Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/XcZ6jmRDISgXlQcwkM7tzSTwB0g.roa
File: XcZ6jmRDISgXlQcwkM7tzSTwB0g.roa (raw, json)
Hash identifier: ddfA/lJJg7SxvUrDtU6qV/g+yHGahIQexOfAQVNna9g=
Subject key identifier: 5D:C6:7A:8E:64:43:21:28:17:95:07:30:90:CE:ED:CD:24:F0:07:48
Certificate issuer: /CN=5b9a40fc3f350abda59dbfc01ca37a46d8d74764
Certificate serial: 01846B046C1AF73CC0C26F09C0E317AB8234
Authority key identifier: 5B:9A:40:FC:3F:35:0A:BD:A5:9D:BF:C0:1C:A3:7A:46:D8:D7:47:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/XcZ6jmRDISgXlQcwkM7tzSTwB0g.roa
Signing time: Sat 12 Nov 2022 08:46:02 +0000
ROA not before: Sat 12 Nov 2022 08:46:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43623
IP address blocks: 194.156.7.0/24 maxlen: 24
185.17.246.0/24 maxlen: 24
185.17.244.0/22 maxlen: 22
194.113.143.0/24 maxlen: 24
185.17.247.0/24 maxlen: 24
91.195.78.0/23 maxlen: 23
2a04:880:affe::/48 maxlen: 48
2a04:880::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:6b:04:6c:1a:f7:3c:c0:c2:6f:09:c0:e3:17:ab:82:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5b9a40fc3f350abda59dbfc01ca37a46d8d74764
Validity
Not Before: Nov 12 08:46:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5dc67a8e644321281795073090ceedcd24f00748
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:8e:0f:32:12:55:b4:d1:90:f6:0c:aa:21:28:
2a:2d:43:18:f3:15:09:73:db:70:15:6c:25:eb:b4:
60:e9:99:c6:cc:e9:8f:f5:2f:1b:71:75:d0:b3:ae:
22:57:c9:3a:4a:b9:1f:61:2d:99:36:af:05:ad:03:
51:ac:d9:11:4b:2a:9f:83:5d:c0:ad:37:a1:db:bc:
b6:ff:25:7f:02:32:86:b9:5b:87:62:8b:f5:d2:8b:
99:a6:cb:f1:07:4e:34:af:85:fb:29:03:8b:35:50:
c1:2e:1b:b2:c0:17:3a:ca:92:dc:7d:0a:44:7d:95:
b2:f7:10:6a:1a:4e:39:04:77:8e:c4:3f:e4:37:b6:
9e:64:2c:50:21:25:1e:a5:af:2e:ec:14:69:66:ab:
9f:df:50:d5:4a:99:f8:ee:77:6c:0d:46:28:72:cc:
97:75:51:28:58:c2:7e:d1:17:43:2a:76:ef:91:2b:
77:ea:34:61:c5:0c:f9:d9:c6:da:2c:bd:a0:90:18:
13:7c:45:d5:e0:fe:c4:4b:9e:b4:57:10:80:f1:b2:
cf:34:9c:28:3a:df:c8:67:62:1f:58:54:d2:03:6e:
98:ae:8a:1e:f6:2f:ef:0a:f5:5f:c0:01:fe:8e:6d:
c9:75:e2:06:74:5f:f6:5c:e6:c5:b7:02:1e:f6:31:
8f:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:C6:7A:8E:64:43:21:28:17:95:07:30:90:CE:ED:CD:24:F0:07:48
X509v3 Authority Key Identifier:
keyid:5B:9A:40:FC:3F:35:0A:BD:A5:9D:BF:C0:1C:A3:7A:46:D8:D7:47:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/XcZ6jmRDISgXlQcwkM7tzSTwB0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.78.0/23
185.17.244.0/22
194.113.143.0/24
194.156.7.0/24
IPv6:
2a04:880::/29
Signature Algorithm: sha256WithRSAEncryption
6c:54:3a:14:ce:ba:35:26:31:22:d6:9a:27:a0:ef:ee:66:08:
b5:c0:2e:19:4e:f5:c8:e3:12:0d:41:fd:f0:4d:98:28:62:cc:
45:3a:ca:eb:ee:9d:e2:e4:06:89:07:6e:10:b3:88:c9:a8:4f:
0e:5e:f5:aa:46:c9:52:11:63:d6:fa:eb:04:fe:09:e5:b9:26:
d9:64:5b:c4:36:0e:d3:ec:e5:04:a2:6a:e0:66:7a:6b:ce:ab:
44:32:07:28:7c:05:d3:e4:dd:80:b2:eb:1a:bc:eb:05:65:76:
21:b9:c1:46:1b:ee:ef:82:9d:39:e6:ed:e1:0c:d6:e6:d6:9a:
e0:e9:69:02:98:3e:28:23:af:bd:c0:2d:41:cb:77:ea:f9:a9:
e6:b9:6c:ea:dc:d0:e2:6c:4b:e4:61:2b:9e:53:35:23:69:8a:
c9:20:50:36:77:ff:9e:3f:2f:5b:5f:07:e0:41:4e:8e:cb:e6:
df:f6:96:5a:9c:7e:18:5c:20:2e:45:15:8c:7e:1e:46:3e:05:
41:77:5c:a3:42:cd:7f:50:3b:89:f5:bc:6d:6d:b3:a8:24:ba:
20:1c:1d:95:bd:39:b4:dd:2e:46:cc:af:8d:30:85:62:72:68:
a1:9a:9e:7d:61:e0:3f:84:d2:2a:89:6f:ac:d3:8c:64:29:0f:
0a:d2:cb:49
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYRrBGwa9zzAwm8JwOMXq4I0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOWE0MGZjM2YzNTBhYmRhNTlkYmZjMDFjYTM3YTQ2ZDhk
NzQ3NjQwHhcNMjIxMTEyMDg0NjAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGM2N2E4ZTY0NDMyMTI4MTc5NTA3MzA5MGNlZWRjZDI0ZjAwNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk44PMhJVtNGQ9gyqISgqLUMY8xUJ
c9twFWwl67Rg6ZnGzOmP9S8bcXXQs64iV8k6SrkfYS2ZNq8FrQNRrNkRSyqfg13A
rTeh27y2/yV/AjKGuVuHYov10ouZpsvxB040r4X7KQOLNVDBLhuywBc6ypLcfQpE
fZWy9xBqGk45BHeOxD/kN7aeZCxQISUepa8u7BRpZquf31DVSpn47ndsDUYocsyX
dVEoWMJ+0RdDKnbvkSt36jRhxQz52cbaLL2gkBgTfEXV4P7ES560VxCA8bLPNJwo
Ot/IZ2IfWFTSA26Yrooe9i/vCvVfwAH+jm3JdeIGdF/2XObFtwIe9jGP2QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFF3Geo5kQyEoF5UHMJDO7c0k8AdIMB8GA1UdIwQY
MBaAFFuaQPw/NQq9pZ2/wByjekbY10dkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVwQV9EODFDcjJsbmJfQUhLTjZSdGpYUjJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yZWVkZTYtZmMyMC00ZjhhLWFlMjkt
NzI1Mzc1MjZhZWUyLzEvWGNaNmptUkRJU2dYbFFjd2tNN3R6U1R3QjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yZWVkZTYtZmMyMC00ZjhhLWFlMjktNzI1Mzc1MjZhZWUy
LzEvVzVwQV9EODFDcjJsbmJfQUhLTjZSdGpYUjJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW8NOAwQC
uRH0AwQAwnGPAwQAwpwHMA0EAgACMAcDBQMqBAiAMA0GCSqGSIb3DQEBCwUAA4IB
AQBsVDoUzro1JjEi1ponoO/uZgi1wC4ZTvXI4xINQf3wTZgoYsxFOsrr7p3i5AaJ
B24Qs4jJqE8OXvWqRslSEWPW+usE/gnluSbZZFvENg7T7OUEomrgZnprzqtEMgco
fAXT5N2AsusavOsFZXYhucFGG+7vgp055u3hDNbm1prg6WkCmD4oI6+9wC1By3fq
+anmuWzq3NDibEvkYSueUzUjaYrJIFA2d/+ePy9bXwfgQU6Oy+bf9pZanH4YXCAu
RRWMfh5GPgVBd1yjQs1/UDuJ9bxtbbOoJLogHB2VvTm03S5GzK+NMIVicmihmp59
YeA/hNIqiW+s04xkKQ8K0stJ
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:38:45 2025 by rpki-client