Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qU16gbd5DrF77UqllnfMV0yVFks.roa
File: qU16gbd5DrF77UqllnfMV0yVFks.roa (raw, json)
Hash identifier: NgkCjS5y52CRbjRfAtQfEOtze69Qn656xLeGJN4ijTg=
Subject key identifier: A9:4D:7A:81:B7:79:0E:B1:7B:ED:4A:A5:96:77:CC:57:4C:95:16:4B
Certificate issuer: /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial: 0189E537F9E6FDDB2ED751824FF548C19DA2
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qU16gbd5DrF77UqllnfMV0yVFks.roa
Signing time: Fri 11 Aug 2023 15:29:58 +0000
ROA not before: Fri 11 Aug 2023 15:29:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56899
IP address blocks: 185.126.252.0/24 maxlen: 24
194.4.69.0/24 maxlen: 24
194.4.70.0/23 maxlen: 23
194.4.70.0/24 maxlen: 24
194.4.68.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:e5:37:f9:e6:fd:db:2e:d7:51:82:4f:f5:48:c1:9d:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Validity
Not Before: Aug 11 15:29:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a94d7a81b7790eb17bed4aa59677cc574c95164b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:11:88:d9:45:23:b5:d7:1d:a1:86:bc:50:e2:
eb:a6:7f:ff:ef:77:49:57:2c:b6:e4:57:75:14:e1:
bc:ea:eb:72:3f:af:cf:ec:bd:34:e9:f3:99:cb:fb:
bf:eb:d4:5d:37:12:ed:45:ae:72:9e:9f:86:a1:f4:
6d:ef:f0:d5:ff:4d:dc:a1:6f:92:df:df:35:c4:0d:
ea:25:29:b3:d1:f4:06:49:50:c6:62:a2:53:17:e7:
23:fb:1a:a5:3e:3e:a1:87:d1:0e:91:63:40:5d:3a:
28:5a:7a:05:52:64:e8:99:e2:56:83:93:e1:64:5e:
68:b8:a1:5b:0d:91:5d:b6:20:46:3d:db:a2:72:4b:
f7:6e:f6:b8:b0:a0:3b:49:81:51:da:32:04:51:34:
4a:e5:f5:82:0c:9b:84:a3:52:18:57:da:67:ac:7f:
b3:4c:cc:48:6e:2b:d4:de:95:1e:da:d6:fe:6f:74:
f3:5a:3f:86:aa:41:e2:e4:c3:8f:a1:54:fc:ab:59:
4f:dc:12:59:8d:f7:b5:e8:ce:93:eb:bb:aa:4a:b2:
02:73:be:a9:9b:43:dd:c7:45:a3:a2:79:1d:18:79:
f7:c0:38:36:cc:99:20:5a:28:4c:5d:ef:68:90:a8:
ed:81:29:19:df:ef:0b:e2:7e:7b:78:ce:cf:b5:bc:
5e:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:4D:7A:81:B7:79:0E:B1:7B:ED:4A:A5:96:77:CC:57:4C:95:16:4B
X509v3 Authority Key Identifier:
keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qU16gbd5DrF77UqllnfMV0yVFks.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.126.252.0/24
194.4.68.0/22
Signature Algorithm: sha256WithRSAEncryption
3a:5f:52:a0:d9:66:51:0b:61:d3:62:20:d7:b1:8b:6d:f1:e9:
15:e0:f7:bd:85:0d:a3:70:80:b8:7e:44:e6:7b:d0:08:ce:a0:
06:0c:16:92:42:6e:44:ed:7f:1f:fe:48:c2:8f:d7:74:66:a0:
2b:c9:72:e9:df:3c:47:68:4f:70:be:00:86:5a:f6:f2:54:7f:
71:5f:ea:05:f6:06:8b:a9:6f:31:25:70:ec:f5:ca:66:24:0e:
3e:87:e4:cd:a8:2e:9e:1f:d8:8c:8a:ec:a6:5c:ed:18:4b:28:
b3:ae:c9:d2:d1:e8:85:b9:3f:46:98:ba:39:90:70:1d:47:ed:
dd:79:f6:1b:83:03:78:21:9f:bf:83:09:4f:4d:73:45:94:12:
13:6a:fb:a6:a3:14:ac:e6:bc:bc:cb:07:66:79:88:57:56:9e:
fc:5c:8f:b1:41:f0:89:58:19:37:8b:22:c5:a9:fe:e6:ab:6e:
67:85:27:f2:a3:e6:d9:8d:99:5b:67:f3:a5:23:43:15:68:62:
07:02:0b:42:df:3f:28:57:7f:1b:76:1c:b6:a1:e4:56:93:52:
4a:07:5c:5b:3a:46:bd:3e:92:71:aa:fd:ac:fd:c5:39:d6:a0:
a2:cd:3e:6e:16:e2:6e:bb:92:ec:99:54:70:7c:d7:cf:df:6e:
95:d7:d9:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYnlN/nm/dsu11GCT/VIwZ2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjMwODExMTUyOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTRkN2E4MWI3NzkwZWIxN2JlZDRhYTU5Njc3Y2M1NzRjOTUxNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hGI2UUjtdcdoYa8UOLrpn//73dJ
Vyy25Fd1FOG86utyP6/P7L006fOZy/u/69RdNxLtRa5ynp+GofRt7/DV/03coW+S
3981xA3qJSmz0fQGSVDGYqJTF+cj+xqlPj6hh9EOkWNAXTooWnoFUmTomeJWg5Ph
ZF5ouKFbDZFdtiBGPduickv3bva4sKA7SYFR2jIEUTRK5fWCDJuEo1IYV9pnrH+z
TMxIbivU3pUe2tb+b3TzWj+GqkHi5MOPoVT8q1lP3BJZjfe16M6T67uqSrICc76p
m0Pdx0WjonkdGHn3wDg2zJkgWihMXe9okKjtgSkZ3+8L4n57eM7PtbxeswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKlNeoG3eQ6xe+1KpZZ3zFdMlRZLMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvcVUxNmdiZDVEckY3N1VxbGxuZk1WMHlWRmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuX78AwQC
wgREMA0GCSqGSIb3DQEBCwUAA4IBAQA6X1Kg2WZRC2HTYiDXsYtt8ekV4Pe9hQ2j
cIC4fkTme9AIzqAGDBaSQm5E7X8f/kjCj9d0ZqAryXLp3zxHaE9wvgCGWvbyVH9x
X+oF9gaLqW8xJXDs9cpmJA4+h+TNqC6eH9iMiuymXO0YSyizrsnS0eiFuT9GmLo5
kHAdR+3defYbgwN4IZ+/gwlPTXNFlBITavumoxSs5ry8ywdmeYhXVp78XI+xQfCJ
WBk3iyLFqf7mq25nhSfyo+bZjZlbZ/OlI0MVaGIHAgtC3z8oV38bdhy2oeRWk1JK
B1xbOka9PpJxqv2s/cU51qCizT5uFuJuu5LsmVRwfNfP326V19mt
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:15:17 2025 by rpki-client