Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/0K-4HV-EJrI2dBlszRaAqMXLcpA.roa
File: 0K-4HV-EJrI2dBlszRaAqMXLcpA.roa (raw, json)
Hash identifier: 4daEPJSH0puOrbRXoFohSHheXjql4mxlm5UlGvXnpNc=
Subject key identifier: D0:AF:B8:1D:5F:84:26:B2:36:74:19:6C:CD:16:80:A8:C5:CB:72:90
Certificate issuer: /CN=4e5aa38eea324e2bd7ab6427e7596a9fa41db0e3
Certificate serial: 01857321FE905C313E7AFA9D1D1884F40964
Authority key identifier: 4E:5A:A3:8E:EA:32:4E:2B:D7:AB:64:27:E7:59:6A:9F:A4:1D:B0:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TlqjjuoyTivXq2Qn51lqn6QdsOM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/0K-4HV-EJrI2dBlszRaAqMXLcpA.roa
Signing time: Mon 02 Jan 2023 15:38:05 +0000
ROA not before: Mon 02 Jan 2023 15:38:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60798
IP address blocks: 45.138.201.0/24 maxlen: 24
45.138.200.0/22 maxlen: 22
45.138.200.0/24 maxlen: 24
45.14.184.0/22 maxlen: 24
185.229.236.0/22 maxlen: 24
185.25.204.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:21:fe:90:5c:31:3e:7a:fa:9d:1d:18:84:f4:09:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5aa38eea324e2bd7ab6427e7596a9fa41db0e3
Validity
Not Before: Jan 2 15:38:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d0afb81d5f8426b23674196ccd1680a8c5cb7290
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e8:90:2f:08:fb:a5:01:56:41:e7:af:5e:53:
12:41:5f:f2:9c:76:c3:9b:2b:51:a3:3e:5f:e3:81:
e6:c0:af:fc:39:a1:f0:bf:34:e4:a6:31:7c:9b:b1:
be:54:31:ae:d5:ef:ee:d1:e9:e1:e2:7f:cc:e4:63:
e3:2b:c1:da:30:b5:a0:9e:28:9f:c0:7f:e4:75:7e:
bd:cb:4e:ed:a9:7a:22:9e:e6:90:38:a6:0b:3f:d2:
16:e9:82:6c:3c:60:8a:d8:8c:55:79:f3:78:b9:15:
e4:da:2c:76:c5:48:9d:b7:e3:7f:de:01:e6:fb:89:
a8:af:5a:5c:0c:4c:f7:a2:6b:34:03:42:2c:34:f3:
94:55:71:b2:e5:4c:23:00:fa:a5:22:8d:f6:39:e1:
db:0c:18:88:ad:46:ac:57:c3:e4:63:b8:e9:ea:c3:
99:fa:a9:67:38:c7:73:7a:fe:52:19:46:22:3b:3f:
0e:3b:8b:4f:2b:bc:97:5f:c6:ee:39:45:93:31:7d:
83:ff:b0:e1:88:01:dc:fd:da:49:d1:a5:88:9d:bd:
92:90:d0:ae:b4:a9:93:1d:a0:72:28:4c:3d:3e:e6:
50:ab:48:86:62:a4:6f:8f:e5:c1:af:e5:7e:d6:0c:
33:1e:1c:f1:ad:e3:07:e3:6b:04:ec:88:0e:ff:cc:
17:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:AF:B8:1D:5F:84:26:B2:36:74:19:6C:CD:16:80:A8:C5:CB:72:90
X509v3 Authority Key Identifier:
keyid:4E:5A:A3:8E:EA:32:4E:2B:D7:AB:64:27:E7:59:6A:9F:A4:1D:B0:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlqjjuoyTivXq2Qn51lqn6QdsOM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/0K-4HV-EJrI2dBlszRaAqMXLcpA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/TlqjjuoyTivXq2Qn51lqn6QdsOM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.184.0/22
45.138.200.0/22
185.25.204.0/22
185.229.236.0/22
Signature Algorithm: sha256WithRSAEncryption
d3:07:f4:46:5f:fc:b0:bd:11:e2:40:fa:b6:7d:de:71:ab:98:
e5:40:cd:b5:37:12:e8:6f:9d:a9:15:0e:e0:f9:80:56:1c:47:
1c:4e:8c:e4:56:da:5d:c8:8a:3b:47:77:9b:8f:1d:00:e2:62:
e5:11:88:ba:ba:fb:9b:5e:e0:03:80:35:14:1d:4e:06:61:2d:
3b:f3:00:2a:de:11:bb:52:a3:03:45:cc:a9:87:66:30:a5:55:
e2:b7:95:6a:60:e8:8e:0f:1c:48:33:ef:7f:ae:26:a7:1b:86:
2f:64:85:e7:ab:a0:9b:d4:ed:66:c8:76:4f:13:37:77:14:72:
37:78:13:cd:c9:86:7a:f5:2f:b0:45:65:9e:e0:59:62:b8:f0:
1f:b1:ec:60:d5:13:22:4f:31:c5:a5:2a:cc:d8:64:e3:31:22:
13:53:dd:ee:69:1a:c6:ff:a5:88:eb:71:91:19:b3:89:5d:87:
9e:3d:23:aa:fd:42:d9:43:67:14:22:00:cc:f1:0e:b3:f8:ca:
e5:91:d9:be:7e:8f:c8:e1:2c:e1:d8:b1:1e:41:cb:81:cc:41:
32:78:46:07:00:64:c2:c9:65:df:c5:59:cf:dc:93:9e:ee:2c:
26:34:09:be:af:fb:ce:a5:37:42:f8:a6:9a:c4:50:22:ef:0c:
32:a4:90:57
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVzIf6QXDE+evqdHRiE9AlkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWFhMzhlZWEzMjRlMmJkN2FiNjQyN2U3NTk2YTlmYTQx
ZGIwZTMwHhcNMjMwMTAyMTUzODA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGFmYjgxZDVmODQyNmIyMzY3NDE5NmNjZDE2ODBhOGM1Y2I3MjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+iQLwj7pQFWQeevXlMSQV/ynHbD
mytRoz5f44HmwK/8OaHwvzTkpjF8m7G+VDGu1e/u0enh4n/M5GPjK8HaMLWgniif
wH/kdX69y07tqXoinuaQOKYLP9IW6YJsPGCK2IxVefN4uRXk2ix2xUidt+N/3gHm
+4mor1pcDEz3oms0A0IsNPOUVXGy5UwjAPqlIo32OeHbDBiIrUasV8PkY7jp6sOZ
+qlnOMdzev5SGUYiOz8OO4tPK7yXX8buOUWTMX2D/7DhiAHc/dpJ0aWInb2SkNCu
tKmTHaByKEw9PuZQq0iGYqRvj+XBr+V+1gwzHhzxreMH42sE7IgO/8wXBwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNCvuB1fhCayNnQZbM0WgKjFy3KQMB8GA1UdIwQY
MBaAFE5ao47qMk4r16tkJ+dZap+kHbDjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxxamp1b3lUaXZYcTJRbjUxbHFuNlFkc09NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83NjcxMTktMjhhYS00MzM5LWI3NDEt
NGVlZWQ4YTQzMDhiLzEvMEstNEhWLUVKckkyZEJsc3pSYUFxTVhMY3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83NjcxMTktMjhhYS00MzM5LWI3NDEtNGVlZWQ4YTQzMDhi
LzEvVGxxamp1b3lUaXZYcTJRbjUxbHFuNlFkc09NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLQ64AwQC
LYrIAwQCuRnMAwQCueXsMA0GCSqGSIb3DQEBCwUAA4IBAQDTB/RGX/ywvRHiQPq2
fd5xq5jlQM21NxLob52pFQ7g+YBWHEccTozkVtpdyIo7R3ebjx0A4mLlEYi6uvub
XuADgDUUHU4GYS078wAq3hG7UqMDRcyph2YwpVXit5VqYOiODxxIM+9/rianG4Yv
ZIXnq6Cb1O1myHZPEzd3FHI3eBPNyYZ69S+wRWWe4FliuPAfsexg1RMiTzHFpSrM
2GTjMSITU93uaRrG/6WI63GRGbOJXYeePSOq/ULZQ2cUIgDM8Q6z+Mrlkdm+fo/I
4Szh2LEeQcuBzEEyeEYHAGTCyWXfxVnP3JOe7iwmNAm+r/vOpTdC+KaaxFAi7wwy
pJBX
-----END CERTIFICATE-----
Generated at Wed Apr 16 15:54:23 2025 by rpki-client