Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/HZs4mZIjeLqV0VevW3N_E8q1NFs.roa
File: HZs4mZIjeLqV0VevW3N_E8q1NFs.roa (raw, json)
Hash identifier: hj4GvPLCYZsT0a9qJPEyS+OCIbIWUSrR1BODQ2xlAfc=
Subject key identifier: 1D:9B:38:99:92:23:78:BA:95:D1:57:AF:5B:73:7F:13:CA:B5:34:5B
Certificate issuer: /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial: 0184166AC3C1A950520CB109BAD9AB129736
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/HZs4mZIjeLqV0VevW3N_E8q1NFs.roa
Signing time: Wed 26 Oct 2022 22:30:06 +0000
ROA not before: Wed 26 Oct 2022 22:30:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39150
IP address blocks: 95.85.85.0/24 maxlen: 24
91.196.139.0/24 maxlen: 24
91.196.138.0/24 maxlen: 24
91.196.137.0/24 maxlen: 24
91.196.136.0/24 maxlen: 24
109.196.133.0/24 maxlen: 24
93.179.121.0/24 maxlen: 24
195.182.8.0/24 maxlen: 24
93.179.68.0/23 maxlen: 23
93.179.66.0/24 maxlen: 24
95.181.212.0/23 maxlen: 23
2a04:8680::/32 maxlen: 32
2a09:d5c0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:16:6a:c3:c1:a9:50:52:0c:b1:09:ba:d9:ab:12:97:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Validity
Not Before: Oct 26 22:30:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1d9b3899922378ba95d157af5b737f13cab5345b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b1:14:3b:87:55:ee:07:e1:6e:7b:90:7c:06:
db:5e:f1:14:db:ef:aa:80:c0:b0:e6:63:5c:d0:ad:
ca:49:69:f1:ba:26:74:ed:c4:43:bf:ba:bb:f6:2f:
3c:81:5b:ab:58:74:52:dd:c5:23:21:08:72:bd:5b:
1f:70:df:84:54:07:d3:6b:18:0a:25:3e:66:66:c0:
c9:8c:72:e9:1e:ed:79:67:cd:03:30:af:86:6a:66:
af:a4:95:28:e0:4b:2b:45:3a:0d:52:cd:a7:7e:a1:
18:5a:20:be:50:f3:09:73:fd:38:13:63:34:1c:e6:
65:31:ce:59:3f:d1:4f:72:d5:27:90:73:bd:29:f9:
d7:ca:52:28:1d:d8:29:71:c8:06:66:33:68:b0:95:
d5:a2:62:3e:3d:8f:53:a8:8d:06:d6:0e:b1:b2:b6:
87:2f:31:08:49:e0:3e:b7:1e:2d:55:ff:17:28:ee:
05:ef:eb:3d:f4:ba:08:8b:a1:11:bc:54:01:57:5c:
cf:61:2e:a6:e7:75:b5:a9:cd:de:5e:19:03:43:70:
77:6c:a5:e3:db:82:ed:3e:cb:3d:85:1e:16:75:e3:
c2:ef:58:59:c8:30:4c:c4:d0:b3:19:ed:41:7b:ab:
89:71:f6:77:15:65:77:84:d8:d3:56:74:d6:1b:52:
0d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:9B:38:99:92:23:78:BA:95:D1:57:AF:5B:73:7F:13:CA:B5:34:5B
X509v3 Authority Key Identifier:
keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/HZs4mZIjeLqV0VevW3N_E8q1NFs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.196.136.0/22
93.179.66.0/24
93.179.68.0/23
93.179.121.0/24
95.85.85.0/24
95.181.212.0/23
109.196.133.0/24
195.182.8.0/24
IPv6:
2a04:8680::/32
2a09:d5c0::/32
Signature Algorithm: sha256WithRSAEncryption
2a:53:f4:5a:22:55:90:61:8a:d8:40:d5:73:a8:9c:2f:d7:0e:
af:45:de:94:cb:2b:2a:28:21:75:2f:1b:71:44:58:30:ea:2f:
23:42:65:dd:5f:fa:a9:48:2e:5d:3e:d9:b5:85:43:66:41:49:
01:9f:00:bd:12:57:2f:63:3f:a6:3f:1e:35:d4:00:99:1b:de:
69:43:d8:d0:d8:c9:f7:47:c4:93:ae:74:be:0f:22:75:4a:29:
57:68:80:39:ca:c3:ed:18:c3:17:43:86:06:25:8e:38:61:6b:
4a:79:8f:10:e7:66:77:25:c0:f5:a3:b2:03:19:9c:ce:66:b3:
4d:d4:af:fe:81:19:dd:2c:51:ee:ac:30:7c:4c:3c:bf:46:c2:
fa:3a:6d:6e:56:62:14:2c:e4:f4:5c:3c:5d:86:10:01:d0:d2:
86:5f:39:fb:46:a2:82:9a:10:59:01:fb:59:d9:6d:4c:ac:69:
47:06:6e:a5:f0:d9:9f:25:29:6d:54:bb:45:8e:26:7c:0f:5b:
16:8e:d1:5d:d7:23:12:da:23:bc:3e:74:ca:22:be:c6:6f:44:
9b:ec:80:b9:6b:c8:9b:27:0a:ab:46:06:0d:6e:5f:4f:85:6a:
53:2f:6c:81:b3:9c:a7:03:57:52:4b:eb:14:6e:9d:e3:70:ec:
73:49:e4:7b
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYQWasPBqVBSDLEJutmrEpc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjIxMDI2MjIzMDA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDliMzg5OTkyMjM3OGJhOTVkMTU3YWY1YjczN2YxM2NhYjUzNDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7EUO4dV7gfhbnuQfAbbXvEU2++q
gMCw5mNc0K3KSWnxuiZ07cRDv7q79i88gVurWHRS3cUjIQhyvVsfcN+EVAfTaxgK
JT5mZsDJjHLpHu15Z80DMK+GamavpJUo4EsrRToNUs2nfqEYWiC+UPMJc/04E2M0
HOZlMc5ZP9FPctUnkHO9KfnXylIoHdgpccgGZjNosJXVomI+PY9TqI0G1g6xsraH
LzEISeA+tx4tVf8XKO4F7+s99LoIi6ERvFQBV1zPYS6m53W1qc3eXhkDQ3B3bKXj
24LtPss9hR4WdePC71hZyDBMxNCzGe1Be6uJcfZ3FWV3hNjTVnTWG1INfwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFB2bOJmSI3i6ldFXr1tzfxPKtTRbMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvSFpzNG1aSWplTHFWMFZldlczTl9FOHExTkZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCW8SIAwQA
XbNCAwQBXbNEAwQAXbN5AwQAX1VVAwQBX7XUAwQAbcSFAwQAw7YIMBQEAgACMA4D
BQAqBIaAAwUAKgnVwDANBgkqhkiG9w0BAQsFAAOCAQEAKlP0WiJVkGGK2EDVc6ic
L9cOr0XelMsrKighdS8bcURYMOovI0Jl3V/6qUguXT7ZtYVDZkFJAZ8AvRJXL2M/
pj8eNdQAmRveaUPY0NjJ90fEk650vg8idUopV2iAOcrD7RjDF0OGBiWOOGFrSnmP
EOdmdyXA9aOyAxmczmazTdSv/oEZ3SxR7qwwfEw8v0bC+jptblZiFCzk9Fw8XYYQ
AdDShl85+0aigpoQWQH7WdltTKxpRwZupfDZnyUpbVS7RY4mfA9bFo7RXdcjEtoj
vD50yiK+xm9Em+yAuWvImycKq0YGDW5fT4VqUy9sgbOcpwNXUkvrFG6d43Dsc0nk
ew==
-----END CERTIFICATE-----
Generated at Fri Apr 18 07:27:39 2025 by rpki-client