Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/B-SXSucKq_iaWpLxlqqNux-QNCE.roa
File: B-SXSucKq_iaWpLxlqqNux-QNCE.roa (raw, json)
Hash identifier: 7d1ylmRQ1r5rGmHf06FaJsiolog28Y1oLlqBvXUpSEY=
Subject key identifier: 07:E4:97:4A:E7:0A:AB:F8:9A:5A:92:F1:96:AA:8D:BB:1F:90:34:21
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 018C3AB256878D880D1CF92743F0B8537675
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/B-SXSucKq_iaWpLxlqqNux-QNCE.roa
Signing time: Tue 05 Dec 2023 15:56:55 +0000
ROA not before: Tue 05 Dec 2023 15:56:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60490
IP address blocks: 176.109.67.0/24 maxlen: 24
176.109.65.0/24 maxlen: 24
194.150.89.0/24 maxlen: 24
194.150.90.0/24 maxlen: 24
194.150.88.0/24 maxlen: 24
194.150.91.0/24 maxlen: 24
176.109.64.0/24 maxlen: 24
2a02:28:7::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:b2:56:87:8d:88:0d:1c:f9:27:43:f0:b8:53:76:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Dec 5 15:56:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=07e4974ae70aabf89a5a92f196aa8dbb1f903421
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:e3:3b:f6:c3:33:ef:5b:dc:73:3f:1a:32:87:
11:86:5e:a7:95:79:33:df:92:fc:84:33:b9:7d:4b:
26:84:2e:91:47:26:d0:29:1e:bd:58:4c:10:71:c2:
bb:cb:27:04:3b:a2:bc:80:90:6f:22:09:70:05:c6:
9b:2f:5f:7d:8f:b5:08:c2:7f:e9:4e:eb:5c:fc:09:
f3:4b:dd:f2:2e:37:18:89:23:8d:68:a4:aa:06:e1:
d8:2c:6c:1a:8f:e5:4f:28:52:5d:07:bd:3f:a4:ea:
b2:04:d7:c8:2d:83:18:79:ae:97:f8:88:0d:3e:83:
15:89:e5:f3:49:89:64:9e:92:d9:83:be:8e:cd:b9:
e0:5a:96:40:ce:6d:14:6d:05:e0:57:d5:d3:c6:4c:
7c:d9:21:ac:b9:bd:1a:6c:25:52:2c:d1:04:d2:f0:
cf:0b:9e:f2:f3:9a:13:0a:68:bf:30:a9:1b:a7:55:
4f:f9:54:83:f4:cb:08:73:6c:ed:2e:91:ec:10:34:
70:5e:48:ae:83:34:8f:96:40:f7:07:e9:c5:d3:c3:
c0:a9:52:a5:04:c9:f6:e2:8c:0a:5a:b8:dc:ca:30:
c7:c3:39:9e:b5:33:1c:12:59:82:da:1c:ab:15:82:
8a:88:04:9e:ba:a8:21:0c:45:9a:68:af:7a:61:2b:
eb:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:E4:97:4A:E7:0A:AB:F8:9A:5A:92:F1:96:AA:8D:BB:1F:90:34:21
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/B-SXSucKq_iaWpLxlqqNux-QNCE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.109.64.0/23
176.109.67.0/24
194.150.88.0/22
IPv6:
2a02:28:7::/48
Signature Algorithm: sha256WithRSAEncryption
86:2b:94:5d:17:c7:08:14:54:ec:b3:74:e5:a9:79:7d:94:6e:
b9:5d:44:b1:ef:45:80:65:ac:75:c7:09:d4:75:22:21:69:48:
4e:64:c7:9e:ed:1c:56:a2:04:71:bb:75:32:0c:25:5b:79:f7:
f4:81:d3:cd:20:df:e7:a8:34:21:36:20:b3:57:2c:30:e5:92:
c1:1c:53:99:d4:28:9d:fd:18:01:b5:3d:5a:a7:93:eb:69:3a:
a0:a9:ca:dd:77:d4:d8:7b:0f:a5:4d:35:67:45:9b:0c:82:78:
a9:ed:bb:d1:17:7e:db:ef:7c:c8:67:24:bb:78:8e:68:da:51:
14:52:f4:4d:e4:82:c7:b7:f2:8d:3e:c2:1e:79:2c:1e:3c:67:
66:14:fb:7c:26:e0:9a:2f:4d:60:8b:92:9f:4c:df:84:bd:ad:
31:b6:b2:a8:78:de:b9:0a:3d:f7:22:46:42:b2:dd:46:ca:b9:
7f:c5:93:b7:46:1f:1c:71:35:4e:6a:0e:96:bb:d1:c2:1e:7a:
91:2f:ce:36:f3:f0:da:2f:22:d1:0b:82:ac:f6:5d:3e:9b:3e:
f0:d9:a5:75:52:17:6f:9d:2d:ce:21:3d:da:5d:cd:f1:05:29:
b1:77:ab:67:0b:ed:85:fe:8a:b3:15:a9:dd:eb:33:a4:a9:d1:
a8:31:0d:00
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYw6slaHjYgNHPknQ/C4U3Z1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA1MTU1NjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2U0OTc0YWU3MGFhYmY4OWE1YTkyZjE5NmFhOGRiYjFmOTAzNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeM79sMz71vccz8aMocRhl6nlXkz
35L8hDO5fUsmhC6RRybQKR69WEwQccK7yycEO6K8gJBvIglwBcabL199j7UIwn/p
Tutc/AnzS93yLjcYiSONaKSqBuHYLGwaj+VPKFJdB70/pOqyBNfILYMYea6X+IgN
PoMVieXzSYlknpLZg76OzbngWpZAzm0UbQXgV9XTxkx82SGsub0abCVSLNEE0vDP
C57y85oTCmi/MKkbp1VP+VSD9MsIc2ztLpHsEDRwXkiugzSPlkD3B+nF08PAqVKl
BMn24owKWrjcyjDHwzmetTMcElmC2hyrFYKKiASeuqghDEWaaK96YSvrmwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFAfkl0rnCqv4mlqS8ZaqjbsfkDQhMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvQi1TWFN1Y0txX2lhV3BMeGxxcU51eC1RTkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQBsG1AAwQA
sG1DAwQCwpZYMA8EAgACMAkDBwAqAgAoAAcwDQYJKoZIhvcNAQELBQADggEBAIYr
lF0XxwgUVOyzdOWpeX2UbrldRLHvRYBlrHXHCdR1IiFpSE5kx57tHFaiBHG7dTIM
JVt59/SB080g3+eoNCE2ILNXLDDlksEcU5nUKJ39GAG1PVqnk+tpOqCpyt131Nh7
D6VNNWdFmwyCeKntu9EXftvvfMhnJLt4jmjaURRS9E3kgse38o0+wh55LB48Z2YU
+3wm4JovTWCLkp9M34S9rTG2sqh43rkKPfciRkKy3UbKuX/Fk7dGHxxxNU5qDpa7
0cIeepEvzjbz8NovItELgqz2XT6bPvDZpXVSF2+dLc4hPdpdzfEFKbF3q2cL7YX+
irMVqd3rM6Sp0agxDQA=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:51:09 2025 by rpki-client