Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/r85DFASgsr10fxrgwPn9SZ6WOqM.roa
File: r85DFASgsr10fxrgwPn9SZ6WOqM.roa (raw, json)
Hash identifier: 4cTKqF3DTJ98unsGf1zLjppdaWBXpo8rKKx1IbQ0K48=
Subject key identifier: AF:CE:43:14:04:A0:B2:BD:74:7F:1A:E0:C0:F9:FD:49:9E:96:3A:A3
Certificate issuer: /CN=63be08da1ab31e3f98f554fa01373f94cc9011ed
Certificate serial: 01831D58824E53238718070BAC6A7DBB25A3
Authority key identifier: 63:BE:08:DA:1A:B3:1E:3F:98:F5:54:FA:01:37:3F:94:CC:90:11:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/r85DFASgsr10fxrgwPn9SZ6WOqM.roa
Signing time: Thu 08 Sep 2022 13:44:43 +0000
ROA not before: Thu 08 Sep 2022 13:44:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31673
IP address blocks: 195.69.72.0/22 maxlen: 22
185.168.85.0/24 maxlen: 24
185.168.86.0/23 maxlen: 23
31.171.200.0/21 maxlen: 21
5.39.168.0/21 maxlen: 21
84.38.224.0/20 maxlen: 20
83.143.184.0/21 maxlen: 21
178.248.152.0/21 maxlen: 21
2a0a:9fc0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:1d:58:82:4e:53:23:87:18:07:0b:ac:6a:7d:bb:25:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63be08da1ab31e3f98f554fa01373f94cc9011ed
Validity
Not Before: Sep 8 13:44:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=afce431404a0b2bd747f1ae0c0f9fd499e963aa3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:0e:35:0f:cd:77:d2:5c:e2:3f:f9:47:08:1c:
2f:71:03:74:55:0f:6b:16:f6:66:1a:aa:f7:28:ad:
ea:4f:96:85:84:20:c2:30:d6:38:79:c3:20:cd:13:
55:6c:e6:14:cd:eb:66:67:4a:1c:12:a0:c7:7d:a2:
13:d1:12:03:da:8a:aa:5b:53:1e:80:01:3d:5b:5d:
bd:19:a7:79:0a:44:7b:3b:83:a9:46:1d:21:9e:bc:
b3:37:d3:fd:7e:09:93:5a:40:0d:9d:af:fc:5a:33:
5c:43:8b:05:ee:d4:9d:71:e8:87:4a:c6:f4:dd:ef:
82:a6:50:9f:ad:5a:f5:de:a3:ea:fa:0d:09:85:3f:
bc:45:76:c4:c2:fd:c6:bc:76:0d:8a:ee:bb:54:28:
7f:06:62:66:67:44:20:06:03:7c:5a:91:e4:8e:d1:
3c:5b:13:6c:0b:a8:ab:51:2d:8f:c4:a9:65:39:84:
20:f4:25:b5:87:7f:06:ff:02:55:d5:81:03:b6:2b:
b2:91:3e:f5:f1:be:87:c1:e8:5d:af:5f:e5:b4:96:
64:1b:40:c3:66:6c:be:00:40:43:00:c6:ff:a4:c4:
41:52:ef:18:f2:28:2c:26:a2:e7:5a:54:52:4c:69:
f9:00:d5:c6:72:ac:95:d5:35:eb:52:c2:fb:44:89:
e0:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:CE:43:14:04:A0:B2:BD:74:7F:1A:E0:C0:F9:FD:49:9E:96:3A:A3
X509v3 Authority Key Identifier:
keyid:63:BE:08:DA:1A:B3:1E:3F:98:F5:54:FA:01:37:3F:94:CC:90:11:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/r85DFASgsr10fxrgwPn9SZ6WOqM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/99cbcf-7d4f-4b12-a577-cc8054a51d66/1/Y74I2hqzHj-Y9VT6ATc_lMyQEe0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.168.0/21
31.171.200.0/21
83.143.184.0/21
84.38.224.0/20
178.248.152.0/21
185.168.85.0-185.168.87.255
195.69.72.0/22
IPv6:
2a0a:9fc0::/29
Signature Algorithm: sha256WithRSAEncryption
93:42:c6:1f:92:79:fd:84:7e:59:67:62:32:63:ce:36:6a:3a:
d3:04:78:f0:76:fb:36:31:ce:60:f4:74:f8:cc:66:e4:bc:e4:
5c:3b:34:fd:c5:4a:f3:e7:7d:ca:43:cf:27:0a:fb:7a:1b:0d:
fc:c4:28:74:ec:d1:29:62:fd:2d:17:9c:cd:e2:f7:04:30:a7:
a7:84:43:4d:6b:06:a5:6d:2c:fc:da:5a:c7:88:a9:8e:8b:e6:
26:85:b2:6e:1b:7a:51:1d:4b:6e:85:4b:59:7d:32:f6:35:f6:
21:60:c5:ff:06:05:2d:6d:25:30:83:94:7d:f8:e6:42:bb:2c:
99:63:f2:ae:c9:f5:f7:eb:a7:1b:ab:7c:43:62:40:d7:19:89:
6a:07:9e:02:bc:13:9d:6b:0a:8d:12:0f:1f:5b:2b:ef:a0:4d:
e1:6a:12:2f:be:0a:3d:58:93:5d:80:03:09:c0:83:4d:4d:86:
07:77:b4:34:f5:ea:31:08:4e:02:5f:5c:90:c5:ea:64:99:b2:
d4:f5:06:d6:b7:32:57:27:c0:7d:17:7e:b2:ca:c7:ab:8a:9e:
ce:40:50:dc:d6:76:99:57:8d:ee:a9:a3:65:bb:9a:9a:a2:e3:
74:83:51:1d:7f:62:57:38:c3:78:2a:d7:91:de:8a:16:9b:c2:
d9:2a:25:d1
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYMdWIJOUyOHGAcLrGp9uyWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYmUwOGRhMWFiMzFlM2Y5OGY1NTRmYTAxMzczZjk0Y2M5
MDExZWQwHhcNMjIwOTA4MTM0NDQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNlNDMxNDA0YTBiMmJkNzQ3ZjFhZTBjMGY5ZmQ0OTllOTYzYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlg41D8130lziP/lHCBwvcQN0VQ9r
FvZmGqr3KK3qT5aFhCDCMNY4ecMgzRNVbOYUzetmZ0ocEqDHfaIT0RID2oqqW1Me
gAE9W129Gad5CkR7O4OpRh0hnryzN9P9fgmTWkANna/8WjNcQ4sF7tSdceiHSsb0
3e+CplCfrVr13qPq+g0JhT+8RXbEwv3GvHYNiu67VCh/BmJmZ0QgBgN8WpHkjtE8
WxNsC6irUS2PxKllOYQg9CW1h38G/wJV1YEDtiuykT718b6Hwehdr1/ltJZkG0DD
Zmy+AEBDAMb/pMRBUu8Y8igsJqLnWlRSTGn5ANXGcqyV1TXrUsL7RIngIQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFK/OQxQEoLK9dH8a4MD5/UmeljqjMB8GA1UdIwQY
MBaAFGO+CNoasx4/mPVU+gE3P5TMkBHtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTc0STJocXpIai1ZOVZUNkFUY19sTXlRRWUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC85OWNiY2YtN2Q0Zi00YjEyLWE1Nzct
Y2M4MDU0YTUxZDY2LzEvcjg1REZBU2dzcjEwZnhyZ3dQbjlTWjZXT3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC85OWNiY2YtN2Q0Zi00YjEyLWE1NzctY2M4MDU0YTUxZDY2
LzEvWTc0STJocXpIai1ZOVZUNkFUY19sTXlRRWUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDBSeoAwQD
H6vIAwQDU4+4AwQEVCbgAwQDsviYMAwDBAC5qFUDBAO5qFADBALDRUgwDQQCAAIw
BwMFAyoKn8AwDQYJKoZIhvcNAQELBQADggEBAJNCxh+Sef2EfllnYjJjzjZqOtME
ePB2+zYxzmD0dPjMZuS85Fw7NP3FSvPnfcpDzycK+3obDfzEKHTs0Sli/S0XnM3i
9wQwp6eEQ01rBqVtLPzaWseIqY6L5iaFsm4belEdS26FS1l9MvY19iFgxf8GBS1t
JTCDlH345kK7LJlj8q7J9ffrpxurfENiQNcZiWoHngK8E51rCo0SDx9bK++gTeFq
Ei++Cj1Yk12AAwnAg01Nhgd3tDT16jEITgJfXJDF6mSZstT1Bta3MlcnwH0XfrLK
x6uKns5AUNzWdplXje6po2W7mpqi43SDUR1/Ylc4w3gq15HeihabwtkqJdE=
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:19:08 2025 by rpki-client