Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/038560-26d6-455d-a8f4-9bfdf2251267/1/HiX-Gb6iQvEE8L976N2xjn4HM6U.roa
File: HiX-Gb6iQvEE8L976N2xjn4HM6U.roa (raw, json)
Hash identifier: kc3FJ96gwcfetP9sUsZ7xq6AB2/B3klNfDF0fiGEcQc=
Subject key identifier: 1E:25:FE:19:BE:A2:42:F1:04:F0:BF:7B:E8:DD:B1:8E:7E:07:33:A5
Certificate issuer: /CN=a823fe6dad8ad4fdaee6dd6983c1e55cde8482a2
Certificate serial: 0185704BA2FEA58E00B3DBE8A086AAA392A6
Authority key identifier: A8:23:FE:6D:AD:8A:D4:FD:AE:E6:DD:69:83:C1:E5:5C:DE:84:82:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qCP-ba2K1P2u5t1pg8HlXN6EgqI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/038560-26d6-455d-a8f4-9bfdf2251267/1/HiX-Gb6iQvEE8L976N2xjn4HM6U.roa
Signing time: Mon 02 Jan 2023 02:24:43 +0000
ROA not before: Mon 02 Jan 2023 02:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209620
IP address blocks: 193.58.88.0/22 maxlen: 24
193.58.91.0/24 maxlen: 24
194.55.240.0/22 maxlen: 24
2a0c:94c0::/29 maxlen: 48
2a0c:cbc0::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:4b:a2:fe:a5:8e:00:b3:db:e8:a0:86:aa:a3:92:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a823fe6dad8ad4fdaee6dd6983c1e55cde8482a2
Validity
Not Before: Jan 2 02:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1e25fe19bea242f104f0bf7be8ddb18e7e0733a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:3f:91:e5:d7:14:85:06:fc:18:91:06:28:28:
aa:71:c2:4d:c6:49:54:e5:2d:70:00:67:aa:b8:26:
cb:77:e9:2d:b8:e8:ce:3e:cf:30:2e:24:2b:90:e6:
b2:85:02:53:57:46:32:e5:63:90:96:8e:c0:85:73:
7c:9d:16:79:01:53:ad:e1:b9:4d:68:02:7e:72:28:
18:c6:22:eb:96:53:be:d4:b1:21:98:f0:16:c1:55:
f8:d2:c1:25:46:f8:1e:48:5b:a1:42:76:cb:7c:57:
2a:bf:92:b2:e5:0e:df:61:90:ef:a6:2c:ab:31:1b:
25:0f:ba:28:40:ff:a2:1f:dd:91:f7:52:a7:a1:9f:
6d:45:fd:a5:8a:c3:8a:5b:1b:3e:85:95:38:2c:b5:
95:e6:bc:26:22:97:ec:d8:74:9e:47:96:c6:68:07:
a6:af:04:85:f6:91:c0:04:f9:44:e3:33:43:dd:3a:
4f:b0:ec:31:11:70:09:bf:cb:24:b5:0c:af:2c:96:
32:d2:5f:0e:b1:3f:a7:42:ee:a9:17:26:25:c8:14:
45:58:78:57:83:fd:b3:95:ea:58:cc:03:6f:d3:e4:
dc:0a:ee:26:97:19:fa:f4:62:cf:11:6f:fa:7f:6d:
9b:8d:59:2f:7f:ea:08:3f:e4:fa:87:21:9a:e4:d4:
91:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:25:FE:19:BE:A2:42:F1:04:F0:BF:7B:E8:DD:B1:8E:7E:07:33:A5
X509v3 Authority Key Identifier:
keyid:A8:23:FE:6D:AD:8A:D4:FD:AE:E6:DD:69:83:C1:E5:5C:DE:84:82:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCP-ba2K1P2u5t1pg8HlXN6EgqI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/038560-26d6-455d-a8f4-9bfdf2251267/1/HiX-Gb6iQvEE8L976N2xjn4HM6U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/038560-26d6-455d-a8f4-9bfdf2251267/1/qCP-ba2K1P2u5t1pg8HlXN6EgqI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.58.88.0/22
194.55.240.0/22
IPv6:
2a0c:94c0::/29
2a0c:cbc0::/29
Signature Algorithm: sha256WithRSAEncryption
ab:c7:03:5a:d0:96:e5:27:9a:e9:b2:d7:d7:c5:e6:a3:1d:f0:
a4:65:aa:f1:69:b1:7a:3f:80:6a:44:74:2a:e4:b4:bc:d2:03:
37:0b:46:04:d3:1c:d3:7a:ec:b9:51:09:b6:b0:27:e6:39:26:
06:c5:d0:f0:04:ef:44:96:87:a2:c2:f4:66:e6:e7:be:ff:af:
2a:33:a4:ab:cd:ba:7c:5e:c8:c8:52:cf:8c:db:1e:ff:29:f4:
29:80:a9:88:52:39:89:ad:3f:46:e6:0d:41:a9:67:be:4c:1f:
c2:a3:44:70:8d:e5:8f:25:79:5e:39:5f:fb:ff:04:56:12:94:
d1:39:25:66:c9:b9:e4:ef:be:62:3d:24:7d:a9:bd:ca:b1:f9:
ba:1b:49:77:3f:87:60:87:b2:48:f4:f7:75:3b:e6:a2:d0:8c:
e0:2a:ea:d3:01:81:cd:21:4f:a3:1e:be:e2:50:a0:03:16:56:
e9:41:9d:ef:69:45:14:45:ad:10:1a:ea:ad:7d:ef:8d:5d:76:
19:99:fe:a0:4b:b3:0e:b4:11:35:67:3e:57:11:41:14:1c:5b:
f2:f6:c3:c4:5f:73:66:a4:e8:a3:ca:78:a0:e4:5e:8d:d4:86:
9e:ff:eb:bd:da:cd:0a:17:28:70:f8:7f:78:d2:5b:49:cc:e8:
6b:e5:f9:05
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVwS6L+pY4As9vooIaqo5KmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MjNmZTZkYWQ4YWQ0ZmRhZWU2ZGQ2OTgzYzFlNTVjZGU4
NDgyYTIwHhcNMjMwMTAyMDIyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTI1ZmUxOWJlYTI0MmYxMDRmMGJmN2JlOGRkYjE4ZTdlMDczM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyD+R5dcUhQb8GJEGKCiqccJNxklU
5S1wAGequCbLd+ktuOjOPs8wLiQrkOayhQJTV0Yy5WOQlo7AhXN8nRZ5AVOt4blN
aAJ+cigYxiLrllO+1LEhmPAWwVX40sElRvgeSFuhQnbLfFcqv5Ky5Q7fYZDvpiyr
MRslD7ooQP+iH92R91KnoZ9tRf2lisOKWxs+hZU4LLWV5rwmIpfs2HSeR5bGaAem
rwSF9pHABPlE4zND3TpPsOwxEXAJv8sktQyvLJYy0l8OsT+nQu6pFyYlyBRFWHhX
g/2zlepYzANv0+TcCu4mlxn69GLPEW/6f22bjVkvf+oIP+T6hyGa5NSRCwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFB4l/hm+okLxBPC/e+jdsY5+BzOlMB8GA1UdIwQY
MBaAFKgj/m2titT9rubdaYPB5VzehIKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUNQLWJhMksxUDJ1NXQxcGc4SGxYTjZFZ3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wMzg1NjAtMjZkNi00NTVkLWE4ZjQt
OWJmZGYyMjUxMjY3LzEvSGlYLUdiNmlRdkVFOEw5NzZOMnhqbjRITTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wMzg1NjAtMjZkNi00NTVkLWE4ZjQtOWJmZGYyMjUxMjY3
LzEvcUNQLWJhMksxUDJ1NXQxcGc4SGxYTjZFZ3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCwTpYAwQC
wjfwMBQEAgACMA4DBQMqDJTAAwUDKgzLwDANBgkqhkiG9w0BAQsFAAOCAQEAq8cD
WtCW5Sea6bLX18Xmox3wpGWq8Wmxej+AakR0KuS0vNIDNwtGBNMc03rsuVEJtrAn
5jkmBsXQ8ATvRJaHosL0Zubnvv+vKjOkq826fF7IyFLPjNse/yn0KYCpiFI5ia0/
RuYNQalnvkwfwqNEcI3ljyV5Xjlf+/8EVhKU0TklZsm55O++Yj0kfam9yrH5uhtJ
dz+HYIeySPT3dTvmotCM4Crq0wGBzSFPox6+4lCgAxZW6UGd72lFFEWtEBrqrX3v
jV12GZn+oEuzDrQRNWc+VxFBFBxb8vbDxF9zZqToo8p4oORejdSGnv/rvdrNChco
cPh/eNJbSczoa+X5BQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:24:20 2025 by rpki-client