Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/BAF27iFw2G5wspwFrQ_GfExnyLU.roa
File: BAF27iFw2G5wspwFrQ_GfExnyLU.roa (raw, json)
Hash identifier: yxBBbJgMzhmYvccobjYbDKCChUCFBXj0DT6tOUKqqRw=
Subject key identifier: 04:01:76:EE:21:70:D8:6E:70:B2:9C:05:AD:0F:C6:7C:4C:67:C8:B5
Certificate issuer: /CN=fd2af9060c1f42c628fcfb8f0781d7a5bc21fc02
Certificate serial: 01856CF86E84026EF28123735EFAA3BF41EB
Authority key identifier: FD:2A:F9:06:0C:1F:42:C6:28:FC:FB:8F:07:81:D7:A5:BC:21:FC:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/BAF27iFw2G5wspwFrQ_GfExnyLU.roa
Signing time: Sun 01 Jan 2023 10:54:58 +0000
ROA not before: Sun 01 Jan 2023 10:54:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28725
IP address blocks: 85.162.0.0/15 maxlen: 24
80.74.32.0/20 maxlen: 24
194.147.12.0/22 maxlen: 24
2a07:1f40::/29 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:f8:6e:84:02:6e:f2:81:23:73:5e:fa:a3:bf:41:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fd2af9060c1f42c628fcfb8f0781d7a5bc21fc02
Validity
Not Before: Jan 1 10:54:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=040176ee2170d86e70b29c05ad0fc67c4c67c8b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:57:72:a9:01:fc:f3:ac:fc:39:21:51:6e:47:
e2:19:74:60:88:bb:b6:71:a1:35:7b:fb:a5:f3:2f:
c6:f8:59:b1:55:99:91:0d:56:af:96:1b:34:b0:7c:
ea:e7:f1:32:13:4b:58:30:01:c6:01:f3:8c:6f:5d:
49:2d:1b:6b:4e:de:ff:95:4f:bd:50:3d:83:8d:8b:
71:4c:67:53:56:00:d8:61:26:73:4f:d0:60:ca:28:
b4:9d:be:aa:ca:c4:84:07:b2:2b:ec:c2:5e:25:82:
61:82:3f:23:09:9a:4c:1d:3a:94:17:2b:3c:fd:26:
cd:4f:6e:0d:7e:de:31:9b:1f:9f:e0:f1:ba:9f:bd:
5c:23:f5:57:1e:62:01:23:af:7e:09:b1:b4:3a:06:
77:14:28:ad:ed:d9:77:a7:43:c9:18:66:3d:09:f7:
f6:ed:c8:59:33:2e:cb:a6:a0:77:b7:2d:47:1a:04:
1d:9e:68:4f:de:c1:50:30:bb:a3:d4:4e:40:c3:65:
62:d7:9b:b6:3d:2f:3a:91:16:d1:5e:51:b5:6c:01:
ae:0f:c4:d9:9b:57:0e:c1:35:3a:bc:46:23:64:7d:
f6:fd:33:22:7d:5c:4e:0d:d7:3a:ff:bb:8c:7b:b0:
71:b9:03:96:3c:6e:ac:d8:5c:52:19:0e:a6:b6:20:
cd:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:01:76:EE:21:70:D8:6E:70:B2:9C:05:AD:0F:C6:7C:4C:67:C8:B5
X509v3 Authority Key Identifier:
keyid:FD:2A:F9:06:0C:1F:42:C6:28:FC:FB:8F:07:81:D7:A5:BC:21:FC:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/BAF27iFw2G5wspwFrQ_GfExnyLU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.74.32.0/20
85.162.0.0/15
194.147.12.0/22
IPv6:
2a07:1f40::/29
Signature Algorithm: sha256WithRSAEncryption
7f:94:15:d7:ff:d2:52:cc:be:94:ea:ca:07:eb:3b:ba:07:67:
d6:5f:59:90:82:46:17:0c:d8:1a:f3:ce:89:21:fe:17:7d:1d:
2d:ae:99:e1:48:45:d7:b3:a4:14:c3:16:bd:32:c1:0d:e3:e1:
64:8a:45:aa:2f:09:3d:ad:a1:7f:7d:31:53:b3:27:86:71:f1:
b2:c6:ca:62:3e:d3:58:cb:13:1d:4b:44:7b:3f:21:7f:f9:4a:
27:ec:2c:b9:0b:74:65:30:65:7b:08:43:70:c8:c8:87:49:af:
39:85:5e:f0:7c:e5:5c:e3:ee:69:2d:ea:70:67:f7:54:0c:32:
2e:c1:df:f6:7f:50:6c:88:cd:bd:97:fc:6c:af:0c:d5:82:4c:
ab:ea:3d:bb:d4:60:05:ab:e6:99:69:66:a3:ec:a5:c1:63:ba:
ab:e4:b5:9e:37:30:80:ba:6f:59:b5:d7:0c:ff:19:66:93:2f:
a5:b1:a9:9b:28:fa:30:05:db:bc:00:75:59:86:d3:bd:0e:14:
9d:c8:7e:52:22:a6:fa:27:55:26:21:4e:7c:cc:fd:dd:57:71:
b1:56:d2:08:5b:e5:bc:c3:e9:8d:66:52:09:4b:d0:ff:3e:aa:
fa:91:c6:09:66:6f:0f:1c:62:c0:ee:f8:42:fc:1c:81:b4:d1:
36:bc:77:18
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVs+G6EAm7ygSNzXvqjv0HrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMmFmOTA2MGMxZjQyYzYyOGZjZmI4ZjA3ODFkN2E1YmMy
MWZjMDIwHhcNMjMwMTAxMTA1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDAxNzZlZTIxNzBkODZlNzBiMjljMDVhZDBmYzY3YzRjNjdjOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFdyqQH886z8OSFRbkfiGXRgiLu2
caE1e/ul8y/G+FmxVZmRDVavlhs0sHzq5/EyE0tYMAHGAfOMb11JLRtrTt7/lU+9
UD2DjYtxTGdTVgDYYSZzT9Bgyii0nb6qysSEB7Ir7MJeJYJhgj8jCZpMHTqUFys8
/SbNT24Nft4xmx+f4PG6n71cI/VXHmIBI69+CbG0OgZ3FCit7dl3p0PJGGY9Cff2
7chZMy7LpqB3ty1HGgQdnmhP3sFQMLuj1E5Aw2Vi15u2PS86kRbRXlG1bAGuD8TZ
m1cOwTU6vEYjZH32/TMifVxODdc6/7uMe7BxuQOWPG6s2FxSGQ6mtiDNzwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAQBdu4hcNhucLKcBa0PxnxMZ8i1MB8GA1UdIwQY
MBaAFP0q+QYMH0LGKPz7jweB16W8IfwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NyNUJnd2ZRc1lvX1B1UEI0SFhwYndoX0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hOThlNGEtNDVhYS00MDhjLWI4MDct
YmZjZjlhOTIyYThiLzEvQkFGMjdpRncyRzV3c3B3RnJRX0dmRXhueUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hOThlNGEtNDVhYS00MDhjLWI4MDctYmZjZjlhOTIyYThi
LzEvX1NyNUJnd2ZRc1lvX1B1UEI0SFhwYndoX0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQEUEogAwMB
VaIDBALCkwwwDQQCAAIwBwMFAyoHH0AwDQYJKoZIhvcNAQELBQADggEBAH+UFdf/
0lLMvpTqygfrO7oHZ9ZfWZCCRhcM2Brzzokh/hd9HS2umeFIRdezpBTDFr0ywQ3j
4WSKRaovCT2toX99MVOzJ4Zx8bLGymI+01jLEx1LRHs/IX/5SifsLLkLdGUwZXsI
Q3DIyIdJrzmFXvB85Vzj7mkt6nBn91QMMi7B3/Z/UGyIzb2X/GyvDNWCTKvqPbvU
YAWr5plpZqPspcFjuqvktZ43MIC6b1m11wz/GWaTL6WxqZso+jAF27wAdVmG070O
FJ3IflIipvonVSYhTnzM/d1XcbFW0ghb5bzD6Y1mUglL0P8+qvqRxglmbw8cYsDu
+EL8HIG00Ta8dxg=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:38:34 2025 by rpki-client