Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/HI5nTR0EmN5iRiq3iNnijdxPYZg.roa
File: HI5nTR0EmN5iRiq3iNnijdxPYZg.roa (raw, json)
Hash identifier: aaNhvWlgcy9+kcJlogy1ehYdnGMYSa/N3slqmOr4vyY=
Subject key identifier: 1C:8E:67:4D:1D:04:98:DE:62:46:2A:B7:88:D9:E2:8D:DC:4F:61:98
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 018870D54465AA6CE8D87E7DEEB99D26EB18
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/HI5nTR0EmN5iRiq3iNnijdxPYZg.roa
Signing time: Wed 31 May 2023 08:03:24 +0000
ROA not before: Wed 31 May 2023 08:03:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57169
IP address blocks: 192.71.233.0/24 maxlen: 24
192.36.38.0/24 maxlen: 24
192.121.163.0/24 maxlen: 24
192.36.39.0/24 maxlen: 24
192.36.41.0/24 maxlen: 24
192.71.247.0/24 maxlen: 24
192.121.170.0/24 maxlen: 24
192.36.56.0/24 maxlen: 24
192.36.61.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:70:d5:44:65:aa:6c:e8:d8:7e:7d:ee:b9:9d:26:eb:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: May 31 08:03:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c8e674d1d0498de62462ab788d9e28ddc4f6198
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:16:2c:59:41:a4:3a:e8:51:15:60:30:88:26:
48:c0:ea:a5:0a:fb:13:d4:40:c2:f5:d9:a0:60:54:
a3:aa:9e:51:5b:34:0d:f1:b1:10:bd:1c:17:e3:c4:
3c:5f:d6:4b:72:fa:13:d3:b3:26:4e:7b:42:a8:e7:
ae:f3:9d:a7:25:e1:44:db:da:e5:58:24:ee:43:df:
e3:2d:1e:c4:09:a0:dd:b7:71:64:b1:00:75:8b:fe:
7b:e6:2c:27:ca:3c:8f:4b:70:c6:4c:3b:84:bc:11:
b4:52:6a:2d:c7:a5:a1:b1:d2:12:a0:d7:d8:0a:37:
d0:7a:26:a8:7a:77:6c:15:4e:00:20:e0:e2:73:09:
1c:10:ec:07:0a:2f:b3:4d:74:04:ca:bc:83:87:4c:
b5:8c:85:49:8a:95:4e:09:70:ec:ac:ca:5d:88:63:
5e:90:65:dc:3b:6c:0e:dc:e6:c9:10:2e:63:49:2b:
04:3a:b2:21:18:44:2a:aa:b1:e3:68:b5:f7:90:55:
df:a9:03:fc:11:ec:0c:ff:40:14:26:8b:e6:09:bd:
64:cb:ee:a0:2d:05:db:b3:96:a4:db:fe:df:0b:5d:
d5:26:90:c6:1d:0a:55:d2:ae:32:42:bd:de:29:f4:
00:9a:9e:51:72:67:2b:7c:2b:a3:64:e2:f4:d7:88:
c7:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:8E:67:4D:1D:04:98:DE:62:46:2A:B7:88:D9:E2:8D:DC:4F:61:98
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/HI5nTR0EmN5iRiq3iNnijdxPYZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.38.0/23
192.36.41.0/24
192.36.56.0/24
192.36.61.0/24
192.71.233.0/24
192.71.247.0/24
192.121.163.0/24
192.121.170.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:51:83:5d:73:01:15:c5:0a:af:57:ca:28:09:61:fe:58:df:
62:46:e9:f5:cc:4b:19:99:bb:05:21:e1:b9:0e:2e:71:55:38:
a6:4e:5a:01:e9:9c:04:ba:c1:b3:c1:54:6b:4a:ff:47:04:70:
df:3b:78:76:36:65:01:1f:fb:7f:22:a9:03:35:58:54:50:67:
5f:8d:46:d2:3e:19:17:39:11:0e:df:94:26:db:66:54:49:4b:
5f:0e:f3:b8:6c:db:90:ce:70:d2:11:8a:5b:3c:55:ce:3d:60:
85:14:4f:ad:1a:cc:c2:64:ee:f2:ff:3e:49:cb:98:bf:1c:f6:
3e:62:0f:ee:f4:e5:b5:12:fd:9a:07:fb:d7:94:d7:97:bc:16:
f3:01:4c:40:38:d7:f2:e8:57:16:40:39:cb:76:4e:94:93:c8:
32:d9:8a:21:54:42:33:25:60:28:54:0f:95:cd:d9:cb:fb:50:
43:7b:06:d5:9b:fa:8b:05:aa:cf:b6:6a:4d:74:b5:d1:08:76:
ad:85:2c:c9:ca:f1:99:e9:15:ed:99:67:eb:45:9c:6e:93:d7:
a7:e3:6c:f2:00:79:54:f1:58:59:9e:75:f5:90:4f:9d:b6:f1:
6d:13:41:9c:aa:fe:d0:2b:6c:18:df:53:0e:cb:80:e0:5c:b9:
a6:c7:d0:a1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYhw1URlqmzo2H597rmdJusYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjMwNTMxMDgwMzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhlNjc0ZDFkMDQ5OGRlNjI0NjJhYjc4OGQ5ZTI4ZGRjNGY2MTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBYsWUGkOuhRFWAwiCZIwOqlCvsT
1EDC9dmgYFSjqp5RWzQN8bEQvRwX48Q8X9ZLcvoT07MmTntCqOeu852nJeFE29rl
WCTuQ9/jLR7ECaDdt3FksQB1i/575iwnyjyPS3DGTDuEvBG0Umotx6WhsdISoNfY
CjfQeiaoendsFU4AIODicwkcEOwHCi+zTXQEyryDh0y1jIVJipVOCXDsrMpdiGNe
kGXcO2wO3ObJEC5jSSsEOrIhGEQqqrHjaLX3kFXfqQP8EewM/0AUJovmCb1ky+6g
LQXbs5ak2/7fC13VJpDGHQpV0q4yQr3eKfQAmp5RcmcrfCujZOL014jHdwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFByOZ00dBJjeYkYqt4jZ4o3cT2GYMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvSEk1blRSMEVtTjVpUmlxM2lObmlqZHhQWVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBwCQmAwQA
wCQpAwQAwCQ4AwQAwCQ9AwQAwEfpAwQAwEf3AwQAwHmjAwQAwHmqMA0GCSqGSIb3
DQEBCwUAA4IBAQCOUYNdcwEVxQqvV8ooCWH+WN9iRun1zEsZmbsFIeG5Di5xVTim
TloB6ZwEusGzwVRrSv9HBHDfO3h2NmUBH/t/IqkDNVhUUGdfjUbSPhkXOREO35Qm
22ZUSUtfDvO4bNuQznDSEYpbPFXOPWCFFE+tGszCZO7y/z5Jy5i/HPY+Yg/u9OW1
Ev2aB/vXlNeXvBbzAUxAONfy6FcWQDnLdk6Uk8gy2YohVEIzJWAoVA+VzdnL+1BD
ewbVm/qLBarPtmpNdLXRCHathSzJyvGZ6RXtmWfrRZxuk9en42zyAHlU8VhZnnX1
kE+dtvFtE0Gcqv7QK2wY31MOy4DgXLmmx9Ch
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:10:13 2025 by rpki-client