Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/rV1yHe0BT5CnF9I2ZLeac2gKl1s.roa
File: rV1yHe0BT5CnF9I2ZLeac2gKl1s.roa (raw, json)
Hash identifier: u9XVUX386zAFhOYlkbsw5ShH8pWiUPBFVHRTBLQ8ssg=
Subject key identifier: AD:5D:72:1D:ED:01:4F:90:A7:17:D2:36:64:B7:9A:73:68:0A:97:5B
Certificate issuer: /CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
Certificate serial: 018570399242D96F9F3D34B54F14BEB71F81
Authority key identifier: CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/rV1yHe0BT5CnF9I2ZLeac2gKl1s.roa
Signing time: Mon 02 Jan 2023 02:04:59 +0000
ROA not before: Mon 02 Jan 2023 02:04:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208411
IP address blocks: 45.137.252.0/22 maxlen: 22
45.137.252.0/24 maxlen: 24
45.137.253.0/24 maxlen: 24
45.137.255.0/24 maxlen: 24
45.137.254.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:92:42:d9:6f:9f:3d:34:b5:4f:14:be:b7:1f:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
Validity
Not Before: Jan 2 02:04:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ad5d721ded014f90a717d23664b79a73680a975b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:45:01:2b:07:e0:7d:aa:21:3e:c6:fb:07:27:
36:c7:97:5c:01:34:74:70:6d:c8:96:01:8b:e0:85:
a5:4a:82:0d:d4:9e:29:6d:b0:e1:b3:48:63:05:ba:
2b:ed:b3:65:36:71:85:b4:81:c5:d6:d8:e3:54:e1:
82:d2:b2:ce:62:76:38:4a:2a:af:64:e9:cc:6a:87:
5c:3b:18:ce:78:c2:7c:2c:65:d0:36:b0:51:dd:4c:
db:ab:df:f4:16:fa:1c:e9:89:af:41:64:86:ab:67:
af:cf:d0:f2:5a:18:69:c4:2a:3c:35:51:5d:3e:0a:
f8:13:84:28:58:37:94:7d:2c:35:9a:08:a5:c4:bb:
d0:27:2e:da:70:92:12:00:41:59:45:40:60:a4:bd:
67:a1:37:8e:ce:e5:c5:f3:56:fe:bb:35:a5:39:fb:
64:25:97:82:b0:5d:5f:0b:81:73:94:3b:7a:11:5d:
81:a1:88:26:2f:40:06:d9:26:93:29:1a:e5:a3:a1:
30:ea:8d:e4:4d:53:15:db:bf:4d:81:87:cb:d8:64:
8e:54:05:00:02:13:09:36:0c:35:b9:15:f6:54:1b:
59:de:41:75:37:54:da:2e:c0:58:4d:a2:d8:30:ec:
f7:d2:c8:8d:aa:4d:4c:6f:bb:7c:1b:ec:ed:70:f2:
3d:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:5D:72:1D:ED:01:4F:90:A7:17:D2:36:64:B7:9A:73:68:0A:97:5B
X509v3 Authority Key Identifier:
keyid:CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/rV1yHe0BT5CnF9I2ZLeac2gKl1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.252.0/22
Signature Algorithm: sha256WithRSAEncryption
89:0e:87:27:c5:fe:02:49:a0:b6:20:74:88:e7:81:e0:bf:02:
36:df:0f:9a:91:07:84:98:f2:23:8f:22:60:02:89:c5:9f:cc:
f3:6f:39:6f:25:84:71:ee:dd:95:5b:11:c6:5d:35:50:cf:11:
53:75:45:55:2b:30:e6:3f:d2:ca:f2:2c:c1:37:ab:70:34:94:
77:7c:8d:c8:85:b9:69:d0:48:5b:81:45:20:35:9d:0d:84:2c:
67:56:93:7c:cd:10:88:d3:96:29:fc:32:d9:7b:79:3d:e0:c2:
db:c1:96:6f:ab:7f:e4:70:7b:10:95:c5:e9:27:da:19:67:7a:
d4:37:38:6c:f5:77:52:15:aa:99:bb:fd:1b:0e:1d:7f:92:31:
e2:5e:99:21:b1:2c:b7:af:9f:fe:ec:e3:4e:8a:07:bd:00:09:
44:79:83:64:e7:19:a7:76:3e:33:73:dc:3a:dd:7b:92:c4:7d:
c2:37:84:c8:f4:9b:fe:75:2c:14:9b:4a:ed:30:95:b0:cf:5b:
83:f5:57:fb:8e:70:c3:4c:f3:35:c6:03:a6:f3:ae:0b:07:83:
53:3c:2c:9c:3b:8c:bb:13:82:9b:eb:b0:07:a5:0c:2d:3e:f4:
76:64:65:5d:58:93:26:d2:ec:12:d7:6b:9b:a8:c9:3d:06:ca:
35:5f:53:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwOZJC2W+fPTS1TxS+tx+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMzdjYTNhYmNhNWUxNGFjMTFiYzdmM2MxNTYyYTY0ZDYz
OTFkMjIwHhcNMjMwMTAyMDIwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDVkNzIxZGVkMDE0ZjkwYTcxN2QyMzY2NGI3OWE3MzY4MGE5NzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUUBKwfgfaohPsb7Byc2x5dcATR0
cG3IlgGL4IWlSoIN1J4pbbDhs0hjBbor7bNlNnGFtIHF1tjjVOGC0rLOYnY4Siqv
ZOnMaodcOxjOeMJ8LGXQNrBR3Uzbq9/0Fvoc6YmvQWSGq2evz9DyWhhpxCo8NVFd
Pgr4E4QoWDeUfSw1mgilxLvQJy7acJISAEFZRUBgpL1noTeOzuXF81b+uzWlOftk
JZeCsF1fC4FzlDt6EV2BoYgmL0AG2SaTKRrlo6Ew6o3kTVMV279NgYfL2GSOVAUA
AhMJNgw1uRX2VBtZ3kF1N1TaLsBYTaLYMOz30siNqk1Mb7t8G+ztcPI9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1dch3tAU+QpxfSNmS3mnNoCpdbMB8GA1UdIwQY
MBaAFM43yjq8peFKwRvH88FWKmTWOR0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQt
MDM4MDM1ZDgwYzBiLzEvclYxeUhlMEJUNUNuRjlJMlpMZWFjMmdLbDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQtMDM4MDM1ZDgwYzBi
LzEvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYn8MA0G
CSqGSIb3DQEBCwUAA4IBAQCJDocnxf4CSaC2IHSI54HgvwI23w+akQeEmPIjjyJg
AonFn8zzbzlvJYRx7t2VWxHGXTVQzxFTdUVVKzDmP9LK8izBN6twNJR3fI3Ihblp
0EhbgUUgNZ0NhCxnVpN8zRCI05Yp/DLZe3k94MLbwZZvq3/kcHsQlcXpJ9oZZ3rU
Nzhs9XdSFaqZu/0bDh1/kjHiXpkhsSy3r5/+7ONOige9AAlEeYNk5xmndj4zc9w6
3XuSxH3CN4TI9Jv+dSwUm0rtMJWwz1uD9Vf7jnDDTPM1xgOm864LB4NTPCycO4y7
E4Kb67AHpQwtPvR2ZGVdWJMm0uwS12ubqMk9Bso1X1Mq
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:33:05 2025 by rpki-client