Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/4HAKR97G2oz4dl1MtFsHN4UPZtQ.roa
File: 4HAKR97G2oz4dl1MtFsHN4UPZtQ.roa (raw, json)
Hash identifier: LGbJjuX0HxvtKNIrlSDTmOZROu3nqOABfiiG+e2Zs+o=
Subject key identifier: E0:70:0A:47:DE:C6:DA:8C:F8:76:5D:4C:B4:5B:07:37:85:0F:66:D4
Certificate issuer: /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial: 01856C8A61596F36570C109F7E77871A4E3F
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/4HAKR97G2oz4dl1MtFsHN4UPZtQ.roa
Signing time: Sun 01 Jan 2023 08:54:46 +0000
ROA not before: Sun 01 Jan 2023 08:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60134
IP address blocks: 149.62.182.0/24 maxlen: 24
5.158.82.0/24 maxlen: 24
5.158.86.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:8a:61:59:6f:36:57:0c:10:9f:7e:77:87:1a:4e:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Validity
Not Before: Jan 1 08:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0700a47dec6da8cf8765d4cb45b0737850f66d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:7b:cc:b5:a8:76:6b:37:48:8c:1a:92:71:20:
fe:f5:6a:67:e5:e5:4e:ac:9e:f5:58:3e:f1:6b:6d:
b5:8b:70:4d:03:42:43:17:83:a3:e7:84:a8:67:58:
97:73:02:97:d4:c0:2b:ba:0e:ae:9f:70:f8:d4:5e:
48:a3:3e:a7:71:41:88:12:89:35:d5:d1:66:8d:2b:
58:91:59:f7:64:a0:0e:fd:32:c6:c6:4c:b5:88:27:
0f:e9:3b:53:b7:ca:20:e3:de:6a:5d:1d:81:62:1b:
85:1f:f4:42:12:2b:60:95:69:08:6a:a1:a6:00:34:
61:ad:8c:e4:80:52:fd:83:94:40:c7:64:db:81:ff:
ef:1a:c1:14:b8:57:59:1c:3a:b5:16:b6:6f:95:a2:
c7:a9:59:17:9a:30:cd:26:06:be:3f:6d:28:f9:28:
52:5c:22:80:7c:eb:36:76:83:00:1d:76:ff:99:a1:
b4:fb:5a:4f:8c:c2:01:b5:95:fb:6d:72:44:9b:d6:
9f:dc:1a:f0:04:6c:f5:a7:3e:6c:41:4c:9e:99:7d:
2e:1e:1e:0c:ed:5a:96:8c:41:8e:a5:c4:17:41:8e:
b6:bd:2d:7f:bf:1e:f4:47:4a:81:0b:9f:c0:12:5a:
aa:bb:90:41:a9:b6:c3:3a:cb:f5:a3:b7:1a:cf:24:
64:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:70:0A:47:DE:C6:DA:8C:F8:76:5D:4C:B4:5B:07:37:85:0F:66:D4
X509v3 Authority Key Identifier:
keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/4HAKR97G2oz4dl1MtFsHN4UPZtQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.158.82.0/24
5.158.86.0/24
149.62.182.0/24
Signature Algorithm: sha256WithRSAEncryption
82:e5:ec:be:ea:8b:9e:a7:9b:f6:38:a7:39:6b:db:a2:d7:72:
88:f9:64:eb:e8:21:87:47:fd:14:44:3f:7f:db:d5:c1:09:61:
3c:8a:30:04:fb:d7:e0:e8:fd:16:43:ad:8c:fe:ca:75:6e:5d:
97:ff:6e:e5:41:71:6c:ec:58:7c:f4:ee:f5:a0:1f:15:ee:71:
0f:de:d6:91:2b:5f:60:1b:e3:8b:b3:19:f6:68:d6:3e:f2:b2:
a1:25:7f:c0:a9:a8:00:fc:e0:b1:cf:fa:ae:fb:09:88:e6:88:
e8:bc:5d:aa:80:9b:6b:d0:d5:39:11:ce:ae:21:61:58:3e:c6:
4b:ad:f1:2b:ef:d9:e2:30:ab:29:1f:c5:4c:d5:dc:b8:12:89:
c0:d1:12:8f:ed:f3:78:c3:38:d4:0f:3f:d5:68:af:40:00:79:
74:f4:f5:42:27:72:ea:76:88:78:92:90:d3:9e:bc:e1:90:1a:
93:49:d2:87:3a:8b:54:b3:3d:68:a4:03:44:e2:34:8b:09:68:
96:9f:15:6e:5b:4d:42:a5:72:66:f5:7f:9d:9c:93:c5:0b:0b:
18:22:0c:64:25:76:78:aa:41:29:df:59:e5:48:ff:a8:15:61:
f3:05:e0:26:2b:fe:63:30:09:85:5f:e0:39:68:1a:80:b1:27:
b7:02:c7:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVsimFZbzZXDBCffneHGk4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjMwMTAxMDg1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDcwMGE0N2RlYzZkYThjZjg3NjVkNGNiNDViMDczNzg1MGY2NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3vMtah2azdIjBqScSD+9Wpn5eVO
rJ71WD7xa221i3BNA0JDF4Oj54SoZ1iXcwKX1MArug6un3D41F5Ioz6ncUGIEok1
1dFmjStYkVn3ZKAO/TLGxky1iCcP6TtTt8og495qXR2BYhuFH/RCEitglWkIaqGm
ADRhrYzkgFL9g5RAx2Tbgf/vGsEUuFdZHDq1FrZvlaLHqVkXmjDNJga+P20o+ShS
XCKAfOs2doMAHXb/maG0+1pPjMIBtZX7bXJEm9af3BrwBGz1pz5sQUyemX0uHh4M
7VqWjEGOpcQXQY62vS1/vx70R0qBC5/AElqqu5BBqbbDOsv1o7cazyRk3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOBwCkfextqM+HZdTLRbBzeFD2bUMB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvNEhBS1I5N0cyb3o0ZGwxTXRGc0hONFVQWnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZ5SAwQA
BZ5WAwQAlT62MA0GCSqGSIb3DQEBCwUAA4IBAQCC5ey+6ouep5v2OKc5a9ui13KI
+WTr6CGHR/0URD9/29XBCWE8ijAE+9fg6P0WQ62M/sp1bl2X/27lQXFs7Fh89O71
oB8V7nEP3taRK19gG+OLsxn2aNY+8rKhJX/AqagA/OCxz/qu+wmI5ojovF2qgJtr
0NU5Ec6uIWFYPsZLrfEr79niMKspH8VM1dy4EonA0RKP7fN4wzjUDz/VaK9AAHl0
9PVCJ3Lqdoh4kpDTnrzhkBqTSdKHOotUsz1opANE4jSLCWiWnxVuW01CpXJm9X+d
nJPFCwsYIgxkJXZ4qkEp31nlSP+oFWHzBeAmK/5jMAmFX+A5aBqAsSe3AscS
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:28:52 2025 by rpki-client