Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Xhvfa9kSS0MBbdZygcRrCYYclLk.roa
File: Xhvfa9kSS0MBbdZygcRrCYYclLk.roa (raw, json)
Hash identifier: c3qBRyQrxzWzH0a2p1OW1UNM0lbXedneX3y+8uafMIU=
Subject key identifier: 5E:1B:DF:6B:D9:12:4B:43:01:6D:D6:72:81:C4:6B:09:86:1C:94:B9
Certificate issuer: /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial: 0188446A6A0B1CB49B21569F03D68AC4C98C
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Xhvfa9kSS0MBbdZygcRrCYYclLk.roa
Signing time: Mon 22 May 2023 17:03:24 +0000
ROA not before: Mon 22 May 2023 17:03:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20722
IP address blocks: 85.204.44.0/24 maxlen: 24
194.102.188.0/24 maxlen: 24
185.88.130.0/23 maxlen: 23
185.88.131.0/24 maxlen: 24
185.88.128.0/22 maxlen: 22
85.204.56.0/21 maxlen: 21
85.204.56.0/24 maxlen: 24
85.204.57.0/24 maxlen: 24
85.204.58.0/24 maxlen: 24
85.204.59.0/24 maxlen: 24
85.204.60.0/24 maxlen: 24
85.204.61.0/24 maxlen: 24
85.204.62.0/24 maxlen: 24
85.204.63.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:44:6a:6a:0b:1c:b4:9b:21:56:9f:03:d6:8a:c4:c9:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Validity
Not Before: May 22 17:03:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5e1bdf6bd9124b43016dd67281c46b09861c94b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:b6:57:b3:5c:de:07:0c:4e:20:06:eb:c0:9f:
03:18:e3:ce:ab:a9:75:d3:51:47:bd:5a:0b:05:69:
3a:58:87:af:9b:5b:78:07:9e:87:b4:95:8b:b8:d5:
f5:85:dd:2d:36:3a:a3:29:0a:d8:66:06:64:cf:63:
5c:a5:73:cb:36:61:2c:3a:ad:c8:6e:ea:ab:57:d6:
41:19:2d:29:07:27:c2:30:b1:45:2e:79:21:02:06:
6d:6b:0b:5f:b7:37:80:d2:ac:46:59:da:33:52:32:
58:4f:2f:5b:a0:b8:d8:76:e6:01:91:9c:c0:de:32:
ba:ae:ff:af:b7:d0:15:27:2d:56:71:b4:03:17:21:
a8:ff:0e:33:36:29:09:e4:5f:e5:fc:39:fa:cd:a1:
b3:99:d3:f0:d0:a5:45:13:a6:97:43:78:1c:2c:3c:
89:a7:4f:60:56:2f:0a:bc:b8:f8:5d:ee:ba:26:ac:
94:45:08:d6:ab:2b:59:91:de:ec:d3:d8:42:85:a5:
85:c2:71:9d:28:6a:5e:c0:d6:03:cd:19:25:37:9f:
cc:b2:cb:d2:4d:95:c9:5b:d7:69:f7:fb:5c:0f:06:
9e:e5:60:43:e7:5e:35:62:1f:54:9d:81:51:35:68:
76:dd:28:f7:38:da:90:5d:3d:30:a7:69:db:56:d5:
69:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:1B:DF:6B:D9:12:4B:43:01:6D:D6:72:81:C4:6B:09:86:1C:94:B9
X509v3 Authority Key Identifier:
keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Xhvfa9kSS0MBbdZygcRrCYYclLk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.44.0/24
85.204.56.0/21
185.88.128.0/22
194.102.188.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:3e:3e:c6:e8:1d:24:1e:b8:63:14:4f:d7:3e:e4:17:8b:46:
2c:ca:c4:7d:b6:cf:9a:ad:19:85:64:e8:6f:66:9d:b4:71:7d:
fd:b0:64:ff:44:fc:d3:49:74:5a:1c:e0:95:58:0e:04:2a:e0:
74:f3:40:64:db:ef:2c:f6:56:87:fd:7a:f3:cf:cf:17:18:9c:
e0:fe:6b:0e:90:bc:4e:41:94:ce:ec:b2:fb:ad:79:08:c6:ea:
64:d8:fe:8b:d5:68:ae:dc:28:9c:15:c4:13:34:a0:68:8a:cb:
90:a8:7c:6a:05:54:e1:91:55:45:93:e4:09:42:79:ce:dc:d2:
51:0c:f9:53:82:13:ca:e7:84:d3:35:68:ee:9c:2f:f0:20:c7:
ee:aa:98:3e:09:d6:32:9b:77:dc:39:24:1b:f7:64:ff:68:b0:
1c:30:e8:44:37:60:0e:ab:1a:32:6a:80:7e:48:65:02:75:52:
3f:71:37:dc:2b:ab:27:98:2f:c7:34:98:73:b8:08:4c:d9:91:
2a:c8:a4:ef:bb:69:a1:8f:3f:eb:8c:fd:72:89:1a:43:7f:b0:
30:e8:ee:3b:f7:5c:0c:ed:72:dc:d5:f5:41:f2:05:c8:59:21:
a1:65:e5:c2:8e:85:84:61:0d:c8:12:25:15:35:b3:6a:36:5f:
b9:ae:12:29
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhEamoLHLSbIVafA9aKxMmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjMwNTIyMTcwMzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTFiZGY2YmQ5MTI0YjQzMDE2ZGQ2NzI4MWM0NmIwOTg2MWM5NGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7ZXs1zeBwxOIAbrwJ8DGOPOq6l1
01FHvVoLBWk6WIevm1t4B56HtJWLuNX1hd0tNjqjKQrYZgZkz2NcpXPLNmEsOq3I
buqrV9ZBGS0pByfCMLFFLnkhAgZtawtftzeA0qxGWdozUjJYTy9boLjYduYBkZzA
3jK6rv+vt9AVJy1WcbQDFyGo/w4zNikJ5F/l/Dn6zaGzmdPw0KVFE6aXQ3gcLDyJ
p09gVi8KvLj4Xe66JqyURQjWqytZkd7s09hChaWFwnGdKGpewNYDzRklN5/MssvS
TZXJW9dp9/tcDwae5WBD5141Yh9UnYFRNWh23Sj3ONqQXT0wp2nbVtVpQwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF4b32vZEktDAW3WcoHEawmGHJS5MB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvWGh2ZmE5a1NTME1CYmRaeWdjUnJDWVljbExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcwsAwQD
Vcw4AwQCuViAAwQAwma8MA0GCSqGSIb3DQEBCwUAA4IBAQALPj7G6B0kHrhjFE/X
PuQXi0YsysR9ts+arRmFZOhvZp20cX39sGT/RPzTSXRaHOCVWA4EKuB080Bk2+8s
9laH/Xrzz88XGJzg/msOkLxOQZTO7LL7rXkIxupk2P6L1Wiu3CicFcQTNKBoisuQ
qHxqBVThkVVFk+QJQnnO3NJRDPlTghPK54TTNWjunC/wIMfuqpg+CdYym3fcOSQb
92T/aLAcMOhEN2AOqxoyaoB+SGUCdVI/cTfcK6snmC/HNJhzuAhM2ZEqyKTvu2mh
jz/rjP1yiRpDf7Aw6O4791wM7XLc1fVB8gXIWSGhZeXCjoWEYQ3IEiUVNbNqNl+5
rhIp
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:13:32 2025 by rpki-client