Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/lVQ8KXteaqasj0UlLta6kHZQzVc.roa
File: lVQ8KXteaqasj0UlLta6kHZQzVc.roa (raw, json)
Hash identifier: P0ufGnVwuDvTcdrp7kRCXtZEbAGYjQFqmQBtHafbK6Q=
Subject key identifier: 95:54:3C:29:7B:5E:6A:A6:AC:8F:45:25:2E:D6:BA:90:76:50:CD:57
Certificate issuer: /CN=834d966d00afbc39b5958bc1a6ed5793ffc0c54d
Certificate serial: 01856DD430BD904DCCD64A58DC21C1E5528D
Authority key identifier: 83:4D:96:6D:00:AF:BC:39:B5:95:8B:C1:A6:ED:57:93:FF:C0:C5:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g02WbQCvvDm1lYvBpu1Xk__AxU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/lVQ8KXteaqasj0UlLta6kHZQzVc.roa
Signing time: Sun 01 Jan 2023 14:55:00 +0000
ROA not before: Sun 01 Jan 2023 14:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61408
IP address blocks: 185.35.191.0/24 maxlen: 24
185.35.190.0/23 maxlen: 23
185.35.190.0/24 maxlen: 24
185.35.189.0/24 maxlen: 24
185.35.188.0/24 maxlen: 24
185.35.188.0/23 maxlen: 23
185.35.188.0/22 maxlen: 22
5.56.2.0/24 maxlen: 24
5.56.3.0/24 maxlen: 24
5.56.4.0/22 maxlen: 22
5.56.2.0/23 maxlen: 23
5.56.1.0/24 maxlen: 24
5.56.0.0/21 maxlen: 21
5.56.0.0/22 maxlen: 22
5.56.0.0/23 maxlen: 23
5.56.0.0/24 maxlen: 24
5.56.4.0/23 maxlen: 23
5.56.4.0/24 maxlen: 24
5.56.7.0/24 maxlen: 24
5.56.6.0/24 maxlen: 24
5.56.6.0/23 maxlen: 23
5.56.5.0/24 maxlen: 24
2a03:30c0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:30:bd:90:4d:cc:d6:4a:58:dc:21:c1:e5:52:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=834d966d00afbc39b5958bc1a6ed5793ffc0c54d
Validity
Not Before: Jan 1 14:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=95543c297b5e6aa6ac8f45252ed6ba907650cd57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:5a:e7:92:b4:3d:20:13:55:03:29:0f:97:98:
c8:44:24:6e:54:d6:b5:00:7d:e9:fd:88:c7:45:5a:
31:80:a2:b7:d8:27:b5:19:8d:fb:a2:94:6a:c1:4d:
82:50:3a:30:16:ad:5e:e8:1d:af:77:da:3a:d4:13:
c7:e2:3e:d5:da:74:40:1f:56:a6:b6:4e:c3:fa:55:
7d:89:a8:12:81:3c:88:a4:f6:81:0f:9d:a0:af:e0:
9c:86:5e:54:13:96:5d:f1:a9:df:3c:b8:ae:cb:3a:
85:5f:3e:ff:2a:b3:c3:8c:6a:8f:f6:b6:56:1e:36:
be:74:06:74:43:d9:49:06:33:98:5b:db:47:a6:58:
15:c3:1a:7e:28:87:97:36:f3:ed:db:df:27:8f:80:
4d:41:6a:a7:5f:4c:7e:1a:53:10:43:68:86:c9:3b:
cb:b4:a3:fc:38:7e:a0:35:d5:b1:f0:b2:bd:0b:30:
c6:f9:4f:b1:09:f8:bf:76:c2:fc:d5:42:97:1d:ef:
84:60:07:55:41:1d:c2:23:81:45:ae:b5:91:08:04:
75:f9:6c:40:6a:96:fc:6f:c3:c7:e7:71:d4:57:fe:
0d:91:3a:95:15:cb:e4:65:70:bb:8d:3a:c9:c1:b3:
e4:c2:85:20:09:fd:2a:4b:6a:09:70:d0:35:24:11:
54:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:54:3C:29:7B:5E:6A:A6:AC:8F:45:25:2E:D6:BA:90:76:50:CD:57
X509v3 Authority Key Identifier:
keyid:83:4D:96:6D:00:AF:BC:39:B5:95:8B:C1:A6:ED:57:93:FF:C0:C5:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g02WbQCvvDm1lYvBpu1Xk__AxU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/lVQ8KXteaqasj0UlLta6kHZQzVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/g02WbQCvvDm1lYvBpu1Xk__AxU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.56.0.0/21
185.35.188.0/22
IPv6:
2a03:30c0::/32
Signature Algorithm: sha256WithRSAEncryption
15:13:87:89:aa:41:66:61:49:1c:1e:56:6d:ba:77:c5:42:59:
2f:34:fe:2f:5a:e0:34:bb:bc:fb:58:be:b1:71:9f:c4:4a:21:
0c:9c:53:81:2e:5b:cc:44:ba:49:5e:60:63:c1:42:4d:68:76:
80:45:13:e0:ce:e6:a8:41:46:30:3e:7d:c3:86:84:00:c3:3a:
9e:a5:a0:df:62:4e:e5:4f:ec:d9:6b:94:2c:81:ff:86:90:b8:
9a:c5:d0:99:8e:67:44:ec:44:d3:a4:9b:67:d5:1e:e7:67:1c:
7c:d4:0e:20:4f:b0:9a:c0:9f:4c:ac:81:83:57:7e:db:8f:e3:
5f:56:e4:0e:fb:92:42:f6:7b:92:22:97:8d:be:50:68:7f:3a:
55:e2:4d:01:eb:b8:05:e3:08:14:35:1d:fa:e2:95:76:f5:4a:
7b:2e:4f:21:5a:bf:21:33:5f:e3:a7:af:22:e2:d6:61:19:86:
cf:d4:ec:73:b0:b1:0a:4d:c1:0f:43:65:9b:8a:52:63:4f:d4:
7d:5b:cb:b2:6f:5f:db:a2:62:5a:7f:24:a9:31:a2:e8:be:6b:
e0:64:c0:d1:d3:19:ee:63:f4:2b:8a:9b:5c:78:82:7e:32:1e:
48:f8:ec:0e:d1:77:d8:f6:af:bc:bb:2b:90:7c:52:cf:85:d3:
8c:56:2f:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVt1DC9kE3M1kpY3CHB5VKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNGQ5NjZkMDBhZmJjMzliNTk1OGJjMWE2ZWQ1NzkzZmZj
MGM1NGQwHhcNMjMwMTAxMTQ1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTU0M2MyOTdiNWU2YWE2YWM4ZjQ1MjUyZWQ2YmE5MDc2NTBjZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlrnkrQ9IBNVAykPl5jIRCRuVNa1
AH3p/YjHRVoxgKK32Ce1GY37opRqwU2CUDowFq1e6B2vd9o61BPH4j7V2nRAH1am
tk7D+lV9iagSgTyIpPaBD52gr+Cchl5UE5Zd8anfPLiuyzqFXz7/KrPDjGqP9rZW
Hja+dAZ0Q9lJBjOYW9tHplgVwxp+KIeXNvPt298nj4BNQWqnX0x+GlMQQ2iGyTvL
tKP8OH6gNdWx8LK9CzDG+U+xCfi/dsL81UKXHe+EYAdVQR3CI4FFrrWRCAR1+WxA
apb8b8PH53HUV/4NkTqVFcvkZXC7jTrJwbPkwoUgCf0qS2oJcNA1JBFUWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJVUPCl7XmqmrI9FJS7WupB2UM1XMB8GA1UdIwQY
MBaAFINNlm0Ar7w5tZWLwabtV5P/wMVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzAyV2JRQ3Z2RG0xbFl2QnB1MVhrX19BeFUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84ODMwYTQtNmM4My00MzM4LWJhZmQt
YjVkMWU5MDIzMTBhLzEvbFZROEtYdGVhcWFzajBVbEx0YTZrSFpRelZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84ODMwYTQtNmM4My00MzM4LWJhZmQtYjVkMWU5MDIzMTBh
LzEvZzAyV2JRQ3Z2RG0xbFl2QnB1MVhrX19BeFUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBTgAAwQC
uSO8MA0EAgACMAcDBQAqAzDAMA0GCSqGSIb3DQEBCwUAA4IBAQAVE4eJqkFmYUkc
HlZtunfFQlkvNP4vWuA0u7z7WL6xcZ/ESiEMnFOBLlvMRLpJXmBjwUJNaHaARRPg
zuaoQUYwPn3DhoQAwzqepaDfYk7lT+zZa5Qsgf+GkLiaxdCZjmdE7ETTpJtn1R7n
Zxx81A4gT7CawJ9MrIGDV37bj+NfVuQO+5JC9nuSIpeNvlBofzpV4k0B67gF4wgU
NR364pV29Up7Lk8hWr8hM1/jp68i4tZhGYbP1OxzsLEKTcEPQ2WbilJjT9R9W8uy
b1/bomJafySpMaLovmvgZMDR0xnuY/QriptceIJ+Mh5I+OwO0XfY9q+8uyuQfFLP
hdOMVi+/
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:15:06 2025 by rpki-client