Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/hqKcdfNSx6yYi_-TIvMWNqaeklg.roa
File: hqKcdfNSx6yYi_-TIvMWNqaeklg.roa (raw, json)
Hash identifier: 9p5JWkXV7A+j62oicryqQX84rJOjT7Gl2XTqy38FJrM=
Subject key identifier: 86:A2:9C:75:F3:52:C7:AC:98:8B:FF:93:22:F3:16:36:A6:9E:92:58
Certificate issuer: /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial: 018B9069D29B2D69891154F04AF3EF086D7E
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/hqKcdfNSx6yYi_-TIvMWNqaeklg.roa
Signing time: Thu 02 Nov 2023 14:22:16 +0000
ROA not before: Thu 02 Nov 2023 14:22:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 123.253.212.0/24 maxlen: 24
185.110.63.0/24 maxlen: 24
123.253.213.0/24 maxlen: 24
141.98.139.0/24 maxlen: 24
141.98.137.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:90:69:d2:9b:2d:69:89:11:54:f0:4a:f3:ef:08:6d:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Validity
Not Before: Nov 2 14:22:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=86a29c75f352c7ac988bff9322f31636a69e9258
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:22:6a:5a:b6:04:bf:b2:bf:26:44:ee:1f:8c:
94:1b:89:35:6a:85:fa:ee:d1:dc:3e:39:28:33:9c:
33:02:23:3c:0f:d9:93:c1:d3:85:c3:4e:54:e5:ee:
e3:81:7d:31:8a:50:9f:a2:bb:ad:72:88:54:08:8c:
e2:22:aa:5c:97:84:3d:aa:fe:dc:3a:b6:69:6b:55:
53:74:2a:01:d4:0f:09:01:f1:79:7f:3d:13:ab:6e:
bc:92:86:70:48:a8:f1:8c:f2:9c:f3:cb:11:87:0a:
e6:fc:b5:2b:08:3b:55:ef:55:cc:40:42:90:80:6f:
c4:7f:6b:83:2a:af:bd:9f:d1:ce:05:df:d4:de:d6:
ec:3b:15:10:97:1b:49:1f:c7:9f:49:b0:67:86:50:
a6:e6:63:9b:74:4e:76:c7:db:28:f5:90:e9:12:53:
4c:e2:ea:60:33:41:34:2e:71:6a:e6:93:9c:8d:bb:
52:4a:a1:66:a9:a9:59:c8:4f:0a:ad:15:7f:19:ad:
aa:56:9c:68:b2:7d:61:9b:3e:cd:a5:0c:6b:ff:25:
99:5b:ed:3a:98:74:a8:fe:93:8a:bd:f1:29:93:d2:
cd:90:2f:62:1d:5b:3f:c9:ed:ad:38:cc:e9:2b:d2:
98:83:d8:b5:48:49:53:5e:15:39:d8:e2:04:d0:a3:
a3:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:A2:9C:75:F3:52:C7:AC:98:8B:FF:93:22:F3:16:36:A6:9E:92:58
X509v3 Authority Key Identifier:
keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/hqKcdfNSx6yYi_-TIvMWNqaeklg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
123.253.212.0/23
141.98.137.0/24
141.98.139.0/24
185.110.63.0/24
Signature Algorithm: sha256WithRSAEncryption
09:18:da:6a:7f:38:e9:6e:69:12:c3:50:9f:28:37:1c:47:d7:
d8:a0:be:3d:53:ed:c0:e7:27:fe:e0:da:12:90:73:63:d1:96:
d1:bd:6a:b9:85:82:93:b5:e9:a2:bd:9f:dc:5b:46:1e:33:b3:
89:aa:5f:c1:d4:9a:2a:07:27:86:28:10:57:ee:c3:64:4d:eb:
32:b6:df:16:fa:08:48:f8:75:34:27:19:cc:d6:f4:79:e6:bf:
e5:e3:01:2e:8e:67:64:6a:00:05:21:57:77:c7:80:54:c8:e0:
a1:bc:ac:02:d6:74:e4:5c:11:54:32:33:e4:13:1c:2e:05:f7:
46:82:42:cf:25:12:25:c6:ca:69:2e:fa:80:f2:8e:b8:aa:cf:
85:2f:97:58:da:21:3c:7a:de:97:be:d0:99:37:e2:fe:24:26:
3e:81:9b:86:ed:ac:4d:cf:c0:cd:84:47:11:2b:21:50:2b:59:
0b:27:de:8d:b0:83:b1:5f:e7:8e:ac:ff:48:5f:1f:dd:d5:5c:
5e:4b:d6:27:30:a7:ff:0b:bc:0f:0f:f8:c8:fd:6d:3e:97:6b:
ff:e9:8a:e8:8a:ea:5e:4a:91:48:fa:25:e0:b4:3d:11:bf:c4:
d3:aa:fb:3f:6a:cd:2a:04:e7:1e:5f:98:77:a7:f4:33:e0:c6:
ce:20:de:79
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYuQadKbLWmJEVTwSvPvCG1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjMxMTAyMTQyMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmEyOWM3NWYzNTJjN2FjOTg4YmZmOTMyMmYzMTYzNmE2OWU5MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSJqWrYEv7K/JkTuH4yUG4k1aoX6
7tHcPjkoM5wzAiM8D9mTwdOFw05U5e7jgX0xilCforutcohUCIziIqpcl4Q9qv7c
OrZpa1VTdCoB1A8JAfF5fz0Tq268koZwSKjxjPKc88sRhwrm/LUrCDtV71XMQEKQ
gG/Ef2uDKq+9n9HOBd/U3tbsOxUQlxtJH8efSbBnhlCm5mObdE52x9so9ZDpElNM
4upgM0E0LnFq5pOcjbtSSqFmqalZyE8KrRV/Ga2qVpxosn1hmz7NpQxr/yWZW+06
mHSo/pOKvfEpk9LNkC9iHVs/ye2tOMzpK9KYg9i1SElTXhU52OIE0KOj3QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIainHXzUsesmIv/kyLzFjamnpJYMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvaHFLY2RmTlN4NnlZaV8tVEl2TVdOcWFla2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBe/3UAwQA
jWKJAwQAjWKLAwQAuW4/MA0GCSqGSIb3DQEBCwUAA4IBAQAJGNpqfzjpbmkSw1Cf
KDccR9fYoL49U+3A5yf+4NoSkHNj0ZbRvWq5hYKTtemivZ/cW0YeM7OJql/B1Joq
ByeGKBBX7sNkTesytt8W+ghI+HU0JxnM1vR55r/l4wEujmdkagAFIVd3x4BUyOCh
vKwC1nTkXBFUMjPkExwuBfdGgkLPJRIlxsppLvqA8o64qs+FL5dY2iE8et6XvtCZ
N+L+JCY+gZuG7axNz8DNhEcRKyFQK1kLJ96NsIOxX+eOrP9IXx/d1VxeS9YnMKf/
C7wPD/jI/W0+l2v/6YroiupeSpFI+iXgtD0Rv8TTqvs/as0qBOceX5h3p/Qz4MbO
IN55
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:23:43 2025 by rpki-client