Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/EjaPI0xEHnZsMY5WTPwHd2pMfqs.roa
File: EjaPI0xEHnZsMY5WTPwHd2pMfqs.roa (raw, json)
Hash identifier: qQacYV3Yy+XFsb3abo+CGuvbrUVHXYmNCpv1Bb3hdp4=
Subject key identifier: 12:36:8F:23:4C:44:1E:76:6C:31:8E:56:4C:FC:07:77:6A:4C:7E:AB
Certificate issuer: /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial: 01856CCB0A65F6FFFDF911902378A2FD33E6
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/EjaPI0xEHnZsMY5WTPwHd2pMfqs.roa
Signing time: Sun 01 Jan 2023 10:05:23 +0000
ROA not before: Sun 01 Jan 2023 10:05:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39835
IP address blocks: 81.20.112.0/20 maxlen: 20
5.34.224.0/21 maxlen: 21
188.74.32.0/22 maxlen: 22
188.74.36.0/24 maxlen: 24
188.74.37.0/24 maxlen: 24
188.74.38.0/24 maxlen: 24
188.74.44.0/22 maxlen: 22
185.75.150.0/24 maxlen: 24
185.75.148.0/24 maxlen: 24
185.75.149.0/24 maxlen: 24
2a03:6880::/32 maxlen: 32
2a03:4b20:f000::/36 maxlen: 36
2a03:4b20::/32 maxlen: 32
2a03:4b21::/32 maxlen: 32
2a03:4b22::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:cb:0a:65:f6:ff:fd:f9:11:90:23:78:a2:fd:33:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Validity
Not Before: Jan 1 10:05:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=12368f234c441e766c318e564cfc07776a4c7eab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:9e:4e:a9:e2:6d:55:f7:cb:1f:cd:71:0b:56:
04:dd:11:e8:f7:18:85:bf:96:87:36:a5:17:cb:91:
c6:1c:13:46:b6:3b:4f:e2:5c:15:06:a1:ec:bd:04:
82:11:8b:db:4b:a0:ec:0f:21:bb:74:a9:e3:c1:89:
62:37:da:6e:22:ce:12:90:fc:94:9a:42:e7:c1:66:
67:aa:d4:1f:b1:98:8b:d3:d4:00:cc:f7:d3:ca:68:
7e:18:e7:d5:6c:8e:98:95:00:36:c9:5e:17:b0:d0:
61:43:2b:25:25:cb:27:ee:34:48:1f:e8:fd:28:ae:
66:d2:4f:ab:59:22:2d:13:47:36:99:d8:cf:a4:5d:
3f:57:73:2b:91:93:45:8d:6b:86:c3:45:2b:cf:ad:
8b:3b:bc:6c:73:23:6b:db:65:3c:a0:27:95:bb:0c:
01:dd:0f:f9:7a:c9:c0:d0:8d:9b:98:31:dd:a3:07:
c3:27:c1:e0:09:67:1d:22:14:03:88:d4:9e:88:c5:
f7:eb:6b:05:89:41:c9:29:0a:df:3c:cb:cc:bb:9f:
6c:81:6e:ec:80:dc:9d:b9:17:0e:90:dc:34:ae:58:
32:80:33:0a:a7:7d:72:e7:1d:8e:b4:29:15:70:4a:
06:ef:29:0b:1f:47:85:39:3f:3a:8d:06:4e:5a:04:
55:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:36:8F:23:4C:44:1E:76:6C:31:8E:56:4C:FC:07:77:6A:4C:7E:AB
X509v3 Authority Key Identifier:
keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/EjaPI0xEHnZsMY5WTPwHd2pMfqs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.224.0/21
81.20.112.0/20
185.75.148.0-185.75.150.255
188.74.32.0-188.74.38.255
188.74.44.0/22
IPv6:
2a03:4b20::-2a03:4b22:ffff:ffff:ffff:ffff:ffff:ffff
2a03:6880::/32
Signature Algorithm: sha256WithRSAEncryption
7e:d0:ec:5b:9e:7c:a5:54:02:35:44:c3:d1:cf:d6:20:84:de:
26:12:f3:77:55:34:a6:4c:08:23:07:28:6e:2d:79:08:1f:55:
bf:5a:0f:5f:b2:15:0d:ee:e7:b5:44:ef:66:9e:9e:f9:c5:c1:
81:d2:1f:81:95:ed:21:26:1f:ef:e3:5b:b9:46:ee:e1:56:38:
d4:4f:45:ba:07:f8:43:18:8a:e4:ae:73:29:bb:95:4e:12:59:
0a:1c:1f:f7:86:da:fc:34:71:b8:e1:87:63:93:91:f5:95:d0:
d3:90:0a:4d:26:b0:28:00:3c:4c:06:38:49:6d:94:a9:c0:8a:
66:97:2d:a9:5b:3d:9d:87:55:26:31:d6:f9:52:bf:f9:c2:af:
09:85:81:0f:e3:46:8d:49:ba:93:6e:2a:8f:0f:2e:90:9d:3a:
0f:46:00:0a:1a:38:5a:51:5a:7a:25:85:c3:d3:9c:f4:54:37:
da:c5:ca:bb:48:2f:be:52:7a:80:71:1d:a2:8e:8f:32:22:c5:
01:cf:3a:ab:13:ec:4a:16:5c:32:3b:b6:b2:0d:bd:5c:da:aa:
95:76:20:88:2c:81:d9:11:b6:15:0f:27:cf:ea:d8:ba:07:7f:
a5:09:dd:67:4d:6d:54:6f:9f:31:a8:c3:b1:8e:a2:d5:aa:ad:
a4:af:83:54
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYVsywpl9v/9+RGQI3ii/TPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjMwMTAxMTAwNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjM2OGYyMzRjNDQxZTc2NmMzMThlNTY0Y2ZjMDc3NzZhNGM3ZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZ5OqeJtVffLH81xC1YE3RHo9xiF
v5aHNqUXy5HGHBNGtjtP4lwVBqHsvQSCEYvbS6DsDyG7dKnjwYliN9puIs4SkPyU
mkLnwWZnqtQfsZiL09QAzPfTymh+GOfVbI6YlQA2yV4XsNBhQyslJcsn7jRIH+j9
KK5m0k+rWSItE0c2mdjPpF0/V3MrkZNFjWuGw0Urz62LO7xscyNr22U8oCeVuwwB
3Q/5esnA0I2bmDHdowfDJ8HgCWcdIhQDiNSeiMX362sFiUHJKQrfPMvMu59sgW7s
gNyduRcOkNw0rlgygDMKp31y5x2OtCkVcEoG7ykLH0eFOT86jQZOWgRV3wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFBI2jyNMRB52bDGOVkz8B3dqTH6rMB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvRWphUEkweEVIblpzTVk1V1RQd0hkMnBNZnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTA0BAIAATAuAwQDBSLgAwQE
URRwMAwDBAK5S5QDBAC5S5YwDAMEBbxKIAMEALxKJgMEArxKLDAdBAIAAjAXMA4D
BQUqA0sgAwUAKgNLIgMFACoDaIAwDQYJKoZIhvcNAQELBQADggEBAH7Q7FuefKVU
AjVEw9HP1iCE3iYS83dVNKZMCCMHKG4teQgfVb9aD1+yFQ3u57VE72aenvnFwYHS
H4GV7SEmH+/jW7lG7uFWONRPRboH+EMYiuSucym7lU4SWQocH/eG2vw0cbjhh2OT
kfWV0NOQCk0msCgAPEwGOEltlKnAimaXLalbPZ2HVSYx1vlSv/nCrwmFgQ/jRo1J
upNuKo8PLpCdOg9GAAoaOFpRWnolhcPTnPRUN9rFyrtIL75SeoBxHaKOjzIixQHP
OqsT7EoWXDI7trINvVzaqpV2IIgsgdkRthUPJ8/q2LoHf6UJ3WdNbVRvnzGow7GO
otWqraSvg1Q=
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:05:11 2025 by rpki-client