Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ZMkwp7OpbrBm3lFjmcHBdmx_yS8.roa
File: ZMkwp7OpbrBm3lFjmcHBdmx_yS8.roa (raw, json)
Hash identifier: x5djinNW3VOeCQXxlgddK/l3agApPufZ/XVRgO8rOqM=
Subject key identifier: 64:C9:30:A7:B3:A9:6E:B0:66:DE:51:63:99:C1:C1:76:6C:7F:C9:2F
Certificate issuer: /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial: 01856D941C590A7A4B470F81084D9263CF71
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ZMkwp7OpbrBm3lFjmcHBdmx_yS8.roa
Signing time: Sun 01 Jan 2023 13:45:01 +0000
ROA not before: Sun 01 Jan 2023 13:45:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 400377
IP address blocks: 85.158.150.0/24 maxlen: 24
5.178.0.0/24 maxlen: 24
5.178.1.0/24 maxlen: 24
5.178.4.0/24 maxlen: 24
5.178.6.0/24 maxlen: 24
5.178.7.0/24 maxlen: 24
5.178.5.0/24 maxlen: 24
37.128.202.0/24 maxlen: 24
37.128.200.0/24 maxlen: 24
37.128.201.0/24 maxlen: 24
37.128.203.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:94:1c:59:0a:7a:4b:47:0f:81:08:4d:92:63:cf:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Validity
Not Before: Jan 1 13:45:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=64c930a7b3a96eb066de516399c1c1766c7fc92f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:d8:f4:55:2b:77:e1:3f:59:fe:1a:c5:59:fb:
c9:53:3c:0d:a2:c6:ad:71:d3:3d:1d:6a:6c:fd:0c:
37:f2:89:f9:7b:bb:6c:34:99:43:aa:16:97:a9:02:
95:1e:da:aa:63:67:a6:81:f0:96:39:cf:4b:f6:b0:
72:fa:ae:dc:07:3e:04:64:95:90:f9:02:66:1b:ad:
d9:98:dc:a5:37:fc:03:54:ba:7c:92:1e:7f:5c:39:
f4:04:88:91:7d:07:0d:34:04:40:9e:6c:df:43:d0:
72:07:f1:db:1c:c2:83:00:c6:96:9f:12:ea:d9:2c:
3a:f7:3f:f3:74:48:cd:c4:77:f6:b3:c4:1e:38:10:
5a:7b:16:49:dd:fc:58:37:12:28:c5:27:24:86:13:
d7:44:63:ac:5b:c7:b5:ee:a1:89:c2:87:12:3e:ba:
ae:b7:06:87:f8:c1:05:84:98:6c:7b:fb:d6:52:dd:
9c:a3:2c:89:16:7b:f3:c6:85:ad:f0:f0:49:3c:ea:
3f:e5:3b:55:c6:5c:26:b6:b0:69:7b:92:3b:47:81:
2e:cd:37:cd:c4:30:99:be:05:b2:ff:89:db:55:c2:
24:94:c8:7c:eb:f3:99:42:8c:0f:43:bc:d4:3d:42:
85:91:3a:e3:9e:6d:97:cb:ba:cd:ad:43:40:6e:9a:
0c:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:C9:30:A7:B3:A9:6E:B0:66:DE:51:63:99:C1:C1:76:6C:7F:C9:2F
X509v3 Authority Key Identifier:
keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ZMkwp7OpbrBm3lFjmcHBdmx_yS8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.178.0.0/23
5.178.4.0/22
37.128.200.0/22
85.158.150.0/24
Signature Algorithm: sha256WithRSAEncryption
ba:c6:90:91:67:30:14:08:3c:ab:f4:53:bc:4d:dd:29:89:45:
7b:09:06:44:fe:10:60:c4:bf:e4:db:23:ea:34:56:7d:91:b3:
46:e2:eb:b1:45:71:bd:c4:11:a7:3f:59:0f:d9:f9:2f:4f:63:
08:96:06:ad:ea:f0:45:dd:5e:b4:60:7c:bd:bc:ab:b7:eb:a6:
2f:03:44:16:bc:7d:fe:49:9c:cf:83:06:29:94:f8:a3:33:c0:
b4:07:8e:ba:16:42:77:17:b9:da:2b:ea:c2:0b:01:f3:ac:ad:
af:34:cf:5f:88:6c:26:8c:cc:e5:e6:bb:22:b3:af:9c:75:f5:
06:2c:64:79:85:ba:ee:49:10:60:19:ee:d1:0e:9a:24:0b:b8:
4d:97:81:8b:39:f8:ad:70:ba:54:cd:c7:6f:56:79:94:ae:7f:
9b:3b:14:76:56:29:2d:0e:a6:55:db:84:ea:03:af:0e:b5:07:
36:4f:92:e7:1a:0e:39:7b:09:b4:37:1b:87:06:bc:5f:3c:ec:
2e:1b:ff:f3:73:5c:87:32:f9:d4:95:30:cf:7d:c7:d1:0c:18:
e1:8c:0a:bd:ef:70:bf:fb:7d:75:77:d9:d1:8e:9f:aa:4c:3a:
2e:aa:4d:9e:03:5f:9d:17:04:f5:17:d5:6b:7e:7b:27:d6:c7:
31:a6:c5:c7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtlBxZCnpLRw+BCE2SY89xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjMwMTAxMTM0NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGM5MzBhN2IzYTk2ZWIwNjZkZTUxNjM5OWMxYzE3NjZjN2ZjOTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNj0VSt34T9Z/hrFWfvJUzwNosat
cdM9HWps/Qw38on5e7tsNJlDqhaXqQKVHtqqY2emgfCWOc9L9rBy+q7cBz4EZJWQ
+QJmG63ZmNylN/wDVLp8kh5/XDn0BIiRfQcNNARAnmzfQ9ByB/HbHMKDAMaWnxLq
2Sw69z/zdEjNxHf2s8QeOBBaexZJ3fxYNxIoxSckhhPXRGOsW8e17qGJwocSPrqu
twaH+MEFhJhse/vWUt2coyyJFnvzxoWt8PBJPOo/5TtVxlwmtrBpe5I7R4EuzTfN
xDCZvgWy/4nbVcIklMh86/OZQowPQ7zUPUKFkTrjnm2Xy7rNrUNAbpoMtwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGTJMKezqW6wZt5RY5nBwXZsf8kvMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvWk1rd3A3T3BickJtM2xGam1jSEJkbXhfeVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBBbIAAwQC
BbIEAwQCJYDIAwQAVZ6WMA0GCSqGSIb3DQEBCwUAA4IBAQC6xpCRZzAUCDyr9FO8
Td0piUV7CQZE/hBgxL/k2yPqNFZ9kbNG4uuxRXG9xBGnP1kP2fkvT2MIlgat6vBF
3V60YHy9vKu366YvA0QWvH3+SZzPgwYplPijM8C0B466FkJ3F7naK+rCCwHzrK2v
NM9fiGwmjMzl5rsis6+cdfUGLGR5hbruSRBgGe7RDpokC7hNl4GLOfitcLpUzcdv
VnmUrn+bOxR2ViktDqZV24TqA68OtQc2T5LnGg45ewm0NxuHBrxfPOwuG//zc1yH
MvnUlTDPfcfRDBjhjAq973C/+311d9nRjp+qTDouqk2eA1+dFwT1F9Vrfnsn1scx
psXH
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:37:42 2025 by rpki-client