Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/i6WhQZsFTwzue9NphBe-tT78voU.roa
File: i6WhQZsFTwzue9NphBe-tT78voU.roa (raw, json)
Hash identifier: eN58GzJ1M1SvLPISA8r7Z27NeWTZGDx1XfeSOeqoRok=
Subject key identifier: 8B:A5:A1:41:9B:05:4F:0C:EE:7B:D3:69:84:17:BE:B5:3E:FC:BE:85
Certificate issuer: /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial: 01856DD4020E7671D1F1CDB50F8E9E62975B
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/i6WhQZsFTwzue9NphBe-tT78voU.roa
Signing time: Sun 01 Jan 2023 14:54:48 +0000
ROA not before: Sun 01 Jan 2023 14:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16342
IP address blocks: 85.89.160.0/20 maxlen: 20
77.237.0.0/19 maxlen: 19
85.89.176.0/20 maxlen: 20
185.67.216.0/22 maxlen: 22
185.67.217.0/24 maxlen: 24
185.67.216.0/24 maxlen: 24
185.67.218.0/24 maxlen: 24
185.67.219.0/24 maxlen: 24
31.182.0.0/15 maxlen: 17
217.113.224.0/20 maxlen: 20
2a03:af80::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:02:0e:76:71:d1:f1:cd:b5:0f:8e:9e:62:97:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Validity
Not Before: Jan 1 14:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8ba5a1419b054f0cee7bd3698417beb53efcbe85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:7d:d9:6b:02:12:71:4b:01:14:6a:4d:ad:99:
c0:f4:f8:20:6c:fe:0b:1b:72:4a:1e:22:3f:1f:1c:
75:00:94:5d:da:37:85:4e:5c:2d:e2:32:67:d8:6b:
46:4c:a5:45:77:41:9c:2c:91:81:1c:18:50:68:70:
b8:ff:3f:d2:6c:c3:c6:b8:1c:2d:b6:20:59:76:c0:
1e:d4:46:83:a1:cd:bf:24:af:d0:dc:2d:d6:3d:bd:
84:9e:0a:30:53:c9:db:cf:b5:0e:0c:5c:02:8f:ec:
84:db:01:79:ac:68:eb:cf:9d:35:3a:60:d9:e8:50:
70:b7:6d:59:79:24:01:63:c3:a1:b3:55:90:c8:c0:
84:7b:f2:4a:ec:49:79:d6:4b:3a:e5:fc:fe:48:cd:
c8:51:61:ce:bf:c7:e8:88:34:76:6d:a2:3c:70:10:
bc:7d:c6:50:6e:62:d5:a6:4b:96:fc:32:71:b1:33:
33:ae:ed:71:d2:cb:cf:36:d1:d8:f6:9b:d8:72:65:
41:c6:f6:0e:15:fe:43:e2:ed:6c:f2:d5:09:28:1c:
6b:fc:df:6e:51:b6:ba:c0:4c:3e:bf:ca:b1:b5:c3:
8a:42:0e:77:1d:8d:55:3f:c2:cc:69:58:5e:c9:5f:
44:23:69:b0:ff:2a:98:f8:26:01:26:0c:d5:00:6c:
c2:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:A5:A1:41:9B:05:4F:0C:EE:7B:D3:69:84:17:BE:B5:3E:FC:BE:85
X509v3 Authority Key Identifier:
keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/i6WhQZsFTwzue9NphBe-tT78voU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.182.0.0/15
77.237.0.0/19
85.89.160.0/19
185.67.216.0/22
217.113.224.0/20
IPv6:
2a03:af80::/29
Signature Algorithm: sha256WithRSAEncryption
95:53:6c:d3:27:d9:97:e6:7e:89:01:00:11:1c:50:78:8a:3c:
4d:2e:55:7a:b1:96:7b:06:71:88:48:db:d1:5e:39:9a:ca:e1:
dd:cd:68:9f:fc:85:a3:91:c7:14:ae:9b:d9:81:ce:2b:31:26:
2d:1d:c2:74:4f:5f:45:b9:e0:0b:46:42:e6:aa:50:b7:d3:77:
ca:c2:39:f3:01:e0:2f:aa:22:dc:c5:07:91:34:91:d7:19:bd:
5c:03:90:97:58:67:df:c9:06:b2:7d:7b:12:b3:fe:1d:eb:73:
0e:e5:22:af:18:86:e8:14:a3:75:6e:d5:10:c9:32:96:9b:4e:
5e:84:73:72:64:75:10:38:04:f4:e1:42:59:7a:71:b3:ec:87:
b4:3b:36:b4:f6:03:7c:10:e7:b0:1a:91:b0:cd:b9:7b:58:20:
9a:1f:f1:a5:82:a5:90:fd:7e:d1:f2:b4:9a:2d:7e:80:68:3b:
61:f3:c7:d7:e1:16:9c:06:bf:ac:51:e0:7a:a2:e4:14:f9:e3:
3d:da:48:39:66:7a:2f:4c:1f:b9:9d:d6:c8:c3:df:14:61:57:
04:61:ba:9b:fe:db:58:d8:56:b4:32:5e:52:25:1b:c8:71:78:
91:1e:d0:c5:41:a0:87:6e:2e:36:c7:fa:23:04:cb:7c:0a:5a:
d2:7b:c3:62
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVt1AIOdnHR8c21D46eYpdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTgzYjNhOTc1OGZjYmU3ODczM2Q5MTU1YWVkMjY2Yzg4
MmEyM2MwHhcNMjMwMTAxMTQ1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE1YTE0MTliMDU0ZjBjZWU3YmQzNjk4NDE3YmViNTNlZmNiZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH3ZawIScUsBFGpNrZnA9PggbP4L
G3JKHiI/Hxx1AJRd2jeFTlwt4jJn2GtGTKVFd0GcLJGBHBhQaHC4/z/SbMPGuBwt
tiBZdsAe1EaDoc2/JK/Q3C3WPb2EngowU8nbz7UODFwCj+yE2wF5rGjrz501OmDZ
6FBwt21ZeSQBY8Ohs1WQyMCEe/JK7El51ks65fz+SM3IUWHOv8foiDR2baI8cBC8
fcZQbmLVpkuW/DJxsTMzru1x0svPNtHY9pvYcmVBxvYOFf5D4u1s8tUJKBxr/N9u
Uba6wEw+v8qxtcOKQg53HY1VP8LMaVheyV9EI2mw/yqY+CYBJgzVAGzCbQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFIuloUGbBU8M7nvTaYQXvrU+/L6FMB8GA1UdIwQY
MBaAFMeYOzqXWPy+eHM9kVWu0mbIgqI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEt
MjM4NDA1ZjJjZGU5LzEvaTZXaFFac0ZUd3p1ZTlOcGhCZS10VDc4dm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEtMjM4NDA1ZjJjZGU5
LzEveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMBH7YDBAVN
7QADBAVVWaADBAK5Q9gDBATZceAwDQQCAAIwBwMFAyoDr4AwDQYJKoZIhvcNAQEL
BQADggEBAJVTbNMn2ZfmfokBABEcUHiKPE0uVXqxlnsGcYhI29FeOZrK4d3NaJ/8
haORxxSum9mBzisxJi0dwnRPX0W54AtGQuaqULfTd8rCOfMB4C+qItzFB5E0kdcZ
vVwDkJdYZ9/JBrJ9exKz/h3rcw7lIq8YhugUo3Vu1RDJMpabTl6Ec3JkdRA4BPTh
Qll6cbPsh7Q7NrT2A3wQ57AakbDNuXtYIJof8aWCpZD9ftHytJotfoBoO2Hzx9fh
FpwGv6xR4Hqi5BT54z3aSDlmei9MH7md1sjD3xRhVwRhupv+21jYVrQyXlIlG8hx
eJEe0MVBoIduLjbH+iMEy3wKWtJ7w2I=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:50:24 2025 by rpki-client