Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/en9ivK5gv69ixNlhnwi76cgYpdc.roa
File: en9ivK5gv69ixNlhnwi76cgYpdc.roa (raw, json)
Hash identifier: 6DUiI9Dnrb3kiHKYCZYCfmWsYP/vRvEltpqqtUZpZT8=
Subject key identifier: 7A:7F:62:BC:AE:60:BF:AF:62:C4:D9:61:9F:08:BB:E9:C8:18:A5:D7
Certificate issuer: /CN=f2d593b1c87b81739ec41910295bf385f2c9a992
Certificate serial: 01888B6108982A165B19FB9CA0166868A9E9
Authority key identifier: F2:D5:93:B1:C8:7B:81:73:9E:C4:19:10:29:5B:F3:85:F2:C9:A9:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8tWTsch7gXOexBkQKVvzhfLJqZI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/en9ivK5gv69ixNlhnwi76cgYpdc.roa
Signing time: Mon 05 Jun 2023 11:46:12 +0000
ROA not before: Mon 05 Jun 2023 11:46:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210892
IP address blocks: 79.135.124.0/24 maxlen: 24
79.135.125.0/24 maxlen: 24
79.135.126.0/24 maxlen: 24
5.1.45.0/24 maxlen: 24
79.135.127.0/24 maxlen: 24
109.224.223.0/24 maxlen: 24
109.224.232.0/24 maxlen: 24
2a11:2b07:f003::/48 maxlen: 48
2a11:2b07:f000::/48 maxlen: 48
2a11:2b07:f002::/48 maxlen: 48
2a11:2b07:f001::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8b:61:08:98:2a:16:5b:19:fb:9c:a0:16:68:68:a9:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f2d593b1c87b81739ec41910295bf385f2c9a992
Validity
Not Before: Jun 5 11:46:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7a7f62bcae60bfaf62c4d9619f08bbe9c818a5d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:8c:f1:35:66:94:e9:46:1f:26:33:e9:0f:e6:
f3:0e:fc:38:c4:d2:c5:ed:5f:fc:4f:90:73:cc:38:
03:5e:81:17:0d:c8:05:8e:f5:77:cf:6e:14:8d:e1:
d9:54:b2:74:21:75:6f:91:05:7e:07:36:e7:f3:e7:
1e:c8:3c:bf:c3:af:d1:06:f0:f1:f0:95:47:4d:fd:
a4:b9:a8:1f:c4:88:80:62:aa:ae:57:ba:30:ed:ce:
49:be:e9:b4:21:de:23:52:e9:0a:bf:af:06:ac:62:
af:0f:55:e4:0d:e7:c3:85:40:42:5c:a0:33:75:d0:
12:62:e0:d1:57:3c:9d:34:2f:3a:99:fa:71:36:40:
7a:30:c8:c0:95:da:4f:3c:89:82:19:04:9b:04:cf:
0d:f2:b5:1a:58:77:3c:7f:c6:17:f7:db:76:09:ae:
14:a0:d8:66:e7:03:cb:3e:47:6e:b2:0a:e2:51:e7:
0a:e4:22:35:28:e7:5c:e0:9d:4d:07:ec:80:c2:4e:
8c:c8:ef:a7:00:6c:0f:71:42:f1:3d:b6:21:37:2d:
52:fb:cf:8d:f1:40:22:91:ca:d8:3b:eb:1d:d1:57:
60:40:9a:c6:78:38:ee:bd:24:78:24:63:2b:82:55:
24:1d:83:2c:24:ed:ac:59:24:85:6f:9c:40:36:71:
38:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:7F:62:BC:AE:60:BF:AF:62:C4:D9:61:9F:08:BB:E9:C8:18:A5:D7
X509v3 Authority Key Identifier:
keyid:F2:D5:93:B1:C8:7B:81:73:9E:C4:19:10:29:5B:F3:85:F2:C9:A9:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8tWTsch7gXOexBkQKVvzhfLJqZI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/en9ivK5gv69ixNlhnwi76cgYpdc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/8tWTsch7gXOexBkQKVvzhfLJqZI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.45.0/24
79.135.124.0/22
109.224.223.0/24
109.224.232.0/24
IPv6:
2a11:2b07:f000::/46
Signature Algorithm: sha256WithRSAEncryption
41:ff:a3:36:16:30:55:51:89:92:d2:c7:19:68:6f:1b:82:08:
08:7e:17:a6:fb:9f:16:27:51:18:8a:5f:50:24:80:59:3a:2f:
06:fd:9d:8f:a4:38:c0:ef:1b:53:fa:b3:79:9b:28:29:1b:92:
30:e5:37:25:94:53:2b:6b:78:92:74:53:f7:67:70:6f:ed:67:
b6:37:c2:2d:2d:7c:de:6d:da:1f:a8:c8:f2:d1:96:c3:b3:50:
e2:95:a9:53:8d:54:03:00:51:94:fa:1f:f4:d4:9a:59:7f:7a:
1e:87:c3:55:f8:56:4d:ea:28:67:7f:41:3d:3b:78:34:7e:cb:
b9:05:c0:d6:47:cd:c1:0a:77:ea:98:18:5a:c0:5e:61:c6:d4:
9b:ac:5a:cc:49:f3:2d:1c:f5:44:26:14:e0:11:d2:ff:b7:42:
5d:de:5b:41:73:65:94:7c:8a:14:f0:d6:9d:e3:c8:17:97:d7:
aa:aa:c5:1e:33:d3:8c:2b:40:ac:8b:87:3c:ef:e6:d8:ef:09:
48:63:46:85:9b:ef:f6:9b:a0:a5:2e:68:ce:ca:bb:45:e2:12:
25:b2:59:ab:f6:b8:91:62:5b:de:53:6f:ed:ea:56:3b:ad:11:
26:76:48:a2:7d:ed:84:a8:f8:10:9b:1f:7f:9c:a4:2c:b7:28:
0b:68:87:50
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYiLYQiYKhZbGfucoBZoaKnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZDU5M2IxYzg3YjgxNzM5ZWM0MTkxMDI5NWJmMzg1ZjJj
OWE5OTIwHhcNMjMwNjA1MTE0NjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTdmNjJiY2FlNjBiZmFmNjJjNGQ5NjE5ZjA4YmJlOWM4MThhNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiozxNWaU6UYfJjPpD+bzDvw4xNLF
7V/8T5BzzDgDXoEXDcgFjvV3z24UjeHZVLJ0IXVvkQV+Bzbn8+ceyDy/w6/RBvDx
8JVHTf2kuagfxIiAYqquV7ow7c5Jvum0Id4jUukKv68GrGKvD1XkDefDhUBCXKAz
ddASYuDRVzydNC86mfpxNkB6MMjAldpPPImCGQSbBM8N8rUaWHc8f8YX99t2Ca4U
oNhm5wPLPkdusgriUecK5CI1KOdc4J1NB+yAwk6MyO+nAGwPcULxPbYhNy1S+8+N
8UAikcrYO+sd0VdgQJrGeDjuvSR4JGMrglUkHYMsJO2sWSSFb5xANnE4HwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFHp/YryuYL+vYsTZYZ8Iu+nIGKXXMB8GA1UdIwQY
MBaAFPLVk7HIe4FznsQZEClb84XyyamSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHRXVHNjaDdnWE9leEJrUUtWdnpoZkxKcVpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85MzkxYTYtZGQzZi00OTMzLTlkYTIt
OWI4ZDY4ZWU4N2ZjLzEvZW45aXZLNWd2NjlpeE5saG53aTc2Y2dZcGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85MzkxYTYtZGQzZi00OTMzLTlkYTItOWI4ZDY4ZWU4N2Zj
LzEvOHRXVHNjaDdnWE9leEJrUUtWdnpoZkxKcVpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQABQEtAwQC
T4d8AwQAbeDfAwQAbeDoMA8EAgACMAkDBwIqESsH8AAwDQYJKoZIhvcNAQELBQAD
ggEBAEH/ozYWMFVRiZLSxxlobxuCCAh+F6b7nxYnURiKX1AkgFk6Lwb9nY+kOMDv
G1P6s3mbKCkbkjDlNyWUUytreJJ0U/dncG/tZ7Y3wi0tfN5t2h+oyPLRlsOzUOKV
qVONVAMAUZT6H/TUmll/eh6Hw1X4Vk3qKGd/QT07eDR+y7kFwNZHzcEKd+qYGFrA
XmHG1JusWsxJ8y0c9UQmFOAR0v+3Ql3eW0FzZZR8ihTw1p3jyBeX16qqxR4z04wr
QKyLhzzv5tjvCUhjRoWb7/aboKUuaM7Ku0XiEiWyWav2uJFiW95Tb+3qVjutESZ2
SKJ97YSo+BCbH3+cpCy3KAtoh1A=
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:50:13 2025 by rpki-client