Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/CAHqczfCZFRhlZNij7Awlas8Vhs.roa
File: CAHqczfCZFRhlZNij7Awlas8Vhs.roa (raw, json)
Hash identifier: CnYewypmhRRMRgJuOSNdFbihs7S5ixC4g5PxBYif8vo=
Subject key identifier: 08:01:EA:73:37:C2:64:54:61:95:93:62:8F:B0:30:95:AB:3C:56:1B
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 018804AF7D4A77DBB74C011EB3E11241B9B6
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/CAHqczfCZFRhlZNij7Awlas8Vhs.roa
Signing time: Wed 10 May 2023 08:03:09 +0000
ROA not before: Wed 10 May 2023 08:03:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 45.155.254.0/24 maxlen: 24
185.199.212.0/24 maxlen: 24
185.199.213.0/24 maxlen: 24
45.157.210.0/24 maxlen: 24
45.157.209.0/24 maxlen: 24
185.199.148.0/24 maxlen: 24
185.199.149.0/24 maxlen: 24
45.155.252.0/24 maxlen: 24
185.226.180.0/24 maxlen: 24
45.155.253.0/24 maxlen: 24
194.146.92.0/24 maxlen: 24
185.225.170.0/24 maxlen: 24
185.225.171.0/24 maxlen: 24
79.98.246.0/24 maxlen: 24
79.98.247.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:04:af:7d:4a:77:db:b7:4c:01:1e:b3:e1:12:41:b9:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: May 10 08:03:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0801ea7337c26454619593628fb03095ab3c561b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:4d:de:a1:58:e5:f5:a0:bc:20:b8:43:fe:3b:
d0:1f:f0:5a:27:cf:9c:f1:ca:3a:08:98:5a:b8:b4:
b4:7b:c3:0f:20:1f:24:1f:32:93:fb:e3:8e:c4:06:
7c:5d:24:0e:4b:ea:6a:78:08:8a:ba:66:85:55:74:
d1:49:a1:3d:49:9b:e1:26:77:8b:d0:35:a3:7e:9e:
e8:a9:94:09:9d:0f:6e:46:0b:f4:6d:ad:37:94:b7:
fe:e9:cc:42:10:8e:ac:b4:22:d0:06:5e:15:4f:01:
94:90:8c:00:d2:75:72:40:18:50:58:cb:fe:80:b3:
6e:f4:2c:86:5c:cb:4c:ff:8a:6d:36:b7:88:df:2e:
60:1f:61:9a:a1:73:24:f5:03:55:82:9d:e8:25:3b:
5b:ce:3e:98:8f:35:46:aa:da:75:1f:7a:b5:a0:98:
7c:e8:bf:74:06:e8:0e:48:c8:41:9a:d6:14:42:30:
e7:06:05:c5:cb:fe:d0:71:36:40:d4:04:09:26:58:
66:ca:8d:70:c9:b5:05:86:e3:18:56:26:44:31:3d:
97:30:26:10:59:98:0d:1d:49:0f:b6:e4:d4:0d:ae:
00:c1:01:fc:bf:be:ef:54:7a:c5:99:00:2b:2c:0f:
65:1a:62:7e:e6:48:15:82:98:a1:5c:76:9a:62:f3:
44:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:01:EA:73:37:C2:64:54:61:95:93:62:8F:B0:30:95:AB:3C:56:1B
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/CAHqczfCZFRhlZNij7Awlas8Vhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.155.252.0-45.155.254.255
45.157.209.0-45.157.210.255
79.98.246.0/23
185.199.148.0/23
185.199.212.0/23
185.225.170.0/23
185.226.180.0/24
194.146.92.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:1d:e7:af:e0:9f:f6:42:ac:11:06:b6:86:15:44:d0:b4:c1:
0e:14:fd:af:bc:19:e9:e7:1d:9a:85:d2:ef:42:8c:09:bb:6f:
ce:e8:e9:04:87:78:81:33:5b:27:f6:38:28:88:45:11:ac:2e:
3c:16:f9:f9:03:1c:eb:41:da:83:46:f8:67:2d:00:56:3b:7c:
f5:62:42:d0:b5:21:d8:fa:0d:44:e8:f7:7e:47:46:13:1a:64:
97:d2:5f:2a:fe:70:b6:49:ef:30:84:38:8a:dd:27:bb:14:e8:
dc:25:e2:61:da:e2:0d:62:28:20:54:52:a1:6a:57:e5:5a:7c:
1b:52:5f:f2:29:b3:1f:e5:fd:16:a8:e3:73:12:1d:3b:f9:15:
64:3c:56:c7:4c:0b:53:d4:7e:f5:c9:60:2b:40:88:1b:11:86:
f1:5a:89:e5:62:75:9c:0b:8b:8c:4a:d0:fb:fe:b7:9c:23:f2:
d4:8f:3c:75:b8:44:87:75:97:7a:9e:0e:fc:9a:b2:68:9c:50:
16:d1:4d:70:7a:42:a2:f1:98:d7:6a:88:8f:45:87:c7:29:21:
09:f3:81:bb:63:af:e3:82:16:05:0f:ee:ab:dc:46:cb:3a:c0:
cd:2a:3f:d4:d3:4d:0f:55:7b:0c:2d:73:58:da:5a:aa:4e:1d:
61:9c:8d:aa
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYgEr31Kd9u3TAEes+ESQbm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNTEwMDgwMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAxZWE3MzM3YzI2NDU0NjE5NTkzNjI4ZmIwMzA5NWFiM2M1NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj03eoVjl9aC8ILhD/jvQH/BaJ8+c
8co6CJhauLS0e8MPIB8kHzKT++OOxAZ8XSQOS+pqeAiKumaFVXTRSaE9SZvhJneL
0DWjfp7oqZQJnQ9uRgv0ba03lLf+6cxCEI6stCLQBl4VTwGUkIwA0nVyQBhQWMv+
gLNu9CyGXMtM/4ptNreI3y5gH2GaoXMk9QNVgp3oJTtbzj6YjzVGqtp1H3q1oJh8
6L90BugOSMhBmtYUQjDnBgXFy/7QcTZA1AQJJlhmyo1wybUFhuMYViZEMT2XMCYQ
WZgNHUkPtuTUDa4AwQH8v77vVHrFmQArLA9lGmJ+5kgVgpihXHaaYvNEEQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFAgB6nM3wmRUYZWTYo+wMJWrPFYbMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvQ0FIcWN6ZkNaRlJobFpOaWo3QXdsYXM4VmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBAItm/wD
BAAtm/4wDAMEAC2d0QMEAC2d0gMEAU9i9gMEAbnHlAMEAbnH1AMEAbnhqgMEALni
tAMEAMKSXDANBgkqhkiG9w0BAQsFAAOCAQEAox3nr+Cf9kKsEQa2hhVE0LTBDhT9
r7wZ6ecdmoXS70KMCbtvzujpBId4gTNbJ/Y4KIhFEawuPBb5+QMc60Hag0b4Zy0A
Vjt89WJC0LUh2PoNROj3fkdGExpkl9JfKv5wtknvMIQ4it0nuxTo3CXiYdriDWIo
IFRSoWpX5Vp8G1Jf8imzH+X9FqjjcxIdO/kVZDxWx0wLU9R+9clgK0CIGxGG8VqJ
5WJ1nAuLjErQ+/63nCPy1I88dbhEh3WXep4O/JqyaJxQFtFNcHpCovGY12qIj0WH
xykhCfOBu2Ov44IWBQ/uq9xGyzrAzSo/1NNND1V7DC1zWNpaqk4dYZyNqg==
-----END CERTIFICATE-----
Generated at Mon May 12 11:07:51 2025 by rpki-client