Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/459e63-40b8-4536-84b4-aa81b9603857/1/4XR31we6c3G8mpBr0b9RVq8WnDQ.roa
File: 4XR31we6c3G8mpBr0b9RVq8WnDQ.roa (raw, json)
Hash identifier: pwufyqBKwH+BoDPAzSOU5iFpq87oMTlfMnk5m6mYhMI=
Subject key identifier: E1:74:77:D7:07:BA:73:71:BC:9A:90:6B:D1:BF:51:56:AF:16:9C:34
Certificate issuer: /CN=4ed1d7df25a4a9d5e727c42f55e9e3183d36a93a
Certificate serial: 01856F1D7F7FD98E51E182BF3A471B02575D
Authority key identifier: 4E:D1:D7:DF:25:A4:A9:D5:E7:27:C4:2F:55:E9:E3:18:3D:36:A9:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TtHX3yWkqdXnJ8QvVenjGD02qTo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/459e63-40b8-4536-84b4-aa81b9603857/1/4XR31we6c3G8mpBr0b9RVq8WnDQ.roa
Signing time: Sun 01 Jan 2023 20:54:42 +0000
ROA not before: Sun 01 Jan 2023 20:54:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60561
IP address blocks: 188.64.137.0/24 maxlen: 24
2a11:1040::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:1d:7f:7f:d9:8e:51:e1:82:bf:3a:47:1b:02:57:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ed1d7df25a4a9d5e727c42f55e9e3183d36a93a
Validity
Not Before: Jan 1 20:54:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e17477d707ba7371bc9a906bd1bf5156af169c34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:c2:f6:4e:95:cd:77:54:df:41:a7:51:09:c4:
f0:4e:68:30:1c:8d:0f:0b:83:ea:e5:5a:e3:63:14:
52:e0:cd:e2:3c:83:3f:55:5c:44:1a:05:70:60:c3:
a8:32:c2:ad:55:42:d3:17:f4:6f:0f:b6:87:eb:ec:
54:21:80:d1:e5:71:d3:a2:02:25:9f:cd:61:0a:a0:
08:5b:ce:e0:0c:1b:01:1f:7c:3c:b7:cd:ed:af:8b:
c3:b8:b9:a7:5d:bb:d7:c5:bf:8f:94:eb:15:c9:89:
5f:6a:cc:7d:25:7e:70:3c:d5:43:e9:bd:d3:aa:7d:
6d:4e:55:ba:e9:4d:2e:0f:40:d2:66:1e:8d:73:9c:
e6:8a:6a:96:17:71:ad:9a:f2:1a:34:22:1c:a0:84:
23:9d:15:5d:eb:ed:4e:c0:4f:27:3b:d5:f4:b3:2f:
35:4f:bb:a5:f0:dd:3e:bc:af:77:68:0a:ca:ba:80:
ad:f0:8a:59:82:0e:1d:e1:f5:48:5e:44:e1:1e:f9:
d4:ae:72:cb:23:13:ee:ed:b8:08:bd:f5:09:7c:1c:
01:e8:9d:38:84:b8:c0:61:26:8d:00:c3:d2:63:20:
42:ee:9b:9d:63:1e:27:6e:ad:15:28:dc:4b:65:8c:
da:28:6f:86:94:23:13:c8:4d:0b:d9:4f:68:76:2a:
8b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:74:77:D7:07:BA:73:71:BC:9A:90:6B:D1:BF:51:56:AF:16:9C:34
X509v3 Authority Key Identifier:
keyid:4E:D1:D7:DF:25:A4:A9:D5:E7:27:C4:2F:55:E9:E3:18:3D:36:A9:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TtHX3yWkqdXnJ8QvVenjGD02qTo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/459e63-40b8-4536-84b4-aa81b9603857/1/4XR31we6c3G8mpBr0b9RVq8WnDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/459e63-40b8-4536-84b4-aa81b9603857/1/TtHX3yWkqdXnJ8QvVenjGD02qTo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.64.137.0/24
IPv6:
2a11:1040::/29
Signature Algorithm: sha256WithRSAEncryption
19:0d:a2:5b:53:2f:aa:24:41:7e:59:f6:56:90:32:8e:d7:f4:
48:c6:62:f6:79:b8:1f:c2:4d:b4:f4:0f:89:21:e4:95:bf:6f:
41:b3:ed:58:bf:a1:b0:b4:5f:b7:95:d2:28:bc:99:49:3a:8a:
fa:34:8e:81:6c:bf:78:ce:da:0e:60:2f:2f:18:5e:6e:ca:59:
bb:22:f6:ac:56:c1:9f:44:b7:78:c5:a3:48:93:38:ef:17:b4:
d0:52:b4:47:e5:72:f8:3a:5e:7d:21:00:83:ad:51:b0:31:d2:
0a:4f:42:77:3e:d7:8e:80:f9:d7:2d:f6:41:72:72:e5:b1:aa:
0c:07:8b:93:a8:96:53:f4:cd:94:84:cb:e7:45:39:99:a2:40:
36:fb:44:7a:9a:5b:ba:8d:60:7d:71:de:f3:fd:35:b2:63:7a:
57:0e:6d:db:51:d0:3c:50:f7:a8:d7:51:91:b6:3d:af:7f:a1:
ba:41:7a:2d:15:02:ab:7b:07:fd:8e:b9:d0:5b:07:1a:bd:98:
ed:6a:6d:b1:82:a7:da:23:f1:e7:33:dc:de:89:f9:78:35:a7:
d8:a4:b8:6f:54:ff:41:c4:c4:b8:f3:72:76:63:36:7f:02:51:
70:f6:65:ca:39:89:d1:e0:c5:21:a2:0b:c6:82:29:fb:9e:9f:
4d:a1:fb:81
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVvHX9/2Y5R4YK/OkcbAlddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZDFkN2RmMjVhNGE5ZDVlNzI3YzQyZjU1ZTllMzE4M2Qz
NmE5M2EwHhcNMjMwMTAxMjA1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTc0NzdkNzA3YmE3MzcxYmM5YTkwNmJkMWJmNTE1NmFmMTY5YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsL2TpXNd1TfQadRCcTwTmgwHI0P
C4Pq5VrjYxRS4M3iPIM/VVxEGgVwYMOoMsKtVULTF/RvD7aH6+xUIYDR5XHTogIl
n81hCqAIW87gDBsBH3w8t83tr4vDuLmnXbvXxb+PlOsVyYlfasx9JX5wPNVD6b3T
qn1tTlW66U0uD0DSZh6Nc5zmimqWF3GtmvIaNCIcoIQjnRVd6+1OwE8nO9X0sy81
T7ul8N0+vK93aArKuoCt8IpZgg4d4fVIXkThHvnUrnLLIxPu7bgIvfUJfBwB6J04
hLjAYSaNAMPSYyBC7pudYx4nbq0VKNxLZYzaKG+GlCMTyE0L2U9odiqLqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOF0d9cHunNxvJqQa9G/UVavFpw0MB8GA1UdIwQY
MBaAFE7R198lpKnV5yfEL1Xp4xg9Nqk6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHRIWDN5V2txZFhuSjhRdlZlbmpHRDAycVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi80NTllNjMtNDBiOC00NTM2LTg0YjQt
YWE4MWI5NjAzODU3LzEvNFhSMzF3ZTZjM0c4bXBCcjBiOVJWcThXbkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi80NTllNjMtNDBiOC00NTM2LTg0YjQtYWE4MWI5NjAzODU3
LzEvVHRIWDN5V2txZFhuSjhRdlZlbmpHRDAycVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvECJMA0E
AgACMAcDBQMqERBAMA0GCSqGSIb3DQEBCwUAA4IBAQAZDaJbUy+qJEF+WfZWkDKO
1/RIxmL2ebgfwk209A+JIeSVv29Bs+1Yv6GwtF+3ldIovJlJOor6NI6BbL94ztoO
YC8vGF5uylm7IvasVsGfRLd4xaNIkzjvF7TQUrRH5XL4Ol59IQCDrVGwMdIKT0J3
PteOgPnXLfZBcnLlsaoMB4uTqJZT9M2UhMvnRTmZokA2+0R6mlu6jWB9cd7z/TWy
Y3pXDm3bUdA8UPeo11GRtj2vf6G6QXotFQKrewf9jrnQWwcavZjtam2xgqfaI/Hn
M9zeifl4NafYpLhvVP9BxMS483J2YzZ/AlFw9mXKOYnR4MUhogvGgin7np9NofuB
-----END CERTIFICATE-----
Generated at Tue Apr 22 16:59:43 2025 by rpki-client