Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/4P67YYDI0KEzwFwNGo9Vhyqe5qg.roa
File: 4P67YYDI0KEzwFwNGo9Vhyqe5qg.roa (raw, json)
Hash identifier: UmFyELCty4JI9OdY7m38M5gHpOlgSrT9eq8jBFyjCJ8=
Subject key identifier: E0:FE:BB:61:80:C8:D0:A1:33:C0:5C:0D:1A:8F:55:87:2A:9E:E6:A8
Certificate issuer: /CN=8dc4587335c290ff8f2b374df24abe2333bced5e
Certificate serial: 018AFED616BEF7105F5CD936CE0EB834DEFD
Authority key identifier: 8D:C4:58:73:35:C2:90:FF:8F:2B:37:4D:F2:4A:BE:23:33:BC:ED:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/4P67YYDI0KEzwFwNGo9Vhyqe5qg.roa
Signing time: Thu 05 Oct 2023 07:55:57 +0000
ROA not before: Thu 05 Oct 2023 07:55:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202038
IP address blocks: 94.199.232.0/21 maxlen: 24
109.234.224.0/21 maxlen: 24
185.78.216.0/22 maxlen: 24
185.108.92.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fe:d6:16:be:f7:10:5f:5c:d9:36:ce:0e:b8:34:de:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8dc4587335c290ff8f2b374df24abe2333bced5e
Validity
Not Before: Oct 5 07:55:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0febb6180c8d0a133c05c0d1a8f55872a9ee6a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:27:bf:ef:84:c3:6b:5c:04:08:8f:d0:a8:29:
e0:97:bd:1e:3d:99:af:fa:a1:13:ba:06:17:dc:ff:
56:d1:5e:3a:37:7b:53:72:77:84:fa:98:ba:f8:8d:
01:7b:58:5e:80:79:50:63:81:ee:cf:09:b7:bf:b1:
36:41:b5:ba:6a:8a:a3:b2:2a:cb:d9:74:3a:ad:21:
c5:8e:74:aa:16:17:be:b1:96:b0:88:00:84:93:b1:
4a:9e:5e:02:ac:c1:ab:af:20:7b:21:a2:27:9f:3c:
24:66:85:c7:bf:21:da:71:77:14:14:cd:c5:42:23:
c9:f5:96:6d:70:76:60:02:1f:65:39:61:ee:0c:68:
e6:d6:b1:71:7d:e0:e9:26:3b:c7:0d:43:51:f2:db:
29:e5:ec:42:50:34:2d:7e:fe:d6:06:bf:30:0b:d5:
3d:87:99:ea:18:0d:65:2e:d1:ac:1c:c6:d5:9d:f4:
20:45:24:3c:c3:47:05:8b:34:32:a4:0d:60:4b:0e:
24:e8:67:9f:59:73:a9:5b:9c:b5:0b:30:fb:ff:dd:
d7:4e:21:0f:ee:1f:bc:70:8e:7c:5c:9a:23:98:53:
51:ad:03:0a:ed:ad:ca:ad:f7:3a:14:82:27:b0:c1:
11:f4:b9:6a:ad:28:9a:83:37:9e:9c:75:39:81:2e:
a7:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:FE:BB:61:80:C8:D0:A1:33:C0:5C:0D:1A:8F:55:87:2A:9E:E6:A8
X509v3 Authority Key Identifier:
keyid:8D:C4:58:73:35:C2:90:FF:8F:2B:37:4D:F2:4A:BE:23:33:BC:ED:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/4P67YYDI0KEzwFwNGo9Vhyqe5qg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.199.232.0/21
109.234.224.0/21
185.78.216.0/22
185.108.92.0/22
Signature Algorithm: sha256WithRSAEncryption
aa:de:f2:cf:8c:6e:d1:4b:5b:42:e7:88:e2:0e:b8:2a:8f:ce:
23:9b:2d:07:62:8e:d4:04:8b:72:9e:e0:12:f6:e6:73:81:a3:
df:7a:f9:d2:ea:e3:c9:a2:a3:0e:5d:47:3f:8b:6a:6a:85:76:
6c:78:26:c6:7b:70:1f:25:d5:f8:3c:bd:52:d6:09:9f:82:c8:
ca:c7:06:61:ea:fd:b7:87:12:3b:13:5e:50:ef:2f:f2:9d:f9:
dc:7e:3d:0c:e2:0b:5a:41:93:8c:fa:d8:63:50:e3:25:93:09:
47:03:ee:d0:bb:75:a9:b0:35:c5:81:5a:b8:9c:08:3f:83:a6:
87:dc:dc:01:ce:6d:ba:10:b6:68:0d:03:83:2a:56:df:03:e9:
78:51:79:2b:13:a4:50:05:70:aa:33:bd:92:bf:f3:80:a0:52:
49:23:29:da:c2:99:e8:f9:62:62:c6:2d:21:9e:a3:97:0a:ea:
d1:96:4e:3f:94:87:fb:f7:64:fe:61:11:93:d9:4d:1d:03:8b:
b2:87:a1:1c:87:0b:46:bb:d1:d9:54:ad:d5:44:05:fc:22:57:
0b:9e:5d:cd:f5:6c:b5:33:61:50:32:76:d9:ef:b5:98:1d:ad:
ee:85:92:84:00:5a:9f:0a:e8:eb:50:d0:b1:b3:d7:bd:2f:89:
09:eb:4a:b3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYr+1ha+9xBfXNk2zg64NN79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzQ1ODczMzVjMjkwZmY4ZjJiMzc0ZGYyNGFiZTIzMzNi
Y2VkNWUwHhcNMjMxMDA1MDc1NTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGZlYmI2MTgwYzhkMGExMzNjMDVjMGQxYThmNTU4NzJhOWVlNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Se/74TDa1wECI/QqCngl70ePZmv
+qETugYX3P9W0V46N3tTcneE+pi6+I0Be1hegHlQY4Huzwm3v7E2QbW6aoqjsirL
2XQ6rSHFjnSqFhe+sZawiACEk7FKnl4CrMGrryB7IaInnzwkZoXHvyHacXcUFM3F
QiPJ9ZZtcHZgAh9lOWHuDGjm1rFxfeDpJjvHDUNR8tsp5exCUDQtfv7WBr8wC9U9
h5nqGA1lLtGsHMbVnfQgRSQ8w0cFizQypA1gSw4k6GefWXOpW5y1CzD7/93XTiEP
7h+8cI58XJojmFNRrQMK7a3Krfc6FIInsMER9LlqrSiagzeenHU5gS6nNQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOD+u2GAyNChM8BcDRqPVYcqnuaoMB8GA1UdIwQY
MBaAFI3EWHM1wpD/jys3TfJKviMzvO1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNSWWN6WENrUC1QS3pkTjhrcS1Jek84N1Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNDgwMTctNTlkNC00MDk1LWJlZWYt
ZDYwNmQ5OTI1YWI3LzEvNFA2N1lZREkwS0V6d0Z3TkdvOVZoeXFlNXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNDgwMTctNTlkNC00MDk1LWJlZWYtZDYwNmQ5OTI1YWI3
LzEvamNSWWN6WENrUC1QS3pkTjhrcS1Jek84N1Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDXsfoAwQD
bergAwQCuU7YAwQCuWxcMA0GCSqGSIb3DQEBCwUAA4IBAQCq3vLPjG7RS1tC54ji
Drgqj84jmy0HYo7UBItynuAS9uZzgaPfevnS6uPJoqMOXUc/i2pqhXZseCbGe3Af
JdX4PL1S1gmfgsjKxwZh6v23hxI7E15Q7y/ynfncfj0M4gtaQZOM+thjUOMlkwlH
A+7Qu3WpsDXFgVq4nAg/g6aH3NwBzm26ELZoDQODKlbfA+l4UXkrE6RQBXCqM72S
v/OAoFJJIynawpno+WJixi0hnqOXCurRlk4/lIf792T+YRGT2U0dA4uyh6EchwtG
u9HZVK3VRAX8IlcLnl3N9Wy1M2FQMnbZ77WYHa3uhZKEAFqfCujrUNCxs9e9L4kJ
60qz
-----END CERTIFICATE-----
Generated at Tue Apr 22 15:56:20 2025 by rpki-client