Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/QLBQ2GNXGxBovxucrv1rrET6QEo.roa
File: QLBQ2GNXGxBovxucrv1rrET6QEo.roa (raw, json)
Hash identifier: OM+x7BZE98+xM7xL3wQbjUl6I66cI7tkSxdiPUXutNQ=
Subject key identifier: 40:B0:50:D8:63:57:1B:10:68:BF:1B:9C:AE:FD:6B:AC:44:FA:40:4A
Certificate issuer: /CN=5bf81435ed13789895f375dc34d04ce91aca4744
Certificate serial: 018571955B6252EF9C01E0ED9BB43673DE82
Authority key identifier: 5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/QLBQ2GNXGxBovxucrv1rrET6QEo.roa
Signing time: Mon 02 Jan 2023 08:24:51 +0000
ROA not before: Mon 02 Jan 2023 08:24:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3308
IP address blocks: 158.233.228.0/24 maxlen: 24
158.233.229.0/24 maxlen: 24
158.233.242.0/24 maxlen: 24
158.233.246.0/24 maxlen: 24
158.233.244.0/24 maxlen: 24
158.233.245.0/24 maxlen: 24
158.233.243.0/24 maxlen: 24
158.233.251.0/24 maxlen: 24
158.233.250.0/24 maxlen: 24
158.233.248.0/24 maxlen: 24
158.233.249.0/24 maxlen: 24
158.233.247.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:5b:62:52:ef:9c:01:e0:ed:9b:b4:36:73:de:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5bf81435ed13789895f375dc34d04ce91aca4744
Validity
Not Before: Jan 2 08:24:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40b050d863571b1068bf1b9caefd6bac44fa404a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:ea:3c:48:e8:a0:53:81:f2:82:06:0f:86:9e:
3b:a1:da:9c:02:cf:c3:a2:34:ea:c5:64:0e:6b:d7:
93:e8:0d:e3:24:d9:f9:35:70:ad:27:f9:a8:12:48:
81:c0:5c:b5:16:27:cc:0e:e2:ee:d1:92:7f:b4:40:
b2:b3:74:a8:bc:af:42:cf:95:83:6c:a9:cb:59:85:
ff:d4:b4:96:d5:e9:ac:ae:f8:14:13:22:26:b5:2b:
1f:75:f5:09:02:22:0b:a5:21:ee:c4:9a:28:81:0a:
97:dc:36:fc:c2:f4:cf:1d:37:ba:e2:ce:16:98:a6:
43:30:22:28:e2:7c:28:ac:7a:5e:8d:c6:01:ff:30:
49:a2:5d:62:b3:76:98:7d:52:e3:54:52:c4:00:ab:
be:49:30:67:01:4a:f3:6f:c9:6b:50:3e:c6:80:85:
49:59:63:91:da:8e:89:a7:ec:27:d7:82:07:85:74:
4e:d5:c2:8b:5e:33:2f:99:95:0c:44:52:69:e1:cd:
5b:3c:3a:da:45:3c:33:35:2a:96:aa:27:9f:65:ca:
8d:66:87:a9:5e:d3:7b:aa:c1:27:80:b6:d1:13:2c:
ab:ce:23:ee:c3:45:94:1f:6b:95:be:4c:84:37:5d:
fb:6b:5a:85:c9:12:6d:f2:cf:93:56:f6:33:f9:ac:
0a:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:B0:50:D8:63:57:1B:10:68:BF:1B:9C:AE:FD:6B:AC:44:FA:40:4A
X509v3 Authority Key Identifier:
keyid:5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/QLBQ2GNXGxBovxucrv1rrET6QEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.233.228.0/23
158.233.242.0-158.233.251.255
Signature Algorithm: sha256WithRSAEncryption
24:bf:84:76:08:68:1d:5b:1a:b3:cf:bb:ea:86:99:64:12:84:
14:c5:12:58:f2:2c:f9:c4:9f:4b:95:d9:4b:a7:73:4d:c7:77:
13:42:42:d1:43:53:00:c3:5c:13:e1:ab:5a:c2:c7:af:26:5f:
bb:29:39:b3:73:dc:bc:ab:be:30:47:a0:6d:6b:6c:19:6a:86:
bf:fa:28:71:05:54:6f:af:b5:af:91:d8:0d:c1:07:38:40:0c:
4a:d9:ca:b3:64:ca:dc:b2:67:09:e9:52:8a:ce:d0:9c:8e:8e:
1d:d2:e8:df:35:f9:47:34:38:60:32:f8:2e:59:e7:b5:be:f0:
03:0b:50:da:49:33:12:be:36:86:38:a1:34:62:e6:e1:3f:55:
97:b1:6c:65:f8:d4:33:10:12:29:63:aa:19:cb:d4:e0:5b:06:
fe:17:af:9b:e9:f5:85:d9:f0:45:f2:31:7a:fd:fc:01:c1:71:
93:29:ff:15:2b:fc:cf:31:6a:83:ad:a8:c1:87:c2:c3:c8:3c:
2f:7a:74:83:54:18:36:b3:0a:14:ec:25:33:a8:fd:13:ce:06:
6f:e2:ca:3e:12:8e:97:73:ff:e6:f4:28:a8:ca:81:be:cb:07:
3c:ca:ae:5e:63:c7:82:f8:88:c6:2a:53:f6:c7:4b:e1:19:27:
f8:3d:7e:a3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVxlVtiUu+cAeDtm7Q2c96CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZjgxNDM1ZWQxMzc4OTg5NWYzNzVkYzM0ZDA0Y2U5MWFj
YTQ3NDQwHhcNMjMwMTAyMDgyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGIwNTBkODYzNTcxYjEwNjhiZjFiOWNhZWZkNmJhYzQ0ZmE0MDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieo8SOigU4HyggYPhp47odqcAs/D
ojTqxWQOa9eT6A3jJNn5NXCtJ/moEkiBwFy1FifMDuLu0ZJ/tECys3SovK9Cz5WD
bKnLWYX/1LSW1emsrvgUEyImtSsfdfUJAiILpSHuxJoogQqX3Db8wvTPHTe64s4W
mKZDMCIo4nworHpejcYB/zBJol1is3aYfVLjVFLEAKu+STBnAUrzb8lrUD7GgIVJ
WWOR2o6Jp+wn14IHhXRO1cKLXjMvmZUMRFJp4c1bPDraRTwzNSqWqiefZcqNZoep
XtN7qsEngLbREyyrziPuw0WUH2uVvkyEN137a1qFyRJt8s+TVvYz+awK/wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFECwUNhjVxsQaL8bnK79a6xE+kBKMB8GA1UdIwQY
MBaAFFv4FDXtE3iYlfN13DTQTOkaykdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEt
NDhlNGNjNmIzM2EzLzEvUUxCUTJHTlhHeEJvdnh1Y3J2MXJyRVQ2UUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEtNDhlNGNjNmIzM2Ez
LzEvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBnunkMAwD
BAGe6fIDBAKe6fgwDQYJKoZIhvcNAQELBQADggEBACS/hHYIaB1bGrPPu+qGmWQS
hBTFEljyLPnEn0uV2Uunc03HdxNCQtFDUwDDXBPhq1rCx68mX7spObNz3LyrvjBH
oG1rbBlqhr/6KHEFVG+vta+R2A3BBzhADErZyrNkytyyZwnpUorO0JyOjh3S6N81
+Uc0OGAy+C5Z57W+8AMLUNpJMxK+NoY4oTRi5uE/VZexbGX41DMQEiljqhnL1OBb
Bv4Xr5vp9YXZ8EXyMXr9/AHBcZMp/xUr/M8xaoOtqMGHwsPIPC96dINUGDazChTs
JTOo/RPOBm/iyj4Sjpdz/+b0KKjKgb7LBzzKrl5jx4L4iMYqU/bHS+EZJ/g9fqM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:27:21 2025 by rpki-client