Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QTbtfEG1UmzU7XDwqLc1neidYsQ.roa
File: QTbtfEG1UmzU7XDwqLc1neidYsQ.roa (raw, json)
Hash identifier: 2F+7U5dibxX3dDmA9Rf02+8RK2gxJHgj2ejE7f5BPto=
Subject key identifier: 41:36:ED:7C:41:B5:52:6C:D4:ED:70:F0:A8:B7:35:9D:E8:9D:62:C4
Certificate issuer: /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial: 0189D5928F6FF43277776CCDF8EE50C40B1F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QTbtfEG1UmzU7XDwqLc1neidYsQ.roa
Signing time: Tue 08 Aug 2023 14:34:59 +0000
ROA not before: Tue 08 Aug 2023 14:34:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43533
IP address blocks: 146.158.28.0/23 maxlen: 23
92.253.196.0/22 maxlen: 22
93.170.208.0/22 maxlen: 24
92.38.52.0/22 maxlen: 22
31.148.144.0/22 maxlen: 22
93.170.16.0/21 maxlen: 21
93.171.210.0/23 maxlen: 23
93.170.168.0/23 maxlen: 23
92.38.16.0/22 maxlen: 24
92.38.24.0/22 maxlen: 22
146.158.20.0/22 maxlen: 22
31.148.100.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d5:92:8f:6f:f4:32:77:77:6c:cd:f8:ee:50:c4:0b:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Validity
Not Before: Aug 8 14:34:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4136ed7c41b5526cd4ed70f0a8b7359de89d62c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:14:2f:3a:82:db:3e:ec:43:9c:29:46:b9:2f:
1b:b7:7a:6a:47:c1:ae:a3:dc:83:fe:be:42:41:1d:
53:0e:52:61:8f:a1:44:e7:be:e5:e9:d5:c3:85:0b:
32:e3:7b:a1:77:ba:82:d3:e1:28:b7:46:cf:c1:9f:
a4:f4:17:70:35:da:7e:dc:3c:f2:1a:64:4a:5b:1c:
95:32:0c:d4:d0:ff:e0:98:93:c4:de:ec:33:39:3f:
66:ad:31:35:0e:84:21:9e:41:55:42:8a:71:56:db:
76:34:64:9a:d6:39:09:df:63:c2:a4:0b:7b:52:a7:
f8:28:47:a7:78:de:45:3d:ad:06:bc:32:50:91:0e:
e8:d1:7f:34:18:2e:f4:1d:bc:76:85:72:5c:ae:1d:
a1:fa:ae:53:e8:2f:c2:66:14:a8:1f:78:18:93:6d:
ba:b4:b4:9a:67:42:46:4d:59:58:45:94:00:f2:d4:
1e:cc:9f:fe:c4:4c:6f:82:ee:51:63:c6:54:96:3b:
a1:cd:cd:a2:15:b0:57:99:96:c0:55:fa:78:17:48:
a4:fb:4c:a8:4c:fa:63:d9:9a:63:32:a7:99:8f:22:
ea:f2:f6:d7:63:41:d0:27:4d:94:72:50:3d:b3:e0:
c5:af:20:f6:7f:78:6d:e9:58:63:5b:ad:4a:fc:9d:
1d:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:36:ED:7C:41:B5:52:6C:D4:ED:70:F0:A8:B7:35:9D:E8:9D:62:C4
X509v3 Authority Key Identifier:
keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QTbtfEG1UmzU7XDwqLc1neidYsQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.148.100.0/22
31.148.144.0/22
92.38.16.0/22
92.38.24.0/22
92.38.52.0/22
92.253.196.0/22
93.170.16.0/21
93.170.168.0/23
93.170.208.0/22
93.171.210.0/23
146.158.20.0/22
146.158.28.0/23
Signature Algorithm: sha256WithRSAEncryption
23:6d:49:26:78:2c:6d:99:84:53:a5:5d:1b:03:eb:09:86:18:
1c:71:42:77:ed:2a:37:0c:25:38:22:a8:fb:ba:23:de:7b:30:
3b:b4:46:d3:c3:c0:6e:0f:41:d4:dd:d6:9b:7d:00:71:62:d7:
95:dc:b0:ee:35:91:ca:29:f9:f4:53:e7:49:df:8e:97:9f:1d:
a4:9b:46:5e:a0:a0:e9:6e:bf:53:be:4e:ae:69:ad:fc:88:3c:
bd:ba:83:88:cc:6c:19:e3:04:2e:88:70:a9:4c:01:4d:6f:e0:
1e:bd:4e:4f:8c:7e:79:3f:15:a4:66:f3:a8:8e:70:91:df:b1:
3c:17:e3:c7:3e:86:c8:35:1b:5e:f3:2c:c4:f7:5f:54:90:7c:
8c:d8:8d:74:43:78:f7:3a:01:87:42:59:9e:25:d9:bb:2a:90:
1b:e1:f2:64:0f:97:47:5c:ac:ec:3f:b2:6c:9a:bd:a9:15:95:
10:dc:9d:cf:c2:5a:52:19:27:6b:45:eb:e1:8e:72:96:24:d0:
6c:16:be:ad:64:8c:32:ff:4e:6d:48:c2:c8:fd:c7:b7:70:6d:
49:a5:e4:86:f9:ea:55:14:15:6e:49:d7:21:97:6e:f1:9f:f9:
2f:7a:b4:9f:cc:1d:f4:0c:59:51:6b:3a:49:cd:37:6b:50:df:
29:c4:11:5a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYnVko9v9DJ3d2zN+O5QxAsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjMwODA4MTQzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM2ZWQ3YzQxYjU1MjZjZDRlZDcwZjBhOGI3MzU5ZGU4OWQ2MmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxQvOoLbPuxDnClGuS8bt3pqR8Gu
o9yD/r5CQR1TDlJhj6FE577l6dXDhQsy43uhd7qC0+Eot0bPwZ+k9BdwNdp+3Dzy
GmRKWxyVMgzU0P/gmJPE3uwzOT9mrTE1DoQhnkFVQopxVtt2NGSa1jkJ32PCpAt7
Uqf4KEeneN5FPa0GvDJQkQ7o0X80GC70Hbx2hXJcrh2h+q5T6C/CZhSoH3gYk226
tLSaZ0JGTVlYRZQA8tQezJ/+xExvgu5RY8ZUljuhzc2iFbBXmZbAVfp4F0ik+0yo
TPpj2ZpjMqeZjyLq8vbXY0HQJ02UclA9s+DFryD2f3ht6VhjW61K/J0dHQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEE27XxBtVJs1O1w8Ki3NZ3onWLEMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUVRidGZFRzFVbXpVN1hEd3FMYzFuZWlkWXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCH5RkAwQC
H5SQAwQCXCYQAwQCXCYYAwQCXCY0AwQCXP3EAwQDXaoQAwQBXaqoAwQCXarQAwQB
XavSAwQCkp4UAwQBkp4cMA0GCSqGSIb3DQEBCwUAA4IBAQAjbUkmeCxtmYRTpV0b
A+sJhhgccUJ37So3DCU4Iqj7uiPeezA7tEbTw8BuD0HU3dabfQBxYteV3LDuNZHK
Kfn0U+dJ346Xnx2km0ZeoKDpbr9Tvk6uaa38iDy9uoOIzGwZ4wQuiHCpTAFNb+Ae
vU5PjH55PxWkZvOojnCR37E8F+PHPobINRte8yzE919UkHyM2I10Q3j3OgGHQlme
Jdm7KpAb4fJkD5dHXKzsP7Jsmr2pFZUQ3J3PwlpSGSdrRevhjnKWJNBsFr6tZIwy
/05tSMLI/ce3cG1JpeSG+epVFBVuSdchl27xn/kverSfzB30DFlRazpJzTdrUN8p
xBFa
-----END CERTIFICATE-----
Generated at Fri Jun 6 10:11:53 2025 by rpki-client