Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qrC-0UiL3IYafq074dZxtOWFOPg.roa
File: qrC-0UiL3IYafq074dZxtOWFOPg.roa (raw, json)
Hash identifier: U7qQHNiydk7M8NLHRWNnz3Qhwq0i3on5bxq829fzpz4=
Subject key identifier: AA:B0:BE:D1:48:8B:DC:86:1A:7E:AD:3B:E1:D6:71:B4:E5:85:38:F8
Certificate issuer: /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial: 018BC9E03AF4F5600A0A5A3260DFF37583D0
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qrC-0UiL3IYafq074dZxtOWFOPg.roa
Signing time: Mon 13 Nov 2023 18:09:57 +0000
ROA not before: Mon 13 Nov 2023 18:09:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56361
IP address blocks: 95.46.172.0/22 maxlen: 24
95.46.166.0/23 maxlen: 24
95.46.168.0/22 maxlen: 24
31.148.40.0/21 maxlen: 24
31.148.56.0/21 maxlen: 24
31.148.52.0/22 maxlen: 24
31.148.192.0/22 maxlen: 24
31.148.104.0/21 maxlen: 24
93.171.36.0/22 maxlen: 24
93.171.34.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:c9:e0:3a:f4:f5:60:0a:0a:5a:32:60:df:f3:75:83:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Validity
Not Before: Nov 13 18:09:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aab0bed1488bdc861a7ead3be1d671b4e58538f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:4b:7c:c9:a7:c0:7b:14:e4:07:af:10:4b:19:
8b:16:72:83:c3:76:8c:2c:bb:ef:04:cd:13:01:d5:
78:60:d7:57:e5:9f:aa:32:c6:36:70:d5:c9:48:96:
8f:dc:e7:9b:de:28:ba:de:bb:42:ad:0a:78:a5:71:
f7:48:8d:6f:8e:b4:ba:bb:7d:df:6c:49:1b:1e:2e:
dc:70:53:b2:0c:61:30:c3:a3:72:34:c0:71:87:d8:
15:32:a5:99:82:27:11:eb:c7:5f:53:e2:41:14:d8:
55:a0:ef:4d:ee:f3:74:d2:cc:10:dc:9a:7a:81:32:
13:1f:3f:9d:66:9d:27:7f:95:ef:c1:a6:5e:ed:75:
61:14:3a:b3:6b:e9:f2:f5:59:0a:09:8b:9c:76:6b:
48:04:34:b4:c1:aa:f4:2c:ce:39:1a:e5:c4:93:71:
9a:c8:19:b9:68:e9:e2:97:48:42:84:4e:a9:d9:96:
91:a3:f0:9f:b4:e9:d3:e5:a8:2f:53:d0:d1:7e:4d:
bd:06:f6:9f:b3:ac:e6:54:d5:5b:4b:44:ba:37:c6:
84:c0:a7:c4:35:2d:2f:f6:16:4b:da:82:46:bf:bf:
5e:4b:5d:9f:49:67:33:33:e1:a6:18:36:82:b4:0f:
68:ff:a8:4f:9f:38:56:ad:99:f7:f6:c3:4e:60:97:
06:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:B0:BE:D1:48:8B:DC:86:1A:7E:AD:3B:E1:D6:71:B4:E5:85:38:F8
X509v3 Authority Key Identifier:
keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qrC-0UiL3IYafq074dZxtOWFOPg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.148.40.0/21
31.148.52.0-31.148.63.255
31.148.104.0/21
31.148.192.0/22
93.171.34.0-93.171.39.255
95.46.166.0-95.46.175.255
Signature Algorithm: sha256WithRSAEncryption
af:0d:6e:da:34:d7:47:0f:5e:45:79:e2:25:ce:7b:f9:63:63:
a0:2e:ed:b5:67:5d:d5:4b:8d:41:ca:a9:32:46:7c:e9:b4:e7:
4d:85:ee:a1:e5:d6:0f:2a:bb:02:ff:bb:24:fe:20:6d:20:27:
1a:bd:70:f0:7f:45:17:7b:b2:c7:07:65:a2:07:9f:f0:ee:8e:
4a:56:6a:9c:f5:4b:10:76:b9:ff:59:eb:40:b6:82:bb:46:a3:
0c:a4:d8:86:b2:49:96:46:e6:55:f6:9a:e7:3a:eb:ac:72:76:
bd:24:6e:4f:0b:ca:bf:74:80:3b:cd:f8:77:0a:5e:6f:ff:53:
ad:a0:46:8f:17:f4:c0:63:94:ed:f8:f6:95:02:64:1d:9d:ca:
91:8e:1a:07:c6:7e:60:72:d3:b4:af:e7:42:b7:cc:25:44:58:
76:5b:ab:7e:e5:57:9e:34:08:ec:1a:f6:2b:5d:03:aa:70:6f:
6c:fb:27:98:7c:3a:1f:03:2c:c5:9e:92:0e:a2:e8:52:d1:c3:
91:6d:93:c8:36:d9:3e:dc:76:af:44:8a:88:92:b8:37:a7:4a:
c0:46:60:b0:47:61:75:07:0f:5c:64:f6:6f:91:da:46:54:a0:
29:5f:15:93:6b:c7:aa:22:0d:53:cd:b9:43:7a:a2:10:20:96:
4c:9d:58:c4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYvJ4Dr09WAKCloyYN/zdYPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjMxMTEzMTgwOTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWIwYmVkMTQ4OGJkYzg2MWE3ZWFkM2JlMWQ2NzFiNGU1ODUzOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykt8yafAexTkB68QSxmLFnKDw3aM
LLvvBM0TAdV4YNdX5Z+qMsY2cNXJSJaP3Oeb3ii63rtCrQp4pXH3SI1vjrS6u33f
bEkbHi7ccFOyDGEww6NyNMBxh9gVMqWZgicR68dfU+JBFNhVoO9N7vN00swQ3Jp6
gTITHz+dZp0nf5XvwaZe7XVhFDqza+ny9VkKCYucdmtIBDS0war0LM45GuXEk3Ga
yBm5aOnil0hChE6p2ZaRo/CftOnT5agvU9DRfk29Bvafs6zmVNVbS0S6N8aEwKfE
NS0v9hZL2oJGv79eS12fSWczM+GmGDaCtA9o/6hPnzhWrZn39sNOYJcG2wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKqwvtFIi9yGGn6tO+HWcbTlhTj4MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcXJDLTBVaUwzSVlhZnEwNzRkWnh0T1dGT1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDH5QoMAwD
BAIflDQDBAYflAADBAMflGgDBAIflMAwDAMEAV2rIgMEA12rIDAMAwQBXy6mAwQE
Xy6gMA0GCSqGSIb3DQEBCwUAA4IBAQCvDW7aNNdHD15FeeIlznv5Y2OgLu21Z13V
S41ByqkyRnzptOdNhe6h5dYPKrsC/7sk/iBtICcavXDwf0UXe7LHB2WiB5/w7o5K
Vmqc9UsQdrn/WetAtoK7RqMMpNiGskmWRuZV9prnOuuscna9JG5PC8q/dIA7zfh3
Cl5v/1OtoEaPF/TAY5Tt+PaVAmQdncqRjhoHxn5gctO0r+dCt8wlRFh2W6t+5Vee
NAjsGvYrXQOqcG9s+yeYfDofAyzFnpIOouhS0cORbZPINtk+3HavRIqIkrg3p0rA
RmCwR2F1Bw9cZPZvkdpGVKApXxWTa8eqIg1TzblDeqIQIJZMnVjE
-----END CERTIFICATE-----
Generated at Sat Apr 12 01:33:43 2025 by rpki-client