Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/XQMEzNCzzc2l993B88LAR-kI1Jw.roa
File: XQMEzNCzzc2l993B88LAR-kI1Jw.roa (raw, json)
Hash identifier: weNL1NPpon810eGx49Odb3rGx4pF7HYaGQh+K3eZZT4=
Subject key identifier: 5D:03:04:CC:D0:B3:CD:CD:A5:F7:DD:C1:F3:C2:C0:47:E9:08:D4:9C
Certificate issuer: /CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
Certificate serial: 018570707503621A919E0A6166D496659CB8
Authority key identifier: 6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/XQMEzNCzzc2l993B88LAR-kI1Jw.roa
Signing time: Mon 02 Jan 2023 03:04:56 +0000
ROA not before: Mon 02 Jan 2023 03:04:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199046
IP address blocks: 185.132.249.0/24 maxlen: 24
185.132.251.0/24 maxlen: 24
185.132.250.0/24 maxlen: 24
185.132.248.0/24 maxlen: 24
185.132.248.0/22 maxlen: 22
45.146.13.0/24 maxlen: 24
45.146.12.0/24 maxlen: 24
45.146.12.0/22 maxlen: 22
5.133.24.0/21 maxlen: 24
2a09:9900::/32 maxlen: 64
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:70:75:03:62:1a:91:9e:0a:61:66:d4:96:65:9c:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
Validity
Not Before: Jan 2 03:04:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d0304ccd0b3cdcda5f7ddc1f3c2c047e908d49c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:fa:48:9d:db:24:dd:a1:31:8b:55:0b:59:6b:
93:46:8c:c5:1a:d3:ef:a3:f3:85:25:1f:1b:be:81:
bf:79:31:5a:04:13:09:c5:c7:09:ff:b4:98:e5:31:
01:ba:8b:d4:d3:7e:4d:c9:71:66:8c:fb:6f:4b:b6:
4c:eb:ef:15:dd:82:80:08:bc:a7:22:6a:bf:6c:f5:
6f:24:64:34:a9:49:f5:53:46:36:f6:cd:be:4e:dc:
a5:fb:9c:ae:0c:fd:4a:d6:70:54:4f:3b:1c:cc:b2:
05:99:c1:fe:46:92:86:25:62:a3:36:0d:0d:f8:07:
5f:c7:9e:fc:77:70:6d:ed:64:1a:26:14:42:ab:04:
70:8a:08:76:f3:77:ad:74:87:e0:a1:ad:66:40:33:
be:69:0f:fb:88:0f:6d:0b:7c:f5:ac:fa:ec:64:4f:
4f:04:b8:f7:11:a3:a5:91:46:b7:31:91:8a:8e:db:
76:50:38:bc:72:67:e4:f3:9f:22:8d:31:3b:28:90:
2b:7d:7f:ae:52:1f:e1:26:ff:20:5e:4b:96:17:da:
9c:aa:11:1d:e7:05:20:ac:a3:c7:62:f6:93:d2:17:
08:8a:33:03:32:37:44:b6:07:1e:73:58:3e:02:91:
f0:74:68:19:13:97:38:5f:d8:10:86:a5:0f:f4:aa:
6f:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:03:04:CC:D0:B3:CD:CD:A5:F7:DD:C1:F3:C2:C0:47:E9:08:D4:9C
X509v3 Authority Key Identifier:
keyid:6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/XQMEzNCzzc2l993B88LAR-kI1Jw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/barMRIxKI6_JSkWnm3bfvoMLJZg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.24.0/21
45.146.12.0/22
185.132.248.0/22
IPv6:
2a09:9900::/32
Signature Algorithm: sha256WithRSAEncryption
0c:40:b7:d9:48:a2:42:55:57:f7:06:61:01:be:6c:6e:09:dd:
7f:56:37:e1:3c:4e:25:e5:e9:c1:74:c1:f9:b7:31:c1:83:6c:
40:22:6a:b8:5a:1f:3a:c5:67:5d:48:bd:cb:38:b5:93:3e:df:
dc:75:53:58:d5:55:c7:b6:12:39:f4:6f:dd:a5:6a:5e:10:25:
a1:52:6e:73:e3:d3:3b:af:5a:f9:2f:24:72:2c:26:3b:82:d3:
5e:b0:78:40:71:c4:e7:6e:73:1d:43:83:f9:25:32:08:e7:f1:
64:e8:af:67:3a:dd:8c:8d:7f:7c:e8:dc:2f:a5:1b:b5:9d:08:
11:1a:91:01:e2:e7:e4:64:e2:62:77:a1:b2:5c:ed:89:a4:cc:
ac:c6:fe:2b:66:02:b1:40:d8:39:b5:17:99:57:20:fd:46:cc:
72:e3:ba:92:b6:75:e0:2d:ab:fa:e7:26:91:ac:ed:64:96:dc:
78:1e:9c:54:16:29:1b:f7:22:ca:98:95:ef:2a:eb:5f:c7:f1:
e3:cf:bc:c3:33:be:b9:5d:ba:8a:7d:26:57:18:13:e4:a6:8d:
00:83:c2:fa:1e:4f:77:1d:3f:6b:36:ec:e8:4b:a4:9b:08:62:
69:70:05:bd:10:fc:40:25:18:17:08:81:ac:94:86:04:58:80:
a7:67:4f:db
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVwcHUDYhqRngphZtSWZZy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYWFjYzQ0OGM0YTIzYWZjOTRhNDVhNzliNzZkZmJlODMw
YjI1OTgwHhcNMjMwMTAyMDMwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAzMDRjY2QwYjNjZGNkYTVmN2RkYzFmM2MyYzA0N2U5MDhkNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfpIndsk3aExi1ULWWuTRozFGtPv
o/OFJR8bvoG/eTFaBBMJxccJ/7SY5TEBuovU035NyXFmjPtvS7ZM6+8V3YKACLyn
Imq/bPVvJGQ0qUn1U0Y29s2+Ttyl+5yuDP1K1nBUTzsczLIFmcH+RpKGJWKjNg0N
+Adfx578d3Bt7WQaJhRCqwRwigh283etdIfgoa1mQDO+aQ/7iA9tC3z1rPrsZE9P
BLj3EaOlkUa3MZGKjtt2UDi8cmfk858ijTE7KJArfX+uUh/hJv8gXkuWF9qcqhEd
5wUgrKPHYvaT0hcIijMDMjdEtgcec1g+ApHwdGgZE5c4X9gQhqUP9Kpv1wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFF0DBMzQs83NpffdwfPCwEfpCNScMB8GA1UdIwQY
MBaAFG2qzESMSiOvyUpFp5t2376DCyWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmFyTVJJeEtJNl9KU2tXbm0zYmZ2b01MSlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zNDY0OWUtOWJjNC00MDE4LWIzYTAt
NzU2ZjNjYzNlYzMzLzEvWFFNRXpOQ3p6YzJsOTkzQjg4TEFSLWtJMUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zNDY0OWUtOWJjNC00MDE4LWIzYTAtNzU2ZjNjYzNlYzMz
LzEvYmFyTVJJeEtJNl9KU2tXbm0zYmZ2b01MSlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBYUYAwQC
LZIMAwQCuYT4MA0EAgACMAcDBQAqCZkAMA0GCSqGSIb3DQEBCwUAA4IBAQAMQLfZ
SKJCVVf3BmEBvmxuCd1/VjfhPE4l5enBdMH5tzHBg2xAImq4Wh86xWddSL3LOLWT
Pt/cdVNY1VXHthI59G/dpWpeECWhUm5z49M7r1r5LyRyLCY7gtNesHhAccTnbnMd
Q4P5JTII5/Fk6K9nOt2MjX986NwvpRu1nQgRGpEB4ufkZOJid6GyXO2JpMysxv4r
ZgKxQNg5tReZVyD9Rsxy47qStnXgLav65yaRrO1kltx4HpxUFikb9yLKmJXvKutf
x/Hjz7zDM765XbqKfSZXGBPkpo0Ag8L6Hk93HT9rNuzoS6SbCGJpcAW9EPxAJRgX
CIGslIYEWICnZ0/b
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:35 2025 by rpki-client