Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/GB4XmALktOkbn1-lQ8JbXuE3sVY.roa
File: GB4XmALktOkbn1-lQ8JbXuE3sVY.roa (raw, json)
Hash identifier: 4o4mQJ4XhcEYeZbU1IDo2YAZSX9gPu4l0+f5bMjNDnc=
Subject key identifier: 18:1E:17:98:02:E4:B4:E9:1B:9F:5F:A5:43:C2:5B:5E:E1:37:B1:56
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 018C3AADC13FD6D6C998E1FE0AC73454F794
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/GB4XmALktOkbn1-lQ8JbXuE3sVY.roa
Signing time: Tue 05 Dec 2023 15:51:54 +0000
ROA not before: Tue 05 Dec 2023 15:51:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60490
IP address blocks: 176.109.67.0/24 maxlen: 24
176.109.65.0/24 maxlen: 24
194.150.89.0/24 maxlen: 24
194.150.90.0/24 maxlen: 24
194.150.88.0/24 maxlen: 24
194.150.91.0/24 maxlen: 24
176.109.64.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:ad:c1:3f:d6:d6:c9:98:e1:fe:0a:c7:34:54:f7:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Dec 5 15:51:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=181e179802e4b4e91b9f5fa543c25b5ee137b156
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:cd:57:fd:24:0a:4b:1f:18:05:a0:b0:11:41:
82:c0:4f:da:fd:eb:ef:b9:01:91:7e:9e:69:b4:ea:
46:f2:a6:d8:03:86:ce:9d:c4:f8:c6:f1:d1:84:95:
d1:a9:52:a7:b3:c5:b0:14:0a:fb:c5:28:80:2c:db:
34:51:94:00:db:dc:68:bb:db:b8:f1:82:ca:03:92:
77:e2:1f:7e:07:c5:78:8f:00:29:91:a0:da:44:66:
c5:78:dd:cc:da:c3:1c:18:cd:54:04:55:08:b4:63:
68:ff:e5:04:db:08:c9:34:4d:d5:a0:48:86:a2:54:
bf:0a:90:2b:40:09:dd:9b:c6:0f:9e:5c:5d:d7:d0:
80:08:c3:37:36:06:f5:b9:ea:6e:17:f7:6e:db:7b:
58:91:6d:2a:3c:03:a8:f7:1c:2c:c8:7f:4f:16:61:
35:de:56:04:3f:b3:75:50:88:28:c5:39:18:89:0a:
5d:db:80:86:40:9d:5c:8f:b0:a1:42:f6:8c:72:98:
4b:c5:ea:70:da:35:33:a5:70:82:d8:f3:bd:52:b4:
2d:8e:89:73:1e:43:28:fc:6b:d4:77:ab:e6:27:ef:
4c:62:bc:26:80:ca:e1:b4:54:1d:77:6c:60:d0:97:
4a:08:63:13:c4:0a:6b:e4:3a:7a:d8:11:3a:f0:37:
ca:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:1E:17:98:02:E4:B4:E9:1B:9F:5F:A5:43:C2:5B:5E:E1:37:B1:56
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/GB4XmALktOkbn1-lQ8JbXuE3sVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.109.64.0/23
176.109.67.0/24
194.150.88.0/22
Signature Algorithm: sha256WithRSAEncryption
23:85:11:93:b1:2e:2f:d1:a0:bc:4a:58:15:f7:22:e8:c7:49:
0a:5f:58:a7:fb:26:d7:81:c6:e8:bc:fb:3c:cd:c5:d7:80:45:
ea:65:04:e5:9b:15:36:e0:22:8f:36:3e:df:48:60:ac:1b:11:
7d:7d:a0:ea:50:e1:60:a5:2c:c8:13:a9:41:df:a9:34:54:6e:
54:d8:20:02:26:88:23:43:2e:9b:78:29:00:a7:cf:aa:28:8c:
81:82:e6:cd:6b:55:8f:0a:06:81:e2:ea:da:6e:0c:89:1a:28:
10:11:c1:e3:58:75:5c:f3:2a:0d:57:f4:77:02:7b:5f:96:8e:
86:df:3e:a3:40:6b:68:d7:d7:1a:3d:50:ab:d5:9e:c6:2b:b7:
6e:57:97:dc:92:1f:4d:99:bf:e8:f9:54:07:1f:fd:44:15:38:
1a:91:c9:b7:1a:50:6c:c6:d1:f5:09:fc:3b:a0:98:51:a0:b5:
72:ff:2d:4e:1f:73:e8:cc:30:8d:08:66:2e:5c:77:f4:22:9a:
04:c2:b5:e6:7f:2c:46:d2:0c:91:fb:f7:e8:27:19:2d:2d:d1:
29:67:d3:23:72:cc:7a:06:82:d4:f7:18:41:30:0d:42:49:d2:
c4:5a:4e:da:85:f1:15:e3:86:45:42:a9:ce:89:e1:11:b4:6b:
53:5b:c2:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYw6rcE/1tbJmOH+Csc0VPeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA1MTU1MTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODFlMTc5ODAyZTRiNGU5MWI5ZjVmYTU0M2MyNWI1ZWUxMzdiMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM1X/SQKSx8YBaCwEUGCwE/a/evv
uQGRfp5ptOpG8qbYA4bOncT4xvHRhJXRqVKns8WwFAr7xSiALNs0UZQA29xou9u4
8YLKA5J34h9+B8V4jwApkaDaRGbFeN3M2sMcGM1UBFUItGNo/+UE2wjJNE3VoEiG
olS/CpArQAndm8YPnlxd19CACMM3Ngb1uepuF/du23tYkW0qPAOo9xwsyH9PFmE1
3lYEP7N1UIgoxTkYiQpd24CGQJ1cj7ChQvaMcphLxepw2jUzpXCC2PO9UrQtjolz
HkMo/GvUd6vmJ+9MYrwmgMrhtFQdd2xg0JdKCGMTxApr5Dp62BE68DfKdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBgeF5gC5LTpG59fpUPCW17hN7FWMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvR0I0WG1BTGt0T2tibjEtbFE4SmJYdUUzc1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBsG1AAwQA
sG1DAwQCwpZYMA0GCSqGSIb3DQEBCwUAA4IBAQAjhRGTsS4v0aC8SlgV9yLox0kK
X1in+ybXgcbovPs8zcXXgEXqZQTlmxU24CKPNj7fSGCsGxF9faDqUOFgpSzIE6lB
36k0VG5U2CACJogjQy6beCkAp8+qKIyBgubNa1WPCgaB4urabgyJGigQEcHjWHVc
8yoNV/R3Antflo6G3z6jQGto19caPVCr1Z7GK7duV5fckh9Nmb/o+VQHH/1EFTga
kcm3GlBsxtH1Cfw7oJhRoLVy/y1OH3PozDCNCGYuXHf0IpoEwrXmfyxG0gyR+/fo
JxktLdEpZ9Mjcsx6BoLU9xhBMA1CSdLEWk7ahfEV44ZFQqnOieERtGtTW8Ku
-----END CERTIFICATE-----
Generated at Wed Apr 23 09:46:25 2025 by rpki-client