Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/emBX4rnxMOCEyv6mBRaJt7_Najc.roa
File: emBX4rnxMOCEyv6mBRaJt7_Najc.roa (raw, json)
Hash identifier: g4B/uh0a395uxpI/aIB2muOI7sXh/Tn3LtdZz3+XBXg=
Subject key identifier: 7A:60:57:E2:B9:F1:30:E0:84:CA:FE:A6:05:16:89:B7:BF:CD:6A:37
Certificate issuer: /CN=63be08da1ab31e3f98f554fa01373f94cc9011ed
Certificate serial: 018BD26B6BD8F9C0A784009A9AF08FD971E6
Authority key identifier: 63:BE:08:DA:1A:B3:1E:3F:98:F5:54:FA:01:37:3F:94:CC:90:11:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/emBX4rnxMOCEyv6mBRaJt7_Najc.roa
Signing time: Wed 15 Nov 2023 09:58:57 +0000
ROA not before: Wed 15 Nov 2023 09:58:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31673
IP address blocks: 195.69.72.0/22 maxlen: 24
185.168.85.0/24 maxlen: 24
185.168.86.0/23 maxlen: 24
31.171.200.0/21 maxlen: 24
5.39.168.0/21 maxlen: 24
84.38.224.0/20 maxlen: 24
83.143.184.0/21 maxlen: 24
178.248.152.0/21 maxlen: 24
2a0a:9fc0::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d2:6b:6b:d8:f9:c0:a7:84:00:9a:9a:f0:8f:d9:71:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63be08da1ab31e3f98f554fa01373f94cc9011ed
Validity
Not Before: Nov 15 09:58:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7a6057e2b9f130e084cafea6051689b7bfcd6a37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:90:5b:d7:be:fd:bb:d3:6c:bf:9c:68:b5:a6:
14:16:d4:1d:18:c9:73:be:60:61:d1:50:1b:62:47:
4f:b4:20:2b:ff:1f:0a:66:a1:f7:c3:ca:67:24:c5:
5c:b0:ee:9c:b2:cd:59:9b:94:fd:f0:20:96:40:a1:
cf:54:ae:f3:b5:94:0b:f9:f9:fa:72:a8:54:d4:1b:
c3:d8:6c:93:f4:98:50:86:13:55:cb:aa:ef:fe:1c:
4d:7b:2a:08:74:14:6a:a5:7c:5a:59:1e:c4:2b:cf:
16:57:fe:92:6b:fb:10:c0:79:c1:9e:73:00:63:77:
b4:bf:55:76:10:00:5f:c8:91:f3:0d:3b:f7:ea:22:
d8:1a:a0:b8:c8:06:67:15:61:a9:49:b0:43:e3:0b:
08:73:fd:74:6b:ac:25:ea:9b:76:6c:a5:28:31:26:
2d:78:93:87:2b:05:77:76:fd:67:71:27:6c:77:de:
f4:bc:37:55:8a:05:f6:d1:b2:66:ce:4a:db:0b:1b:
1b:90:87:85:36:42:a6:29:f0:e3:30:41:80:32:5f:
cb:66:06:ee:5e:c5:5d:c8:61:10:31:d9:dd:a8:6c:
16:ee:22:a6:50:d6:00:c5:12:87:89:b8:c4:b7:20:
17:12:b4:92:a0:01:9d:a8:f4:c1:03:b9:0f:92:76:
a0:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:60:57:E2:B9:F1:30:E0:84:CA:FE:A6:05:16:89:B7:BF:CD:6A:37
X509v3 Authority Key Identifier:
keyid:63:BE:08:DA:1A:B3:1E:3F:98:F5:54:FA:01:37:3F:94:CC:90:11:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/emBX4rnxMOCEyv6mBRaJt7_Najc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.168.0/21
31.171.200.0/21
83.143.184.0/21
84.38.224.0/20
178.248.152.0/21
185.168.85.0-185.168.87.255
195.69.72.0/22
IPv6:
2a0a:9fc0::/29
Signature Algorithm: sha256WithRSAEncryption
11:6f:cc:aa:0a:a2:43:e7:d8:f3:e2:29:f2:6d:37:66:3d:09:
17:51:10:05:ba:b8:58:21:46:91:7f:2e:75:d1:c0:ac:18:ee:
1d:81:60:35:fa:16:f2:fe:e1:51:48:9f:1c:07:03:68:ae:ae:
ee:70:19:a2:b0:75:83:9a:b0:d5:8d:5a:86:2c:5b:7a:b0:6d:
97:b9:73:8f:9b:03:56:c2:5e:cc:c4:65:ac:4e:0e:40:e5:e2:
52:fb:fe:c1:f7:6e:71:af:8a:31:de:2d:73:9e:b2:e3:af:45:
1e:31:3a:2a:81:65:1c:5b:fa:db:28:35:43:7e:d7:4c:67:54:
b4:94:42:46:2f:f5:a6:26:43:bd:70:66:ce:85:e9:33:b0:49:
48:66:5b:59:81:e3:f6:96:75:19:ff:54:9e:6c:62:28:db:a6:
24:5a:e4:96:ee:74:a8:7f:f4:f5:da:0b:4b:a1:3e:fe:c4:ed:
ce:b8:66:f6:81:25:1f:fc:a0:30:07:36:8c:9f:d6:fe:22:a4:
78:cb:d4:bd:70:21:73:ef:58:dc:cc:db:11:d2:51:f5:83:fb:
c8:9d:ec:d7:42:13:92:fb:4a:62:e8:f9:ef:ec:bb:f1:a0:36:
4a:bd:a0:e4:c9:5f:07:12:c8:bc:a7:25:cd:4f:f8:9d:c5:da:
ce:ff:e0:ed
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYvSa2vY+cCnhACamvCP2XHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYmUwOGRhMWFiMzFlM2Y5OGY1NTRmYTAxMzczZjk0Y2M5
MDExZWQwHhcNMjMxMTE1MDk1ODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTYwNTdlMmI5ZjEzMGUwODRjYWZlYTYwNTE2ODliN2JmY2Q2YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZBb1779u9Nsv5xotaYUFtQdGMlz
vmBh0VAbYkdPtCAr/x8KZqH3w8pnJMVcsO6css1Zm5T98CCWQKHPVK7ztZQL+fn6
cqhU1BvD2GyT9JhQhhNVy6rv/hxNeyoIdBRqpXxaWR7EK88WV/6Sa/sQwHnBnnMA
Y3e0v1V2EABfyJHzDTv36iLYGqC4yAZnFWGpSbBD4wsIc/10a6wl6pt2bKUoMSYt
eJOHKwV3dv1ncSdsd970vDdVigX20bJmzkrbCxsbkIeFNkKmKfDjMEGAMl/LZgbu
XsVdyGEQMdndqGwW7iKmUNYAxRKHibjEtyAXErSSoAGdqPTBA7kPknagKwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFHpgV+K58TDghMr+pgUWibe/zWo3MB8GA1UdIwQY
MBaAFGO+CNoasx4/mPVU+gE3P5TMkBHtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTc0STJocXpIai1ZOVZUNkFUY19sTXlRRWUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC85OWNiY2YtN2Q0Zi00YjEyLWE1Nzct
Y2M4MDU0YTUxZDY2LzEvZW1CWDRybnhNT0NFeXY2bUJSYUp0N19OYWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC85OWNiY2YtN2Q0Zi00YjEyLWE1NzctY2M4MDU0YTUxZDY2
LzEvWTc0STJocXpIai1ZOVZUNkFUY19sTXlRRWUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDBSeoAwQD
H6vIAwQDU4+4AwQEVCbgAwQDsviYMAwDBAC5qFUDBAO5qFADBALDRUgwDQQCAAIw
BwMFAyoKn8AwDQYJKoZIhvcNAQELBQADggEBABFvzKoKokPn2PPiKfJtN2Y9CRdR
EAW6uFghRpF/LnXRwKwY7h2BYDX6FvL+4VFInxwHA2iuru5wGaKwdYOasNWNWoYs
W3qwbZe5c4+bA1bCXszEZaxODkDl4lL7/sH3bnGvijHeLXOesuOvRR4xOiqBZRxb
+tsoNUN+10xnVLSUQkYv9aYmQ71wZs6F6TOwSUhmW1mB4/aWdRn/VJ5sYijbpiRa
5JbudKh/9PXaC0uhPv7E7c64ZvaBJR/8oDAHNoyf1v4ipHjL1L1wIXPvWNzM2xHS
UfWD+8id7NdCE5L7SmLo+e/su/GgNkq9oOTJXwcSyLynJc1P+J3F2s7/4O0=
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:30:06 2025 by rpki-client