Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/fNlK3Dim6jDWHGCKdbbgphTCJe4.roa
File: fNlK3Dim6jDWHGCKdbbgphTCJe4.roa (raw, json)
Hash identifier: cDXrfFpUa52Fryw5RaxHHTwSsb/k09ZLPjJaC72N9vQ=
Subject key identifier: 7C:D9:4A:DC:38:A6:EA:30:D6:1C:60:8A:75:B6:E0:A6:14:C2:25:EE
Certificate issuer: /CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Certificate serial: 01856DD408D4930501AF0050CC6FF17DC423
Authority key identifier: 42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/fNlK3Dim6jDWHGCKdbbgphTCJe4.roa
Signing time: Sun 01 Jan 2023 14:54:50 +0000
ROA not before: Sun 01 Jan 2023 14:54:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209380
IP address blocks: 45.67.152.0/24 maxlen: 24
45.67.155.0/24 maxlen: 24
45.67.153.0/24 maxlen: 24
45.67.154.0/24 maxlen: 24
91.247.168.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:08:d4:93:05:01:af:00:50:cc:6f:f1:7d:c4:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Validity
Not Before: Jan 1 14:54:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7cd94adc38a6ea30d61c608a75b6e0a614c225ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:24:19:a9:67:86:1a:67:4b:37:da:9a:46:2a:
75:9d:ca:1f:2d:cc:2c:a8:cd:81:94:dd:0f:6f:91:
32:32:b9:7a:2a:8d:d9:26:7a:08:35:ec:e4:59:52:
c0:0b:69:7d:cf:ad:f7:80:38:7a:e2:08:12:8a:1d:
60:59:e8:fb:13:2b:57:04:eb:89:0f:59:b9:d4:af:
a9:b9:14:e6:b1:4e:99:16:a3:14:54:15:ee:0e:f5:
d0:66:e9:00:d8:b0:a5:7b:38:58:c1:7d:2b:06:9b:
46:b9:f9:e9:31:9d:2f:02:ca:79:48:c8:6f:43:7a:
3b:73:a3:cd:59:a4:94:2a:7b:15:e5:6c:9b:f4:8b:
db:ac:71:3e:cd:db:17:fc:57:73:5e:56:5b:8c:32:
96:c1:53:c4:02:32:93:9e:f9:5d:d7:19:4f:5a:5e:
97:04:5b:59:69:9e:40:14:94:9c:60:ce:be:24:c7:
1b:4c:cd:b5:b5:07:2c:53:eb:8d:be:a1:35:0e:5f:
16:8d:78:dc:4a:61:f1:90:2d:b0:ec:98:1d:00:79:
d2:e9:4a:43:d5:55:27:e3:b3:3a:5c:ea:d7:39:45:
54:ed:21:d6:1e:00:01:d4:79:92:e7:00:52:ed:a2:
02:60:aa:31:52:be:26:66:49:97:bf:48:97:b7:a5:
22:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:D9:4A:DC:38:A6:EA:30:D6:1C:60:8A:75:B6:E0:A6:14:C2:25:EE
X509v3 Authority Key Identifier:
keyid:42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/fNlK3Dim6jDWHGCKdbbgphTCJe4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.152.0/22
91.247.168.0/24
Signature Algorithm: sha256WithRSAEncryption
34:dc:80:83:8e:85:9a:be:d4:9a:f3:3f:79:d4:2f:4c:52:f0:
20:d4:d4:5b:b2:a0:6c:85:59:40:44:fe:78:25:00:f7:33:40:
1b:ca:2c:a3:4f:0d:fc:2b:7e:be:54:fb:04:7b:a5:d8:65:86:
03:e6:60:5e:0c:00:51:fa:80:d4:10:bb:62:db:80:32:05:13:
74:ea:b2:5b:8b:37:92:04:81:f4:3d:50:44:fa:bc:0b:27:51:
8e:86:76:95:e8:47:b7:04:9d:86:9e:de:4e:78:aa:d0:70:07:
27:85:49:ac:bb:7c:f8:ff:c3:52:20:1a:48:0c:5e:40:de:19:
0c:0a:6a:c5:2e:17:6f:b1:db:f7:8a:5f:e9:28:76:2b:36:3e:
91:ce:03:c6:72:cc:4b:12:0b:e9:8c:9c:e2:0b:f2:28:a2:8d:
0a:82:89:49:d7:9d:66:56:ed:37:15:b9:9f:e2:75:9b:16:c8:
83:20:ce:94:3c:d6:1e:f0:63:bf:ab:e9:e9:8d:78:f5:7f:4c:
44:e7:a8:09:60:eb:cc:32:e2:44:7f:9f:45:7b:71:41:c9:92:
02:4b:e3:62:0f:7f:65:c2:f9:c8:ad:16:24:0f:ad:22:1b:89:
fd:47:41:9d:1d:f5:43:2a:71:45:f4:62:b4:9a:99:00:07:3e:
2a:2b:f7:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVt1AjUkwUBrwBQzG/xfcQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2Y0YTEyOGQwOWRmYzRiOGIwMzVhMTJjZDgzMWY5Zjdi
MDE0NjkwHhcNMjMwMTAxMTQ1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q5NGFkYzM4YTZlYTMwZDYxYzYwOGE3NWI2ZTBhNjE0YzIyNWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyQZqWeGGmdLN9qaRip1ncofLcws
qM2BlN0Pb5EyMrl6Ko3ZJnoINezkWVLAC2l9z633gDh64ggSih1gWej7EytXBOuJ
D1m51K+puRTmsU6ZFqMUVBXuDvXQZukA2LClezhYwX0rBptGufnpMZ0vAsp5SMhv
Q3o7c6PNWaSUKnsV5Wyb9IvbrHE+zdsX/FdzXlZbjDKWwVPEAjKTnvld1xlPWl6X
BFtZaZ5AFJScYM6+JMcbTM21tQcsU+uNvqE1Dl8WjXjcSmHxkC2w7JgdAHnS6UpD
1VUn47M6XOrXOUVU7SHWHgAB1HmS5wBS7aICYKoxUr4mZkmXv0iXt6UiYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHzZStw4puow1hxginW24KYUwiXuMB8GA1UdIwQY
MBaAFELPShKNCd/EuLA1oSzYMfn3sBRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEt
MGIwNDM3NWY5YjM2LzEvZk5sSzNEaW02akRXSEdDS2RiYmdwaFRDSmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEtMGIwNDM3NWY5YjM2
LzEvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLUOYAwQA
W/eoMA0GCSqGSIb3DQEBCwUAA4IBAQA03ICDjoWavtSa8z951C9MUvAg1NRbsqBs
hVlARP54JQD3M0AbyiyjTw38K36+VPsEe6XYZYYD5mBeDABR+oDUELti24AyBRN0
6rJbizeSBIH0PVBE+rwLJ1GOhnaV6Ee3BJ2Gnt5OeKrQcAcnhUmsu3z4/8NSIBpI
DF5A3hkMCmrFLhdvsdv3il/pKHYrNj6RzgPGcsxLEgvpjJziC/Iooo0KgolJ151m
Vu03Fbmf4nWbFsiDIM6UPNYe8GO/q+npjXj1f0xE56gJYOvMMuJEf59Fe3FByZIC
S+NiD39lwvnIrRYkD60iG4n9R0GdHfVDKnFF9GK0mpkABz4qK/e6
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:35:21 2025 by rpki-client