Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/JHZ93nLYe-etTWXh0UvctWGsx0s.roa
File: JHZ93nLYe-etTWXh0UvctWGsx0s.roa (raw, json)
Hash identifier: Bf87MPDfqDvJkl0HiVs9QGZMzbL8ie0SkTBMYvUgE1Q=
Subject key identifier: 24:76:7D:DE:72:D8:7B:E7:AD:4D:65:E1:D1:4B:DC:B5:61:AC:C7:4B
Certificate issuer: /CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
Certificate serial: 018573686C788FAEEF5F7C96354B84A7196D
Authority key identifier: 00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/JHZ93nLYe-etTWXh0UvctWGsx0s.roa
Signing time: Mon 02 Jan 2023 16:55:01 +0000
ROA not before: Mon 02 Jan 2023 16:55:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31400
IP address blocks: 194.126.196.0/24 maxlen: 24
2a03:2902::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:68:6c:78:8f:ae:ef:5f:7c:96:35:4b:84:a7:19:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
Validity
Not Before: Jan 2 16:55:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=24767dde72d87be7ad4d65e1d14bdcb561acc74b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:6b:49:a5:e0:8d:f2:30:b8:10:f5:b4:61:6c:
57:83:ee:37:1a:f0:6f:28:ea:b3:bd:0a:59:1d:08:
b3:b7:94:b8:99:93:cc:3d:26:06:66:a3:5a:9c:99:
be:ad:a0:92:a9:94:20:6a:40:d8:98:9d:f9:d4:7e:
6a:d4:c7:b1:c3:97:66:11:0b:12:2a:65:a2:31:96:
44:52:90:d2:d4:72:d8:3b:51:be:a3:49:e9:f6:0d:
df:ee:42:0d:80:39:3c:60:50:35:7d:7f:27:43:d1:
d0:31:99:12:c7:c7:68:79:14:30:e4:ce:1c:3e:65:
94:49:ea:ea:87:6f:c6:88:f1:ff:c2:d9:82:0d:b2:
2a:ec:89:e1:09:7c:50:06:20:36:4e:9e:2e:b8:c2:
5f:7a:95:11:2d:92:71:08:5b:92:2b:f2:8a:b1:74:
3d:4f:be:fa:51:39:48:19:e3:cb:ad:d6:7d:8e:e4:
d3:a6:4a:43:02:e9:a9:d8:0c:b8:72:2a:22:12:32:
ae:87:88:48:ed:39:b9:b6:46:37:43:9e:63:b7:66:
72:33:3c:24:26:6f:35:5a:f9:b6:2c:bb:e3:e4:e9:
ab:2c:58:e3:6e:0e:be:66:65:ca:62:9d:3c:b7:26:
86:18:5a:45:f9:86:fb:90:c2:e6:18:47:72:35:8a:
09:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:76:7D:DE:72:D8:7B:E7:AD:4D:65:E1:D1:4B:DC:B5:61:AC:C7:4B
X509v3 Authority Key Identifier:
keyid:00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/JHZ93nLYe-etTWXh0UvctWGsx0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.126.196.0/24
IPv6:
2a03:2902::/32
Signature Algorithm: sha256WithRSAEncryption
2c:95:6b:8d:8f:26:2d:56:73:1f:41:c6:ff:51:dd:22:62:fe:
8b:4a:cb:8f:e0:61:55:82:6c:94:4f:9b:63:c8:f9:75:10:d0:
a5:42:c0:d5:81:43:8d:99:1d:21:41:73:ed:72:cb:1c:e4:61:
97:07:99:0a:4a:33:0a:30:1c:c7:5d:1c:f0:d1:48:3c:90:4f:
3f:7e:bd:c5:c3:33:50:17:30:f8:18:d4:d7:1a:4c:ef:c4:66:
6d:3f:eb:74:2d:bf:35:a3:89:25:42:1a:f8:ec:e9:b0:a8:40:
df:d5:ef:07:01:43:e5:00:ed:26:c4:61:6e:86:9e:db:1c:a1:
78:10:2e:f4:3c:d3:3f:a6:bd:be:0f:b9:da:c9:b4:42:10:f7:
f8:9f:cb:48:f4:63:d6:18:8e:77:a8:03:b2:60:8f:73:70:b3:
1a:5b:c0:ab:9f:96:1e:77:76:ac:3d:4f:94:63:f2:2f:36:9a:
e8:03:b6:41:a1:ae:d6:94:0e:88:e8:62:dd:35:8a:b8:52:a7:
e7:1d:21:21:0e:a4:93:43:c8:83:c3:41:3c:c4:60:63:6f:22:
68:e9:8b:b6:68:53:77:75:0f:0f:97:cb:0b:65:c2:17:0d:ef:
46:7b:11:bf:4c:30:71:98:93:f4:f2:6b:33:6a:71:7a:c8:cb:
b1:1d:94:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVzaGx4j67vX3yWNUuEpxltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNWZmOWNjODljNjZhOGEzYTVkNzM0YTBkNjVjNjFmZGM4
NTE4YmUwHhcNMjMwMTAyMTY1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDc2N2RkZTcyZDg3YmU3YWQ0ZDY1ZTFkMTRiZGNiNTYxYWNjNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWtJpeCN8jC4EPW0YWxXg+43GvBv
KOqzvQpZHQizt5S4mZPMPSYGZqNanJm+raCSqZQgakDYmJ351H5q1Mexw5dmEQsS
KmWiMZZEUpDS1HLYO1G+o0np9g3f7kINgDk8YFA1fX8nQ9HQMZkSx8doeRQw5M4c
PmWUSerqh2/GiPH/wtmCDbIq7InhCXxQBiA2Tp4uuMJfepURLZJxCFuSK/KKsXQ9
T776UTlIGePLrdZ9juTTpkpDAump2Ay4cioiEjKuh4hI7Tm5tkY3Q55jt2ZyMzwk
Jm81Wvm2LLvj5OmrLFjjbg6+ZmXKYp08tyaGGFpF+Yb7kMLmGEdyNYoJ3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCR2fd5y2HvnrU1l4dFL3LVhrMdLMB8GA1UdIwQY
MBaAFABf+cyJxmqKOl1zSg1lxh/chRi+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTkt
MGUyZDY5N2IyN2UzLzEvSkhaOTNuTFllLWV0VFdYaDBVdmN0V0dzeDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTktMGUyZDY5N2IyN2Uz
LzEvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwn7EMA0E
AgACMAcDBQAqAykCMA0GCSqGSIb3DQEBCwUAA4IBAQAslWuNjyYtVnMfQcb/Ud0i
Yv6LSsuP4GFVgmyUT5tjyPl1ENClQsDVgUONmR0hQXPtcssc5GGXB5kKSjMKMBzH
XRzw0Ug8kE8/fr3FwzNQFzD4GNTXGkzvxGZtP+t0Lb81o4klQhr47OmwqEDf1e8H
AUPlAO0mxGFuhp7bHKF4EC70PNM/pr2+D7naybRCEPf4n8tI9GPWGI53qAOyYI9z
cLMaW8Crn5Yed3asPU+UY/IvNproA7ZBoa7WlA6I6GLdNYq4UqfnHSEhDqSTQ8iD
w0E8xGBjbyJo6Yu2aFN3dQ8Pl8sLZcIXDe9GexG/TDBxmJP08mszanF6yMuxHZRg
-----END CERTIFICATE-----
Generated at Tue Apr 8 09:41:45 2025 by rpki-client