Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/e0e829-1284-4db1-ba48-785ac191b31a/1/XlFjqBr2X4IVHUtxe4uDaB7NdZo.roa
File: XlFjqBr2X4IVHUtxe4uDaB7NdZo.roa (raw, json)
Hash identifier: gZMwQVw2o6ggxWwsF2NdcnGrrBL1guQTN7oqtuR+eYs=
Subject key identifier: 5E:51:63:A8:1A:F6:5F:82:15:1D:4B:71:7B:8B:83:68:1E:CD:75:9A
Certificate issuer: /CN=d07dff547eacbe81dc3465598446d3b027dcb76d
Certificate serial: 018B7263F7919782AE11C9E5C9B4B24D1732
Authority key identifier: D0:7D:FF:54:7E:AC:BE:81:DC:34:65:59:84:46:D3:B0:27:DC:B7:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0H3_VH6svoHcNGVZhEbTsCfct20.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/e0e829-1284-4db1-ba48-785ac191b31a/1/XlFjqBr2X4IVHUtxe4uDaB7NdZo.roa
Signing time: Fri 27 Oct 2023 18:27:15 +0000
ROA not before: Fri 27 Oct 2023 18:27:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5517
IP address blocks: 194.245.0.0/16 maxlen: 16
194.176.0.0/19 maxlen: 19
159.25.0.0/16 maxlen: 24
2a01:4fc0::/34 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:72:63:f7:91:97:82:ae:11:c9:e5:c9:b4:b2:4d:17:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d07dff547eacbe81dc3465598446d3b027dcb76d
Validity
Not Before: Oct 27 18:27:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5e5163a81af65f82151d4b717b8b83681ecd759a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:4f:63:92:56:e5:16:12:19:60:19:67:96:1b:
94:15:24:68:47:b1:96:01:ee:0e:57:ca:25:ec:eb:
65:d9:a4:94:da:53:f2:8a:9e:b7:29:7e:4c:d7:22:
6c:d8:b4:7f:bd:c6:d9:69:36:dd:0e:0c:de:b4:e1:
c5:f1:e3:71:30:44:8d:16:c6:d3:ea:90:ff:e2:db:
95:94:97:4e:0e:fc:61:25:41:36:dd:cf:31:c1:e9:
22:6f:d4:8f:85:b1:2d:94:8b:c4:4d:90:98:dd:31:
0b:d4:87:6a:42:1e:32:e6:55:8a:2f:92:6b:e0:15:
13:10:1f:50:97:92:41:b9:bf:ba:e8:2a:5b:54:dd:
9e:b0:3a:63:f0:54:a1:50:a9:83:40:60:ac:32:9a:
ce:63:a8:7f:b7:48:31:98:a3:fa:f8:77:b4:6f:0c:
10:9d:9f:44:42:48:68:b1:75:27:fa:86:2a:a3:88:
8d:ac:52:89:9c:97:31:5c:96:9c:57:90:44:d3:5f:
71:66:ff:d7:9a:27:23:f7:e8:9a:97:32:4b:46:8e:
34:c7:9c:18:8a:b2:8b:40:42:fb:d2:f5:61:59:65:
f7:f7:8f:be:b6:cf:b6:cc:e4:aa:63:7b:10:96:8c:
06:33:3b:1e:25:b6:76:6b:a1:89:43:81:c0:6b:09:
66:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:51:63:A8:1A:F6:5F:82:15:1D:4B:71:7B:8B:83:68:1E:CD:75:9A
X509v3 Authority Key Identifier:
keyid:D0:7D:FF:54:7E:AC:BE:81:DC:34:65:59:84:46:D3:B0:27:DC:B7:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H3_VH6svoHcNGVZhEbTsCfct20.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e0e829-1284-4db1-ba48-785ac191b31a/1/XlFjqBr2X4IVHUtxe4uDaB7NdZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e0e829-1284-4db1-ba48-785ac191b31a/1/0H3_VH6svoHcNGVZhEbTsCfct20.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.25.0.0/16
194.176.0.0/19
194.245.0.0/16
IPv6:
2a01:4fc0::/34
Signature Algorithm: sha256WithRSAEncryption
1d:bf:52:db:cc:c7:88:a7:a5:66:ca:4d:c0:76:3f:02:67:78:
55:41:16:6b:21:4a:e6:8d:61:4e:20:60:67:2f:81:e9:16:f8:
b6:89:7f:3d:99:0e:54:94:69:42:b5:0f:9b:81:c5:01:f9:be:
f6:cb:34:4b:24:77:e7:c3:41:9c:76:54:8b:55:4c:85:0d:b5:
0c:2e:ff:ad:62:8f:3c:a9:b4:cf:05:3a:44:44:fa:a8:df:fc:
52:34:62:11:9f:bc:fe:9e:26:38:26:c9:0e:95:43:58:55:7f:
ff:38:2b:ab:52:e9:7e:ec:e8:c2:f3:c8:44:b6:37:c0:9f:dc:
e4:71:1c:7f:3b:9c:29:3e:ae:7f:06:29:46:af:cb:3d:c4:85:
36:8f:ad:78:ce:e8:f6:d1:b0:ca:09:24:fb:85:05:fd:a3:42:
03:7e:2c:27:87:50:c9:80:a8:76:30:91:b0:80:5d:e5:b3:ff:
be:4b:20:96:b6:b7:e4:e1:85:b6:17:df:9f:85:e7:1a:33:cc:
a6:2e:73:b8:c1:11:c8:65:41:51:f1:61:eb:4c:d3:f9:24:4d:
e6:33:d7:29:65:1f:a5:91:2f:72:98:72:a1:c0:5f:48:ec:00:
1a:c8:00:ec:90:cb:ef:34:48:9d:1f:f8:98:fc:5e:3d:e6:f5:
ee:fc:c8:13
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYtyY/eRl4KuEcnlybSyTRcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2RmZjU0N2VhY2JlODFkYzM0NjU1OTg0NDZkM2IwMjdk
Y2I3NmQwHhcNMjMxMDI3MTgyNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUxNjNhODFhZjY1ZjgyMTUxZDRiNzE3YjhiODM2ODFlY2Q3NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqU9jklblFhIZYBlnlhuUFSRoR7GW
Ae4OV8ol7Otl2aSU2lPyip63KX5M1yJs2LR/vcbZaTbdDgzetOHF8eNxMESNFsbT
6pD/4tuVlJdODvxhJUE23c8xwekib9SPhbEtlIvETZCY3TEL1IdqQh4y5lWKL5Jr
4BUTEB9Ql5JBub+66CpbVN2esDpj8FShUKmDQGCsMprOY6h/t0gxmKP6+He0bwwQ
nZ9EQkhosXUn+oYqo4iNrFKJnJcxXJacV5BE019xZv/Xmicj9+ialzJLRo40x5wY
irKLQEL70vVhWWX394++ts+2zOSqY3sQlowGMzseJbZ2a6GJQ4HAawlmpwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFF5RY6ga9l+CFR1LcXuLg2gezXWaMB8GA1UdIwQY
MBaAFNB9/1R+rL6B3DRlWYRG07An3LdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgzX1ZINnN2b0hjTkdWWmhFYlRzQ2ZjdDIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9lMGU4MjktMTI4NC00ZGIxLWJhNDgt
Nzg1YWMxOTFiMzFhLzEvWGxGanFCcjJYNElWSFV0eGU0dURhQjdOZFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9lMGU4MjktMTI4NC00ZGIxLWJhNDgtNzg1YWMxOTFiMzFh
LzEvMEgzX1ZINnN2b0hjTkdWWmhFYlRzQ2ZjdDIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAWBAIAATAQAwMAnxkDBAXC
sAADAwDC9TAOBAIAAjAIAwYGKgFPwAAwDQYJKoZIhvcNAQELBQADggEBAB2/UtvM
x4inpWbKTcB2PwJneFVBFmshSuaNYU4gYGcvgekW+LaJfz2ZDlSUaUK1D5uBxQH5
vvbLNEskd+fDQZx2VItVTIUNtQwu/61ijzyptM8FOkRE+qjf/FI0YhGfvP6eJjgm
yQ6VQ1hVf/84K6tS6X7s6MLzyES2N8Cf3ORxHH87nCk+rn8GKUavyz3EhTaPrXjO
6PbRsMoJJPuFBf2jQgN+LCeHUMmAqHYwkbCAXeWz/75LIJa2t+ThhbYX35+F5xoz
zKYuc7jBEchlQVHxYetM0/kkTeYz1yllH6WRL3KYcqHAX0jsABrIAOyQy+80SJ0f
+Jj8Xj3m9e78yBM=
-----END CERTIFICATE-----
Generated at Sun Apr 13 10:54:28 2025 by rpki-client