Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/HckMigTdwQxBj32jet1eIKOfHVA.roa
File: HckMigTdwQxBj32jet1eIKOfHVA.roa (raw, json)
Hash identifier: xcY7VestTnx1I035M3GkHPRIc6r9ov1BnJHloxbTgz4=
Subject key identifier: 1D:C9:0C:8A:04:DD:C1:0C:41:8F:7D:A3:7A:DD:5E:20:A3:9F:1D:50
Certificate issuer: /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial: 01857030703A7FBFB66FD76F56CEEF9AD104
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/HckMigTdwQxBj32jet1eIKOfHVA.roa
Signing time: Mon 02 Jan 2023 01:55:00 +0000
ROA not before: Mon 02 Jan 2023 01:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209406
IP address blocks: 217.199.219.0/24 maxlen: 24
2a03:220:f000::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:30:70:3a:7f:bf:b6:6f:d7:6f:56:ce:ef:9a:d1:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Validity
Not Before: Jan 2 01:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1dc90c8a04ddc10c418f7da37add5e20a39f1d50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:df:5c:49:d1:1a:19:4d:58:54:a9:19:e4:1a:
3f:56:cb:6e:99:15:61:3e:54:1c:3c:cf:33:5d:33:
15:dc:d9:5f:54:40:e3:81:8d:ee:87:05:39:4d:10:
dd:7d:b5:d9:24:0c:4b:fd:a4:96:ff:03:a8:ea:92:
e0:71:2f:aa:90:06:4d:b2:19:be:be:62:3d:6a:b1:
17:fa:69:39:7f:1d:20:01:8d:67:eb:2f:68:55:93:
15:8b:c9:60:ed:9a:86:c3:57:65:28:59:29:b8:b1:
d2:a4:34:95:91:9b:3d:0b:64:f7:43:38:6e:dd:44:
05:ed:d5:a2:71:79:22:4d:c2:5a:0b:0c:66:8b:df:
98:f4:76:4a:e2:5f:74:f5:ce:60:73:43:84:88:f5:
83:ef:5a:c1:a4:62:1d:fb:63:26:01:bf:99:df:d0:
ba:a8:a7:0c:db:b0:88:68:26:60:a3:4f:ba:4c:27:
47:e4:3b:7a:8c:40:05:2c:4b:79:a3:1e:ad:1d:40:
2a:7f:20:99:28:72:a9:af:ef:7d:90:87:98:fa:c6:
b1:be:7e:b2:1d:05:33:df:f1:6e:56:5b:25:87:bd:
82:00:c6:c2:72:6b:bd:91:c5:86:8e:70:ad:6d:0c:
5b:f0:e1:8a:ee:72:fc:60:56:9b:21:a6:44:dc:32:
1f:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:C9:0C:8A:04:DD:C1:0C:41:8F:7D:A3:7A:DD:5E:20:A3:9F:1D:50
X509v3 Authority Key Identifier:
keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/HckMigTdwQxBj32jet1eIKOfHVA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.199.219.0/24
IPv6:
2a03:220:f000::/48
Signature Algorithm: sha256WithRSAEncryption
19:1e:15:14:20:f7:f2:07:e2:f8:f8:62:61:e8:ae:c9:b8:31:
77:b8:3f:ff:23:69:c7:d1:d0:7b:bc:7d:a9:9a:17:cf:eb:86:
a7:a9:f1:2c:76:13:1b:40:de:d8:50:00:9e:2c:84:7f:0f:56:
be:55:e3:00:dd:67:3f:51:25:83:9e:68:b5:4d:d8:54:31:36:
f2:6b:e1:90:6f:9f:35:48:e8:3f:24:9f:3a:49:3f:74:81:12:
0b:0d:4e:ee:e2:a4:cb:ad:e6:4c:81:3c:9f:89:22:45:f1:bc:
1d:30:24:3f:82:44:86:19:26:da:70:8b:c9:6d:45:e7:42:fa:
10:3a:53:ed:85:93:d8:c8:27:03:0d:60:c4:4c:20:c7:fc:dc:
d1:bd:c7:40:5d:fd:16:d5:56:fc:58:20:87:c5:89:d3:8c:33:
0d:e3:b4:0e:8c:66:a7:d7:96:d5:e5:75:f2:43:26:4b:ca:ef:
ff:c4:15:e8:f1:d5:57:59:42:8f:2d:a1:eb:18:18:5a:77:e7:
72:1c:71:36:02:bc:0d:ce:cc:6a:df:d0:f3:d9:cb:c2:bf:46:
ce:48:37:e9:c9:bc:ce:50:49:ac:d9:22:21:40:02:56:30:fc:
fb:a5:d0:73:b0:bd:3b:0c:cf:ad:93:26:dd:7d:35:89:9d:ab:
08:50:b4:62
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVwMHA6f7+2b9dvVs7vmtEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjMwMTAyMDE1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGM5MGM4YTA0ZGRjMTBjNDE4ZjdkYTM3YWRkNWUyMGEzOWYxZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt9cSdEaGU1YVKkZ5Bo/VstumRVh
PlQcPM8zXTMV3NlfVEDjgY3uhwU5TRDdfbXZJAxL/aSW/wOo6pLgcS+qkAZNshm+
vmI9arEX+mk5fx0gAY1n6y9oVZMVi8lg7ZqGw1dlKFkpuLHSpDSVkZs9C2T3Qzhu
3UQF7dWicXkiTcJaCwxmi9+Y9HZK4l909c5gc0OEiPWD71rBpGId+2MmAb+Z39C6
qKcM27CIaCZgo0+6TCdH5Dt6jEAFLEt5ox6tHUAqfyCZKHKpr+99kIeY+saxvn6y
HQUz3/FuVlslh72CAMbCcmu9kcWGjnCtbQxb8OGK7nL8YFabIaZE3DIfvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB3JDIoE3cEMQY99o3rdXiCjnx1QMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvSGNrTWlnVGR3UXhCajMyamV0MWVJS09mSFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2cfbMA8E
AgACMAkDBwAqAwIg8AAwDQYJKoZIhvcNAQELBQADggEBABkeFRQg9/IH4vj4YmHo
rsm4MXe4P/8jacfR0Hu8famaF8/rhqep8Sx2ExtA3thQAJ4shH8PVr5V4wDdZz9R
JYOeaLVN2FQxNvJr4ZBvnzVI6D8knzpJP3SBEgsNTu7ipMut5kyBPJ+JIkXxvB0w
JD+CRIYZJtpwi8ltRedC+hA6U+2Fk9jIJwMNYMRMIMf83NG9x0Bd/RbVVvxYIIfF
idOMMw3jtA6MZqfXltXldfJDJkvK7//EFejx1VdZQo8toesYGFp353IccTYCvA3O
zGrf0PPZy8K/Rs5IN+nJvM5QSazZIiFAAlYw/Pul0HOwvTsMz62TJt19NYmdqwhQ
tGI=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:01:08 2025 by rpki-client