Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/5be80b-3382-4448-a1cc-dca04270b9d5/1/he047q3xb1BE3J3Zql_eW0WNU5o.roa
File: he047q3xb1BE3J3Zql_eW0WNU5o.roa (raw, json)
Hash identifier: YFMn7g3N3+8u0lkYymvkZY+iB2BWcV/4ScdmhMSANRo=
Subject key identifier: 85:ED:38:EE:AD:F1:6F:50:44:DC:9D:D9:AA:5F:DE:5B:45:8D:53:9A
Certificate issuer: /CN=44a88637498b188fc0bceae0bbf0681761a49d4b
Certificate serial: 01856EA6BDA763692F85AA9DB6CC95E051DE
Authority key identifier: 44:A8:86:37:49:8B:18:8F:C0:BC:EA:E0:BB:F0:68:17:61:A4:9D:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RKiGN0mLGI_AvOrgu_BoF2GknUs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/5be80b-3382-4448-a1cc-dca04270b9d5/1/he047q3xb1BE3J3Zql_eW0WNU5o.roa
Signing time: Sun 01 Jan 2023 18:44:59 +0000
ROA not before: Sun 01 Jan 2023 18:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 6830
IP address blocks: 5.133.166.0/24 maxlen: 24
5.133.163.0/24 maxlen: 24
5.133.165.0/24 maxlen: 24
5.133.162.0/24 maxlen: 24
5.133.164.0/24 maxlen: 24
5.133.167.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:a6:bd:a7:63:69:2f:85:aa:9d:b6:cc:95:e0:51:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=44a88637498b188fc0bceae0bbf0681761a49d4b
Validity
Not Before: Jan 1 18:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=85ed38eeadf16f5044dc9dd9aa5fde5b458d539a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:04:c5:46:9a:94:d3:39:29:32:36:4f:6e:47:
6d:0f:ca:26:8f:db:c7:97:f2:8b:9a:4e:7f:37:dc:
6e:d2:cf:fe:43:0d:d9:b7:18:1e:8a:d4:f4:2a:e8:
78:9b:5f:8e:c1:99:00:ea:71:97:2d:74:4c:03:3b:
16:e1:ed:65:08:c3:79:ca:78:cf:f7:12:2a:cd:6f:
d3:0f:94:34:74:7c:34:5d:5c:91:13:12:e9:15:1e:
41:dd:23:bb:3d:44:00:e8:de:9a:7a:64:72:55:06:
39:52:3b:c0:4c:18:c6:0d:a1:b1:82:40:e8:2f:d8:
14:98:35:d5:31:d0:88:8a:6e:8c:35:be:47:5e:ce:
6e:6a:0c:7e:18:cd:31:0a:f6:e3:f8:d9:f1:c0:1d:
9d:dd:0b:9c:14:9f:19:a5:cf:a2:98:cd:cc:3a:98:
ff:c0:15:21:e7:5f:5d:15:80:81:f9:88:8d:15:27:
d9:d8:80:27:78:bc:19:11:1e:b2:0a:eb:aa:70:bb:
37:eb:02:f6:81:e5:cf:42:47:14:04:da:f5:8d:72:
f3:eb:3a:52:51:12:ec:90:7e:ac:e1:bd:ac:bf:41:
1a:0f:a0:ea:37:26:bd:fe:f1:6c:bf:d9:bc:ae:bb:
76:c7:f5:47:bb:1f:52:7e:6d:4b:53:b1:60:c7:b3:
6a:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:ED:38:EE:AD:F1:6F:50:44:DC:9D:D9:AA:5F:DE:5B:45:8D:53:9A
X509v3 Authority Key Identifier:
keyid:44:A8:86:37:49:8B:18:8F:C0:BC:EA:E0:BB:F0:68:17:61:A4:9D:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RKiGN0mLGI_AvOrgu_BoF2GknUs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/5be80b-3382-4448-a1cc-dca04270b9d5/1/he047q3xb1BE3J3Zql_eW0WNU5o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/5be80b-3382-4448-a1cc-dca04270b9d5/1/RKiGN0mLGI_AvOrgu_BoF2GknUs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.162.0-5.133.167.255
Signature Algorithm: sha256WithRSAEncryption
5b:8e:00:93:46:97:ca:b0:6f:ea:57:37:19:0e:9d:5d:39:c1:
28:55:a7:38:a3:58:3d:43:e4:11:fc:f5:7c:12:25:2e:87:e8:
8a:af:80:07:81:76:fe:b6:89:bf:ee:ce:45:75:b3:c3:34:49:
26:64:ff:43:21:0c:c6:94:e0:cd:1c:b8:e9:b7:ac:6b:60:1a:
d9:b2:6b:64:85:6b:d5:00:49:88:27:41:53:82:5d:a9:92:af:
a9:dc:1f:e6:06:94:2a:10:1c:fa:6d:41:d8:6c:ad:07:c3:de:
92:aa:14:50:ee:ef:c1:9d:b2:74:8c:5b:d8:ec:95:7b:b6:b2:
67:9f:78:89:39:0c:06:dd:e4:5f:a2:5c:a4:cb:96:73:e3:18:
a7:17:bb:15:b2:c3:6b:36:36:a7:6d:65:ad:92:38:39:bd:ff:
a5:12:07:d0:26:77:3c:b7:c1:57:94:cd:82:cc:8a:51:86:49:
c8:d2:07:f9:7c:2d:74:4f:01:5e:97:20:89:67:e5:7c:19:ce:
36:2e:9a:9e:c2:47:36:11:b4:db:8d:2c:ff:73:71:84:55:49:
de:99:66:b7:7b:90:ff:ee:8f:a8:a2:dd:f0:1f:b0:13:63:e7:
61:6a:75:6c:e0:67:6b:eb:d9:09:5d:64:ea:5c:d7:40:ab:c2:
63:8c:9e:72
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVupr2nY2kvhaqdtsyV4FHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YTg4NjM3NDk4YjE4OGZjMGJjZWFlMGJiZjA2ODE3NjFh
NDlkNGIwHhcNMjMwMTAxMTg0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVkMzhlZWFkZjE2ZjUwNDRkYzlkZDlhYTVmZGU1YjQ1OGQ1MzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigTFRpqU0zkpMjZPbkdtD8omj9vH
l/KLmk5/N9xu0s/+Qw3ZtxgeitT0Kuh4m1+OwZkA6nGXLXRMAzsW4e1lCMN5ynjP
9xIqzW/TD5Q0dHw0XVyRExLpFR5B3SO7PUQA6N6aemRyVQY5UjvATBjGDaGxgkDo
L9gUmDXVMdCIim6MNb5HXs5uagx+GM0xCvbj+NnxwB2d3QucFJ8Zpc+imM3MOpj/
wBUh519dFYCB+YiNFSfZ2IAneLwZER6yCuuqcLs36wL2geXPQkcUBNr1jXLz6zpS
URLskH6s4b2sv0EaD6DqNya9/vFsv9m8rrt2x/VHux9Sfm1LU7Fgx7NqQwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIXtOO6t8W9QRNyd2apf3ltFjVOaMB8GA1UdIwQY
MBaAFESohjdJixiPwLzq4LvwaBdhpJ1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUktpR04wbUxHSV9Bdk9yZ3VfQm9GMkdrblVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS81YmU4MGItMzM4Mi00NDQ4LWExY2Mt
ZGNhMDQyNzBiOWQ1LzEvaGUwNDdxM3hiMUJFM0ozWnFsX2VXMFdOVTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS81YmU4MGItMzM4Mi00NDQ4LWExY2MtZGNhMDQyNzBiOWQ1
LzEvUktpR04wbUxHSV9Bdk9yZ3VfQm9GMkdrblVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAEFhaID
BAMFhaAwDQYJKoZIhvcNAQELBQADggEBAFuOAJNGl8qwb+pXNxkOnV05wShVpzij
WD1D5BH89XwSJS6H6IqvgAeBdv62ib/uzkV1s8M0SSZk/0MhDMaU4M0cuOm3rGtg
Gtmya2SFa9UASYgnQVOCXamSr6ncH+YGlCoQHPptQdhsrQfD3pKqFFDu78GdsnSM
W9jslXu2smefeIk5DAbd5F+iXKTLlnPjGKcXuxWyw2s2NqdtZa2SODm9/6USB9Am
dzy3wVeUzYLMilGGScjSB/l8LXRPAV6XIIln5XwZzjYump7CRzYRtNuNLP9zcYRV
Sd6ZZrd7kP/uj6ii3fAfsBNj52FqdWzgZ2vr2QldZOpc10CrwmOMnnI=
-----END CERTIFICATE-----
Generated at Sun Apr 13 01:30:28 2025 by rpki-client