Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/xJz0Su-ANrn6B3QJGW1PBdqtAC4.roa
File: xJz0Su-ANrn6B3QJGW1PBdqtAC4.roa (raw, json)
Hash identifier: EkUTOvyMVxHmTUewa5I/737+1VA9ScIEKBFPRSS/SeM=
Subject key identifier: C4:9C:F4:4A:EF:80:36:B9:FA:07:74:09:19:6D:4F:05:DA:AD:00:2E
Certificate issuer: /CN=fbcd0233808570e31ffb2fcde1b877071cbc6603
Certificate serial: 0189AA0B312371362086DA2AFD714C80BDAD
Authority key identifier: FB:CD:02:33:80:85:70:E3:1F:FB:2F:CD:E1:B8:77:07:1C:BC:66:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/xJz0Su-ANrn6B3QJGW1PBdqtAC4.roa
Signing time: Mon 31 Jul 2023 03:43:27 +0000
ROA not before: Mon 31 Jul 2023 03:43:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207203
IP address blocks: 185.238.32.0/22 maxlen: 22
45.156.240.0/24 maxlen: 24
45.156.240.0/22 maxlen: 22
45.153.140.0/22 maxlen: 22
185.82.120.0/22 maxlen: 22
185.39.172.0/22 maxlen: 22
193.228.80.0/24 maxlen: 24
193.228.81.0/24 maxlen: 24
193.228.82.0/23 maxlen: 23
2a04:7700::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:aa:0b:31:23:71:36:20:86:da:2a:fd:71:4c:80:bd:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbcd0233808570e31ffb2fcde1b877071cbc6603
Validity
Not Before: Jul 31 03:43:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c49cf44aef8036b9fa077409196d4f05daad002e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:85:bc:54:20:46:3a:5b:87:06:cd:db:bf:c4:
17:18:51:6e:99:bb:bb:51:07:17:f7:af:62:20:18:
59:5f:ac:77:76:0b:4a:d2:3f:a9:d7:2d:38:6d:08:
cc:fd:9a:9c:36:96:45:cf:fa:e4:ea:3a:0d:26:ba:
95:06:05:e6:89:7d:38:c0:ba:b2:f4:ff:34:a2:c9:
76:17:ff:78:8f:db:e1:ef:cb:0e:95:a7:52:fa:e4:
bb:33:a0:72:a5:6d:14:c3:4b:ed:72:79:88:d3:e3:
66:0b:36:ab:df:b1:ca:3b:59:aa:d2:b4:2e:52:a1:
f2:32:61:cb:85:d1:78:cf:73:f6:b6:5c:f8:28:e3:
26:b5:af:ea:ab:e9:0b:cb:ea:a7:73:19:fa:30:3f:
78:fb:5c:46:3c:f6:4b:d5:b4:98:a1:33:07:93:e9:
f5:d7:53:13:37:29:53:68:8c:75:b4:4d:a5:ca:de:
a4:8e:e7:2a:29:c7:86:82:03:a6:93:32:37:c3:15:
83:e6:76:52:a6:74:66:32:43:f7:97:ae:7c:22:d1:
99:29:b1:c8:37:6e:de:21:41:59:7b:3e:90:ef:85:
c8:a1:f4:2a:09:73:c3:8c:13:c3:db:35:c5:12:b4:
16:f2:bd:27:00:3d:e5:1e:ed:5e:ae:e5:1e:9f:26:
cc:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:9C:F4:4A:EF:80:36:B9:FA:07:74:09:19:6D:4F:05:DA:AD:00:2E
X509v3 Authority Key Identifier:
keyid:FB:CD:02:33:80:85:70:E3:1F:FB:2F:CD:E1:B8:77:07:1C:BC:66:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/xJz0Su-ANrn6B3QJGW1PBdqtAC4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.140.0/22
45.156.240.0/22
185.39.172.0/22
185.82.120.0/22
185.238.32.0/22
193.228.80.0/22
IPv6:
2a04:7700::/29
Signature Algorithm: sha256WithRSAEncryption
95:b7:54:e0:2b:41:6c:4c:36:94:79:3e:29:8c:8a:69:4d:67:
7e:db:1b:dd:34:14:df:0a:bd:28:47:46:a9:6c:c9:e8:42:e7:
68:92:23:55:36:95:fd:e5:eb:92:fe:bb:9a:48:17:d3:ef:41:
a8:65:28:f3:9f:8f:16:9d:d9:30:d5:76:f0:4c:14:45:0c:2b:
24:d7:9a:7e:a0:4e:8f:50:71:d4:3b:71:7f:d3:ab:ac:7c:c2:
0a:af:25:a9:cc:22:a5:a7:5b:93:fc:ad:7b:96:b5:6f:ec:71:
a9:dc:2c:b9:29:a6:43:04:7b:21:a0:d9:99:cb:16:40:ee:c9:
4a:8d:b4:25:64:a3:a1:55:2e:2b:e3:6a:2f:c0:6a:f4:90:c0:
9d:86:18:d6:77:a5:b2:63:75:25:5d:99:27:0e:88:72:5c:4b:
09:af:e0:f3:3f:18:88:d5:68:f4:51:b6:6c:23:26:9a:b5:9d:
60:4e:4a:5a:37:7f:19:c4:83:f2:e7:b8:b0:43:3f:57:c7:49:
60:09:b5:9f:ff:ef:85:88:fe:4b:fe:bb:38:f8:dd:d4:43:a5:
cb:69:f6:e0:45:c7:5b:79:05:9e:eb:29:aa:e0:3e:e8:cb:66:
77:f0:11:a2:dd:96:c7:d8:0f:0f:72:3f:3e:ab:87:80:8e:6f:
df:bc:27:2f
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYmqCzEjcTYghtoq/XFMgL2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiY2QwMjMzODA4NTcwZTMxZmZiMmZjZGUxYjg3NzA3MWNi
YzY2MDMwHhcNMjMwNzMxMDM0MzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDljZjQ0YWVmODAzNmI5ZmEwNzc0MDkxOTZkNGYwNWRhYWQwMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYW8VCBGOluHBs3bv8QXGFFumbu7
UQcX969iIBhZX6x3dgtK0j+p1y04bQjM/ZqcNpZFz/rk6joNJrqVBgXmiX04wLqy
9P80osl2F/94j9vh78sOladS+uS7M6BypW0Uw0vtcnmI0+NmCzar37HKO1mq0rQu
UqHyMmHLhdF4z3P2tlz4KOMmta/qq+kLy+qncxn6MD94+1xGPPZL1bSYoTMHk+n1
11MTNylTaIx1tE2lyt6kjucqKceGggOmkzI3wxWD5nZSpnRmMkP3l658ItGZKbHI
N27eIUFZez6Q74XIofQqCXPDjBPD2zXFErQW8r0nAD3lHu1eruUenybMIQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFMSc9ErvgDa5+gd0CRltTwXarQAuMB8GA1UdIwQY
MBaAFPvNAjOAhXDjH/svzeG4dwccvGYDMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS04MENNNENGY09NZi15X040YmgzQnh5OFpnTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvM2I1MTEwLTUxNjctNDhlMC04NTk3
LTYxZDczMzNmODU3MC8xL3hKejBTdS1BTnJuNkIzUUpHVzFQQmRxdEFDNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmQvM2I1MTEwLTUxNjctNDhlMC04NTk3LTYxZDczMzNmODU3
MC8xLzEtODBDTTRDRmNPTWYteV9ONGJoM0J4eThaZ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTAYIKwYBBQUHAQcBAf8EPTA7MCoEAgABMCQDBAItmYwD
BAItnPADBAK5J6wDBAK5UngDBAK57iADBALB5FAwDQQCAAIwBwMFAyoEdwAwDQYJ
KoZIhvcNAQELBQADggEBAJW3VOArQWxMNpR5PimMimlNZ37bG900FN8KvShHRqls
yehC52iSI1U2lf3l65L+u5pIF9PvQahlKPOfjxad2TDVdvBMFEUMKyTXmn6gTo9Q
cdQ7cX/Tq6x8wgqvJanMIqWnW5P8rXuWtW/scancLLkppkMEeyGg2ZnLFkDuyUqN
tCVko6FVLivjai/AavSQwJ2GGNZ3pbJjdSVdmScOiHJcSwmv4PM/GIjVaPRRtmwj
Jpq1nWBOSlo3fxnEg/LnuLBDP1fHSWAJtZ//74WI/kv+uzj43dRDpctp9uBFx1t5
BZ7rKargPujLZnfwEaLdlsfYDw9yPz6rh4COb9+8Jy8=
-----END CERTIFICATE-----
Generated at Sun Apr 20 17:36:49 2025 by rpki-client