Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/qbVN2ING23c8w1g5eQwbMYPagqE.roa
File: qbVN2ING23c8w1g5eQwbMYPagqE.roa (raw, json)
Hash identifier: 6ikfXBn3xydLgRHd/UoB9dz0hyaGnW7lbzTNOQ1Ly4M=
Subject key identifier: A9:B5:4D:D8:83:46:DB:77:3C:C3:58:39:79:0C:1B:31:83:DA:82:A1
Certificate issuer: /CN=bfd7bbfcc2b8fab66a581b8227ca0ac817fa146b
Certificate serial: 018572CCD8E059D9ADB377AC3258AB9792CC
Authority key identifier: BF:D7:BB:FC:C2:B8:FA:B6:6A:58:1B:82:27:CA:0A:C8:17:FA:14:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/qbVN2ING23c8w1g5eQwbMYPagqE.roa
Signing time: Mon 02 Jan 2023 14:05:05 +0000
ROA not before: Mon 02 Jan 2023 14:05:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42043
IP address blocks: 193.186.32.0/24 maxlen: 24
185.88.152.0/24 maxlen: 24
185.88.154.0/24 maxlen: 24
185.88.155.0/24 maxlen: 24
185.88.153.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:cc:d8:e0:59:d9:ad:b3:77:ac:32:58:ab:97:92:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfd7bbfcc2b8fab66a581b8227ca0ac817fa146b
Validity
Not Before: Jan 2 14:05:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a9b54dd88346db773cc35839790c1b3183da82a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ca:a4:74:7e:58:d6:6f:9f:f0:60:7d:04:b2:
bf:c4:da:b8:b4:44:97:89:89:27:8a:d5:6a:b5:6a:
b3:97:a3:ce:19:59:06:64:16:45:3a:4b:8f:53:ca:
09:4a:72:9b:77:d5:7c:d1:60:95:a5:84:46:60:64:
6e:a4:f7:31:09:67:65:9a:ba:86:c7:73:50:3e:3c:
b6:49:fa:b2:02:1b:61:20:b3:63:d3:8d:2f:90:e8:
ae:18:97:48:d0:0e:ec:4b:49:0b:57:a8:79:1b:c0:
1a:94:c6:74:4f:4d:47:5d:fa:59:da:e9:90:92:df:
ad:ae:64:12:31:cb:3a:35:e4:97:a0:ae:43:9f:62:
d7:e8:1e:ea:35:cc:1a:53:45:2e:3b:3d:43:8b:14:
bf:40:1f:70:61:9d:30:a8:85:a8:a9:0c:f9:3a:28:
8f:dd:5e:f1:91:df:bc:a7:4b:56:31:5b:b1:a1:23:
7a:08:94:a6:06:4f:2d:ca:dc:06:c8:76:6c:fc:e1:
37:1a:f3:62:45:79:d2:be:d3:7b:4e:b5:67:71:07:
a5:e0:b3:a4:e9:02:7d:72:df:67:f8:73:c0:2c:20:
35:56:df:62:85:46:e1:94:1f:2f:e3:13:c0:39:21:
5a:4e:ed:39:d1:f4:72:9d:2a:a0:db:bd:69:ba:0b:
82:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:B5:4D:D8:83:46:DB:77:3C:C3:58:39:79:0C:1B:31:83:DA:82:A1
X509v3 Authority Key Identifier:
keyid:BF:D7:BB:FC:C2:B8:FA:B6:6A:58:1B:82:27:CA:0A:C8:17:FA:14:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/qbVN2ING23c8w1g5eQwbMYPagqE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.88.152.0/22
193.186.32.0/24
Signature Algorithm: sha256WithRSAEncryption
24:6d:45:49:ed:d1:d2:db:d8:c4:c1:a9:b9:03:73:2c:56:b1:
1d:2b:6d:73:51:52:58:b4:b4:94:3a:71:85:00:2f:1f:91:ff:
15:13:c0:a3:bd:e9:96:a0:c3:ae:ba:12:03:5a:6a:67:36:bc:
31:88:25:8c:f0:7d:f9:4b:b0:e6:0d:22:54:8f:77:b1:5c:fb:
80:1a:38:a5:43:29:b9:8d:4a:2a:98:26:24:b3:ab:56:3e:91:
02:ce:4b:fa:88:17:2d:f7:39:5e:20:15:74:ea:91:4c:27:95:
8a:90:7c:55:75:c0:57:67:41:ad:6b:fa:06:37:a6:b9:77:df:
14:a4:9d:52:d5:40:d3:01:c2:23:9e:84:d8:93:0b:2b:b7:7d:
33:79:11:40:20:be:ec:0b:0a:40:f2:93:ab:b2:32:a7:91:2b:
7b:73:53:72:d9:ee:aa:47:25:eb:21:8e:f4:ab:74:48:e0:75:
bf:7f:22:92:f8:d0:a1:ee:d9:c2:3c:06:a5:de:13:61:c9:49:
31:41:f4:b9:9b:f4:aa:a4:16:5b:db:08:30:87:1a:36:c3:e0:
94:77:80:d6:f5:b5:98:bf:e7:6d:16:cd:10:e0:3b:29:4e:37:
88:98:9f:71:fa:03:7c:d1:94:fd:e2:91:db:f8:63:34:72:8a:
3d:35:42:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyzNjgWdmts3esMlirl5LMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDdiYmZjYzJiOGZhYjY2YTU4MWI4MjI3Y2EwYWM4MTdm
YTE0NmIwHhcNMjMwMTAyMTQwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWI1NGRkODgzNDZkYjc3M2NjMzU4Mzk3OTBjMWIzMTgzZGE4MmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsqkdH5Y1m+f8GB9BLK/xNq4tESX
iYknitVqtWqzl6POGVkGZBZFOkuPU8oJSnKbd9V80WCVpYRGYGRupPcxCWdlmrqG
x3NQPjy2SfqyAhthILNj040vkOiuGJdI0A7sS0kLV6h5G8AalMZ0T01HXfpZ2umQ
kt+trmQSMcs6NeSXoK5Dn2LX6B7qNcwaU0UuOz1DixS/QB9wYZ0wqIWoqQz5OiiP
3V7xkd+8p0tWMVuxoSN6CJSmBk8tytwGyHZs/OE3GvNiRXnSvtN7TrVncQel4LOk
6QJ9ct9n+HPALCA1Vt9ihUbhlB8v4xPAOSFaTu050fRynSqg271puguC+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKm1TdiDRtt3PMNYOXkMGzGD2oKhMB8GA1UdIwQY
MBaAFL/Xu/zCuPq2algbgifKCsgX+hRrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjllN19NSzQtclpxV0J1Q0o4b0t5QmY2RkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84MmZiMDUtNjFlNi00MzM1LWIxNjct
MzZhZWQ4N2UzMzg4LzEvcWJWTjJJTkcyM2M4dzFnNWVRd2JNWVBhZ3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84MmZiMDUtNjFlNi00MzM1LWIxNjctMzZhZWQ4N2UzMzg4
LzEvdjllN19NSzQtclpxV0J1Q0o4b0t5QmY2RkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuViYAwQA
wbogMA0GCSqGSIb3DQEBCwUAA4IBAQAkbUVJ7dHS29jEwam5A3MsVrEdK21zUVJY
tLSUOnGFAC8fkf8VE8CjvemWoMOuuhIDWmpnNrwxiCWM8H35S7DmDSJUj3exXPuA
GjilQym5jUoqmCYks6tWPpECzkv6iBct9zleIBV06pFMJ5WKkHxVdcBXZ0Gta/oG
N6a5d98UpJ1S1UDTAcIjnoTYkwsrt30zeRFAIL7sCwpA8pOrsjKnkSt7c1Ny2e6q
RyXrIY70q3RI4HW/fyKS+NCh7tnCPAal3hNhyUkxQfS5m/SqpBZb2wgwhxo2w+CU
d4DW9bWYv+dtFs0Q4DspTjeImJ9x+gN80ZT94pHb+GM0coo9NUKK
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:09:49 2025 by rpki-client