Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/Rp3lh6Kmd7cE-lUnKTWxP2ZULY8.roa
File: Rp3lh6Kmd7cE-lUnKTWxP2ZULY8.roa (raw, json)
Hash identifier: Co0ZlRHNaeFLcuC2IdUUmktgA2lYwvdOKvN7+04hW50=
Subject key identifier: 46:9D:E5:87:A2:A6:77:B7:04:FA:55:27:29:35:B1:3F:66:54:2D:8F
Certificate issuer: /CN=4aafe45b30fa7f594925dd395ba14cefb673e2c0
Certificate serial: 0184E726586D629F0F2FA59FAF4F0AD479EB
Authority key identifier: 4A:AF:E4:5B:30:FA:7F:59:49:25:DD:39:5B:A1:4C:EF:B6:73:E2:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Sq_kWzD6f1lJJd05W6FM77Zz4sA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/Rp3lh6Kmd7cE-lUnKTWxP2ZULY8.roa
Signing time: Tue 06 Dec 2022 11:16:00 +0000
ROA not before: Tue 06 Dec 2022 11:16:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35032
IP address blocks: 109.124.224.0/21 maxlen: 21
109.124.232.0/21 maxlen: 21
109.124.240.0/21 maxlen: 21
109.124.252.0/23 maxlen: 23
109.124.248.0/22 maxlen: 22
109.124.254.0/23 maxlen: 23
85.236.160.0/20 maxlen: 20
185.224.8.0/22 maxlen: 22
85.236.176.0/20 maxlen: 20
109.124.192.0/19 maxlen: 19
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e7:26:58:6d:62:9f:0f:2f:a5:9f:af:4f:0a:d4:79:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4aafe45b30fa7f594925dd395ba14cefb673e2c0
Validity
Not Before: Dec 6 11:16:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=469de587a2a677b704fa55272935b13f66542d8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:80:c4:cc:59:b7:4c:d0:0e:77:46:18:eb:c1:
16:e6:72:62:a3:c8:85:00:51:6c:e9:c6:e5:28:8c:
bd:26:97:f6:ef:90:fc:f6:58:e3:71:79:dd:93:02:
de:31:4c:8d:19:26:2a:7e:48:40:ab:eb:3b:af:ca:
61:00:f9:d9:45:f5:a2:2e:bf:d0:7f:16:59:c3:c1:
6b:e4:df:10:b8:20:db:08:d4:2d:90:5f:16:e4:42:
4e:1a:ae:72:40:c4:3c:ef:16:63:80:f4:83:fc:30:
e7:ec:18:10:8f:13:e8:6e:bb:27:38:9b:25:52:0c:
8e:db:f7:85:06:fb:6a:75:4f:84:f2:68:f8:a7:d8:
17:80:6f:00:b8:a7:99:eb:ea:24:6c:01:10:5b:ac:
a5:9c:2f:6e:b0:d4:e5:2a:b9:5e:d3:29:1f:8a:30:
fb:d2:62:10:ea:b9:99:a5:80:fa:f1:e3:5b:65:0d:
d8:c6:e3:6c:0a:58:29:22:25:4a:6e:44:57:5f:86:
e5:4b:8d:b3:a5:73:ce:3d:22:23:c4:83:92:5b:70:
75:6b:a6:35:c2:4d:bc:60:ba:41:38:ef:7f:f5:b9:
a0:b8:28:da:0b:03:b4:c9:7b:dc:06:c7:d8:52:94:
4c:05:ce:c1:d7:d8:fc:d6:56:0e:4a:e6:a9:cb:a0:
e0:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:9D:E5:87:A2:A6:77:B7:04:FA:55:27:29:35:B1:3F:66:54:2D:8F
X509v3 Authority Key Identifier:
keyid:4A:AF:E4:5B:30:FA:7F:59:49:25:DD:39:5B:A1:4C:EF:B6:73:E2:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sq_kWzD6f1lJJd05W6FM77Zz4sA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/Rp3lh6Kmd7cE-lUnKTWxP2ZULY8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/Sq_kWzD6f1lJJd05W6FM77Zz4sA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.236.160.0/19
109.124.192.0/18
185.224.8.0/22
Signature Algorithm: sha256WithRSAEncryption
26:76:1d:6d:a2:f1:ae:e4:de:2f:6b:ad:62:30:8f:47:6e:d5:
11:06:d5:6a:ef:80:e9:66:2a:06:f9:a9:ff:af:a6:9f:4d:e4:
84:7d:55:e7:57:29:83:93:5c:df:a8:ec:21:79:e5:c5:90:c3:
3c:fe:64:4f:59:16:1b:46:36:69:b6:e1:28:7e:13:7f:d6:db:
99:b9:10:6a:aa:25:6d:f2:4b:98:35:86:36:29:b8:b3:df:ee:
a3:85:78:d6:b3:e8:44:34:dc:71:ef:af:3e:27:1e:66:a0:0f:
49:51:48:44:e1:ba:cf:45:9b:c6:ea:67:3f:47:37:51:69:21:
84:52:9d:6c:dc:cc:eb:0f:70:7f:c4:2e:24:82:1c:3c:50:e3:
c5:01:90:bb:e2:ae:8b:50:4f:b5:98:21:a8:d4:56:3c:56:60:
5b:d9:02:1a:8c:1b:63:21:5f:07:bd:c6:c0:77:63:ba:0f:72:
fe:ee:ac:bc:c2:0f:64:01:37:e9:9c:00:09:9a:93:63:2d:55:
45:cb:af:2b:9b:d9:8f:db:08:6d:3f:ef:e0:e2:c9:c2:ab:55:
c5:48:8f:77:79:88:fc:36:3f:85:17:c0:75:63:1c:58:79:a3:
5d:02:b6:04:77:d0:dc:c3:0f:55:13:c6:f9:45:e1:50:e4:41:
9d:c6:83:b2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTnJlhtYp8PL6Wfr08K1HnrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWZlNDViMzBmYTdmNTk0OTI1ZGQzOTViYTE0Y2VmYjY3
M2UyYzAwHhcNMjIxMjA2MTExNjAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjlkZTU4N2EyYTY3N2I3MDRmYTU1MjcyOTM1YjEzZjY2NTQyZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIDEzFm3TNAOd0YY68EW5nJio8iF
AFFs6cblKIy9Jpf275D89ljjcXndkwLeMUyNGSYqfkhAq+s7r8phAPnZRfWiLr/Q
fxZZw8Fr5N8QuCDbCNQtkF8W5EJOGq5yQMQ87xZjgPSD/DDn7BgQjxPobrsnOJsl
UgyO2/eFBvtqdU+E8mj4p9gXgG8AuKeZ6+okbAEQW6ylnC9usNTlKrle0ykfijD7
0mIQ6rmZpYD68eNbZQ3YxuNsClgpIiVKbkRXX4blS42zpXPOPSIjxIOSW3B1a6Y1
wk28YLpBOO9/9bmguCjaCwO0yXvcBsfYUpRMBc7B19j81lYOSuapy6DgoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEad5Yeipne3BPpVJyk1sT9mVC2PMB8GA1UdIwQY
MBaAFEqv5Fsw+n9ZSSXdOVuhTO+2c+LAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Ffa1d6RDZmMWxKSmQwNVc2Rk03N1p6NHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZTA5ZmItZjUzNi00N2ExLTk3ODct
ZjFmNjAzZjkxOTcxLzEvUnAzbGg2S21kN2NFLWxVbktUV3hQMlpVTFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZTA5ZmItZjUzNi00N2ExLTk3ODctZjFmNjAzZjkxOTcx
LzEvU3Ffa1d6RDZmMWxKSmQwNVc2Rk03N1p6NHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFVeygAwQG
bXzAAwQCueAIMA0GCSqGSIb3DQEBCwUAA4IBAQAmdh1tovGu5N4va61iMI9HbtUR
BtVq74DpZioG+an/r6afTeSEfVXnVymDk1zfqOwheeXFkMM8/mRPWRYbRjZptuEo
fhN/1tuZuRBqqiVt8kuYNYY2Kbiz3+6jhXjWs+hENNxx768+Jx5moA9JUUhE4brP
RZvG6mc/RzdRaSGEUp1s3MzrD3B/xC4kghw8UOPFAZC74q6LUE+1mCGo1FY8VmBb
2QIajBtjIV8HvcbAd2O6D3L+7qy8wg9kATfpnAAJmpNjLVVFy68rm9mP2whtP+/g
4snCq1XFSI93eYj8Nj+FF8B1YxxYeaNdArYEd9Dcww9VE8b5ReFQ5EGdxoOy
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:29:23 2025 by rpki-client