Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/LfKfTJexND6qCCWuZJeNccBhhZo.roa
File: LfKfTJexND6qCCWuZJeNccBhhZo.roa (raw, json)
Hash identifier: LeJFcCqL/S/kZPXMoCl7KPj2q2PDyu4j/HQURv7LEMk=
Subject key identifier: 2D:F2:9F:4C:97:B1:34:3E:AA:08:25:AE:64:97:8D:71:C0:61:85:9A
Certificate issuer: /CN=48679a22d0dbc980d5d59b333679f939b9ae3f25
Certificate serial: 01856DCADC6967C967045D57606096FC8365
Authority key identifier: 48:67:9A:22:D0:DB:C9:80:D5:D5:9B:33:36:79:F9:39:B9:AE:3F:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SGeaItDbyYDV1ZszNnn5ObmuPyU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/LfKfTJexND6qCCWuZJeNccBhhZo.roa
Signing time: Sun 01 Jan 2023 14:44:49 +0000
ROA not before: Sun 01 Jan 2023 14:44:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50156
IP address blocks: 195.200.224.0/23 maxlen: 23
195.200.225.0/24 maxlen: 24
2001:67c:344::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ca:dc:69:67:c9:67:04:5d:57:60:60:96:fc:83:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=48679a22d0dbc980d5d59b333679f939b9ae3f25
Validity
Not Before: Jan 1 14:44:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2df29f4c97b1343eaa0825ae64978d71c061859a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7c:87:f0:89:a4:d0:d8:81:c7:ce:14:53:52:
3f:15:70:11:c8:c0:0b:fa:86:b0:d7:2c:b5:b3:c8:
bd:a9:1c:a9:ca:5f:1c:5a:25:58:b1:81:a4:ed:ad:
a9:22:df:61:82:1b:80:be:1f:05:0c:ae:0a:f9:33:
22:c3:1b:ff:3c:d4:1c:06:0c:18:a5:75:a7:cd:46:
72:f5:bc:0e:9d:46:c6:2c:68:4b:3b:5e:ef:1a:65:
88:dd:be:24:72:94:a7:f7:39:1c:c5:24:56:93:3f:
f2:14:3e:cb:24:7b:18:26:b2:80:e7:3a:f1:cf:0c:
79:c3:97:e6:46:59:58:ef:25:10:56:38:5c:7d:1c:
20:15:3d:06:7e:4b:c3:6a:37:46:f7:2c:f0:31:f9:
aa:f5:84:6c:ff:7f:60:3f:c7:f2:b0:18:c9:d0:c1:
b6:8e:83:f0:c2:66:3f:78:49:15:e4:03:57:16:cf:
52:11:7b:f8:f7:7c:9f:55:05:a5:2d:27:20:dd:51:
f2:6a:77:c7:b2:2d:e8:9c:c7:77:85:8c:c8:06:ff:
c9:29:17:c0:21:8d:07:02:aa:ca:bb:e4:b3:e6:5f:
d1:c5:8e:2f:79:4f:da:91:95:ae:47:a2:fc:c9:40:
3d:68:2d:97:41:18:d6:c0:6e:4f:5f:a1:ed:e7:b6:
33:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:F2:9F:4C:97:B1:34:3E:AA:08:25:AE:64:97:8D:71:C0:61:85:9A
X509v3 Authority Key Identifier:
keyid:48:67:9A:22:D0:DB:C9:80:D5:D5:9B:33:36:79:F9:39:B9:AE:3F:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGeaItDbyYDV1ZszNnn5ObmuPyU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/LfKfTJexND6qCCWuZJeNccBhhZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/SGeaItDbyYDV1ZszNnn5ObmuPyU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.200.224.0/23
IPv6:
2001:67c:344::/48
Signature Algorithm: sha256WithRSAEncryption
63:7c:61:6b:15:97:d2:98:84:bd:fa:ac:e3:4a:9a:08:98:23:
70:3f:6d:1c:88:c9:c7:57:12:1b:04:de:b8:a3:2f:c9:1c:67:
16:54:95:94:32:94:7f:3c:5c:3e:f3:e4:36:c8:3c:f0:80:91:
12:ab:f7:97:d2:2e:48:6e:a5:31:76:cf:44:54:12:7c:d9:1e:
a0:a3:81:1b:5f:b5:ba:99:9c:4c:d0:8d:7b:f6:f0:c5:e3:2d:
20:94:a7:af:c4:fb:cf:58:fd:ba:43:0b:dc:16:6a:32:39:b0:
3d:98:aa:f9:f2:f2:29:d1:53:41:16:c7:9b:8b:18:bb:1c:a2:
b3:6b:e4:93:b1:be:d6:d1:66:af:37:1f:b0:55:4c:0b:a8:9b:
29:9e:b4:e3:eb:61:eb:e5:39:ca:5a:41:84:4a:a9:ba:3f:bd:
8f:ec:1d:77:ee:17:88:57:02:51:d8:a7:5a:21:7f:e2:a6:f3:
74:f8:33:5d:7b:4f:61:25:d7:dd:b2:15:7d:f2:dc:98:8e:62:
29:b5:48:57:58:b2:a9:75:3c:56:bf:a7:f9:51:3e:dd:d3:01:
4c:a4:bf:cd:fb:9e:93:f6:82:7d:6d:dc:64:eb:23:e7:9b:89:
dd:1c:da:a8:cc:cf:7f:59:3b:83:7b:c3:f1:ad:a2:35:7b:51:
3e:1a:b5:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVtytxpZ8lnBF1XYGCW/INlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4Njc5YTIyZDBkYmM5ODBkNWQ1OWIzMzM2NzlmOTM5Yjlh
ZTNmMjUwHhcNMjMwMTAxMTQ0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGYyOWY0Yzk3YjEzNDNlYWEwODI1YWU2NDk3OGQ3MWMwNjE4NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3yH8Imk0NiBx84UU1I/FXARyMAL
+oaw1yy1s8i9qRypyl8cWiVYsYGk7a2pIt9hghuAvh8FDK4K+TMiwxv/PNQcBgwY
pXWnzUZy9bwOnUbGLGhLO17vGmWI3b4kcpSn9zkcxSRWkz/yFD7LJHsYJrKA5zrx
zwx5w5fmRllY7yUQVjhcfRwgFT0GfkvDajdG9yzwMfmq9YRs/39gP8fysBjJ0MG2
joPwwmY/eEkV5ANXFs9SEXv493yfVQWlLScg3VHyanfHsi3onMd3hYzIBv/JKRfA
IY0HAqrKu+Sz5l/RxY4veU/akZWuR6L8yUA9aC2XQRjWwG5PX6Ht57YzbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC3yn0yXsTQ+qgglrmSXjXHAYYWaMB8GA1UdIwQY
MBaAFEhnmiLQ28mA1dWbMzZ5+Tm5rj8lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0dlYUl0RGJ5WURWMVpzek5ubjVPYm11UHlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83ZGZhMDQtN2MyYy00YWMzLWE2NmIt
MGMxODBhMDg0MWFiLzEvTGZLZlRKZXhORDZxQ0NXdVpKZU5jY0JoaFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83ZGZhMDQtN2MyYy00YWMzLWE2NmItMGMxODBhMDg0MWFi
LzEvU0dlYUl0RGJ5WURWMVpzek5ubjVPYm11UHlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw8jgMA8E
AgACMAkDBwAgAQZ8A0QwDQYJKoZIhvcNAQELBQADggEBAGN8YWsVl9KYhL36rONK
mgiYI3A/bRyIycdXEhsE3rijL8kcZxZUlZQylH88XD7z5DbIPPCAkRKr95fSLkhu
pTF2z0RUEnzZHqCjgRtftbqZnEzQjXv28MXjLSCUp6/E+89Y/bpDC9wWajI5sD2Y
qvny8inRU0EWx5uLGLscorNr5JOxvtbRZq83H7BVTAuomymetOPrYevlOcpaQYRK
qbo/vY/sHXfuF4hXAlHYp1ohf+Km83T4M117T2El192yFX3y3JiOYim1SFdYsql1
PFa/p/lRPt3TAUykv837npP2gn1t3GTrI+ebid0c2qjMz39ZO4N7w/GtojV7UT4a
tQo=
-----END CERTIFICATE-----
Generated at Sun Mar 9 19:02:43 2025 by rpki-client