Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/_G67c8eb3FFCymekZOMBBIqYusk.roa
File: _G67c8eb3FFCymekZOMBBIqYusk.roa (raw, json)
Hash identifier: wfRKZXZN+0XWVpCFA52f3eXH/u54MrmoS3v3DEw+SPY=
Subject key identifier: FC:6E:BB:73:C7:9B:DC:51:42:CA:67:A4:64:E3:01:04:8A:98:BA:C9
Certificate issuer: /CN=149d1f67a41ca2e405017cbe48bafff1733e3869
Certificate serial: 018612912C578393B3B11135DCEE4610A57E
Authority key identifier: 14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/_G67c8eb3FFCymekZOMBBIqYusk.roa
Signing time: Thu 02 Feb 2023 14:39:09 +0000
ROA not before: Thu 02 Feb 2023 14:39:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207728
IP address blocks: 46.28.234.0/24 maxlen: 24
93.88.74.0/24 maxlen: 24
185.162.11.0/24 maxlen: 24
185.162.9.0/24 maxlen: 24
31.10.5.0/24 maxlen: 24
87.236.177.0/24 maxlen: 24
31.210.170.0/23 maxlen: 24
31.210.173.0/24 maxlen: 24
2a12:9cc0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:12:91:2c:57:83:93:b3:b1:11:35:dc:ee:46:10:a5:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=149d1f67a41ca2e405017cbe48bafff1733e3869
Validity
Not Before: Feb 2 14:39:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fc6ebb73c79bdc5142ca67a464e301048a98bac9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:6f:e3:60:14:fd:f6:f6:84:e7:d0:f5:ad:a0:
7c:50:38:b8:0b:53:47:ab:6b:f7:b0:38:0c:af:34:
55:d5:f1:59:a9:f7:cf:16:74:d6:4d:02:9e:85:47:
12:6f:7e:6a:6b:8b:a1:a4:f2:23:97:75:d1:af:c9:
14:0c:1c:83:a2:96:bb:98:79:79:8a:fb:ac:3a:ac:
4e:ab:d6:66:eb:b5:68:99:2c:2e:9f:fe:f3:24:fd:
23:d8:3e:9a:0e:0e:3a:39:a9:9c:44:3a:48:46:a3:
01:23:03:db:73:f1:c7:43:55:26:e3:4e:9f:fa:8d:
cc:2f:26:13:77:f3:8b:c9:e1:46:0a:53:16:01:cb:
49:98:52:0f:72:9c:94:f8:e9:31:8c:bc:ba:f7:ab:
cd:a1:4f:23:6d:ba:50:84:c7:08:c7:84:65:a7:5f:
16:3d:5f:c3:b1:73:fb:0a:ae:05:e1:83:67:20:4e:
9c:31:53:07:68:24:45:3e:1e:65:b6:50:33:92:0f:
d8:9a:e3:ca:06:8a:76:5a:dd:59:1c:2f:09:77:ce:
26:26:2d:d5:e5:e3:ab:46:7d:ef:52:51:76:ad:6e:
b8:da:47:f2:a2:fe:bf:6c:bf:d3:66:ad:41:15:7f:
54:ba:b0:58:e6:97:41:c9:d7:ac:2e:6c:df:b9:cb:
e5:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:6E:BB:73:C7:9B:DC:51:42:CA:67:A4:64:E3:01:04:8A:98:BA:C9
X509v3 Authority Key Identifier:
keyid:14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/_G67c8eb3FFCymekZOMBBIqYusk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.10.5.0/24
31.210.170.0/23
31.210.173.0/24
46.28.234.0/24
87.236.177.0/24
93.88.74.0/24
185.162.9.0/24
185.162.11.0/24
IPv6:
2a12:9cc0::/29
Signature Algorithm: sha256WithRSAEncryption
15:a1:8a:9f:f5:77:9f:e5:b2:dc:8a:6c:14:9a:20:03:47:2d:
16:21:15:df:a6:a0:0f:45:8f:88:68:a3:6a:74:51:d6:90:e8:
80:5a:c0:c4:26:7d:19:d1:5e:61:5c:93:9e:cd:99:59:aa:52:
2c:10:f0:83:ed:57:88:6b:1d:b2:0f:5a:d9:8e:6e:4f:b9:32:
76:07:5a:e8:4a:16:ce:cc:db:32:6b:14:08:72:e2:b2:84:09:
6f:e8:04:e7:58:05:2a:8c:08:64:7a:97:b2:e9:81:5e:c1:6b:
5e:0f:6c:a8:17:cf:40:43:25:c0:1e:0a:12:ca:59:ee:ac:f8:
7e:a3:f9:da:3c:91:a2:62:f7:44:14:5a:52:59:94:51:a2:23:
ab:1d:43:a2:8d:cb:78:db:8e:a0:a3:c6:41:fd:17:c0:c9:ce:
3c:4d:8b:71:14:d8:13:7c:4b:06:d9:ad:cb:a6:b7:f5:07:68:
9c:85:2d:39:c3:2f:26:03:a0:34:51:43:52:67:98:db:be:d5:
f2:78:5e:60:1c:06:b1:37:ad:bb:63:51:10:0a:81:6a:f0:a8:
99:e0:06:11:61:dd:c4:5b:d8:c4:60:0c:98:1f:9d:9e:40:e7:
7f:de:62:63:05:0d:49:fd:ff:fb:59:22:89:c6:0d:2b:47:7d:
3e:e4:e4:9c
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYYSkSxXg5OzsRE13O5GEKV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0OWQxZjY3YTQxY2EyZTQwNTAxN2NiZTQ4YmFmZmYxNzMz
ZTM4NjkwHhcNMjMwMjAyMTQzOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzZlYmI3M2M3OWJkYzUxNDJjYTY3YTQ2NGUzMDEwNDhhOThiYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum/jYBT99vaE59D1raB8UDi4C1NH
q2v3sDgMrzRV1fFZqffPFnTWTQKehUcSb35qa4uhpPIjl3XRr8kUDByDopa7mHl5
ivusOqxOq9Zm67VomSwun/7zJP0j2D6aDg46OamcRDpIRqMBIwPbc/HHQ1Um406f
+o3MLyYTd/OLyeFGClMWActJmFIPcpyU+OkxjLy696vNoU8jbbpQhMcIx4Rlp18W
PV/DsXP7Cq4F4YNnIE6cMVMHaCRFPh5ltlAzkg/YmuPKBop2Wt1ZHC8Jd84mJi3V
5eOrRn3vUlF2rW642kfyov6/bL/TZq1BFX9UurBY5pdBydesLmzfucvl6wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFPxuu3PHm9xRQspnpGTjAQSKmLrJMB8GA1UdIwQY
MBaAFBSdH2ekHKLkBQF8vki6//FzPjhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDkt
NTQ4NTY4MmEwNWY1LzEvX0c2N2M4ZWIzRkZDeW1la1pPTUJCSXFZdXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDktNTQ4NTY4MmEwNWY1
LzEvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQAHwoFAwQB
H9KqAwQAH9KtAwQALhzqAwQAV+yxAwQAXVhKAwQAuaIJAwQAuaILMA0EAgACMAcD
BQMqEpzAMA0GCSqGSIb3DQEBCwUAA4IBAQAVoYqf9Xef5bLcimwUmiADRy0WIRXf
pqAPRY+IaKNqdFHWkOiAWsDEJn0Z0V5hXJOezZlZqlIsEPCD7VeIax2yD1rZjm5P
uTJ2B1roShbOzNsyaxQIcuKyhAlv6ATnWAUqjAhkepey6YFewWteD2yoF89AQyXA
HgoSylnurPh+o/naPJGiYvdEFFpSWZRRoiOrHUOijct4246go8ZB/RfAyc48TYtx
FNgTfEsG2a3Lprf1B2ichS05wy8mA6A0UUNSZ5jbvtXyeF5gHAaxN627Y1EQCoFq
8KiZ4AYRYd3EW9jEYAyYH52eQOd/3mJjBQ1J/f/7WSKJxg0rR30+5OSc
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:16:03 2025 by rpki-client