Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/aHW5IrNGdBX26KS4lv_u32a8mac.roa
File: aHW5IrNGdBX26KS4lv_u32a8mac.roa (raw, json)
Hash identifier: I66Lh/99c3ENlg0bNkxmcDQBiE4hGM7QSiJ9RPT78u8=
Subject key identifier: 68:75:B9:22:B3:46:74:15:F6:E8:A4:B8:96:FF:EE:DF:66:BC:99:A7
Certificate issuer: /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial: 018968E15F8D1D3A6C99DA6661C0A3FA9E8C
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/aHW5IrNGdBX26KS4lv_u32a8mac.roa
Signing time: Tue 18 Jul 2023 12:02:27 +0000
ROA not before: Tue 18 Jul 2023 12:02:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43698
IP address blocks: 78.159.0.0/19 maxlen: 19
82.151.0.0/19 maxlen: 19
95.168.0.0/19 maxlen: 19
2a00:8d80::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:68:e1:5f:8d:1d:3a:6c:99:da:66:61:c0:a3:fa:9e:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Validity
Not Before: Jul 18 12:02:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6875b922b3467415f6e8a4b896ffeedf66bc99a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:02:f5:d7:ec:85:d1:9b:e9:64:bf:71:06:99:
12:47:a4:f8:c7:b1:85:55:3c:8d:f8:a1:8d:e8:be:
9f:0e:30:50:52:3e:42:fb:8a:5c:78:be:64:24:6c:
7c:a5:a7:ad:a3:53:2e:c5:4b:7e:8e:72:30:96:b9:
40:fa:57:bd:79:16:a4:11:3c:cc:b2:d0:cc:6f:bb:
1c:24:34:b5:42:26:7d:b2:df:04:9e:1b:b7:17:05:
22:31:70:eb:83:25:a9:f8:3f:c3:1a:37:92:b5:41:
0b:54:17:46:c6:96:a9:f0:4d:34:d8:eb:a6:01:87:
dc:7a:cb:d8:60:17:f6:5a:fc:bf:96:db:df:67:b2:
3b:bd:15:ea:f7:39:31:ad:86:7b:0c:2c:40:65:18:
d9:40:7a:6f:82:e4:ac:a4:ee:36:a4:3e:f9:63:73:
4e:e5:46:05:e8:0d:23:8a:6c:d2:03:4b:d3:da:62:
49:21:40:85:47:09:6b:28:f9:e1:8f:7b:c7:6b:cc:
34:f1:7b:8c:66:a2:d6:0c:84:ac:72:00:ba:d8:c6:
29:14:1f:59:10:50:98:19:dd:b7:c8:ac:c5:e3:e4:
23:36:d9:7d:26:71:91:cc:98:df:4b:7d:6d:0d:38:
71:25:e3:a7:3c:f4:97:41:b3:05:56:db:e3:01:54:
f5:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:75:B9:22:B3:46:74:15:F6:E8:A4:B8:96:FF:EE:DF:66:BC:99:A7
X509v3 Authority Key Identifier:
keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/aHW5IrNGdBX26KS4lv_u32a8mac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.159.0.0/19
82.151.0.0/19
95.168.0.0/19
IPv6:
2a00:8d80::/32
Signature Algorithm: sha256WithRSAEncryption
80:e6:d4:00:37:5d:80:b7:f2:e5:09:1c:e3:7e:4a:ef:ad:ea:
42:8a:74:84:2d:49:f1:90:de:ea:27:d8:88:9f:1d:97:23:2b:
51:4f:02:18:74:2e:ba:df:0f:2b:64:7e:2d:79:73:27:a8:2a:
46:43:64:61:79:c6:13:9e:0a:e0:6c:15:2f:0a:69:71:49:d1:
ab:36:14:78:97:f8:ef:92:18:3d:e0:fd:4e:07:5d:21:8e:a2:
c0:55:90:09:fa:37:c8:1c:5a:74:a7:df:cc:52:9e:53:ee:00:
04:c8:40:52:86:50:f7:dd:3d:19:5f:cb:6c:41:7b:be:8d:2f:
7e:2a:41:7b:5e:cf:75:bd:2d:6b:dd:6c:0c:be:af:28:31:9a:
9a:d3:ee:ae:da:d8:56:58:1c:fb:8f:d5:87:b0:13:45:bc:21:
41:d4:f6:52:9a:b5:0b:fa:ff:8f:35:0a:07:7d:c7:2f:44:49:
d4:92:c6:58:ec:2f:39:69:c1:dc:c7:6f:cb:8c:85:af:dc:bb:
09:ef:ff:55:61:a6:2f:02:d5:96:ab:79:06:d4:98:b7:bf:15:
be:48:f5:a2:8d:9d:78:37:f3:5a:6d:03:c7:17:ba:51:1c:1b:
2a:68:32:b9:76:4a:5b:0c:2c:0a:9d:8e:d2:55:64:3c:74:dc:
90:0d:78:e4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYlo4V+NHTpsmdpmYcCj+p6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjMwNzE4MTIwMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc1YjkyMmIzNDY3NDE1ZjZlOGE0Yjg5NmZmZWVkZjY2YmM5OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwL11+yF0ZvpZL9xBpkSR6T4x7GF
VTyN+KGN6L6fDjBQUj5C+4pceL5kJGx8paeto1MuxUt+jnIwlrlA+le9eRakETzM
stDMb7scJDS1QiZ9st8Enhu3FwUiMXDrgyWp+D/DGjeStUELVBdGxpap8E002Oum
AYfcesvYYBf2Wvy/ltvfZ7I7vRXq9zkxrYZ7DCxAZRjZQHpvguSspO42pD75Y3NO
5UYF6A0jimzSA0vT2mJJIUCFRwlrKPnhj3vHa8w08XuMZqLWDISscgC62MYpFB9Z
EFCYGd23yKzF4+QjNtl9JnGRzJjfS31tDThxJeOnPPSXQbMFVtvjAVT1ZwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGh1uSKzRnQV9uikuJb/7t9mvJmnMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvYUhXNUlyTkdkQlgyNktTNGx2X3UzMmE4bWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFTp8AAwQF
UpcAAwQFX6gAMA0EAgACMAcDBQAqAI2AMA0GCSqGSIb3DQEBCwUAA4IBAQCA5tQA
N12At/LlCRzjfkrvrepCinSELUnxkN7qJ9iInx2XIytRTwIYdC663w8rZH4teXMn
qCpGQ2RhecYTngrgbBUvCmlxSdGrNhR4l/jvkhg94P1OB10hjqLAVZAJ+jfIHFp0
p9/MUp5T7gAEyEBShlD33T0ZX8tsQXu+jS9+KkF7Xs91vS1r3WwMvq8oMZqa0+6u
2thWWBz7j9WHsBNFvCFB1PZSmrUL+v+PNQoHfccvREnUksZY7C85acHcx2/LjIWv
3LsJ7/9VYaYvAtWWq3kG1Ji3vxW+SPWijZ14N/NabQPHF7pRHBsqaDK5dkpbDCwK
nY7SVWQ8dNyQDXjk
-----END CERTIFICATE-----
Generated at Sat Apr 12 00:44:57 2025 by rpki-client