (raw, json)
Hash identifier: PTeyQ9mkzLHJci1qfEQBXhLSYDc+0OGWVmJZLhw+PuY=
Subject key identifier: CA:8A:C0:EC:88:B6:5C:BA:07:0D:EE:A1:A0:51:F4:D5:5B:66:DB:2C
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018905F127D317F4257E83D33DF5DEF3B64E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/yorA7Ii2XLoHDe6hoFH01Vtm2yw.roa
Signing time: Thu 29 Jun 2023 06:57:17 +0000
ROA not before: Thu 29 Jun 2023 06:57:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.249.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.216.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:05:f1:27:d3:17:f4:25:7e:83:d3:3d:f5:de:f3:b6:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 29 06:57:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca8ac0ec88b65cba070deea1a051f4d55b66db2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:a0:15:31:d6:e8:35:84:66:a2:bc:97:b7:d4:
51:fa:4f:7f:20:83:55:84:71:d6:92:3b:21:ba:bb:
84:99:4c:92:9e:b0:34:f2:ae:a9:b3:6f:90:c1:9d:
83:82:23:27:07:b7:54:e4:50:27:09:6e:88:b2:15:
cb:1f:45:5a:ed:49:d9:35:27:8b:0e:5b:1b:ae:6c:
5a:95:61:cf:e5:b3:90:f6:84:4d:f1:93:5d:83:74:
8f:bf:44:13:17:e4:2e:16:55:95:74:a9:56:1a:52:
5b:f6:0b:81:4e:ce:79:81:f6:dd:01:19:b3:21:24:
d5:c1:10:79:cb:5e:3f:cc:46:4e:dc:2e:9b:66:af:
16:98:1f:c8:a9:53:57:7b:fe:42:06:a3:72:10:3f:
23:8b:da:9d:e7:34:38:5e:d9:27:95:fe:1f:f0:e6:
be:4c:db:dd:c9:32:8e:fd:60:e0:3e:96:ae:a7:e2:
c1:36:fa:e3:a5:a1:fd:d5:f7:6e:32:df:75:f2:06:
d2:eb:eb:10:72:7e:38:be:d6:5f:2b:81:b5:90:2e:
7d:98:fe:81:b3:4e:07:6d:46:38:42:79:7b:a7:a8:
df:16:b5:49:ff:b1:69:93:66:49:89:f9:be:c1:d1:
23:08:ba:8a:a7:13:78:5a:f0:8f:77:71:53:3a:29:
9b:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:8A:C0:EC:88:B6:5C:BA:07:0D:EE:A1:A0:51:F4:D5:5B:66:DB:2C
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/yorA7Ii2XLoHDe6hoFH01Vtm2yw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.211.0/24
88.209.216.0/24
88.209.249.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:32:53:34:27:b0:f6:74:a4:91:db:78:4e:86:fd:ce:6c:f9:
ad:fe:e5:01:7a:23:3f:ff:00:50:b1:d0:5a:cb:0f:7b:9b:2d:
66:97:6b:7e:f5:16:d2:1f:77:cc:52:18:ae:37:7d:9d:9a:14:
ca:33:fb:1c:63:68:b9:b4:8e:d1:50:43:2b:28:f1:e9:0c:d5:
25:f6:01:b3:b8:12:0c:0e:c5:24:b2:f1:76:71:d8:47:77:b7:
df:a8:60:97:c1:57:3e:17:2c:b9:c4:fc:f6:92:8b:84:79:7f:
b3:5a:14:23:62:45:3c:4d:9a:4b:7e:e9:19:dd:c9:c8:af:90:
a9:2e:de:f6:37:13:d2:12:2d:18:21:2f:a7:c1:84:53:89:39:
be:46:50:c2:16:05:df:65:6e:67:ac:05:c0:ab:6b:2f:53:35:
12:1c:db:c6:d2:03:0d:46:e9:ee:d8:7b:01:d7:a7:a2:fa:4b:
97:60:9c:19:cf:ae:6c:c5:da:e9:62:24:5b:f6:7c:5c:b6:60:
3e:d3:3f:8f:52:3c:db:4f:93:1f:e0:3f:81:5d:cb:1b:e0:02:
ce:6a:dd:58:9f:43:6d:35:74:13:f2:17:50:70:b8:d6:ae:74:
02:5b:41:c0:04:da:f5:58:6e:36:a1:8e:ad:b2:83:5c:8d:10:
0f:8f:2d:64
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYkF8SfTF/QlfoPTPfXe87ZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjI5MDY1NzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYThhYzBlYzg4YjY1Y2JhMDcwZGVlYTFhMDUxZjRkNTViNjZkYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqAVMdboNYRmoryXt9RR+k9/IINV
hHHWkjshuruEmUySnrA08q6ps2+QwZ2DgiMnB7dU5FAnCW6IshXLH0Va7UnZNSeL
DlsbrmxalWHP5bOQ9oRN8ZNdg3SPv0QTF+QuFlWVdKlWGlJb9guBTs55gfbdARmz
ISTVwRB5y14/zEZO3C6bZq8WmB/IqVNXe/5CBqNyED8ji9qd5zQ4Xtknlf4f8Oa+
TNvdyTKO/WDgPpaup+LBNvrjpaH91fduMt918gbS6+sQcn44vtZfK4G1kC59mP6B
s04HbUY4Qnl7p6jfFrVJ/7Fpk2ZJifm+wdEjCLqKpxN4WvCPd3FTOimb2wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMqKwOyItly6Bw3uoaBR9NVbZtssMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEveW9yQTdJaTJYTG9IRGU2aG9GSDAxVnRtMnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBWJc4AwQA
WNHTAwQAWNHYAwQAWNH5MA0GCSqGSIb3DQEBCwUAA4IBAQCMMlM0J7D2dKSR23hO
hv3ObPmt/uUBeiM//wBQsdBayw97my1ml2t+9RbSH3fMUhiuN32dmhTKM/scY2i5
tI7RUEMrKPHpDNUl9gGzuBIMDsUksvF2cdhHd7ffqGCXwVc+Fyy5xPz2kouEeX+z
WhQjYkU8TZpLfukZ3cnIr5CpLt72NxPSEi0YIS+nwYRTiTm+RlDCFgXfZW5nrAXA
q2svUzUSHNvG0gMNRunu2HsB16ei+kuXYJwZz65sxdrpYiRb9nxctmA+0z+PUjzb
T5Mf4D+BXcsb4ALOat1Yn0NtNXQT8hdQcLjWrnQCW0HABNr1WG42oY6tsoNcjRAP
jy1k
-----END CERTIFICATE-----
Generated at Sun May 11 22:26:21 2025 by rpki-client