Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/452dd5-d0e4-4d4b-8ae6-1951345cea33/1/ZX8e8jEBd-EirL7OqqLOevivBWY.roa
File: ZX8e8jEBd-EirL7OqqLOevivBWY.roa (raw, json)
Hash identifier: Mo6XWNDrhApufWZ+xF6WBqjETIAoMDpguIgpJeTYk48=
Subject key identifier: 65:7F:1E:F2:31:01:77:E1:22:AC:BE:CE:AA:A2:CE:7A:F8:AF:05:66
Certificate issuer: /CN=a9a8e44e573c53c7192312fcc72150d2de377d6d
Certificate serial: 018A648F001D562D23991DC2F658264B4E7B
Authority key identifier: A9:A8:E4:4E:57:3C:53:C7:19:23:12:FC:C7:21:50:D2:DE:37:7D:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qajkTlc8U8cZIxL8xyFQ0t43fW0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/452dd5-d0e4-4d4b-8ae6-1951345cea33/1/ZX8e8jEBd-EirL7OqqLOevivBWY.roa
Signing time: Tue 05 Sep 2023 08:56:47 +0000
ROA not before: Tue 05 Sep 2023 08:56:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 14907
IP address blocks: 91.198.174.0/24 maxlen: 24
185.71.138.0/24 maxlen: 24
185.15.56.0/24 maxlen: 24
185.15.57.0/24 maxlen: 24
185.15.58.0/24 maxlen: 24
185.15.59.0/24 maxlen: 24
2a02:ec80:600::/48 maxlen: 48
2a02:ec80:300::/48 maxlen: 48
2001:67c:930::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:64:8f:00:1d:56:2d:23:99:1d:c2:f6:58:26:4b:4e:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9a8e44e573c53c7192312fcc72150d2de377d6d
Validity
Not Before: Sep 5 08:56:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=657f1ef2310177e122acbeceaaa2ce7af8af0566
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:08:8f:fe:18:9b:53:2c:af:4f:3d:67:28:b0:
c7:9f:e6:d7:5b:4b:4e:6d:f2:eb:15:6d:16:63:fe:
e1:82:d3:9b:1d:9d:5b:a8:d6:ef:9c:ec:8a:3a:86:
e3:6e:15:e0:30:5f:44:c5:60:48:d3:e0:1a:22:11:
4f:4b:94:94:f7:ee:2b:5e:05:1d:cf:bd:0a:d7:76:
32:72:45:ad:ea:1a:12:ff:c4:06:7a:4c:11:5c:89:
69:1c:63:a8:33:65:e5:6c:67:b9:0c:a5:0b:7d:20:
5e:f0:ab:12:13:b0:9a:34:f2:94:1f:68:59:23:78:
14:c9:86:56:13:89:1e:0a:85:d6:36:3e:1b:ec:20:
be:3e:e9:34:a9:17:d9:66:77:5e:4d:f9:3b:8b:ad:
1f:a2:33:89:a4:37:3d:e1:0e:ca:66:4d:18:a9:70:
40:18:d6:4a:96:f6:ec:85:a5:9b:1d:b3:79:b2:20:
ca:60:b1:41:f5:24:68:bd:1f:5c:61:40:5c:54:ff:
e3:8a:fc:7b:b7:e3:4c:13:62:09:8c:ad:82:6f:c1:
47:9c:f6:d6:d1:99:49:2d:49:57:bb:fb:f6:a6:d5:
07:0b:32:79:89:8a:4d:5d:3f:da:67:fa:e4:3e:cf:
82:c7:46:bb:11:41:45:38:f0:da:db:49:bb:5c:e8:
97:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:7F:1E:F2:31:01:77:E1:22:AC:BE:CE:AA:A2:CE:7A:F8:AF:05:66
X509v3 Authority Key Identifier:
keyid:A9:A8:E4:4E:57:3C:53:C7:19:23:12:FC:C7:21:50:D2:DE:37:7D:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qajkTlc8U8cZIxL8xyFQ0t43fW0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/452dd5-d0e4-4d4b-8ae6-1951345cea33/1/ZX8e8jEBd-EirL7OqqLOevivBWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/452dd5-d0e4-4d4b-8ae6-1951345cea33/1/qajkTlc8U8cZIxL8xyFQ0t43fW0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.174.0/24
185.15.56.0/22
185.71.138.0/24
IPv6:
2001:67c:930::/48
2a02:ec80:300::/48
2a02:ec80:600::/48
Signature Algorithm: sha256WithRSAEncryption
68:86:8d:07:e4:75:9f:cf:aa:ed:73:ea:f7:06:83:a2:d5:15:
a9:b8:50:c6:5f:3f:3f:e7:96:fb:80:89:b5:67:d8:4e:c4:77:
92:77:1a:21:02:f4:5d:0c:83:5d:a0:a8:25:4c:45:a4:84:70:
fc:5a:e1:30:7d:5f:21:cf:19:82:28:27:ab:8b:8b:28:85:60:
a8:7d:73:dc:b4:4a:8b:1b:ae:ed:a7:fa:f0:9a:4f:c6:58:87:
9d:76:0d:63:3c:85:b8:88:99:7e:be:41:65:52:f1:7f:92:9b:
7b:cd:10:b7:63:f1:2d:83:49:75:ff:86:2f:60:c8:97:ed:e3:
08:d1:6a:02:bd:28:ca:9c:48:e3:5f:b7:2f:24:1a:d1:ea:21:
1d:81:a9:1f:57:33:27:4f:58:a1:bd:c8:06:07:ca:15:f4:b5:
97:23:8c:b6:8f:91:ef:05:18:87:69:56:c0:5c:65:2e:b1:9d:
b9:53:b5:c3:00:ef:d0:fe:b0:d1:c3:a9:39:2d:86:fd:8a:4e:
6f:e9:f7:a0:85:3e:b4:8d:8d:f6:66:f5:71:64:c8:4c:32:e6:
ac:7b:3d:3d:af:c8:ad:a4:3a:ff:d0:3d:50:94:c2:34:3b:24:
af:6d:df:60:87:9c:41:aa:e6:3e:85:3e:68:42:cb:12:c1:90:
68:b4:1f:ea
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYpkjwAdVi0jmR3C9lgmS057MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YThlNDRlNTczYzUzYzcxOTIzMTJmY2M3MjE1MGQyZGUz
NzdkNmQwHhcNMjMwOTA1MDg1NjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTdmMWVmMjMxMDE3N2UxMjJhY2JlY2VhYWEyY2U3YWY4YWYwNTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgiP/hibUyyvTz1nKLDHn+bXW0tO
bfLrFW0WY/7hgtObHZ1bqNbvnOyKOobjbhXgMF9ExWBI0+AaIhFPS5SU9+4rXgUd
z70K13YyckWt6hoS/8QGekwRXIlpHGOoM2XlbGe5DKULfSBe8KsSE7CaNPKUH2hZ
I3gUyYZWE4keCoXWNj4b7CC+Puk0qRfZZndeTfk7i60fojOJpDc94Q7KZk0YqXBA
GNZKlvbshaWbHbN5siDKYLFB9SRovR9cYUBcVP/jivx7t+NME2IJjK2Cb8FHnPbW
0ZlJLUlXu/v2ptUHCzJ5iYpNXT/aZ/rkPs+Cx0a7EUFFOPDa20m7XOiXAwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFGV/HvIxAXfhIqy+zqqiznr4rwVmMB8GA1UdIwQY
MBaAFKmo5E5XPFPHGSMS/MchUNLeN31tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFqa1RsYzhVOGNaSXhMOHh5RlEwdDQzZlcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80NTJkZDUtZDBlNC00ZDRiLThhZTYt
MTk1MTM0NWNlYTMzLzEvWlg4ZThqRUJkLUVpckw3T3FxTE9ldml2QldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80NTJkZDUtZDBlNC00ZDRiLThhZTYtMTk1MTM0NWNlYTMz
LzEvcWFqa1RsYzhVOGNaSXhMOHh5RlEwdDQzZlcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAYBAIAATASAwQAW8auAwQC
uQ84AwQAuUeKMCEEAgACMBsDBwAgAQZ8CTADBwAqAuyAAwADBwAqAuyABgAwDQYJ
KoZIhvcNAQELBQADggEBAGiGjQfkdZ/Pqu1z6vcGg6LVFam4UMZfPz/nlvuAibVn
2E7Ed5J3GiEC9F0Mg12gqCVMRaSEcPxa4TB9XyHPGYIoJ6uLiyiFYKh9c9y0Sosb
ru2n+vCaT8ZYh512DWM8hbiImX6+QWVS8X+Sm3vNELdj8S2DSXX/hi9gyJft4wjR
agK9KMqcSONfty8kGtHqIR2BqR9XMydPWKG9yAYHyhX0tZcjjLaPke8FGIdpVsBc
ZS6xnblTtcMA79D+sNHDqTkthv2KTm/p96CFPrSNjfZm9XFkyEwy5qx7PT2vyK2k
Ov/QPVCUwjQ7JK9t32CHnEGq5j6FPmhCyxLBkGi0H+o=
-----END CERTIFICATE-----
Generated at Sun Jun 8 12:44:26 2025 by rpki-client