Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/BOGz9DukPsleLptf2stBK74Id0A.roa
File: BOGz9DukPsleLptf2stBK74Id0A.roa (raw, json)
Hash identifier: tQoPKsoOxcv37oeCHAR1y5NP5q9Vk1+uq6dG5vopoTQ=
Subject key identifier: 04:E1:B3:F4:3B:A4:3E:C9:5E:2E:9B:5F:DA:CB:41:2B:BE:08:77:40
Certificate issuer: /CN=63be08da1ab31e3f98f554fa01373f94cc9011ed
Certificate serial: 018573F1ABE5E818BD56665BCEC39AD09648
Authority key identifier: 63:BE:08:DA:1A:B3:1E:3F:98:F5:54:FA:01:37:3F:94:CC:90:11:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/BOGz9DukPsleLptf2stBK74Id0A.roa
Signing time: Mon 02 Jan 2023 19:24:56 +0000
ROA not before: Mon 02 Jan 2023 19:24:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31673
IP address blocks: 195.69.72.0/22 maxlen: 22
185.168.85.0/24 maxlen: 24
185.168.86.0/23 maxlen: 23
31.171.200.0/21 maxlen: 21
5.39.168.0/21 maxlen: 21
84.38.224.0/20 maxlen: 20
83.143.184.0/21 maxlen: 21
178.248.152.0/21 maxlen: 21
2a0a:9fc0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:f1:ab:e5:e8:18:bd:56:66:5b:ce:c3:9a:d0:96:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63be08da1ab31e3f98f554fa01373f94cc9011ed
Validity
Not Before: Jan 2 19:24:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=04e1b3f43ba43ec95e2e9b5fdacb412bbe087740
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:9a:1c:45:11:b3:1f:ed:d6:b1:18:46:cc:f5:
d2:1f:02:ec:16:61:9a:43:c9:97:23:32:3e:2d:4b:
be:21:a7:e0:62:89:29:92:c4:7b:e7:ec:97:26:87:
c5:7e:19:d5:a9:24:c8:de:c8:7f:6d:fd:39:71:24:
65:74:d2:7e:ea:f0:3f:32:05:f8:1d:9d:02:8f:dc:
83:8e:1a:6b:c6:64:32:d3:74:59:13:24:be:bd:df:
5d:0c:ea:7a:5c:95:3b:4d:89:20:e1:98:4e:17:e3:
43:70:9a:8b:c1:96:8b:4b:da:29:b4:17:27:00:3f:
d3:f7:8a:c8:47:95:10:e0:18:6b:82:4d:36:4e:c8:
b9:65:0f:f3:4e:27:b0:0e:57:72:4a:64:91:47:6b:
bd:98:6c:6b:55:b8:25:c1:a3:ec:2d:fa:5b:ba:72:
ba:f2:87:3e:4c:d9:18:a7:4e:46:06:52:b5:5e:15:
e1:6f:1e:9d:61:bc:2b:05:4d:0f:9e:f4:da:e5:37:
ed:5a:1b:63:d8:9a:b0:fd:45:22:f5:ea:d5:f3:4a:
0a:8e:dd:30:94:0d:3c:a7:00:c2:85:9c:ea:67:19:
4d:13:21:74:c5:1d:d0:60:66:68:72:e1:c3:c0:0d:
0a:25:6f:f6:1a:db:fd:b8:a1:8b:01:d0:80:92:a6:
15:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:E1:B3:F4:3B:A4:3E:C9:5E:2E:9B:5F:DA:CB:41:2B:BE:08:77:40
X509v3 Authority Key Identifier:
keyid:63:BE:08:DA:1A:B3:1E:3F:98:F5:54:FA:01:37:3F:94:CC:90:11:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/BOGz9DukPsleLptf2stBK74Id0A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.168.0/21
31.171.200.0/21
83.143.184.0/21
84.38.224.0/20
178.248.152.0/21
185.168.85.0-185.168.87.255
195.69.72.0/22
IPv6:
2a0a:9fc0::/29
Signature Algorithm: sha256WithRSAEncryption
02:25:fc:9d:ec:23:86:2d:d4:78:52:44:28:66:0e:5f:aa:19:
e1:0a:2f:a9:ce:f8:d6:46:7e:d0:db:13:be:f1:18:ca:fd:a1:
b8:1e:21:ad:cc:04:bc:8e:cd:99:33:3d:d8:f1:d1:6a:3e:ab:
92:66:37:c1:7f:85:c4:d0:c9:d4:59:cf:83:1d:5f:45:91:06:
88:60:70:c7:9b:b3:36:1b:de:58:1a:8f:66:c5:ba:a5:48:f3:
a2:a6:ce:31:6e:c1:5d:a0:3c:5c:47:59:f1:14:33:b1:12:39:
06:94:35:2f:aa:c5:0b:f0:36:48:86:ab:b3:a6:4d:7c:ef:0c:
39:be:42:69:6b:47:e7:47:59:a7:8e:a9:34:17:32:0a:7a:af:
5f:10:0f:c9:ae:19:b3:ac:ab:23:6d:fe:fd:4d:37:97:a1:b4:
a8:06:d3:ac:db:7f:e5:75:36:fc:81:c7:c4:01:b0:c0:c5:5a:
44:09:89:75:27:cb:22:da:e9:58:b4:3d:29:ab:92:5f:0c:57:
7c:ac:b3:ca:55:c8:2c:7c:ec:07:fa:63:18:ab:bb:6e:b7:b4:
a4:11:49:52:7b:af:6e:88:bc:9e:e5:7a:07:64:54:0a:1c:ff:
51:44:f8:7a:c6:c2:ef:7d:3b:bc:82:53:c8:da:8a:9a:07:29:
52:7f:ea:31
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYVz8avl6Bi9VmZbzsOa0JZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYmUwOGRhMWFiMzFlM2Y5OGY1NTRmYTAxMzczZjk0Y2M5
MDExZWQwHhcNMjMwMTAyMTkyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGUxYjNmNDNiYTQzZWM5NWUyZTliNWZkYWNiNDEyYmJlMDg3NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJocRRGzH+3WsRhGzPXSHwLsFmGa
Q8mXIzI+LUu+IafgYokpksR75+yXJofFfhnVqSTI3sh/bf05cSRldNJ+6vA/MgX4
HZ0Cj9yDjhprxmQy03RZEyS+vd9dDOp6XJU7TYkg4ZhOF+NDcJqLwZaLS9optBcn
AD/T94rIR5UQ4Bhrgk02Tsi5ZQ/zTiewDldySmSRR2u9mGxrVbglwaPsLfpbunK6
8oc+TNkYp05GBlK1XhXhbx6dYbwrBU0PnvTa5TftWhtj2Jqw/UUi9erV80oKjt0w
lA08pwDChZzqZxlNEyF0xR3QYGZocuHDwA0KJW/2Gtv9uKGLAdCAkqYVfQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFAThs/Q7pD7JXi6bX9rLQSu+CHdAMB8GA1UdIwQY
MBaAFGO+CNoasx4/mPVU+gE3P5TMkBHtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTc0STJocXpIai1ZOVZUNkFUY19sTXlRRWUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC85OWNiY2YtN2Q0Zi00YjEyLWE1Nzct
Y2M4MDU0YTUxZDY2LzEvQk9HejlEdWtQc2xlTHB0ZjJzdEJLNzRJZDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC85OWNiY2YtN2Q0Zi00YjEyLWE1NzctY2M4MDU0YTUxZDY2
LzEvWTc0STJocXpIai1ZOVZUNkFUY19sTXlRRWUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDBSeoAwQD
H6vIAwQDU4+4AwQEVCbgAwQDsviYMAwDBAC5qFUDBAO5qFADBALDRUgwDQQCAAIw
BwMFAyoKn8AwDQYJKoZIhvcNAQELBQADggEBAAIl/J3sI4Yt1HhSRChmDl+qGeEK
L6nO+NZGftDbE77xGMr9obgeIa3MBLyOzZkzPdjx0Wo+q5JmN8F/hcTQydRZz4Md
X0WRBohgcMebszYb3lgaj2bFuqVI86KmzjFuwV2gPFxHWfEUM7ESOQaUNS+qxQvw
NkiGq7OmTXzvDDm+QmlrR+dHWaeOqTQXMgp6r18QD8muGbOsqyNt/v1NN5ehtKgG
06zbf+V1NvyBx8QBsMDFWkQJiXUnyyLa6Vi0PSmrkl8MV3yss8pVyCx87Af6Yxir
u263tKQRSVJ7r26IvJ7legdkVAoc/1FE+HrGwu99O7yCU8jaipoHKVJ/6jE=
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:39:49 2025 by rpki-client