Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/HqsCvtslq7brAcBZKbHG01ZoUnE.roa
File: HqsCvtslq7brAcBZKbHG01ZoUnE.roa (raw, json)
Hash identifier: QgpeWPoyYKdN16fXV/O5cD+TV/ZiQXm0m/fTkjSeSQc=
Subject key identifier: 1E:AB:02:BE:DB:25:AB:B6:EB:01:C0:59:29:B1:C6:D3:56:68:52:71
Certificate issuer: /CN=ec9b0931118f08bf4a34b3e052fd8f8a5c1ecab0
Certificate serial: 01856EF42D6770152065DE6E93992FC9EFBB
Authority key identifier: EC:9B:09:31:11:8F:08:BF:4A:34:B3:E0:52:FD:8F:8A:5C:1E:CA:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/HqsCvtslq7brAcBZKbHG01ZoUnE.roa
Signing time: Sun 01 Jan 2023 20:09:34 +0000
ROA not before: Sun 01 Jan 2023 20:09:34 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42656
IP address blocks: 91.207.14.0/23 maxlen: 24
193.203.222.0/23 maxlen: 24
5.134.208.0/21 maxlen: 24
2a02:dc8::/30 maxlen: 43
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:f4:2d:67:70:15:20:65:de:6e:93:99:2f:c9:ef:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec9b0931118f08bf4a34b3e052fd8f8a5c1ecab0
Validity
Not Before: Jan 1 20:09:34 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1eab02bedb25abb6eb01c05929b1c6d356685271
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:f6:c2:3c:be:6e:97:b8:5d:59:37:d5:3b:f8:
03:f2:32:66:57:85:78:54:f0:ec:fc:f9:53:43:c9:
9e:b2:ef:83:c6:3b:7b:48:47:88:a8:58:a8:29:34:
75:96:8a:da:b5:cc:a4:15:f3:3b:8b:ce:83:b8:86:
75:74:77:5b:39:aa:3d:31:7f:68:cf:61:3c:01:5a:
c9:f4:38:91:be:7b:fb:38:d6:b3:b0:9b:29:57:9c:
a4:4f:09:94:52:c8:51:39:0f:15:b5:85:2c:9f:30:
54:8a:ed:7f:e6:5f:23:bf:66:2d:94:8f:7e:45:f8:
ab:cb:44:f0:8d:ca:2e:c4:4c:e9:f7:9c:32:b7:0e:
0e:17:ea:93:76:dc:69:4c:14:7a:5b:80:55:74:3c:
f5:7b:b5:50:7b:6c:39:7f:0a:f4:2d:c4:e7:52:94:
27:2e:24:58:f0:1d:88:d1:46:d6:04:d1:bc:8e:2d:
40:49:a8:1d:ca:81:02:93:ab:f7:a5:85:57:6f:99:
a6:6f:ee:eb:5d:95:0f:f9:96:2f:31:bc:a5:a7:96:
08:74:c8:23:aa:be:86:73:32:01:0d:53:54:a4:67:
8a:8c:a1:a6:a8:e7:f0:5e:a5:87:2f:b5:b2:5f:a6:
59:5c:57:ac:08:8b:83:2c:31:97:54:00:30:f1:39:
a2:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:AB:02:BE:DB:25:AB:B6:EB:01:C0:59:29:B1:C6:D3:56:68:52:71
X509v3 Authority Key Identifier:
keyid:EC:9B:09:31:11:8F:08:BF:4A:34:B3:E0:52:FD:8F:8A:5C:1E:CA:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/HqsCvtslq7brAcBZKbHG01ZoUnE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/7JsJMRGPCL9KNLPgUv2PilweyrA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.134.208.0/21
91.207.14.0/23
193.203.222.0/23
IPv6:
2a02:dc8::/30
Signature Algorithm: sha256WithRSAEncryption
4f:8b:cc:b7:b6:9b:ec:ab:f6:81:fe:f1:c5:c1:3c:28:bb:04:
88:51:75:87:b9:0e:16:85:14:d9:16:9f:1a:bc:c8:53:a0:e3:
97:1e:b8:89:a2:00:07:98:89:b9:fa:0c:28:08:71:7f:3a:52:
d9:c2:5e:49:de:9f:e1:be:92:fa:0c:87:d0:49:65:9b:e2:53:
84:51:90:94:da:cb:ab:cd:2c:73:5e:95:ee:f3:71:f1:31:ee:
b9:f0:58:ed:16:f4:ec:c8:27:4f:20:48:de:bc:86:94:3f:b3:
26:f7:ba:ed:88:aa:63:43:11:10:c0:10:5e:25:31:81:49:cd:
86:12:44:71:a1:b5:3d:c3:a9:b6:da:53:30:09:0e:8f:dd:07:
5c:f6:a1:ee:1f:ed:ad:86:44:b4:59:6e:28:04:d9:5f:87:ba:
f0:2b:a1:ce:d2:e4:f7:c8:63:15:98:67:e8:4c:f9:cc:e0:1a:
ec:93:9a:f2:b9:9c:76:dd:a9:29:a5:dd:b0:be:51:79:85:a6:
bb:49:ac:5a:41:86:81:ff:68:f4:75:15:86:57:b5:a5:e3:68:
d5:7b:31:71:fc:65:3a:4b:87:8d:a9:b9:0b:bc:bc:95:41:54:
0a:9a:61:a7:22:40:45:64:a8:b7:b5:b9:e4:c7:de:51:c0:d2:
2a:f3:d1:af
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVu9C1ncBUgZd5uk5kvye+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWIwOTMxMTE4ZjA4YmY0YTM0YjNlMDUyZmQ4ZjhhNWMx
ZWNhYjAwHhcNMjMwMTAxMjAwOTM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWFiMDJiZWRiMjVhYmI2ZWIwMWMwNTkyOWIxYzZkMzU2Njg1MjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifbCPL5ul7hdWTfVO/gD8jJmV4V4
VPDs/PlTQ8mesu+Dxjt7SEeIqFioKTR1loratcykFfM7i86DuIZ1dHdbOao9MX9o
z2E8AVrJ9DiRvnv7ONazsJspV5ykTwmUUshROQ8VtYUsnzBUiu1/5l8jv2YtlI9+
Rfiry0TwjcouxEzp95wytw4OF+qTdtxpTBR6W4BVdDz1e7VQe2w5fwr0LcTnUpQn
LiRY8B2I0UbWBNG8ji1ASagdyoECk6v3pYVXb5mmb+7rXZUP+ZYvMbylp5YIdMgj
qr6GczIBDVNUpGeKjKGmqOfwXqWHL7WyX6ZZXFesCIuDLDGXVAAw8TmiwwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFB6rAr7bJau26wHAWSmxxtNWaFJxMB8GA1UdIwQY
MBaAFOybCTERjwi/SjSz4FL9j4pcHsqwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0pzSk1SR1BDTDlLTkxQZ1V2MlBpbHdleXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8wNzc2YTItNWU4OS00ZTJjLTkzNzAt
NWIzMDRlZWMwMDI1LzEvSHFzQ3Z0c2xxN2JyQWNCWktiSEcwMVpvVW5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8wNzc2YTItNWU4OS00ZTJjLTkzNzAtNWIzMDRlZWMwMDI1
LzEvN0pzSk1SR1BDTDlLTkxQZ1V2MlBpbHdleXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBYbQAwQB
W88OAwQBwcveMA0EAgACMAcDBQIqAg3IMA0GCSqGSIb3DQEBCwUAA4IBAQBPi8y3
tpvsq/aB/vHFwTwouwSIUXWHuQ4WhRTZFp8avMhToOOXHriJogAHmIm5+gwoCHF/
OlLZwl5J3p/hvpL6DIfQSWWb4lOEUZCU2surzSxzXpXu83HxMe658FjtFvTsyCdP
IEjevIaUP7Mm97rtiKpjQxEQwBBeJTGBSc2GEkRxobU9w6m22lMwCQ6P3Qdc9qHu
H+2thkS0WW4oBNlfh7rwK6HO0uT3yGMVmGfoTPnM4Brsk5ryuZx23akppd2wvlF5
haa7SaxaQYaB/2j0dRWGV7Wl42jVezFx/GU6S4eNqbkLvLyVQVQKmmGnIkBFZKi3
tbnkx95RwNIq89Gv
-----END CERTIFICATE-----
Generated at Mon Apr 21 15:15:32 2025 by rpki-client