Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/XUuY3fhBjVPz4qOznrzKbas4eKc.roa
File: XUuY3fhBjVPz4qOznrzKbas4eKc.roa (raw, json)
Hash identifier: BgrSqyi/slmlu//7LeAdeBO2coeJomRKLJASU3UpKD0=
Subject key identifier: 5D:4B:98:DD:F8:41:8D:53:F3:E2:A3:B3:9E:BC:CA:6D:AB:38:78:A7
Certificate issuer: /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial: 018A6FE63C6CAC08198C541AA7824FA9E575
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/XUuY3fhBjVPz4qOznrzKbas4eKc.roa
Signing time: Thu 07 Sep 2023 13:47:54 +0000
ROA not before: Thu 07 Sep 2023 13:47:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207875
IP address blocks: 195.211.160.0/22 maxlen: 22
192.109.248.0/24 maxlen: 24
192.109.253.0/24 maxlen: 24
192.109.250.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:6f:e6:3c:6c:ac:08:19:8c:54:1a:a7:82:4f:a9:e5:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Validity
Not Before: Sep 7 13:47:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d4b98ddf8418d53f3e2a3b39ebcca6dab3878a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ed:6f:f4:e0:e0:d8:30:eb:a5:e2:ca:ea:c3:
5d:21:1b:c0:7e:b8:42:fc:8f:19:5c:e6:f1:6c:ed:
ac:31:ed:91:1b:0b:00:fa:f4:f3:0d:7c:8a:d0:f5:
23:e9:57:61:d0:81:f1:5c:28:3e:37:29:b6:b9:94:
a3:b2:07:5c:0d:d4:10:c7:ec:eb:7a:c1:7c:8b:59:
fc:77:e9:b1:9d:e7:d2:69:36:b1:28:37:08:33:25:
59:f4:f2:db:77:36:e4:27:d8:19:aa:49:e0:96:04:
3b:f9:97:d7:10:20:36:9e:ab:90:9c:78:91:ce:d4:
f7:df:f1:03:04:29:47:df:a8:61:d1:94:86:f6:68:
d8:9d:01:0c:a6:cb:d8:d3:be:23:11:36:3d:a1:84:
db:15:71:b1:ad:33:2d:04:1d:ee:39:8c:89:1b:ec:
8a:ef:0e:aa:d7:26:14:6c:c1:cc:15:e1:bf:2b:5e:
c3:c1:03:b6:a5:78:f7:cb:d8:37:ac:25:3e:72:a0:
e5:da:79:98:cf:52:09:05:54:ea:e0:ca:11:66:ae:
96:a8:24:eb:20:e1:cc:7f:25:34:d7:62:27:29:f1:
12:53:c0:b0:ec:73:7c:a8:a5:e6:44:d9:9c:b1:a5:
5f:38:b0:e7:b6:2f:fa:01:25:c5:03:dd:d4:cf:71:
d4:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:4B:98:DD:F8:41:8D:53:F3:E2:A3:B3:9E:BC:CA:6D:AB:38:78:A7
X509v3 Authority Key Identifier:
keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/XUuY3fhBjVPz4qOznrzKbas4eKc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.109.248.0/24
192.109.250.0/24
192.109.253.0/24
195.211.160.0/22
Signature Algorithm: sha256WithRSAEncryption
46:8a:33:cb:a8:b1:bf:d5:fe:f6:16:2e:ba:a3:d7:c1:f3:bf:
eb:4f:00:92:aa:90:8d:5c:47:7c:8f:72:30:97:f4:05:64:8b:
ab:9b:1f:78:8f:6c:05:9e:93:ac:f2:b7:da:8a:de:3f:ee:31:
1d:a4:9a:38:3b:92:22:2c:8d:e7:ce:1c:e2:ac:e2:66:88:e3:
06:67:68:b1:58:f3:90:00:ae:a0:7f:3f:dd:5a:79:19:2f:77:
e5:07:7b:02:5b:34:69:3b:01:15:1d:6e:7e:05:6c:32:ac:6d:
4b:fc:a3:d5:3a:e7:f5:3f:74:ed:51:0c:ce:db:2d:69:a2:68:
50:cc:d4:6e:d9:92:9c:3a:32:85:69:db:49:ef:4e:a1:2b:82:
c2:cd:d7:3f:6f:d3:dd:7e:2d:df:b8:41:ef:52:76:a8:16:e7:
4a:48:4b:4d:81:61:9a:f9:4f:2c:5e:09:b8:85:0c:33:d3:73:
ff:48:31:cf:62:1a:19:9d:a0:8b:6a:90:88:2c:59:58:c1:9a:
36:0e:f7:56:62:76:26:e9:81:25:df:4a:70:a4:66:3e:00:9d:
4d:4a:60:5b:0d:f7:2a:25:32:70:55:45:20:54:24:b1:e6:6f:
f7:13:e1:fc:f7:93:50:6b:0c:b6:d0:d9:2b:ce:11:87:15:ed:
4b:06:21:c3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYpv5jxsrAgZjFQap4JPqeV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjMwOTA3MTM0NzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDRiOThkZGY4NDE4ZDUzZjNlMmEzYjM5ZWJjY2E2ZGFiMzg3OGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu1v9ODg2DDrpeLK6sNdIRvAfrhC
/I8ZXObxbO2sMe2RGwsA+vTzDXyK0PUj6Vdh0IHxXCg+Nym2uZSjsgdcDdQQx+zr
esF8i1n8d+mxnefSaTaxKDcIMyVZ9PLbdzbkJ9gZqknglgQ7+ZfXECA2nquQnHiR
ztT33/EDBClH36hh0ZSG9mjYnQEMpsvY074jETY9oYTbFXGxrTMtBB3uOYyJG+yK
7w6q1yYUbMHMFeG/K17DwQO2pXj3y9g3rCU+cqDl2nmYz1IJBVTq4MoRZq6WqCTr
IOHMfyU012InKfESU8Cw7HN8qKXmRNmcsaVfOLDnti/6ASXFA93Uz3HU/QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF1LmN34QY1T8+Kjs568ym2rOHinMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvWFV1WTNmaEJqVlB6NHFPem5yektiYXM0ZUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwG34AwQA
wG36AwQAwG39AwQCw9OgMA0GCSqGSIb3DQEBCwUAA4IBAQBGijPLqLG/1f72Fi66
o9fB87/rTwCSqpCNXEd8j3Iwl/QFZIurmx94j2wFnpOs8rfait4/7jEdpJo4O5Ii
LI3nzhzirOJmiOMGZ2ixWPOQAK6gfz/dWnkZL3flB3sCWzRpOwEVHW5+BWwyrG1L
/KPVOuf1P3TtUQzO2y1pomhQzNRu2ZKcOjKFadtJ706hK4LCzdc/b9Pdfi3fuEHv
UnaoFudKSEtNgWGa+U8sXgm4hQwz03P/SDHPYhoZnaCLapCILFlYwZo2DvdWYnYm
6YEl30pwpGY+AJ1NSmBbDfcqJTJwVUUgVCSx5m/3E+H895NQawy20NkrzhGHFe1L
BiHD
-----END CERTIFICATE-----
Generated at Tue May 13 13:31:28 2025 by rpki-client