Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa
File: HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa (raw, json)
Hash identifier: 4QNB6CYa0oFHaloEnoxNwPpRHmLBm69z4vislTJcRxg=
Subject key identifier: 1D:95:F5:4C:9E:BF:70:E2:CD:04:E9:CE:6C:D1:25:E8:3C:07:9B:C8
Certificate issuer: /CN=fd89b349c84fc7b3412a52d65ff260d2cc289ab9
Certificate serial: 01856D81A91A6089F90ED14C8F34EF801455
Authority key identifier: FD:89:B3:49:C8:4F:C7:B3:41:2A:52:D6:5F:F2:60:D2:CC:28:9A:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa
Signing time: Sun 01 Jan 2023 13:24:52 +0000
ROA not before: Sun 01 Jan 2023 13:24:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20860
IP address blocks: 149.255.96.0/20 maxlen: 24
2a03:ca80::/29 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:a9:1a:60:89:f9:0e:d1:4c:8f:34:ef:80:14:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fd89b349c84fc7b3412a52d65ff260d2cc289ab9
Validity
Not Before: Jan 1 13:24:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d95f54c9ebf70e2cd04e9ce6cd125e83c079bc8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:22:90:f9:23:87:56:ce:c4:4a:8b:1a:3e:65:
c4:b2:fa:3e:64:21:e9:8e:7b:e3:7c:50:e6:44:4d:
b7:19:f0:66:15:c0:00:be:ee:c1:6b:29:ec:be:82:
8b:e4:fa:d9:0e:95:27:61:f0:5b:5f:fe:62:76:82:
2d:1c:f9:c6:a8:0e:0c:c5:7e:53:4e:aa:c8:98:51:
ca:23:dd:ec:e8:47:92:74:cc:ff:24:12:21:f2:f8:
13:dd:d1:b4:af:8b:0f:78:07:e2:72:9d:2e:14:76:
9c:0d:a1:72:19:3d:6c:22:56:d7:57:f4:0a:fd:d2:
3d:6d:d8:26:d7:ca:b8:70:1c:e6:c0:49:10:49:19:
fe:4e:04:cb:4d:43:67:86:4b:a8:3a:80:ce:88:76:
ba:fc:4d:10:b5:10:3b:18:19:a3:c4:af:4b:8e:50:
e5:83:1a:46:fb:94:3b:38:fc:e1:03:cd:68:40:a9:
43:4e:06:8f:5c:45:c6:c7:50:f8:7c:b4:1e:e4:21:
8f:26:ca:9e:86:61:95:45:f1:a0:58:50:40:27:8e:
5b:6f:49:40:7d:80:d2:35:3f:2d:82:cc:36:bc:c4:
38:9b:57:fb:c9:85:6d:bf:44:2d:c4:37:87:04:b5:
83:0c:53:e1:e3:f8:16:6b:de:89:a2:11:c2:8f:82:
9f:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:95:F5:4C:9E:BF:70:E2:CD:04:E9:CE:6C:D1:25:E8:3C:07:9B:C8
X509v3 Authority Key Identifier:
keyid:FD:89:B3:49:C8:4F:C7:B3:41:2A:52:D6:5F:F2:60:D2:CC:28:9A:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/_YmzSchPx7NBKlLWX_Jg0swomrk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.255.96.0/20
IPv6:
2a03:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
97:60:48:8c:87:b8:a7:b7:b4:2c:c9:47:98:94:35:37:1d:06:
1a:40:4b:d7:04:ec:73:c1:28:da:61:ba:24:e5:bf:29:ba:82:
45:60:5b:b3:06:a0:b9:eb:3f:11:53:51:95:e5:19:0c:f2:21:
b9:28:ed:0e:4a:08:7f:af:4d:aa:f5:0e:d4:23:3d:2c:4d:3e:
76:9d:45:d0:3d:1d:31:c9:0a:9f:98:3a:3b:00:c1:56:81:7c:
3b:60:01:43:d7:dc:11:67:8f:b3:2b:67:af:ce:6f:1d:94:f1:
a5:14:ea:2d:6e:87:fe:f9:8e:5c:90:48:5d:f4:a9:a9:c8:85:
e7:17:be:1d:4f:85:c3:c2:d1:00:f5:69:cf:e7:84:98:21:9b:
a5:f7:e2:32:7d:f4:f4:8d:55:e7:8a:19:d6:d8:c5:d0:93:bd:
1a:7a:95:3d:39:28:a3:74:76:a2:72:c5:ca:2f:73:91:c8:58:
d7:c4:6e:90:03:d2:1e:0c:9a:98:f3:23:b7:04:9e:c8:67:b8:
d5:2a:12:2f:5d:05:5c:0c:15:e7:9e:e1:87:36:96:16:7a:ef:
a4:cb:b4:a8:d2:a8:55:6e:0c:4b:b4:b1:3f:e5:32:ba:59:45:
49:88:90:6e:af:32:c9:13:6f:ba:10:d9:05:1f:0a:b9:54:ff:
aa:24:3e:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtgakaYIn5DtFMjzTvgBRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkODliMzQ5Yzg0ZmM3YjM0MTJhNTJkNjVmZjI2MGQyY2My
ODlhYjkwHhcNMjMwMTAxMTMyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk1ZjU0YzllYmY3MGUyY2QwNGU5Y2U2Y2QxMjVlODNjMDc5YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriKQ+SOHVs7ESosaPmXEsvo+ZCHp
jnvjfFDmRE23GfBmFcAAvu7BaynsvoKL5PrZDpUnYfBbX/5idoItHPnGqA4MxX5T
TqrImFHKI93s6EeSdMz/JBIh8vgT3dG0r4sPeAficp0uFHacDaFyGT1sIlbXV/QK
/dI9bdgm18q4cBzmwEkQSRn+TgTLTUNnhkuoOoDOiHa6/E0QtRA7GBmjxK9LjlDl
gxpG+5Q7OPzhA81oQKlDTgaPXEXGx1D4fLQe5CGPJsqehmGVRfGgWFBAJ45bb0lA
fYDSNT8tgsw2vMQ4m1f7yYVtv0QtxDeHBLWDDFPh4/gWa96JohHCj4KflQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB2V9Uyev3DizQTpzmzRJeg8B5vIMB8GA1UdIwQY
MBaAFP2Js0nIT8ezQSpS1l/yYNLMKJq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1ltelNjaFB4N05CS2xMV1hfSmcwc3dvbXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9lZTcxNGEtMjFhYy00Mzg2LTgyZjUt
ZTgxNzYxMDJjNWZmLzEvSFpYMVRKNl9jT0xOQk9uT2JORWw2RHdIbThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9lZTcxNGEtMjFhYy00Mzg2LTgyZjUtZTgxNzYxMDJjNWZm
LzEvX1ltelNjaFB4N05CS2xMV1hfSmcwc3dvbXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQElf9gMA0E
AgACMAcDBQMqA8qAMA0GCSqGSIb3DQEBCwUAA4IBAQCXYEiMh7int7QsyUeYlDU3
HQYaQEvXBOxzwSjaYbok5b8puoJFYFuzBqC56z8RU1GV5RkM8iG5KO0OSgh/r02q
9Q7UIz0sTT52nUXQPR0xyQqfmDo7AMFWgXw7YAFD19wRZ4+zK2evzm8dlPGlFOot
bof++Y5ckEhd9KmpyIXnF74dT4XDwtEA9WnP54SYIZul9+IyffT0jVXnihnW2MXQ
k70aepU9OSijdHaicsXKL3ORyFjXxG6QA9IeDJqY8yO3BJ7IZ7jVKhIvXQVcDBXn
nuGHNpYWeu+ky7So0qhVbgxLtLE/5TK6WUVJiJBurzLJE2+6ENkFHwq5VP+qJD5A
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:36:04 2025 by rpki-client