Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/HqghMm34jw_ZZ1ozNym79Gqmc-A.roa
File: HqghMm34jw_ZZ1ozNym79Gqmc-A.roa (raw, json)
Hash identifier: 7nJVYzlYhi8jBO7aTUnvXl77RF71it6EGzGvn52SoXk=
Subject key identifier: 1E:A8:21:32:6D:F8:8F:0F:D9:67:5A:33:37:29:BB:F4:6A:A6:73:E0
Certificate issuer: /CN=c7908f53e4517dce4c74ca2e30982788910c4033
Certificate serial: 0185736851F8F696C2B8466C726CA145481F
Authority key identifier: C7:90:8F:53:E4:51:7D:CE:4C:74:CA:2E:30:98:27:88:91:0C:40:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x5CPU-RRfc5MdMouMJgniJEMQDM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/HqghMm34jw_ZZ1ozNym79Gqmc-A.roa
Signing time: Mon 02 Jan 2023 16:54:54 +0000
ROA not before: Mon 02 Jan 2023 16:54:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52164
IP address blocks: 193.238.86.0/24 maxlen: 24
2a11:280::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:68:51:f8:f6:96:c2:b8:46:6c:72:6c:a1:45:48:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7908f53e4517dce4c74ca2e30982788910c4033
Validity
Not Before: Jan 2 16:54:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1ea821326df88f0fd9675a333729bbf46aa673e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:5c:ec:8c:e5:14:ef:68:b8:2f:28:9f:a1:07:
ae:35:16:5a:1e:f3:80:cc:7f:7b:c6:21:be:a5:87:
31:ba:dd:8b:f4:6d:70:f1:66:d3:4b:ca:ac:a1:41:
32:95:e1:d3:ef:2d:ae:db:92:8c:14:a9:e1:10:45:
fc:0e:30:31:a7:aa:0f:79:35:5a:6d:ae:6d:84:e2:
b5:5c:97:b8:b9:61:cb:18:91:3b:b4:c6:cc:06:ee:
6f:21:6f:00:0a:2b:a5:3b:2c:e3:4d:2a:2b:96:a7:
d2:bd:7c:c8:76:aa:74:0a:ca:05:e9:bc:66:ef:4e:
e2:d3:c5:14:88:7d:b4:9d:d8:a3:38:5a:c7:7f:54:
da:6f:a1:b0:66:59:7e:7f:7c:af:ba:11:ca:3d:f3:
d4:4d:0a:1d:d3:68:11:9a:d9:88:0d:f1:ca:63:f3:
00:22:a0:0d:78:e3:40:09:76:1f:fb:75:c5:36:bd:
ba:f2:7c:0f:2c:2c:e9:cc:da:eb:f3:a1:ee:0a:4f:
ce:a2:1d:45:62:11:a8:b2:c7:6b:4e:c8:d2:d5:6b:
f2:56:83:79:f5:48:64:62:6e:62:26:a1:98:f4:50:
0f:a0:23:0e:7b:af:01:22:4b:9a:07:b0:ef:96:7c:
d9:0d:fd:4c:ec:a1:ee:b2:7d:69:51:b8:87:9b:f3:
bf:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:A8:21:32:6D:F8:8F:0F:D9:67:5A:33:37:29:BB:F4:6A:A6:73:E0
X509v3 Authority Key Identifier:
keyid:C7:90:8F:53:E4:51:7D:CE:4C:74:CA:2E:30:98:27:88:91:0C:40:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5CPU-RRfc5MdMouMJgniJEMQDM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/HqghMm34jw_ZZ1ozNym79Gqmc-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/x5CPU-RRfc5MdMouMJgniJEMQDM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.238.86.0/24
IPv6:
2a11:280::/29
Signature Algorithm: sha256WithRSAEncryption
46:6b:ae:d4:ca:b8:65:44:1d:cd:2a:70:b9:61:63:89:ca:08:
cf:82:9e:44:06:c0:66:12:df:a3:63:ee:1d:3a:15:57:6e:ae:
b0:e2:64:b4:5d:ec:c0:e7:19:92:27:c8:dc:55:4d:68:6a:f4:
dc:00:de:f2:3f:73:44:18:af:3d:cc:a0:0a:20:b1:b3:d3:eb:
b2:7f:52:ce:2a:57:bd:70:99:e1:09:9c:95:13:2c:37:fd:fc:
2f:28:53:bd:85:8e:82:b5:24:ab:c0:d2:8a:b6:89:ad:7b:55:
86:f6:82:27:4e:e5:c4:72:5d:b3:1f:29:d8:e3:c6:f2:ef:b4:
37:29:f6:56:f9:03:29:f5:eb:37:7a:c9:b1:a8:7d:29:0a:0b:
45:fc:df:e0:ee:2c:b0:fc:af:a4:17:8c:9c:7a:59:3b:e8:51:
07:c8:52:61:62:be:a0:65:e9:8e:f9:b8:f4:12:79:af:75:52:
58:08:ed:46:f3:ad:18:fe:bf:f9:d3:bd:c5:a3:43:a4:ae:a3:
63:df:fd:d1:16:66:af:ca:38:ce:7b:21:bd:c9:67:86:9d:b4:
ff:93:d6:d2:1f:9c:c1:6c:cf:44:d9:0f:d0:5f:b0:2d:07:ca:
a0:2e:0a:b1:c7:9d:dc:82:4e:3a:e4:13:35:a0:00:a1:58:bf:
3b:c9:74:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVzaFH49pbCuEZscmyhRUgfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTA4ZjUzZTQ1MTdkY2U0Yzc0Y2EyZTMwOTgyNzg4OTEw
YzQwMzMwHhcNMjMwMTAyMTY1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWE4MjEzMjZkZjg4ZjBmZDk2NzVhMzMzNzI5YmJmNDZhYTY3M2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolzsjOUU72i4LyifoQeuNRZaHvOA
zH97xiG+pYcxut2L9G1w8WbTS8qsoUEyleHT7y2u25KMFKnhEEX8DjAxp6oPeTVa
ba5thOK1XJe4uWHLGJE7tMbMBu5vIW8ACiulOyzjTSorlqfSvXzIdqp0CsoF6bxm
707i08UUiH20ndijOFrHf1Tab6GwZll+f3yvuhHKPfPUTQod02gRmtmIDfHKY/MA
IqANeONACXYf+3XFNr268nwPLCzpzNrr86HuCk/Ooh1FYhGossdrTsjS1WvyVoN5
9UhkYm5iJqGY9FAPoCMOe68BIkuaB7DvlnzZDf1M7KHusn1pUbiHm/O/uwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB6oITJt+I8P2WdaMzcpu/RqpnPgMB8GA1UdIwQY
MBaAFMeQj1PkUX3OTHTKLjCYJ4iRDEAzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVDUFUtUlJmYzVNZE1vdU1KZ25pSkVNUURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9lNDI1ZDgtZjc4Ny00ZjI0LWJhMmIt
MjhmZTY2MTQ0OTgxLzEvSHFnaE1tMzRqd19aWjFvek55bTc5R3FtYy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9lNDI1ZDgtZjc4Ny00ZjI0LWJhMmItMjhmZTY2MTQ0OTgx
LzEveDVDUFUtUlJmYzVNZE1vdU1KZ25pSkVNUURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwe5WMA0E
AgACMAcDBQMqEQKAMA0GCSqGSIb3DQEBCwUAA4IBAQBGa67UyrhlRB3NKnC5YWOJ
ygjPgp5EBsBmEt+jY+4dOhVXbq6w4mS0XezA5xmSJ8jcVU1oavTcAN7yP3NEGK89
zKAKILGz0+uyf1LOKle9cJnhCZyVEyw3/fwvKFO9hY6CtSSrwNKKtomte1WG9oIn
TuXEcl2zHynY48by77Q3KfZW+QMp9es3esmxqH0pCgtF/N/g7iyw/K+kF4ycelk7
6FEHyFJhYr6gZemO+bj0EnmvdVJYCO1G860Y/r/5073Fo0OkrqNj3/3RFmavyjjO
eyG9yWeGnbT/k9bSH5zBbM9E2Q/QX7AtB8qgLgqxx53cgk465BM1oAChWL87yXRi
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:22:30 2025 by rpki-client