Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/c9ccc9-c405-428f-b773-dd23dc4241fa/1/Z2vxAZhe2TZH6LkWEM0e6FwGA0k.roa
File: Z2vxAZhe2TZH6LkWEM0e6FwGA0k.roa (raw, json)
Hash identifier: vnk1YQ2EjI+Hbg1XD011WyHwmLyZd0aH069w/77oYTE=
Subject key identifier: 67:6B:F1:01:98:5E:D9:36:47:E8:B9:16:10:CD:1E:E8:5C:06:03:49
Certificate issuer: /CN=0cd49ca1901df020930ce971f65cc180a3fcbe81
Certificate serial: 07C4B830
Authority key identifier: 0C:D4:9C:A1:90:1D:F0:20:93:0C:E9:71:F6:5C:C1:80:A3:FC:BE:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DNScoZAd8CCTDOlx9lzBgKP8voE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2c/c9ccc9-c405-428f-b773-dd23dc4241fa/1/Z2vxAZhe2TZH6LkWEM0e6FwGA0k.roa
Signing time: Sat 01 Jan 2022 12:54:38 +0000
ROA not before: Sat 01 Jan 2022 12:54:38 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15405
IP address blocks: 91.198.244.0/24 maxlen: 24
195.162.84.0/22 maxlen: 22
185.22.156.0/22 maxlen: 22
185.159.36.0/22 maxlen: 22
185.202.68.0/22 maxlen: 22
2a03:4c0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 130332720 (0x7c4b830)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0cd49ca1901df020930ce971f65cc180a3fcbe81
Validity
Not Before: Jan 1 12:54:38 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=676bf101985ed93647e8b91610cd1ee85c060349
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b2:6d:69:0e:5f:bd:14:8f:a5:7e:12:95:36:
09:5e:12:4d:72:c7:da:e0:4c:88:81:e4:a1:b4:50:
57:82:0b:95:c6:ce:57:0c:9c:d3:0a:48:c9:3b:d1:
04:1e:0f:8e:96:f3:bd:72:78:65:98:f3:7e:7c:52:
a6:25:3e:12:70:ba:48:86:aa:fb:58:22:cd:af:fe:
9c:b8:65:a1:91:ce:16:15:63:87:33:a5:3f:57:57:
ce:13:52:99:7b:69:13:ae:ae:58:38:36:5b:3e:8b:
7b:b7:01:5f:44:ec:72:c6:35:cb:21:42:84:1d:21:
de:d4:fe:ee:b6:b0:70:63:64:81:61:52:de:8a:05:
0a:ab:8f:01:7e:c8:4c:c0:c0:28:8a:50:fd:7a:66:
34:e9:f3:e5:d3:8c:a5:7f:ca:bd:c3:b9:38:cb:47:
25:cf:ac:18:4b:fe:50:e2:92:66:e7:ad:84:b4:32:
61:6d:8b:92:ac:06:35:24:ac:c8:b7:90:8e:4d:e3:
df:f3:ce:60:6c:ab:8d:7d:7d:64:25:2b:25:0b:dc:
f4:92:f6:71:2f:1d:1a:43:27:df:77:26:84:22:7f:
03:55:78:f7:61:e4:b6:60:38:f0:0b:0d:81:7b:86:
db:0b:c3:36:fe:7d:a6:b5:a9:09:50:bf:f0:1e:3c:
2f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:6B:F1:01:98:5E:D9:36:47:E8:B9:16:10:CD:1E:E8:5C:06:03:49
X509v3 Authority Key Identifier:
keyid:0C:D4:9C:A1:90:1D:F0:20:93:0C:E9:71:F6:5C:C1:80:A3:FC:BE:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DNScoZAd8CCTDOlx9lzBgKP8voE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/c9ccc9-c405-428f-b773-dd23dc4241fa/1/Z2vxAZhe2TZH6LkWEM0e6FwGA0k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/c9ccc9-c405-428f-b773-dd23dc4241fa/1/DNScoZAd8CCTDOlx9lzBgKP8voE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.244.0/24
185.22.156.0/22
185.159.36.0/22
185.202.68.0/22
195.162.84.0/22
IPv6:
2a03:4c0::/32
Signature Algorithm: sha256WithRSAEncryption
47:33:e8:c1:04:5b:aa:4e:fe:ce:85:0d:2b:7c:87:2e:2f:96:
69:79:3c:5f:94:a6:3a:ad:88:77:f2:b3:a2:c9:19:93:62:2f:
39:72:78:60:e4:08:b7:d1:84:9e:82:4c:15:0d:5e:78:68:0d:
86:29:31:b3:6f:c6:12:24:0d:0e:ad:31:86:c9:c0:46:f7:08:
cd:ea:38:5f:95:4e:5a:67:52:51:27:47:34:01:de:ee:cc:29:
ba:3c:da:24:a5:97:2d:33:cc:82:53:0f:65:6f:17:d3:7f:43:
7c:c2:eb:71:7d:c5:24:10:58:88:23:f5:57:ad:a5:d1:12:df:
d2:11:57:3a:f8:18:61:68:08:12:0b:15:7c:fa:3c:83:0b:a5:
20:a6:34:5f:2b:23:3d:19:9e:5b:49:ee:8a:83:49:67:a6:d7:
51:fd:08:2c:b1:74:32:9a:f2:26:73:de:6d:95:a7:03:77:33:
0d:0c:7d:92:ce:10:aa:21:9f:97:d2:6b:6a:1a:ca:82:e6:cb:
4a:76:d2:ac:26:9e:ba:28:63:3e:bd:d6:41:4a:a3:de:cd:de:
23:50:1d:e3:54:fa:42:1b:22:e5:56:26:f7:04:ca:3f:c4:b8:
a3:7a:3c:79:fc:7f:cd:a0:91:f7:ad:f2:ae:35:ff:8d:d2:72:
42:c7:1b:a4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEB8S4MDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Y2Q0OWNhMTkwMWRmMDIwOTMwY2U5NzFmNjVjYzE4MGEzZmNiZTgxMB4XDTIyMDEw
MTEyNTQzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjc2YmYxMDE5ODVl
ZDkzNjQ3ZThiOTE2MTBjZDFlZTg1YzA2MDM0OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK2ybWkOX70Uj6V+EpU2CV4STXLH2uBMiIHkobRQV4ILlcbO
Vwyc0wpIyTvRBB4PjpbzvXJ4ZZjzfnxSpiU+EnC6SIaq+1giza/+nLhloZHOFhVj
hzOlP1dXzhNSmXtpE66uWDg2Wz6Le7cBX0TscsY1yyFChB0h3tT+7rawcGNkgWFS
3ooFCquPAX7ITMDAKIpQ/XpmNOnz5dOMpX/KvcO5OMtHJc+sGEv+UOKSZuethLQy
YW2LkqwGNSSsyLeQjk3j3/POYGyrjX19ZCUrJQvc9JL2cS8dGkMn33cmhCJ/A1V4
92HktmA48AsNgXuG2wvDNv59prWpCVC/8B48L+MCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBRna/EBmF7ZNkfouRYQzR7oXAYDSTAfBgNVHSMEGDAWgBQM1JyhkB3wIJMM
6XH2XMGAo/y+gTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0ROU2NvWkFkOENDVERPbHg5bHpCZ0tQOHZvRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmMvYzljY2M5LWM0MDUtNDI4Zi1iNzczLWRkMjNkYzQyNDFmYS8x
L1oydnhBWmhlMlRaSDZMa1dFTTBlNkZ3R0Eway5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMv
YzljY2M5LWM0MDUtNDI4Zi1iNzczLWRkMjNkYzQyNDFmYS8xL0ROU2NvWkFkOEND
VERPbHg5bHpCZ0tQOHZvRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAFvG9AMEArkWnAMEArmfJAMEArnK
RAMEAsOiVDANBAIAAjAHAwUAKgMEwDANBgkqhkiG9w0BAQsFAAOCAQEARzPowQRb
qk7+zoUNK3yHLi+WaXk8X5SmOq2Id/KzoskZk2IvOXJ4YOQIt9GEnoJMFQ1eeGgN
hikxs2/GEiQNDq0xhsnARvcIzeo4X5VOWmdSUSdHNAHe7swpujzaJKWXLTPMglMP
ZW8X039DfMLrcX3FJBBYiCP1V62l0RLf0hFXOvgYYWgIEgsVfPo8gwulIKY0Xysj
PRmeW0nuioNJZ6bXUf0ILLF0MpryJnPebZWnA3czDQx9ks4QqiGfl9JrahrKgubL
SnbSrCaeuihjPr3WQUqj3s3eI1Ad41T6Qhsi5VYm9wTKP8S4o3o8efx/zaCR963y
rjX/jdJyQscbpA==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:07:13 2025 by rpki-client