Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/iHEwBht23g0VTK2xHO1R2yQRui0.roa
File: iHEwBht23g0VTK2xHO1R2yQRui0.roa (raw, json)
Hash identifier: aaqnTxqutuUCdYzG2z7CjCaATNvllw6DGGzA3nmXcMU=
Subject key identifier: 88:71:30:06:1B:76:DE:0D:15:4C:AD:B1:1C:ED:51:DB:24:11:BA:2D
Certificate issuer: /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial: 043593D1
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/iHEwBht23g0VTK2xHO1R2yQRui0.roa
Signing time: Sat 01 Jan 2022 06:03:09 +0000
ROA not before: Sat 01 Jan 2022 06:03:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209236
IP address blocks: 171.25.128.0/21 maxlen: 21
193.221.28.0/24 maxlen: 24
193.221.37.0/24 maxlen: 24
193.221.38.0/24 maxlen: 24
193.221.32.0/22 maxlen: 22
193.221.36.0/24 maxlen: 24
193.221.47.0/24 maxlen: 24
193.221.52.0/24 maxlen: 24
193.221.53.0/24 maxlen: 24
193.221.59.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 70620113 (0x43593d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Validity
Not Before: Jan 1 06:03:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=887130061b76de0d154cadb11ced51db2411ba2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:0b:16:76:96:53:00:12:72:e0:7a:71:99:39:
53:89:ff:66:2c:f6:00:9b:01:a1:56:9c:11:dd:fe:
a2:77:a9:45:e5:1f:2b:8f:88:38:ff:90:1b:3f:58:
ae:ab:8c:36:61:02:3a:3f:f3:a4:e0:7a:cf:53:53:
70:b8:9a:ea:33:6a:08:d2:f4:b4:f2:13:1e:db:ea:
44:e9:25:15:39:88:27:aa:41:67:1e:96:11:e9:73:
99:84:1f:59:e0:0c:b0:e5:cf:b9:35:00:1c:fd:52:
07:e4:28:db:8b:54:2d:da:2a:0c:47:50:45:24:7c:
75:82:11:bb:cb:99:55:fd:55:d0:8c:15:cf:f6:b6:
95:e4:61:e7:b0:e0:6f:83:28:df:ce:04:c6:89:c8:
42:53:63:95:7c:49:af:ff:54:b7:04:e9:a8:0f:99:
c1:2a:7e:b6:69:8a:81:26:75:c5:fb:4d:eb:ef:cb:
01:0b:9f:3f:90:dc:40:97:15:da:fc:ab:69:4a:15:
11:5b:24:28:55:ea:df:1a:7e:ab:2c:12:b4:c0:e3:
79:66:6e:53:1b:7e:28:94:30:b5:cc:7e:ad:1a:56:
aa:72:f2:8b:d8:b5:ef:04:be:36:8b:0a:37:40:a1:
ca:5d:8d:b9:9b:b0:68:d5:8a:25:57:c4:4f:d5:89:
da:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:71:30:06:1B:76:DE:0D:15:4C:AD:B1:1C:ED:51:DB:24:11:BA:2D
X509v3 Authority Key Identifier:
keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/iHEwBht23g0VTK2xHO1R2yQRui0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.128.0/21
193.221.28.0/24
193.221.32.0-193.221.38.255
193.221.47.0/24
193.221.52.0/23
193.221.59.0/24
Signature Algorithm: sha256WithRSAEncryption
50:a1:91:16:30:9a:ca:47:27:07:fd:69:53:20:1d:95:2f:9a:
74:84:80:d1:15:fc:e9:02:f4:e2:1b:9e:78:24:6b:f4:e3:3e:
61:01:a3:36:0f:99:34:40:a6:f8:f9:1e:7a:d4:62:52:00:d8:
05:9f:64:df:1d:76:7c:68:ee:14:64:8b:fd:0b:e5:de:cd:b6:
a7:ff:7c:7a:93:96:d5:a8:a0:2b:f9:8a:53:b8:99:c9:eb:30:
50:91:04:de:ac:bb:ff:19:db:74:10:06:0e:94:14:a3:43:40:
2f:c8:61:dc:cb:48:f4:d9:e0:d4:05:0b:77:1d:45:de:60:67:
b8:09:19:28:a0:b9:eb:3c:57:dc:7f:0d:5c:3c:84:9b:2d:b8:
0f:4a:cc:20:07:92:df:cc:3c:93:a9:c9:87:09:1b:30:e6:cb:
34:ff:ca:0e:20:be:65:4c:91:e7:58:9a:21:a5:e2:6e:35:51:
70:e2:aa:46:8f:d1:f4:f9:9d:50:ab:0a:6b:81:f4:e1:65:71:
88:44:ae:4a:4b:4d:b9:6d:5d:96:86:b8:ab:83:c5:47:26:40:
6e:79:eb:55:55:96:28:e1:bc:bb:32:36:3e:29:ee:08:05:00:
cd:7c:07:03:e6:eb:e2:e3:05:b3:2b:e3:ad:6f:ce:dd:bf:fe:
fe:e4:3e:bf
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEBDWT0TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTU0YWIyZDQ4MWNmMTYyMmEyYzUyMTgzYWI0ZjVhOTMwYTRhZTQxMB4XDTIyMDEw
MTA2MDMwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODg3MTMwMDYxYjc2
ZGUwZDE1NGNhZGIxMWNlZDUxZGIyNDExYmEyZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK8LFnaWUwAScuB6cZk5U4n/Ziz2AJsBoVacEd3+onepReUf
K4+IOP+QGz9YrquMNmECOj/zpOB6z1NTcLia6jNqCNL0tPITHtvqROklFTmIJ6pB
Zx6WEelzmYQfWeAMsOXPuTUAHP1SB+Qo24tULdoqDEdQRSR8dYIRu8uZVf1V0IwV
z/a2leRh57Dgb4Mo384ExonIQlNjlXxJr/9UtwTpqA+ZwSp+tmmKgSZ1xftN6+/L
AQufP5DcQJcV2vyraUoVEVskKFXq3xp+qywStMDjeWZuUxt+KJQwtcx+rRpWqnLy
i9i17wS+NosKN0Chyl2NuZuwaNWKJVfET9WJ2sUCAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBSIcTAGG3beDRVMrbEc7VHbJBG6LTAfBgNVHSMEGDAWgBT+VKstSBzxYios
Uhg6tPWpMKSuQTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19sU3JMVWdjOFdJcUxGSVlPclQxcVRDa3JrRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTgvNGQ1ZTRhLThhMTYtNDUzNy1iZTFmLTFiMTM2MmI5YjZhMi8x
L2lIRXdCaHQyM2cwVlRLMnhITzFSMnlRUnVpMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTgv
NGQ1ZTRhLThhMTYtNDUzNy1iZTFmLTFiMTM2MmI5YjZhMi8xL19sU3JMVWdjOFdJ
cUxGSVlPclQxcVRDa3JrRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLAMEA6sZgAMEAMHdHDAMAwQFwd0gAwQA
wd0mAwQAwd0vAwQBwd00AwQAwd07MA0GCSqGSIb3DQEBCwUAA4IBAQBQoZEWMJrK
RycH/WlTIB2VL5p0hIDRFfzpAvTiG554JGv04z5hAaM2D5k0QKb4+R561GJSANgF
n2TfHXZ8aO4UZIv9C+Xezban/3x6k5bVqKAr+YpTuJnJ6zBQkQTerLv/Gdt0EAYO
lBSjQ0AvyGHcy0j02eDUBQt3HUXeYGe4CRkooLnrPFfcfw1cPISbLbgPSswgB5Lf
zDyTqcmHCRsw5ss0/8oOIL5lTJHnWJohpeJuNVFw4qpGj9H0+Z1QqwprgfThZXGI
RK5KS025bV2Whrirg8VHJkBueetVVZYo4by7MjY+Ke4IBQDNfAcD5uvi4wWzK+Ot
b87dv/7+5D6/
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:19:15 2025 by rpki-client