Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6fef03-0670-41ab-a6c9-43adb605f68a/1/p1XKI8C76kQVvO86vHu7r-M1VQc.roa
File: p1XKI8C76kQVvO86vHu7r-M1VQc.roa (raw, json)
Hash identifier: khcjrYPwCP11OyID7SV4joTwU92Qqv+C/epXJ3ohzSE=
Subject key identifier: A7:55:CA:23:C0:BB:EA:44:15:BC:EF:3A:BC:7B:BB:AF:E3:35:55:07
Certificate issuer: /CN=7a1ff702726e75b3a68f1182e47ffbcdcae515e5
Certificate serial: 018B70C27D3D3C55B0DFE4CC55CD7D100F4E
Authority key identifier: 7A:1F:F7:02:72:6E:75:B3:A6:8F:11:82:E4:7F:FB:CD:CA:E5:15:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eh_3AnJudbOmjxGC5H_7zcrlFeU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/6fef03-0670-41ab-a6c9-43adb605f68a/1/p1XKI8C76kQVvO86vHu7r-M1VQc.roa
Signing time: Fri 27 Oct 2023 10:51:16 +0000
ROA not before: Fri 27 Oct 2023 10:51:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213260
IP address blocks: 87.238.28.0/22 maxlen: 22
80.249.32.0/20 maxlen: 20
89.249.176.0/21 maxlen: 21
80.67.112.0/21 maxlen: 21
80.67.120.0/22 maxlen: 22
87.238.0.0/20 maxlen: 20
46.232.144.0/21 maxlen: 21
87.238.16.0/21 maxlen: 21
87.238.24.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:70:c2:7d:3d:3c:55:b0:df:e4:cc:55:cd:7d:10:0f:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7a1ff702726e75b3a68f1182e47ffbcdcae515e5
Validity
Not Before: Oct 27 10:51:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a755ca23c0bbea4415bcef3abc7bbbafe3355507
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:fd:0c:33:32:57:57:13:f4:7c:63:a6:a3:22:
88:53:44:63:bb:e7:7e:26:7e:6d:74:21:b8:41:76:
de:7b:1f:bf:60:88:5a:a5:ac:98:4b:01:3c:81:fc:
68:61:63:e1:ba:27:0e:59:e9:8f:c5:eb:c7:60:84:
37:6d:8b:54:38:36:59:e6:77:72:90:3c:5f:da:6b:
7f:08:92:42:de:ca:41:f5:7c:1f:6b:74:c8:78:8f:
e5:b5:60:5f:93:d2:6c:36:f7:66:9d:6a:5b:1f:0d:
67:48:ae:65:b1:ea:fa:ec:b5:ed:19:25:eb:a8:47:
0f:aa:4a:17:9e:ea:ac:86:5c:71:f9:4c:4f:12:98:
fd:ac:9d:d9:e1:7f:95:93:8e:c2:29:8d:1a:9f:1c:
78:5b:1e:46:f9:7a:72:ae:dd:e4:ec:3c:3b:88:44:
3f:80:36:4b:ad:4c:c5:37:51:82:50:a0:2f:a5:70:
a8:aa:68:34:2e:df:af:fb:6f:8a:ca:fa:48:66:5e:
8d:95:cf:4d:35:44:38:91:23:e0:6a:c5:9c:6d:8f:
c9:ff:c1:e6:81:96:40:21:2f:6f:c8:71:d6:33:fe:
1f:e5:30:81:c5:c2:15:fd:d4:41:cd:09:c1:8a:85:
fd:4b:49:7c:26:eb:e0:1b:ee:62:c9:cb:e9:89:38:
98:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:55:CA:23:C0:BB:EA:44:15:BC:EF:3A:BC:7B:BB:AF:E3:35:55:07
X509v3 Authority Key Identifier:
keyid:7A:1F:F7:02:72:6E:75:B3:A6:8F:11:82:E4:7F:FB:CD:CA:E5:15:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eh_3AnJudbOmjxGC5H_7zcrlFeU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6fef03-0670-41ab-a6c9-43adb605f68a/1/p1XKI8C76kQVvO86vHu7r-M1VQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6fef03-0670-41ab-a6c9-43adb605f68a/1/eh_3AnJudbOmjxGC5H_7zcrlFeU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.232.144.0/21
80.67.112.0-80.67.123.255
80.249.32.0/20
87.238.0.0/19
89.249.176.0/21
Signature Algorithm: sha256WithRSAEncryption
8e:fb:8f:59:0b:0b:fb:a0:10:52:2a:c1:23:f1:d6:9e:14:22:
a5:9e:8e:f5:4a:9a:a3:f6:92:a6:13:23:b0:06:c9:49:ed:02:
a5:eb:a2:e0:00:67:59:c1:87:84:21:78:79:5e:c0:1b:7d:80:
48:85:59:f8:cc:0e:5a:03:be:da:e9:c6:bf:12:55:6a:b1:26:
70:c2:b0:a0:98:62:3c:da:3f:51:8c:fd:e0:7d:cb:1a:f4:77:
1a:df:09:40:e8:72:d9:19:da:47:66:79:e4:20:02:b4:2b:64:
b7:f2:d2:0b:0b:fb:0a:fb:b4:c7:b0:bb:d1:9b:b0:7f:95:77:
16:ef:6a:c8:b8:f4:83:5c:b7:26:e7:c3:67:ce:ed:6f:32:66:
09:dc:7f:2b:ee:1b:f1:75:a3:3b:38:c6:a0:16:fa:a8:66:97:
5b:b8:a7:b2:85:25:74:0a:d7:8f:7b:86:20:e3:57:57:61:36:
ac:f9:37:a7:44:2d:40:02:f4:44:be:be:4b:f9:86:4b:4d:78:
68:00:4a:3e:17:b5:67:1f:6c:85:37:bd:a4:23:c9:3d:0d:78:
48:fd:d5:06:73:af:86:56:e0:f8:22:75:a7:72:ac:76:7e:8e:
43:80:4e:d6:e4:f4:e0:0f:cf:fa:c9:46:d0:aa:e6:a0:5c:54:
98:1c:6a:fe
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYtwwn09PFWw3+TMVc19EA9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMWZmNzAyNzI2ZTc1YjNhNjhmMTE4MmU0N2ZmYmNkY2Fl
NTE1ZTUwHhcNMjMxMDI3MTA1MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzU1Y2EyM2MwYmJlYTQ0MTViY2VmM2FiYzdiYmJhZmUzMzU1NTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/0MMzJXVxP0fGOmoyKIU0Rju+d+
Jn5tdCG4QXbeex+/YIhapayYSwE8gfxoYWPhuicOWemPxevHYIQ3bYtUODZZ5ndy
kDxf2mt/CJJC3spB9Xwfa3TIeI/ltWBfk9JsNvdmnWpbHw1nSK5lser67LXtGSXr
qEcPqkoXnuqshlxx+UxPEpj9rJ3Z4X+Vk47CKY0anxx4Wx5G+Xpyrt3k7Dw7iEQ/
gDZLrUzFN1GCUKAvpXCoqmg0Lt+v+2+KyvpIZl6Nlc9NNUQ4kSPgasWcbY/J/8Hm
gZZAIS9vyHHWM/4f5TCBxcIV/dRBzQnBioX9S0l8JuvgG+5iycvpiTiYmwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKdVyiPAu+pEFbzvOrx7u6/jNVUHMB8GA1UdIwQY
MBaAFHof9wJybnWzpo8RguR/+83K5RXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWhfM0FuSnVkYk9tanhHQzVIXzd6Y3JsRmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ZmVmMDMtMDY3MC00MWFiLWE2Yzkt
NDNhZGI2MDVmNjhhLzEvcDFYS0k4Qzc2a1FWdk84NnZIdTdyLU0xVlFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ZmVmMDMtMDY3MC00MWFiLWE2YzktNDNhZGI2MDVmNjhh
LzEvZWhfM0FuSnVkYk9tanhHQzVIXzd6Y3JsRmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQDLuiQMAwD
BARQQ3ADBAJQQ3gDBARQ+SADBAVX7gADBANZ+bAwDQYJKoZIhvcNAQELBQADggEB
AI77j1kLC/ugEFIqwSPx1p4UIqWejvVKmqP2kqYTI7AGyUntAqXrouAAZ1nBh4Qh
eHlewBt9gEiFWfjMDloDvtrpxr8SVWqxJnDCsKCYYjzaP1GM/eB9yxr0dxrfCUDo
ctkZ2kdmeeQgArQrZLfy0gsL+wr7tMewu9GbsH+Vdxbvasi49INctybnw2fO7W8y
ZgncfyvuG/F1ozs4xqAW+qhml1u4p7KFJXQK1497hiDjV1dhNqz5N6dELUAC9ES+
vkv5hktNeGgASj4XtWcfbIU3vaQjyT0NeEj91QZzr4ZW4PgidadyrHZ+jkOATtbk
9OAPz/rJRtCq5qBcVJgcav4=
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:03:11 2025 by rpki-client