Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hCwkciemcYlyQQEK3zhao38BJX8.roa
File: hCwkciemcYlyQQEK3zhao38BJX8.roa (raw, json)
Hash identifier: snSjbx9TTpGuXaj9gTcoCc+rp81pt7T25fNwByYO3ZI=
Subject key identifier: 84:2C:24:72:27:A6:71:89:72:41:01:0A:DF:38:5A:A3:7F:01:25:7F
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018ADFA0503E9796565CA5B45DCE7CA2655F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hCwkciemcYlyQQEK3zhao38BJX8.roa
Signing time: Fri 29 Sep 2023 06:29:00 +0000
ROA not before: Fri 29 Sep 2023 06:29:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210680
IP address blocks: 2a0f:e640::/29 maxlen: 29
2a0f:8300::/29 maxlen: 29
2a0f:8100::/29 maxlen: 29
2a0f:e740::/29 maxlen: 29
2a09:17c0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:df:a0:50:3e:97:96:56:5c:a5:b4:5d:ce:7c:a2:65:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Sep 29 06:29:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=842c247227a671897241010adf385aa37f01257f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:4b:ac:d4:c8:5e:27:61:df:e8:c3:a0:b9:ec:
0f:c6:24:fc:47:e4:d3:ea:72:b0:57:62:61:f7:79:
23:08:a0:ee:6c:f7:62:91:d8:5f:c7:02:44:28:3c:
8c:4b:f4:a7:93:9b:66:57:63:b9:cf:fe:0a:12:b6:
80:db:7d:ac:c9:b3:db:a4:7e:a3:d2:94:8a:b5:35:
ae:52:68:de:7a:95:1e:00:85:57:be:7e:ed:14:2c:
7e:90:ef:11:5c:3a:21:80:58:fe:1d:76:76:df:76:
7f:9e:41:c9:a4:11:e6:15:13:a9:80:76:6b:c7:8a:
f7:0a:c8:9a:4a:ff:90:3f:c6:5c:d6:29:7e:a7:a1:
aa:c6:7f:a1:02:8a:38:72:51:56:fc:44:f2:9b:97:
35:31:ab:f5:7d:4a:74:40:8b:5c:38:bc:61:d0:5b:
18:3f:4b:e3:06:38:b1:47:7d:c3:74:ea:3e:ec:c1:
39:b2:1a:66:a1:1c:c3:32:89:95:9b:71:43:77:8c:
43:b8:3a:fb:c7:3f:1f:ba:fe:7d:38:d0:4f:5e:44:
a1:89:9a:03:10:54:6f:93:2f:17:2a:74:80:5f:90:
f8:16:71:2d:b6:04:a4:93:af:4a:74:f1:6f:6f:b5:
20:f1:65:2e:56:30:68:08:b3:82:49:58:71:ca:e5:
eb:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:2C:24:72:27:A6:71:89:72:41:01:0A:DF:38:5A:A3:7F:01:25:7F
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hCwkciemcYlyQQEK3zhao38BJX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:17c0::/29
2a0f:8100::/29
2a0f:8300::/29
2a0f:e640::/29
2a0f:e740::/29
Signature Algorithm: sha256WithRSAEncryption
04:1c:11:48:10:8d:e6:ba:ec:28:f6:dd:a6:37:a1:e9:e1:01:
f3:ad:bb:71:86:7b:a7:4c:d7:01:07:ed:f0:4f:4a:66:4a:51:
c4:01:19:19:de:b6:32:d4:ea:a5:3d:6d:fe:a3:89:87:58:2f:
25:ea:1e:37:77:b1:b9:cd:eb:0b:d9:74:d8:58:23:d6:02:28:
95:3f:40:af:14:cd:f8:56:39:e1:8f:b0:ee:d1:ff:bd:b5:62:
91:7b:04:04:28:26:b9:ba:1b:ff:37:ae:47:95:0d:ed:44:32:
6e:6b:76:58:44:b9:da:15:0c:c8:4f:41:5e:08:58:11:80:59:
3f:9d:53:f4:e2:08:b7:4a:e0:5f:37:a3:7b:68:62:c0:03:7f:
36:c2:20:29:a5:79:11:78:e7:a3:c2:4b:07:2e:8a:26:af:26:
c8:96:ad:71:56:bf:99:81:e5:ea:e1:4c:29:ad:25:1a:9e:cf:
96:4b:49:8f:eb:73:5d:b6:17:fc:66:be:f3:14:f1:8b:5e:4a:
6f:c4:4f:18:00:46:72:26:ec:2b:be:b8:6d:70:71:cd:fd:99:
07:d3:f2:cd:12:e9:7b:f0:0d:cd:81:79:dc:e2:28:b1:bb:b3:
e1:b0:1a:40:1e:c9:a2:5a:74:1b:47:a7:2a:52:53:d3:2a:79:
89:f7:7d:19
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYrfoFA+l5ZWXKW0Xc58omVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMwOTI5MDYyOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDJjMjQ3MjI3YTY3MTg5NzI0MTAxMGFkZjM4NWFhMzdmMDEyNTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUus1MheJ2Hf6MOguewPxiT8R+TT
6nKwV2Jh93kjCKDubPdikdhfxwJEKDyMS/Snk5tmV2O5z/4KEraA232sybPbpH6j
0pSKtTWuUmjeepUeAIVXvn7tFCx+kO8RXDohgFj+HXZ233Z/nkHJpBHmFROpgHZr
x4r3CsiaSv+QP8Zc1il+p6Gqxn+hAoo4clFW/ETym5c1Mav1fUp0QItcOLxh0FsY
P0vjBjixR33DdOo+7ME5shpmoRzDMomVm3FDd4xDuDr7xz8fuv59ONBPXkShiZoD
EFRvky8XKnSAX5D4FnEttgSkk69KdPFvb7Ug8WUuVjBoCLOCSVhxyuXrUQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIQsJHInpnGJckEBCt84WqN/ASV/MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaEN3a2NpZW1jWWx5UVFFSzN6aGFvMzhCSlg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKgkXwAMF
AyoPgQADBQMqD4MAAwUDKg/mQAMFAyoP50AwDQYJKoZIhvcNAQELBQADggEBAAQc
EUgQjea67Cj23aY3oenhAfOtu3GGe6dM1wEH7fBPSmZKUcQBGRnetjLU6qU9bf6j
iYdYLyXqHjd3sbnN6wvZdNhYI9YCKJU/QK8UzfhWOeGPsO7R/721YpF7BAQoJrm6
G/83rkeVDe1EMm5rdlhEudoVDMhPQV4IWBGAWT+dU/TiCLdK4F83o3toYsADfzbC
ICmleRF456PCSwcuiiavJsiWrXFWv5mB5erhTCmtJRqez5ZLSY/rc122F/xmvvMU
8YteSm/ETxgARnIm7Cu+uG1wcc39mQfT8s0S6XvwDc2BedziKLG7s+GwGkAeyaJa
dBtHpypSU9MqeYn3fRk=
-----END CERTIFICATE-----
Generated at Sun May 11 12:33:25 2025 by rpki-client