Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/2b5fea-8f51-4ba1-bdcc-3ebcadabf0d8/1/ZAI0dytg4LLs8UV6XxBkQvAXbgU.roa
File: ZAI0dytg4LLs8UV6XxBkQvAXbgU.roa (raw, json)
Hash identifier: Su4sdl8n0QaOrga26GH4fngffGijd1lcRSxVtCOHRLw=
Subject key identifier: 64:02:34:77:2B:60:E0:B2:EC:F1:45:7A:5F:10:64:42:F0:17:6E:05
Certificate issuer: /CN=1127b8d5a5040209b8993bf2031789c3b2bab7c7
Certificate serial: 01856E38BDDE77C736CB0D49B41B8887900A
Authority key identifier: 11:27:B8:D5:A5:04:02:09:B8:99:3B:F2:03:17:89:C3:B2:BA:B7:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ESe41aUEAgm4mTvyAxeJw7K6t8c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/2b5fea-8f51-4ba1-bdcc-3ebcadabf0d8/1/ZAI0dytg4LLs8UV6XxBkQvAXbgU.roa
Signing time: Sun 01 Jan 2023 16:44:50 +0000
ROA not before: Sun 01 Jan 2023 16:44:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43202
IP address blocks: 45.128.4.0/22 maxlen: 24
2a12:83c0::/32 maxlen: 32
2a12:83c5::/32 maxlen: 32
2a12:83c2::/32 maxlen: 32
2a12:83c3::/32 maxlen: 32
2a12:83c6::/32 maxlen: 32
2a12:83c1::/32 maxlen: 32
2a12:83c4::/32 maxlen: 32
2a12:83c7::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:38:bd:de:77:c7:36:cb:0d:49:b4:1b:88:87:90:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1127b8d5a5040209b8993bf2031789c3b2bab7c7
Validity
Not Before: Jan 1 16:44:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=640234772b60e0b2ecf1457a5f106442f0176e05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:45:79:e5:9d:40:96:9f:15:86:00:59:42:b2:
1e:49:e6:87:98:24:0c:40:82:ab:08:8a:27:ff:80:
8d:e9:4f:f6:17:7f:10:42:73:74:9c:b4:3d:bc:56:
d7:26:8e:74:50:dd:33:00:4c:00:7d:d3:f5:ae:c9:
2f:8f:46:19:d2:25:1c:dc:12:5b:a2:1c:bb:9b:df:
63:0e:6e:4a:4b:22:a3:82:cf:1d:5c:08:70:b4:c4:
7d:ab:f1:40:60:46:a1:b0:6c:18:79:cc:1d:65:f6:
81:56:bd:cd:64:3e:7a:3a:b1:df:1a:7b:dd:8b:fc:
2f:ef:87:0b:70:28:12:b3:b0:b6:71:ed:5d:73:d2:
06:68:8f:72:81:ed:ea:85:20:49:a9:ab:46:ef:88:
0b:f0:45:02:a8:3e:a8:44:cf:fa:fd:d2:f6:be:92:
33:b6:a0:10:d7:8c:43:9b:18:08:c8:1b:dc:29:d2:
0c:4c:3c:f7:04:e8:f2:1d:c5:f8:39:16:df:10:36:
88:18:79:ae:a0:87:34:f4:80:fa:87:34:99:5b:c9:
94:d2:dd:3c:fd:b8:32:ca:e6:77:8f:0a:63:7c:10:
52:bd:9d:31:42:29:71:a7:40:08:fe:6e:27:d8:69:
e2:45:9f:69:6c:e4:d6:9e:97:61:db:bf:c1:1a:55:
f8:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:02:34:77:2B:60:E0:B2:EC:F1:45:7A:5F:10:64:42:F0:17:6E:05
X509v3 Authority Key Identifier:
keyid:11:27:B8:D5:A5:04:02:09:B8:99:3B:F2:03:17:89:C3:B2:BA:B7:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ESe41aUEAgm4mTvyAxeJw7K6t8c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/2b5fea-8f51-4ba1-bdcc-3ebcadabf0d8/1/ZAI0dytg4LLs8UV6XxBkQvAXbgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/2b5fea-8f51-4ba1-bdcc-3ebcadabf0d8/1/ESe41aUEAgm4mTvyAxeJw7K6t8c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.4.0/22
IPv6:
2a12:83c0::/29
Signature Algorithm: sha256WithRSAEncryption
cc:fe:4b:d4:4d:64:43:96:24:0f:90:85:ad:f8:33:c3:59:10:
e0:a2:65:05:2f:12:78:0e:a5:08:bf:cf:0e:82:49:9e:99:87:
43:c3:91:a9:2e:6a:d1:74:51:2a:56:70:98:bc:e6:f6:d6:d9:
54:96:8b:89:d5:76:23:67:00:cf:2d:23:33:6b:97:40:e3:4a:
6a:4e:a3:3f:a1:13:05:56:2f:04:6a:19:76:cb:fe:9c:02:74:
7a:ba:a9:5d:8e:c5:ca:23:c8:78:07:1a:8a:dd:ce:bd:ba:74:
1d:ac:f8:a9:ac:a8:af:7c:ed:5a:bf:83:dd:e1:2c:f9:16:4c:
e1:6a:00:c8:a1:6b:c2:d9:1c:95:12:da:a2:04:0d:b6:79:a1:
3e:cd:fe:d5:da:61:7d:46:f7:7c:0b:10:75:a1:44:da:03:78:
ca:22:3e:72:c8:f9:c0:6f:43:b6:d6:3c:d7:8c:b0:bf:d8:97:
7d:77:1e:b3:0e:00:9f:f8:25:60:76:e6:32:43:1c:0b:c5:7b:
42:14:a2:b5:f3:54:a0:2b:b0:4f:b7:15:f8:bb:ed:81:8c:f1:
f8:d5:3a:07:63:77:33:96:58:93:42:9d:3c:4c:43:a9:41:b5:
f6:d4:4c:0f:6c:f3:40:e9:f0:47:b4:67:5f:e3:93:53:d1:3c:
93:6a:e0:0f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuOL3ed8c2yw1JtBuIh5AKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMjdiOGQ1YTUwNDAyMDliODk5M2JmMjAzMTc4OWMzYjJi
YWI3YzcwHhcNMjMwMTAxMTY0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDAyMzQ3NzJiNjBlMGIyZWNmMTQ1N2E1ZjEwNjQ0MmYwMTc2ZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEV55Z1Alp8VhgBZQrIeSeaHmCQM
QIKrCIon/4CN6U/2F38QQnN0nLQ9vFbXJo50UN0zAEwAfdP1rskvj0YZ0iUc3BJb
ohy7m99jDm5KSyKjgs8dXAhwtMR9q/FAYEahsGwYecwdZfaBVr3NZD56OrHfGnvd
i/wv74cLcCgSs7C2ce1dc9IGaI9yge3qhSBJqatG74gL8EUCqD6oRM/6/dL2vpIz
tqAQ14xDmxgIyBvcKdIMTDz3BOjyHcX4ORbfEDaIGHmuoIc09ID6hzSZW8mU0t08
/bgyyuZ3jwpjfBBSvZ0xQilxp0AI/m4n2GniRZ9pbOTWnpdh27/BGlX4UwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGQCNHcrYOCy7PFFel8QZELwF24FMB8GA1UdIwQY
MBaAFBEnuNWlBAIJuJk78gMXicOyurfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVNlNDFhVUVBZ200bVR2eUF4ZUp3N0s2dDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yYjVmZWEtOGY1MS00YmExLWJkY2Mt
M2ViY2FkYWJmMGQ4LzEvWkFJMGR5dGc0TExzOFVWNlh4QmtRdkFYYmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yYjVmZWEtOGY1MS00YmExLWJkY2MtM2ViY2FkYWJmMGQ4
LzEvRVNlNDFhVUVBZ200bVR2eUF4ZUp3N0s2dDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYAEMA0E
AgACMAcDBQMqEoPAMA0GCSqGSIb3DQEBCwUAA4IBAQDM/kvUTWRDliQPkIWt+DPD
WRDgomUFLxJ4DqUIv88OgkmemYdDw5GpLmrRdFEqVnCYvOb21tlUlouJ1XYjZwDP
LSMza5dA40pqTqM/oRMFVi8Eahl2y/6cAnR6uqldjsXKI8h4BxqK3c69unQdrPip
rKivfO1av4Pd4Sz5FkzhagDIoWvC2RyVEtqiBA22eaE+zf7V2mF9Rvd8CxB1oUTa
A3jKIj5yyPnAb0O21jzXjLC/2Jd9dx6zDgCf+CVgduYyQxwLxXtCFKK181SgK7BP
txX4u+2BjPH41ToHY3czlliTQp08TEOpQbX21EwPbPNA6fBHtGdf45NT0TyTauAP
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:12:43 2025 by rpki-client