Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/x4kk67dmk7Vr5zzR1LQX58PFMtU.roa
File: x4kk67dmk7Vr5zzR1LQX58PFMtU.roa (raw, json)
Hash identifier: rAOBuzEHOEYH8fW8SZOwW+PKy5qE9nGHbjgUe4kY5cw=
Subject key identifier: C7:89:24:EB:B7:66:93:B5:6B:E7:3C:D1:D4:B4:17:E7:C3:C5:32:D5
Certificate issuer: /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial: 0184E6E46DA7E3864D1A5C1BE29C12992FD7
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/x4kk67dmk7Vr5zzR1LQX58PFMtU.roa
Signing time: Tue 06 Dec 2022 10:04:00 +0000
ROA not before: Tue 06 Dec 2022 10:04:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 28738
IP address blocks: 78.153.131.0/24 maxlen: 24
78.153.128.0/24 maxlen: 24
78.153.132.0/23 maxlen: 23
78.153.129.0/24 maxlen: 24
78.153.134.0/24 maxlen: 24
78.153.141.0/24 maxlen: 24
78.153.142.0/24 maxlen: 24
78.153.152.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e6:e4:6d:a7:e3:86:4d:1a:5c:1b:e2:9c:12:99:2f:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
Validity
Not Before: Dec 6 10:04:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c78924ebb76693b56be73cd1d4b417e7c3c532d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:fa:e1:73:ae:5b:08:5c:c6:3f:ca:50:03:8b:
29:c8:f3:dd:cc:ac:e7:23:a8:35:5f:0b:56:a3:dd:
66:51:33:0b:d0:22:d9:1f:8d:17:bf:f4:5e:2f:80:
53:35:6e:03:28:05:2d:82:26:f5:bd:05:35:15:a7:
79:aa:2e:4e:4d:35:8a:31:ac:3e:3b:f2:26:22:09:
c2:2e:66:ae:cc:28:c5:ec:44:8b:0e:a5:19:9a:3b:
5d:99:13:68:73:ed:fa:78:4b:b2:c4:db:d3:e1:ea:
70:ea:50:ea:35:40:47:ab:7f:6e:28:c1:bb:fa:b2:
9a:ec:14:11:c7:58:d0:42:b5:7a:e9:33:31:2f:1e:
19:d8:9a:d6:c6:73:aa:5f:09:eb:cc:01:cd:aa:c4:
c7:d5:8e:72:0f:97:d8:a2:14:80:08:a7:0f:ec:1b:
5e:17:ba:01:cd:f7:63:57:99:ac:9b:ac:75:00:70:
b2:66:7f:47:0f:ef:78:61:1d:4e:84:f5:0f:1e:25:
4a:2e:e2:c4:ec:14:78:0a:e7:6e:0b:15:28:ef:59:
5d:04:c6:46:dd:15:7e:75:d4:60:f9:16:60:b4:2d:
df:3a:4f:a5:7c:c9:24:03:b0:e9:3c:ea:c4:3d:64:
72:63:96:45:41:61:cf:5c:85:ec:70:fc:00:40:e2:
45:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:89:24:EB:B7:66:93:B5:6B:E7:3C:D1:D4:B4:17:E7:C3:C5:32:D5
X509v3 Authority Key Identifier:
keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/x4kk67dmk7Vr5zzR1LQX58PFMtU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.153.128.0/23
78.153.131.0-78.153.134.255
78.153.141.0-78.153.142.255
78.153.152.0/23
Signature Algorithm: sha256WithRSAEncryption
48:de:9a:48:72:83:92:8b:38:7d:1b:64:3c:3a:c3:a0:05:6a:
13:f5:18:81:f4:ae:97:5c:81:c1:59:b8:e5:db:e5:5d:bf:33:
34:29:86:39:68:fd:8f:49:47:be:25:8a:05:52:25:2a:47:95:
2d:3b:2e:55:ee:13:82:94:a6:1a:78:0b:d3:8f:29:95:f6:e5:
7f:b0:ef:3c:df:96:76:a8:9e:24:01:9e:05:e4:be:1d:69:13:
48:e1:52:ac:83:5d:7e:02:d5:b6:4e:34:8c:0b:42:9d:c9:36:
db:01:2f:91:74:f8:32:54:e4:3d:6d:01:df:46:57:fb:55:12:
41:5b:87:a3:74:4c:82:5b:6a:b0:31:1a:84:72:b4:8e:a4:b2:
9d:9e:4b:b6:50:8e:f1:77:5f:12:0f:d8:6a:98:4e:3f:0b:0d:
64:ef:71:96:9e:75:e8:d9:46:72:b2:b9:6f:2d:52:9d:ad:c9:
7a:c5:88:6d:c9:77:d0:6e:b0:2b:fb:de:50:b8:d8:a0:04:b7:
ab:06:d2:e9:40:bd:05:72:11:ad:7f:47:12:23:5c:18:79:05:
8e:46:4a:b5:93:5b:f1:d9:97:92:fd:ed:ca:23:4d:99:01:b7:
cb:f2:84:27:7f:da:07:bc:48:a1:d1:ad:ee:13:89:54:08:41:
23:a3:f2:af
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYTm5G2n44ZNGlwb4pwSmS/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjIxMjA2MTAwNDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzg5MjRlYmI3NjY5M2I1NmJlNzNjZDFkNGI0MTdlN2MzYzUzMmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvrhc65bCFzGP8pQA4spyPPdzKzn
I6g1XwtWo91mUTML0CLZH40Xv/ReL4BTNW4DKAUtgib1vQU1Fad5qi5OTTWKMaw+
O/ImIgnCLmauzCjF7ESLDqUZmjtdmRNoc+36eEuyxNvT4epw6lDqNUBHq39uKMG7
+rKa7BQRx1jQQrV66TMxLx4Z2JrWxnOqXwnrzAHNqsTH1Y5yD5fYohSACKcP7Bte
F7oBzfdjV5msm6x1AHCyZn9HD+94YR1OhPUPHiVKLuLE7BR4CuduCxUo71ldBMZG
3RV+ddRg+RZgtC3fOk+lfMkkA7DpPOrEPWRyY5ZFQWHPXIXscPwAQOJFCQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFMeJJOu3ZpO1a+c80dS0F+fDxTLVMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEveDRrazY3ZG1rN1ZyNXp6UjFMUVg1OFBGTXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQBTpmAMAwD
BABOmYMDBABOmYYwDAMEAE6ZjQMEAE6ZjgMEAU6ZmDANBgkqhkiG9w0BAQsFAAOC
AQEASN6aSHKDkos4fRtkPDrDoAVqE/UYgfSul1yBwVm45dvlXb8zNCmGOWj9j0lH
viWKBVIlKkeVLTsuVe4TgpSmGngL048plfblf7DvPN+WdqieJAGeBeS+HWkTSOFS
rINdfgLVtk40jAtCnck22wEvkXT4MlTkPW0B30ZX+1USQVuHo3RMgltqsDEahHK0
jqSynZ5LtlCO8XdfEg/YaphOPwsNZO9xlp516NlGcrK5by1Sna3JesWIbcl30G6w
K/veULjYoAS3qwbS6UC9BXIRrX9HEiNcGHkFjkZKtZNb8dmXkv3tyiNNmQG3y/KE
J3/aB7xIodGt7hOJVAhBI6Pyrw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:17:17 2025 by rpki-client