Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/49bb69-dff9-448e-a8a2-977305c70051/1/IQYpedVUbf7BDwyl2FPKUtd0DdQ.roa
File: IQYpedVUbf7BDwyl2FPKUtd0DdQ.roa (raw, json)
Hash identifier: Z+XKjs47wY0zCRU6qnkdHqqrdhDXWqo/bSD6xxvFGYc=
Subject key identifier: 21:06:29:79:D5:54:6D:FE:C1:0F:0C:A5:D8:53:CA:52:D7:74:0D:D4
Certificate issuer: /CN=0f671fec38f00c402f3066f13c792e1a0ed16db3
Certificate serial: 01856F8B6C08F0B15254346023CDA2BEF73B
Authority key identifier: 0F:67:1F:EC:38:F0:0C:40:2F:30:66:F1:3C:79:2E:1A:0E:D1:6D:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D2cf7DjwDEAvMGbxPHkuGg7RbbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/49bb69-dff9-448e-a8a2-977305c70051/1/IQYpedVUbf7BDwyl2FPKUtd0DdQ.roa
Signing time: Sun 01 Jan 2023 22:54:45 +0000
ROA not before: Sun 01 Jan 2023 22:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29286
IP address blocks: 185.20.215.0/24 maxlen: 24
37.9.178.0/24 maxlen: 24
37.9.176.0/24 maxlen: 24
37.9.179.0/24 maxlen: 24
37.9.183.0/24 maxlen: 24
37.9.180.0/23 maxlen: 24
185.20.212.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:8b:6c:08:f0:b1:52:54:34:60:23:cd:a2:be:f7:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0f671fec38f00c402f3066f13c792e1a0ed16db3
Validity
Not Before: Jan 1 22:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21062979d5546dfec10f0ca5d853ca52d7740dd4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:03:0d:5e:5a:d1:7d:97:09:0b:69:72:3c:78:
31:98:5b:fd:08:b5:46:f8:7f:e6:c7:22:9d:06:ac:
84:cf:1e:b0:81:e2:e7:62:0d:5b:6a:e9:02:1f:6c:
e6:cf:69:9b:be:21:9c:d1:0e:43:7f:8a:eb:27:96:
0e:fb:ad:f2:32:cb:df:63:66:36:2a:3a:1f:54:78:
a4:be:3a:6d:a1:41:12:8d:f3:87:1b:a0:de:f2:52:
df:f3:ed:45:0e:62:9b:0a:04:7b:58:00:43:1f:7a:
ff:57:57:53:20:51:c3:40:27:a1:a9:f6:21:69:a8:
f4:ee:c0:0c:ad:4c:a4:dd:9d:51:19:ef:e6:10:95:
3c:81:27:b5:95:cb:ac:e8:7e:1f:ab:16:9c:4b:71:
12:61:c9:da:07:63:56:98:9f:59:05:2c:d4:40:a8:
62:e2:5a:00:57:4a:81:98:91:1a:d0:7c:58:39:30:
48:38:40:c3:0c:3d:1f:73:d0:fb:d3:8e:1a:fc:96:
24:b4:d4:51:22:f1:c3:35:c7:b7:90:23:32:ac:40:
4d:fc:a9:e3:bc:6e:3a:36:cc:f7:e3:81:c3:1d:a8:
21:ae:93:aa:a1:47:99:b0:70:05:a8:f4:9d:15:44:
b0:74:f2:f4:6e:a3:ed:37:04:0c:61:94:26:fe:e8:
a4:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:06:29:79:D5:54:6D:FE:C1:0F:0C:A5:D8:53:CA:52:D7:74:0D:D4
X509v3 Authority Key Identifier:
keyid:0F:67:1F:EC:38:F0:0C:40:2F:30:66:F1:3C:79:2E:1A:0E:D1:6D:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2cf7DjwDEAvMGbxPHkuGg7RbbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/49bb69-dff9-448e-a8a2-977305c70051/1/IQYpedVUbf7BDwyl2FPKUtd0DdQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/49bb69-dff9-448e-a8a2-977305c70051/1/D2cf7DjwDEAvMGbxPHkuGg7RbbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.9.176.0/24
37.9.178.0-37.9.181.255
37.9.183.0/24
185.20.212.0/22
Signature Algorithm: sha256WithRSAEncryption
71:f2:00:86:96:bd:0c:2c:30:e6:9b:6e:93:40:1d:0e:41:b7:
f2:2c:c4:1d:73:dc:2e:e5:f4:97:91:5b:90:de:f3:e5:13:ba:
a0:d9:1b:b2:5b:50:a3:02:83:5d:41:68:d1:71:01:d3:b8:45:
f5:67:5a:2f:aa:13:bf:f3:9a:a3:db:23:89:6b:bd:16:d4:81:
5f:9c:02:c4:f1:d4:e7:70:ce:1b:96:7a:b7:e6:76:e9:7e:bd:
8b:19:47:3a:7e:ea:b2:3f:47:be:cd:bc:31:8e:25:60:71:46:
f8:93:9e:36:a3:f2:d1:1f:96:d5:9d:b6:8e:11:8b:8c:78:4f:
26:a1:d9:36:d8:80:8e:a5:e9:b7:00:1c:b5:58:f4:fa:4d:71:
c7:bd:ac:5e:43:3d:42:25:52:c2:21:9e:c1:ac:c9:b3:62:bf:
d7:49:be:14:b8:24:5c:da:cc:b8:07:9d:86:5f:ac:ac:0a:60:
8d:16:e8:74:a1:4c:70:bd:87:50:1c:88:4e:a5:7b:85:4c:09:
f1:74:e1:c9:4e:90:eb:4b:3f:28:55:ef:28:41:39:79:dd:d6:
2b:ed:bd:74:1c:e7:a6:78:72:24:58:a2:64:db:bd:25:52:ac:
5e:20:6c:35:6b:40:24:67:aa:97:0c:f2:34:f8:4a:3c:00:cb:
5f:92:14:1b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVvi2wI8LFSVDRgI82ivvc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjcxZmVjMzhmMDBjNDAyZjMwNjZmMTNjNzkyZTFhMGVk
MTZkYjMwHhcNMjMwMTAxMjI1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA2Mjk3OWQ1NTQ2ZGZlYzEwZjBjYTVkODUzY2E1MmQ3NzQwZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgMNXlrRfZcJC2lyPHgxmFv9CLVG
+H/mxyKdBqyEzx6wgeLnYg1baukCH2zmz2mbviGc0Q5Df4rrJ5YO+63yMsvfY2Y2
KjofVHikvjptoUESjfOHG6De8lLf8+1FDmKbCgR7WABDH3r/V1dTIFHDQCehqfYh
aaj07sAMrUyk3Z1RGe/mEJU8gSe1lcus6H4fqxacS3ESYcnaB2NWmJ9ZBSzUQKhi
4loAV0qBmJEa0HxYOTBIOEDDDD0fc9D7044a/JYktNRRIvHDNce3kCMyrEBN/Knj
vG46Nsz344HDHaghrpOqoUeZsHAFqPSdFUSwdPL0bqPtNwQMYZQm/uikXwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCEGKXnVVG3+wQ8MpdhTylLXdA3UMB8GA1UdIwQY
MBaAFA9nH+w48AxALzBm8Tx5LhoO0W2zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJjZjdEandERUF2TUdieFBIa3VHZzdSYmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS80OWJiNjktZGZmOS00NDhlLWE4YTIt
OTc3MzA1YzcwMDUxLzEvSVFZcGVkVlViZjdCRHd5bDJGUEtVdGQwRGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS80OWJiNjktZGZmOS00NDhlLWE4YTItOTc3MzA1YzcwMDUx
LzEvRDJjZjdEandERUF2TUdieFBIa3VHZzdSYmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAJQmwMAwD
BAElCbIDBAElCbQDBAAlCbcDBAK5FNQwDQYJKoZIhvcNAQELBQADggEBAHHyAIaW
vQwsMOabbpNAHQ5Bt/IsxB1z3C7l9JeRW5De8+UTuqDZG7JbUKMCg11BaNFxAdO4
RfVnWi+qE7/zmqPbI4lrvRbUgV+cAsTx1OdwzhuWerfmdul+vYsZRzp+6rI/R77N
vDGOJWBxRviTnjaj8tEfltWdto4Ri4x4Tyah2TbYgI6l6bcAHLVY9PpNcce9rF5D
PUIlUsIhnsGsybNiv9dJvhS4JFzazLgHnYZfrKwKYI0W6HShTHC9h1AciE6le4VM
CfF04clOkOtLPyhV7yhBOXnd1ivtvXQc56Z4ciRYomTbvSVSrF4gbDVrQCRnqpcM
8jT4SjwAy1+SFBs=
-----END CERTIFICATE-----
Generated at Thu Apr 17 20:05:38 2025 by rpki-client