Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/BcYDXRUIuTLyfeEnqj38tYBN0fg.roa
File: BcYDXRUIuTLyfeEnqj38tYBN0fg.roa (raw, json)
Hash identifier: cnJD0trjNZaov5JXs3tBhnsrwmz20X7QlNzLVb8jWPY=
Subject key identifier: 05:C6:03:5D:15:08:B9:32:F2:7D:E1:27:AA:3D:FC:B5:80:4D:D1:F8
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 018C40CA648A9AC1CD10C3976939D1ECCC6E
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/BcYDXRUIuTLyfeEnqj38tYBN0fg.roa
Signing time: Wed 06 Dec 2023 20:20:54 +0000
ROA not before: Wed 06 Dec 2023 20:20:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60490
IP address blocks: 176.109.70.0/24 maxlen: 24
176.109.67.0/24 maxlen: 24
176.109.65.0/24 maxlen: 24
194.150.89.0/24 maxlen: 24
194.150.90.0/24 maxlen: 24
194.150.88.0/24 maxlen: 24
194.150.91.0/24 maxlen: 24
176.109.64.0/24 maxlen: 24
2a02:28:7::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:40:ca:64:8a:9a:c1:cd:10:c3:97:69:39:d1:ec:cc:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Dec 6 20:20:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=05c6035d1508b932f27de127aa3dfcb5804dd1f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:92:62:fc:ec:65:67:08:c8:43:1a:9d:b2:6d:
5f:b3:ac:3c:63:26:9d:a9:8a:cc:39:96:df:a0:dd:
b9:17:29:db:de:cb:7f:85:71:4d:a2:a0:69:22:70:
34:f8:65:bc:04:01:fb:d5:08:dd:8c:59:ae:cc:af:
4e:0e:20:73:05:c6:ec:76:d5:e7:77:e3:e7:a9:14:
6c:ee:7b:7e:12:59:20:5c:21:0d:b3:cf:78:dc:01:
dd:44:2a:1d:4a:7d:70:f8:49:78:91:70:4d:94:2b:
c9:96:b3:4e:85:63:79:dd:05:2f:01:45:31:e6:e6:
3a:66:10:31:3b:10:c9:af:b9:80:f0:2a:7d:59:8d:
eb:00:39:2f:f0:53:e9:cc:ae:c8:5d:e3:13:e4:f3:
61:5a:36:d4:8b:c5:a6:a1:3a:00:3b:91:65:3a:90:
32:63:1f:55:f3:a0:ec:a1:dd:c8:30:5b:4b:fe:fc:
fb:b6:95:62:de:ee:30:2f:9e:b6:d3:dc:b8:27:c3:
33:bc:c5:06:66:ec:97:54:95:1e:10:70:88:a8:be:
f0:4c:5c:fd:f7:70:e4:8f:ae:7b:2e:0c:34:10:f7:
7f:63:ba:c7:8c:31:41:4f:6a:f7:29:7a:02:c7:c6:
41:ca:44:45:aa:3c:fa:50:9c:9e:34:86:76:e2:f1:
45:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:C6:03:5D:15:08:B9:32:F2:7D:E1:27:AA:3D:FC:B5:80:4D:D1:F8
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/BcYDXRUIuTLyfeEnqj38tYBN0fg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.109.64.0/23
176.109.67.0/24
176.109.70.0/24
194.150.88.0/22
IPv6:
2a02:28:7::/48
Signature Algorithm: sha256WithRSAEncryption
70:c0:7b:cd:3d:36:6c:87:f5:7c:63:3a:03:26:20:df:c5:0f:
50:c6:e6:47:cc:ca:f2:3a:a6:10:cd:ae:39:de:7f:59:bb:05:
e6:a1:f5:81:8f:e8:12:ff:b9:6f:fd:79:2c:9f:66:f5:22:87:
da:cc:2b:ec:96:2d:04:62:f8:26:da:50:d9:a7:42:05:93:af:
20:d1:a6:bc:2c:87:93:f0:2a:d3:f5:d8:d6:84:93:71:bd:b0:
67:15:96:d0:5b:9c:a5:bf:6c:a5:05:1d:64:8a:e9:0c:51:92:
3f:fc:c1:53:57:1c:a7:28:1a:55:ac:8f:fa:fa:57:6b:26:9a:
01:12:5f:fd:4a:56:f7:9e:46:31:d3:a0:e9:9a:ad:0f:1d:b8:
65:79:f6:a2:3c:8e:ee:0a:d1:aa:70:12:a7:29:5f:48:6e:55:
83:33:fe:33:d2:f1:80:69:3d:c2:f5:e6:d6:3d:64:5a:2f:31:
1c:f0:f0:7c:cc:47:56:95:21:3d:b0:18:8f:da:9c:6a:96:e0:
09:44:81:6b:9f:9b:ff:b0:ba:2c:29:80:d3:df:ab:1e:da:28:
14:f3:87:07:4c:7c:e9:9e:e2:f6:ac:c8:66:9b:00:4a:62:8a:
c3:bd:da:b6:77:a8:ca:e4:eb:2e:27:f9:24:ce:bd:93:f8:98:
f2:bf:34:29
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYxAymSKmsHNEMOXaTnR7MxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA2MjAyMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWM2MDM1ZDE1MDhiOTMyZjI3ZGUxMjdhYTNkZmNiNTgwNGRkMWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5Ji/OxlZwjIQxqdsm1fs6w8Yyad
qYrMOZbfoN25Fynb3st/hXFNoqBpInA0+GW8BAH71QjdjFmuzK9ODiBzBcbsdtXn
d+PnqRRs7nt+ElkgXCENs8943AHdRCodSn1w+El4kXBNlCvJlrNOhWN53QUvAUUx
5uY6ZhAxOxDJr7mA8Cp9WY3rADkv8FPpzK7IXeMT5PNhWjbUi8WmoToAO5FlOpAy
Yx9V86Dsod3IMFtL/vz7tpVi3u4wL56209y4J8MzvMUGZuyXVJUeEHCIqL7wTFz9
93Dkj657Lgw0EPd/Y7rHjDFBT2r3KXoCx8ZBykRFqjz6UJyeNIZ24vFFdwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFAXGA10VCLky8n3hJ6o9/LWATdH4MB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvQmNZRFhSVUl1VEx5ZmVFbnFqMzh0WUJOMGZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQBsG1AAwQA
sG1DAwQAsG1GAwQCwpZYMA8EAgACMAkDBwAqAgAoAAcwDQYJKoZIhvcNAQELBQAD
ggEBAHDAe809NmyH9XxjOgMmIN/FD1DG5kfMyvI6phDNrjnef1m7Beah9YGP6BL/
uW/9eSyfZvUih9rMK+yWLQRi+CbaUNmnQgWTryDRprwsh5PwKtP12NaEk3G9sGcV
ltBbnKW/bKUFHWSK6QxRkj/8wVNXHKcoGlWsj/r6V2smmgESX/1KVveeRjHToOma
rQ8duGV59qI8ju4K0apwEqcpX0huVYMz/jPS8YBpPcL15tY9ZFovMRzw8HzMR1aV
IT2wGI/anGqW4AlEgWufm/+wuiwpgNPfqx7aKBTzhwdMfOme4vasyGabAEpiisO9
2rZ3qMrk6y4n+STOvZP4mPK/NCk=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:36:42 2025 by rpki-client