Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/kW5N9hRhlvpJr3cy522KtnBSqvU.roa
File: kW5N9hRhlvpJr3cy522KtnBSqvU.roa (raw, json)
Hash identifier: YBdizDCrGAL9BeM+LNR9QHokiBAXchFwqt58RQ0iPXM=
Subject key identifier: 91:6E:4D:F6:14:61:96:FA:49:AF:77:32:E7:6D:8A:B6:70:52:AA:F5
Certificate issuer: /CN=a9061f2f49a6d7af9ea676bad03df1ce2f50260d
Certificate serial: 01859B7512F4D95D6C316DF2EAE6106AD15A
Authority key identifier: A9:06:1F:2F:49:A6:D7:AF:9E:A6:76:BA:D0:3D:F1:CE:2F:50:26:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/kW5N9hRhlvpJr3cy522KtnBSqvU.roa
Signing time: Tue 10 Jan 2023 11:33:39 +0000
ROA not before: Tue 10 Jan 2023 11:33:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29056
IP address blocks: 91.143.96.0/20 maxlen: 24
185.228.128.0/22 maxlen: 24
109.73.144.0/20 maxlen: 24
185.233.144.0/22 maxlen: 24
185.220.252.0/22 maxlen: 24
85.237.0.0/19 maxlen: 24
217.29.144.0/20 maxlen: 24
185.222.128.0/22 maxlen: 24
193.46.248.0/24 maxlen: 24
185.225.144.0/22 maxlen: 24
185.15.236.0/22 maxlen: 24
185.236.72.0/22 maxlen: 24
37.143.176.0/20 maxlen: 24
2a02:758::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:9b:75:12:f4:d9:5d:6c:31:6d:f2:ea:e6:10:6a:d1:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9061f2f49a6d7af9ea676bad03df1ce2f50260d
Validity
Not Before: Jan 10 11:33:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=916e4df6146196fa49af7732e76d8ab67052aaf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:2f:d6:b5:4d:3e:f6:73:cb:d8:c7:09:c6:ea:
17:eb:93:fd:07:9b:9c:cf:a2:f6:68:d1:1c:66:6a:
22:df:59:ca:b6:4a:4b:8e:f8:cf:cb:53:be:c8:fc:
a7:8c:f9:67:4a:b3:90:0f:16:ab:83:73:bb:ab:2c:
5d:a6:e0:b5:50:0f:ab:aa:e1:15:4f:1d:5d:43:3d:
73:89:87:3b:ae:1f:93:99:ab:1a:a7:c7:c1:dc:01:
5a:a9:1e:c2:9c:32:68:65:f6:f4:47:0f:89:43:5c:
b4:47:a5:83:5b:4c:8f:0b:91:53:2c:65:af:57:ed:
65:29:1a:85:63:39:83:92:44:61:82:f3:f1:e3:09:
6a:46:83:d3:28:fd:81:fe:bd:af:23:20:c5:fc:a4:
26:c1:4f:5b:7c:a3:96:da:bb:98:4c:70:9b:6a:f9:
9b:08:48:ab:96:83:76:8c:30:3c:67:2c:95:42:44:
94:06:6a:68:59:f9:e1:ec:5d:8a:c6:20:11:91:28:
08:91:dd:d0:0e:66:34:a9:b8:c4:b6:1b:af:cb:51:
80:2a:99:0e:56:14:c5:e7:28:80:cb:4f:db:d1:91:
d6:81:ac:84:7e:e5:78:82:e8:58:ac:3a:90:c5:2a:
0e:0b:9d:9c:15:85:96:16:a8:fe:cf:a3:b6:18:a7:
0b:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:6E:4D:F6:14:61:96:FA:49:AF:77:32:E7:6D:8A:B6:70:52:AA:F5
X509v3 Authority Key Identifier:
keyid:A9:06:1F:2F:49:A6:D7:AF:9E:A6:76:BA:D0:3D:F1:CE:2F:50:26:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/kW5N9hRhlvpJr3cy522KtnBSqvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.176.0/20
85.237.0.0/19
91.143.96.0/20
109.73.144.0/20
185.15.236.0/22
185.220.252.0/22
185.222.128.0/22
185.225.144.0/22
185.228.128.0/22
185.233.144.0/22
185.236.72.0/22
193.46.248.0/24
217.29.144.0/20
IPv6:
2a02:758::/32
Signature Algorithm: sha256WithRSAEncryption
b2:ed:1f:c9:fa:87:a7:32:bb:f1:84:4e:df:74:10:37:8c:00:
a7:d2:d9:0f:b6:3a:38:63:30:3b:df:28:6a:77:f0:fc:13:aa:
dd:5e:b9:ba:b2:3c:5a:22:65:80:c8:b5:ba:5b:f3:c0:75:e4:
09:99:12:76:0c:5f:59:b9:39:e6:16:2f:b5:af:62:cf:4a:d8:
f4:ef:79:ff:a3:f4:d1:b5:7d:db:46:2b:b3:3c:3b:c0:34:6e:
be:01:ef:7b:97:bf:0a:66:11:06:44:72:38:12:42:8a:d8:4f:
76:28:b1:06:52:fc:87:11:fc:c5:d1:a1:e1:90:10:2c:3d:1f:
a0:e2:76:68:fc:a0:e1:02:da:18:aa:c5:3e:f0:34:8c:02:6b:
9b:59:bb:15:fa:1c:1c:4e:d2:20:0d:2a:e3:bb:92:ce:1f:c1:
97:dd:37:25:c0:e2:29:96:e9:60:b4:30:bc:28:8b:cd:af:f4:
23:d7:1e:ee:44:c7:f8:aa:e4:1a:20:64:84:3a:b2:f8:df:f3:
bc:dc:a3:0f:0d:77:7f:c1:66:64:b5:b3:9a:0c:68:b8:7b:23:
6b:19:ea:b4:ba:25:33:9e:7b:84:ec:a5:35:ae:e2:42:f0:f0:
28:57:e1:b1:d0:09:2a:78:41:ea:d0:16:f8:38:f8:71:8a:7b:
51:e3:47:36
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYWbdRL02V1sMW3y6uYQatFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MDYxZjJmNDlhNmQ3YWY5ZWE2NzZiYWQwM2RmMWNlMmY1
MDI2MGQwHhcNMjMwMTEwMTEzMzM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTZlNGRmNjE0NjE5NmZhNDlhZjc3MzJlNzZkOGFiNjcwNTJhYWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1C/WtU0+9nPL2McJxuoX65P9B5uc
z6L2aNEcZmoi31nKtkpLjvjPy1O+yPynjPlnSrOQDxarg3O7qyxdpuC1UA+rquEV
Tx1dQz1ziYc7rh+Tmasap8fB3AFaqR7CnDJoZfb0Rw+JQ1y0R6WDW0yPC5FTLGWv
V+1lKRqFYzmDkkRhgvPx4wlqRoPTKP2B/r2vIyDF/KQmwU9bfKOW2ruYTHCbavmb
CEirloN2jDA8ZyyVQkSUBmpoWfnh7F2KxiARkSgIkd3QDmY0qbjEthuvy1GAKpkO
VhTF5yiAy0/b0ZHWgayEfuV4guhYrDqQxSoOC52cFYWWFqj+z6O2GKcL1wIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFJFuTfYUYZb6Sa93MudtirZwUqr1MB8GA1UdIwQY
MBaAFKkGHy9JptevnqZ2utA98c4vUCYNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVFZZkwwbW0xNi1lcG5hNjBEM3h6aTlRSmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTliZTEtMWZhMi00MjUzLWJmMDEt
ZjZjMjY4NjEyZmM3LzEva1c1TjloUmhsdnBKcjNjeTUyMkt0bkJTcXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTliZTEtMWZhMi00MjUzLWJmMDEtZjZjMjY4NjEyZmM3
LzEvcVFZZkwwbW0xNi1lcG5hNjBEM3h6aTlRSmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQEJY+wAwQF
Ve0AAwQEW49gAwQEbUmQAwQCuQ/sAwQCudz8AwQCud6AAwQCueGQAwQCueSAAwQC
uemQAwQCuexIAwQAwS74AwQE2R2QMA0EAgACMAcDBQAqAgdYMA0GCSqGSIb3DQEB
CwUAA4IBAQCy7R/J+oenMrvxhE7fdBA3jACn0tkPtjo4YzA73yhqd/D8E6rdXrm6
sjxaImWAyLW6W/PAdeQJmRJ2DF9ZuTnmFi+1r2LPStj073n/o/TRtX3bRiuzPDvA
NG6+Ae97l78KZhEGRHI4EkKK2E92KLEGUvyHEfzF0aHhkBAsPR+g4nZo/KDhAtoY
qsU+8DSMAmubWbsV+hwcTtIgDSrju5LOH8GX3TclwOIplulgtDC8KIvNr/Qj1x7u
RMf4quQaIGSEOrL43/O83KMPDXd/wWZktbOaDGi4eyNrGeq0uiUznnuE7KU1ruJC
8PAoV+Gx0AkqeEHq0Bb4OPhxintR40c2
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:58:23 2025 by rpki-client