Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/2HkEH8JuK6MYQMJLtCE1gJuY994.roa
File: 2HkEH8JuK6MYQMJLtCE1gJuY994.roa (raw, json)
Hash identifier: /NBIxCWOSTkfIwhzRI6jTIY8B0CIAzsr5zc+4avBEgk=
Subject key identifier: D8:79:04:1F:C2:6E:2B:A3:18:40:C2:4B:B4:21:35:80:9B:98:F7:DE
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 018B1D6F4E2F617F4E5DF560D4F14E6152DD
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/2HkEH8JuK6MYQMJLtCE1gJuY994.roa
Signing time: Wed 11 Oct 2023 06:31:55 +0000
ROA not before: Wed 11 Oct 2023 06:31:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 109.203.168.0/21 maxlen: 24
37.49.145.0/24 maxlen: 24
109.203.176.0/21 maxlen: 24
37.49.147.0/24 maxlen: 24
109.203.184.0/21 maxlen: 24
94.74.152.0/22 maxlen: 24
94.74.156.0/24 maxlen: 24
185.34.160.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:1d:6f:4e:2f:61:7f:4e:5d:f5:60:d4:f1:4e:61:52:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Oct 11 06:31:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d879041fc26e2ba31840c24bb42135809b98f7de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:0c:7c:41:45:e5:4a:0e:d5:cc:a4:c9:b3:9f:
24:fc:d0:27:6b:f4:09:fc:f2:d1:70:13:4d:f5:69:
98:db:fc:c5:e8:94:4f:67:3c:1f:f8:ab:d0:68:e9:
7f:ac:97:cf:f1:5f:70:c3:3a:6f:79:be:24:a5:da:
c9:8c:75:da:d3:71:db:68:c1:ae:26:ad:1e:ab:8a:
70:df:51:c4:ea:7c:40:4d:ae:e5:a8:27:00:7c:6e:
4e:9f:04:08:e5:a8:85:f5:e3:f5:45:5f:82:f8:fe:
45:e9:2d:7b:f5:b8:0c:14:5d:02:5c:89:82:04:8d:
4e:e1:08:d5:c6:0c:9c:28:02:ad:c3:af:27:a7:da:
4d:93:5e:03:b7:26:bb:90:75:f5:22:7c:05:48:38:
27:92:e0:74:eb:2d:1a:24:2e:89:31:4b:d8:d7:22:
ab:29:bd:c8:1f:08:1b:86:a7:d3:90:df:85:90:9b:
de:e5:50:ae:f2:96:b6:35:10:5a:a2:66:88:4e:d5:
4d:03:91:4d:47:b0:ef:29:c9:71:cd:15:2b:2f:d7:
e2:22:b5:23:cf:5e:28:91:cd:30:c9:ee:45:b5:50:
a0:a5:f7:e7:ba:86:fa:fa:ff:68:f2:b2:89:2b:97:
1f:31:91:51:31:ce:87:df:2f:af:0a:bf:fc:e6:7a:
de:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:79:04:1F:C2:6E:2B:A3:18:40:C2:4B:B4:21:35:80:9B:98:F7:DE
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/2HkEH8JuK6MYQMJLtCE1gJuY994.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.145.0/24
37.49.147.0/24
94.74.152.0-94.74.156.255
109.203.168.0-109.203.191.255
185.34.160.0/22
Signature Algorithm: sha256WithRSAEncryption
4e:ff:68:bb:58:da:99:58:57:e4:8e:49:76:0d:f5:c2:2f:bb:
b8:ee:e7:ee:db:aa:76:db:46:28:a6:9c:55:58:c9:c1:86:17:
0b:55:98:37:d5:33:da:3d:ae:61:01:ef:10:68:52:9e:ba:f3:
8d:c9:d1:79:92:9a:87:3a:a6:44:f7:ce:35:2f:e0:42:fc:d8:
80:c0:3c:26:47:be:ed:a0:37:01:b5:ea:d7:2e:c8:91:ba:9d:
d8:bc:4c:b3:7f:4f:20:75:4d:93:c1:e4:ef:1a:5a:b2:f3:75:
49:99:58:92:c7:54:24:3c:b0:26:15:ca:41:bb:b3:db:93:79:
f3:ef:9b:0c:a6:81:ee:74:6d:8e:f6:7d:a9:97:26:48:3b:f6:
1a:ba:35:99:b4:76:37:8b:4c:44:9d:2e:8f:03:d3:66:44:55:
e8:46:7c:f3:5c:80:e6:d6:be:32:35:44:e4:5f:bf:28:2d:d4:
8f:e5:27:59:22:be:c3:13:1f:72:bf:9a:80:a2:3a:64:a8:7b:
fb:c0:6f:e8:55:70:3e:d8:07:0e:1f:75:68:49:c1:0c:f7:60:
04:60:44:55:38:5a:7c:c2:02:ee:29:54:9c:e4:8b:80:54:17:
d0:41:4b:ea:8e:af:2d:b2:01:82:8b:d1:c8:02:64:ea:2a:09:
7a:ab:7c:c8
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYsdb04vYX9OXfVg1PFOYVLdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjMxMDExMDYzMTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODc5MDQxZmMyNmUyYmEzMTg0MGMyNGJiNDIxMzU4MDliOThmN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgx8QUXlSg7VzKTJs58k/NAna/QJ
/PLRcBNN9WmY2/zF6JRPZzwf+KvQaOl/rJfP8V9wwzpveb4kpdrJjHXa03HbaMGu
Jq0eq4pw31HE6nxATa7lqCcAfG5OnwQI5aiF9eP1RV+C+P5F6S179bgMFF0CXImC
BI1O4QjVxgycKAKtw68np9pNk14Dtya7kHX1InwFSDgnkuB06y0aJC6JMUvY1yKr
Kb3IHwgbhqfTkN+FkJve5VCu8pa2NRBaomaITtVNA5FNR7DvKclxzRUrL9fiIrUj
z14okc0wye5FtVCgpffnuob6+v9o8rKJK5cfMZFRMc6H3y+vCr/85nreuwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFNh5BB/CbiujGEDCS7QhNYCbmPfeMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvMkhrRUg4SnVLNk1ZUU1KTHRDRTFnSnVZOTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQAJTGRAwQA
JTGTMAwDBANeSpgDBABeSpwwDAMEA23LqAMEBm3LgAMEArkioDANBgkqhkiG9w0B
AQsFAAOCAQEATv9ou1jamVhX5I5Jdg31wi+7uO7n7tuqdttGKKacVVjJwYYXC1WY
N9Uz2j2uYQHvEGhSnrrzjcnReZKahzqmRPfONS/gQvzYgMA8Jke+7aA3AbXq1y7I
kbqd2LxMs39PIHVNk8Hk7xpasvN1SZlYksdUJDywJhXKQbuz25N58++bDKaB7nRt
jvZ9qZcmSDv2Gro1mbR2N4tMRJ0ujwPTZkRV6EZ881yA5ta+MjVE5F+/KC3Uj+Un
WSK+wxMfcr+agKI6ZKh7+8Bv6FVwPtgHDh91aEnBDPdgBGBEVThafMIC7ilUnOSL
gFQX0EFL6o6vLbIBgovRyAJk6ioJeqt8yA==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:01:14 2025 by rpki-client