Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/4kcFjYlbpaUdcV0qM6dVTCPXGYM.roa
File: 4kcFjYlbpaUdcV0qM6dVTCPXGYM.roa (raw, json)
Hash identifier: bxY3b0NePCv2MHLcz0G9WLthllzNn+kUJsxKwex9YbQ=
Subject key identifier: E2:47:05:8D:89:5B:A5:A5:1D:71:5D:2A:33:A7:55:4C:23:D7:19:83
Certificate issuer: /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial: 0185709551454ED482CA0B76A79034870A18
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/4kcFjYlbpaUdcV0qM6dVTCPXGYM.roa
Signing time: Mon 02 Jan 2023 03:45:11 +0000
ROA not before: Mon 02 Jan 2023 03:45:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51500
IP address blocks: 93.171.154.0/24 maxlen: 24
146.158.73.0/24 maxlen: 24
95.47.56.0/24 maxlen: 24
95.47.196.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:95:51:45:4e:d4:82:ca:0b:76:a7:90:34:87:0a:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Validity
Not Before: Jan 2 03:45:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e247058d895ba5a51d715d2a33a7554c23d71983
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:ec:85:cc:5c:53:dc:78:e9:3b:c5:41:3a:87:
2f:ef:47:65:93:76:30:19:22:00:fb:f9:59:c7:00:
22:56:0b:ff:c5:d2:8e:bf:97:03:db:73:5f:87:b1:
7f:5b:cc:bf:06:64:28:e6:e5:1c:79:c7:4d:00:6d:
bf:0c:48:27:ab:2a:c8:64:29:b6:7c:ca:5d:d6:3b:
d8:05:16:69:5c:f7:dd:ff:91:ac:50:01:ee:37:f8:
df:0e:aa:2a:43:8a:a4:e9:4b:6a:d5:86:37:c0:6f:
84:ba:cd:84:81:6a:bd:3e:27:71:55:74:f5:0b:ed:
c4:01:c2:1c:b3:31:6a:11:ff:eb:e1:2b:63:3d:4a:
34:58:73:7c:66:f4:3c:ea:88:f7:f2:87:65:0e:b1:
90:04:20:0e:c0:01:7a:5d:4e:9c:41:cd:5c:45:76:
af:b0:5d:2a:9b:00:c5:30:75:bd:eb:30:ac:ec:51:
9e:4f:a3:76:36:04:60:14:92:14:2b:21:7f:a2:d8:
6f:b0:dd:d3:66:f6:d4:30:44:4d:c4:91:ef:27:03:
e7:96:1c:c9:a7:72:83:0f:d1:47:aa:bb:cd:3d:4a:
37:92:10:84:cc:05:8a:e1:59:7d:ab:b5:45:43:bd:
c4:6a:d3:62:4d:68:9a:5b:b5:78:6e:7e:6c:9a:fc:
36:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:47:05:8D:89:5B:A5:A5:1D:71:5D:2A:33:A7:55:4C:23:D7:19:83
X509v3 Authority Key Identifier:
keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/4kcFjYlbpaUdcV0qM6dVTCPXGYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.171.154.0/24
95.47.56.0/24
95.47.196.0/23
146.158.73.0/24
Signature Algorithm: sha256WithRSAEncryption
41:de:99:5a:b7:2f:75:e0:04:61:ea:f0:a6:d4:de:63:05:9a:
26:bd:a2:64:1b:26:c1:a5:3a:25:af:35:6a:b2:41:c6:70:86:
db:8d:86:13:7d:71:52:2c:a1:45:92:f9:03:f5:48:19:77:6b:
63:5c:69:22:ef:b0:50:a2:cf:cf:d3:f1:50:9d:d6:3c:9c:e7:
09:14:97:8d:02:10:ef:89:d0:8f:46:e3:c7:1c:3a:1f:1d:81:
24:cf:1b:19:87:13:4f:4f:45:c3:aa:1a:d2:84:43:21:b1:4a:
63:f3:c6:93:6e:29:24:2b:14:06:96:0b:c0:42:60:18:e6:fc:
f2:db:0d:46:45:94:e9:03:dc:8b:32:f2:fc:43:91:45:b3:96:
bc:c3:29:94:62:bf:28:69:71:77:d8:73:10:9b:d9:30:5c:e7:
68:b5:f1:05:fe:cf:ef:a1:55:6c:01:f1:02:6c:1d:66:0c:42:
e2:81:9c:6e:5b:84:3d:d9:e3:b8:3a:8f:67:2e:ca:65:4f:32:
fe:aa:e7:a8:0c:fb:1e:7a:ce:af:93:32:26:72:d5:24:22:65:
34:f8:a4:29:63:53:a2:96:a5:d3:e5:7a:43:09:85:34:6a:a2:
2b:54:f8:b1:a1:6f:21:17:00:4e:0f:03:75:84:4d:51:48:db:
06:d7:aa:f1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVwlVFFTtSCygt2p5A0hwoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjMwMTAyMDM0NTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQ3MDU4ZDg5NWJhNWE1MWQ3MTVkMmEzM2E3NTU0YzIzZDcxOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOyFzFxT3HjpO8VBOocv70dlk3Yw
GSIA+/lZxwAiVgv/xdKOv5cD23Nfh7F/W8y/BmQo5uUcecdNAG2/DEgnqyrIZCm2
fMpd1jvYBRZpXPfd/5GsUAHuN/jfDqoqQ4qk6Utq1YY3wG+Eus2EgWq9PidxVXT1
C+3EAcIcszFqEf/r4StjPUo0WHN8ZvQ86oj38odlDrGQBCAOwAF6XU6cQc1cRXav
sF0qmwDFMHW96zCs7FGeT6N2NgRgFJIUKyF/othvsN3TZvbUMERNxJHvJwPnlhzJ
p3KDD9FHqrvNPUo3khCEzAWK4Vl9q7VFQ73EatNiTWiaW7V4bn5smvw2NwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOJHBY2JW6WlHXFdKjOnVUwj1xmDMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNGtjRmpZbGJwYVVkY1YwcU02ZFZUQ1BYR1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAXauaAwQA
Xy84AwQBXy/EAwQAkp5JMA0GCSqGSIb3DQEBCwUAA4IBAQBB3platy914ARh6vCm
1N5jBZomvaJkGybBpTolrzVqskHGcIbbjYYTfXFSLKFFkvkD9UgZd2tjXGki77BQ
os/P0/FQndY8nOcJFJeNAhDvidCPRuPHHDofHYEkzxsZhxNPT0XDqhrShEMhsUpj
88aTbikkKxQGlgvAQmAY5vzy2w1GRZTpA9yLMvL8Q5FFs5a8wymUYr8oaXF32HMQ
m9kwXOdotfEF/s/voVVsAfECbB1mDELigZxuW4Q92eO4Oo9nLsplTzL+queoDPse
es6vkzImctUkImU0+KQpY1OilqXT5XpDCYU0aqIrVPixoW8hFwBODwN1hE1RSNsG
16rx
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:36:37 2025 by rpki-client