Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/XJkIEshEcphUU5hbnYD95Mr-v0Y.roa
File: XJkIEshEcphUU5hbnYD95Mr-v0Y.roa (raw, json)
Hash identifier: cT1csEC00TOJNPG/EWSyBgoeGETQfCSvL4DOt+O10ug=
Subject key identifier: 5C:99:08:12:C8:44:72:98:54:53:98:5B:9D:80:FD:E4:CA:FE:BF:46
Certificate issuer: /CN=bc87b9cfc3ee0c44965ea209c04fd8e8f48fa42f
Certificate serial: 01856C25E4826039D67FEA831F613FB5832C
Authority key identifier: BC:87:B9:CF:C3:EE:0C:44:96:5E:A2:09:C0:4F:D8:E8:F4:8F:A4:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/XJkIEshEcphUU5hbnYD95Mr-v0Y.roa
Signing time: Sun 01 Jan 2023 07:05:00 +0000
ROA not before: Sun 01 Jan 2023 07:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44309
IP address blocks: 185.229.139.0/24 maxlen: 24
185.229.138.0/24 maxlen: 24
185.229.137.0/24 maxlen: 24
185.229.136.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:25:e4:82:60:39:d6:7f:ea:83:1f:61:3f:b5:83:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc87b9cfc3ee0c44965ea209c04fd8e8f48fa42f
Validity
Not Before: Jan 1 07:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5c990812c84472985453985b9d80fde4cafebf46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:3c:c4:c5:d3:aa:2c:d8:1f:6a:7f:75:cc:8e:
b5:76:b6:3e:a3:c1:92:f6:b9:45:d1:55:7e:bf:a3:
10:19:29:c5:ae:c8:9e:dd:af:89:dc:67:de:3c:c6:
71:08:8a:08:3b:f4:95:4a:30:ee:e6:f0:b1:92:d4:
d2:03:8f:b4:71:da:1e:5a:ec:d4:a9:bc:2f:dc:de:
71:6e:95:a1:c4:b2:bb:0a:59:58:92:ad:45:2d:2c:
60:20:50:82:ba:7d:ef:d5:a4:ac:fd:e5:43:4a:e6:
5e:5b:b5:8c:12:06:db:17:7c:95:c5:e4:a8:42:9c:
8b:68:c2:95:5b:28:db:42:47:80:e8:47:ae:a6:59:
7c:5a:32:48:fb:52:86:ff:5f:b9:ea:73:5c:b7:0a:
55:4b:b8:54:72:be:60:a6:71:6b:4c:b9:d2:53:03:
92:11:b2:98:a7:c2:6f:7f:61:c2:84:3d:0f:3e:58:
bb:b2:e5:c1:12:88:6a:e5:11:c5:eb:11:ed:5b:99:
0c:2e:0f:51:11:4d:19:ef:b3:a4:bd:f0:8d:f8:f5:
12:ce:65:7c:76:20:7d:1b:51:8e:24:42:e6:25:6d:
b7:ed:6f:56:0d:2b:ae:05:b7:81:ea:15:47:d8:b4:
51:a8:c2:1c:5a:8a:9f:e2:ec:3c:59:0b:84:d6:91:
6c:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:99:08:12:C8:44:72:98:54:53:98:5B:9D:80:FD:E4:CA:FE:BF:46
X509v3 Authority Key Identifier:
keyid:BC:87:B9:CF:C3:EE:0C:44:96:5E:A2:09:C0:4F:D8:E8:F4:8F:A4:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/XJkIEshEcphUU5hbnYD95Mr-v0Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.229.136.0/22
Signature Algorithm: sha256WithRSAEncryption
33:02:bf:52:dd:cf:55:7a:9e:f9:63:cb:fb:36:4e:61:9d:bc:
d8:31:4d:e9:ef:fb:1f:27:bb:58:9a:99:e2:c4:83:6d:d3:2f:
07:93:cf:d4:c9:52:b6:cb:5f:ba:e8:c4:5c:79:8d:86:59:34:
9e:07:dc:cb:b8:d0:a6:66:44:0b:16:be:51:51:5f:f5:b5:13:
08:7c:28:12:48:67:0b:57:00:e4:9c:54:83:1a:33:83:f1:0b:
33:bb:9c:9c:cc:54:20:cd:70:8b:c7:1f:85:9d:2d:31:ee:9e:
50:ea:ed:56:da:ae:93:28:a8:ee:1d:81:d5:32:fa:35:72:81:
80:94:29:02:76:d1:e9:33:e6:e8:2e:81:a2:1b:d0:86:37:cc:
8c:58:cf:15:f4:3b:7d:98:b8:d7:b1:a1:af:d7:6e:65:f1:3b:
76:fb:bb:3b:c1:e3:5f:06:a0:ce:b3:21:7f:1d:dd:dc:27:e3:
5d:48:f9:2f:fe:b9:82:c5:14:00:88:c7:cf:33:a9:6b:53:89:
c4:6b:e0:47:62:e0:0e:c8:b6:72:a7:1e:42:98:fd:af:6e:4e:
37:72:74:a5:ff:2d:14:a1:bc:9e:ba:2a:08:4d:40:78:de:57:
27:5f:7a:e9:69:c3:a7:8d:d6:77:57:d8:21:40:2c:a3:93:3f:
79:97:8e:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsJeSCYDnWf+qDH2E/tYMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjODdiOWNmYzNlZTBjNDQ5NjVlYTIwOWMwNGZkOGU4ZjQ4
ZmE0MmYwHhcNMjMwMTAxMDcwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk5MDgxMmM4NDQ3Mjk4NTQ1Mzk4NWI5ZDgwZmRlNGNhZmViZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDzExdOqLNgfan91zI61drY+o8GS
9rlF0VV+v6MQGSnFrsie3a+J3GfePMZxCIoIO/SVSjDu5vCxktTSA4+0cdoeWuzU
qbwv3N5xbpWhxLK7CllYkq1FLSxgIFCCun3v1aSs/eVDSuZeW7WMEgbbF3yVxeSo
QpyLaMKVWyjbQkeA6Eeupll8WjJI+1KG/1+56nNctwpVS7hUcr5gpnFrTLnSUwOS
EbKYp8Jvf2HChD0PPli7suXBEohq5RHF6xHtW5kMLg9REU0Z77OkvfCN+PUSzmV8
diB9G1GOJELmJW237W9WDSuuBbeB6hVH2LRRqMIcWoqf4uw8WQuE1pFsrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyZCBLIRHKYVFOYW52A/eTK/r9GMB8GA1UdIwQY
MBaAFLyHuc/D7gxEll6iCcBP2Oj0j6QvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkllNXo4UHVERVNXWHFJSndFX1k2UFNQcEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS81N2U4ZDctNDlhYi00ZDFlLWE4MDgt
NDVmYWJlM2Y5ZjMzLzEvWEprSUVzaEVjcGhVVTVoYm5ZRDk1TXItdjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS81N2U4ZDctNDlhYi00ZDFlLWE4MDgtNDVmYWJlM2Y5ZjMz
LzEvdkllNXo4UHVERVNXWHFJSndFX1k2UFNQcEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueWIMA0G
CSqGSIb3DQEBCwUAA4IBAQAzAr9S3c9Vep75Y8v7Nk5hnbzYMU3p7/sfJ7tYmpni
xINt0y8Hk8/UyVK2y1+66MRceY2GWTSeB9zLuNCmZkQLFr5RUV/1tRMIfCgSSGcL
VwDknFSDGjOD8Qszu5yczFQgzXCLxx+FnS0x7p5Q6u1W2q6TKKjuHYHVMvo1coGA
lCkCdtHpM+boLoGiG9CGN8yMWM8V9Dt9mLjXsaGv125l8Tt2+7s7weNfBqDOsyF/
Hd3cJ+NdSPkv/rmCxRQAiMfPM6lrU4nEa+BHYuAOyLZypx5CmP2vbk43cnSl/y0U
obyeuioITUB43lcnX3rpacOnjdZ3V9ghQCyjkz95l47z
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:35:29 2025 by rpki-client