Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Bq-qJkNtoD-viCaiFvTkeh1gIP8.roa
File: Bq-qJkNtoD-viCaiFvTkeh1gIP8.roa (raw, json)
Hash identifier: 1lWQtmIxnnUUGCYluniM886yQEfNfa1YSPy118W41/M=
Subject key identifier: 06:AF:AA:26:43:6D:A0:3F:AF:88:26:A2:16:F4:E4:7A:1D:60:20:FF
Certificate issuer: /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial: 0185DDAD021BCC6431995CB334F7D7F3CF35
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Bq-qJkNtoD-viCaiFvTkeh1gIP8.roa
Signing time: Mon 23 Jan 2023 08:09:41 +0000
ROA not before: Mon 23 Jan 2023 08:09:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213191
IP address blocks: 31.40.168.0/22 maxlen: 22
31.40.174.0/23 maxlen: 23
31.40.176.0/23 maxlen: 23
31.40.180.0/22 maxlen: 22
31.40.184.0/22 maxlen: 22
91.214.80.0/24 maxlen: 24
31.40.131.0/24 maxlen: 24
31.40.139.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:dd:ad:02:1b:cc:64:31:99:5c:b3:34:f7:d7:f3:cf:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Validity
Not Before: Jan 23 08:09:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=06afaa26436da03faf8826a216f4e47a1d6020ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:f3:f8:c3:b6:dd:0e:37:34:11:16:c5:b4:34:
01:65:65:08:d4:2c:89:e9:ed:77:9a:e1:a1:d1:2e:
01:4a:2d:4b:35:72:a3:c6:04:ac:1a:18:d9:23:da:
0b:4c:61:76:e7:b8:74:b9:bc:43:db:03:4b:bd:bd:
95:c4:23:2c:ef:c5:a8:ae:86:e2:bd:26:57:3d:53:
c9:80:4e:75:c3:3c:96:7d:c0:77:a5:cb:4d:6c:18:
ad:a7:27:f1:22:86:6b:61:69:f4:7b:63:34:13:da:
63:b8:7d:5f:f1:2c:33:b1:07:5f:d9:39:80:4e:ff:
a4:42:cf:fe:fc:23:87:51:5d:dd:f2:3f:64:d3:14:
65:07:11:27:da:a0:c2:13:1e:ef:72:66:c1:a9:52:
81:56:10:21:48:fb:b9:be:52:ff:81:7b:e2:2f:e2:
2a:26:c9:3e:e3:fe:65:ce:42:a1:69:11:fa:09:f5:
15:9d:b5:12:14:3d:af:9c:53:ab:46:b0:7f:02:08:
4e:ed:ac:0e:6d:0c:f3:03:cc:11:52:b6:66:aa:69:
bb:f7:ff:b1:ac:93:53:a0:33:f3:ff:93:c7:ce:e1:
de:cf:18:a9:70:de:af:06:6f:7f:45:d2:7a:df:79:
52:e4:17:a3:0b:5e:9d:1d:99:b1:73:ed:ea:53:c4:
d9:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:AF:AA:26:43:6D:A0:3F:AF:88:26:A2:16:F4:E4:7A:1D:60:20:FF
X509v3 Authority Key Identifier:
keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Bq-qJkNtoD-viCaiFvTkeh1gIP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.40.131.0/24
31.40.139.0/24
31.40.168.0/22
31.40.174.0-31.40.177.255
31.40.180.0-31.40.187.255
91.214.80.0/24
Signature Algorithm: sha256WithRSAEncryption
86:eb:9f:3e:a0:03:a8:49:b4:a0:48:99:f6:ba:a1:98:e8:0d:
59:11:c7:0a:4f:60:4f:0c:fc:85:2a:90:bd:27:52:bf:98:0f:
d6:46:39:f6:15:10:7a:28:2b:e2:a1:79:62:85:60:9a:e9:e6:
a4:13:02:77:55:4e:90:2c:55:13:9a:6f:3e:34:8c:68:d0:63:
1b:a5:40:84:43:3a:d0:4b:70:bb:d1:06:2e:30:cb:b5:05:62:
9e:a7:6e:1f:a2:c5:17:c1:7d:c3:3d:44:bd:c0:67:fc:2c:3a:
6a:7c:a5:e3:5c:1c:8f:57:d9:d2:05:67:c0:48:c1:42:71:ae:
f2:99:c7:74:5d:33:79:1a:b7:59:53:76:2b:73:77:43:25:cd:
35:6d:56:d5:a2:8a:47:7b:e8:00:53:e6:d5:51:e7:fb:56:ef:
48:86:f1:dd:4f:0f:66:2b:d4:82:b4:aa:3a:1f:b2:66:8c:9a:
3c:c1:5f:22:e5:d3:f1:fd:23:94:4e:a3:6b:c2:5e:e4:de:42:
69:76:f7:f5:3e:8f:68:28:8e:99:57:a5:42:54:a3:87:e8:25:
d9:b0:7e:aa:04:da:ff:b0:ca:14:40:8c:d6:dd:5f:0c:e8:7c:
98:7e:0d:6d:52:a7:6a:d0:a6:db:10:86:45:40:d9:3f:2a:8c:
f9:22:58:02
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYXdrQIbzGQxmVyzNPfX8881MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjMwMTIzMDgwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFmYWEyNjQzNmRhMDNmYWY4ODI2YTIxNmY0ZTQ3YTFkNjAyMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fP4w7bdDjc0ERbFtDQBZWUI1CyJ
6e13muGh0S4BSi1LNXKjxgSsGhjZI9oLTGF257h0ubxD2wNLvb2VxCMs78Worobi
vSZXPVPJgE51wzyWfcB3pctNbBitpyfxIoZrYWn0e2M0E9pjuH1f8SwzsQdf2TmA
Tv+kQs/+/COHUV3d8j9k0xRlBxEn2qDCEx7vcmbBqVKBVhAhSPu5vlL/gXviL+Iq
Jsk+4/5lzkKhaRH6CfUVnbUSFD2vnFOrRrB/AghO7awObQzzA8wRUrZmqmm79/+x
rJNToDPz/5PHzuHezxipcN6vBm9/RdJ633lS5BejC16dHZmxc+3qU8TZ6QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFAavqiZDbaA/r4gmohb05HodYCD/MB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvQnEtcUprTnRvRC12aUNhaUZ2VGtlaDFnSVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQAHyiDAwQA
HyiLAwQCHyioMAwDBAEfKK4DBAEfKLAwDAMEAh8otAMEAh8ouAMEAFvWUDANBgkq
hkiG9w0BAQsFAAOCAQEAhuufPqADqEm0oEiZ9rqhmOgNWRHHCk9gTwz8hSqQvSdS
v5gP1kY59hUQeigr4qF5YoVgmunmpBMCd1VOkCxVE5pvPjSMaNBjG6VAhEM60Etw
u9EGLjDLtQVinqduH6LFF8F9wz1EvcBn/Cw6anyl41wcj1fZ0gVnwEjBQnGu8pnH
dF0zeRq3WVN2K3N3QyXNNW1W1aKKR3voAFPm1VHn+1bvSIbx3U8PZivUgrSqOh+y
ZoyaPMFfIuXT8f0jlE6ja8Je5N5CaXb39T6PaCiOmVelQlSjh+gl2bB+qgTa/7DK
FECM1t1fDOh8mH4NbVKnatCm2xCGRUDZPyqM+SJYAg==
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:13:38 2025 by rpki-client