Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/QVQSQIXWachwECOpL_8ct5WPEzs.roa
File: QVQSQIXWachwECOpL_8ct5WPEzs.roa (raw, json)
Hash identifier: ngDDBCCAlrdtoUmM3RPf9n2NLKW4LRIhOyI9984TQsw=
Subject key identifier: 41:54:12:40:85:D6:69:C8:70:10:23:A9:2F:FF:1C:B7:95:8F:13:3B
Certificate issuer: /CN=19622650048107918adf1b22cdf087c8a834f79c
Certificate serial: 0185DB929EC40E723A20B7C10E37EE0CCBFB
Authority key identifier: 19:62:26:50:04:81:07:91:8A:DF:1B:22:CD:F0:87:C8:A8:34:F7:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GWImUASBB5GK3xsizfCHyKg095w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/QVQSQIXWachwECOpL_8ct5WPEzs.roa
Signing time: Sun 22 Jan 2023 22:21:37 +0000
ROA not before: Sun 22 Jan 2023 22:21:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206170
IP address blocks: 86.106.25.0/24 maxlen: 24
86.107.103.0/24 maxlen: 24
188.66.62.0/24 maxlen: 24
188.66.63.0/24 maxlen: 24
188.66.60.0/24 maxlen: 24
185.189.48.0/22 maxlen: 22
188.66.61.0/24 maxlen: 24
195.85.54.0/24 maxlen: 24
2a0b:dc80::/29 maxlen: 29
2001:67c:750::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:db:92:9e:c4:0e:72:3a:20:b7:c1:0e:37:ee:0c:cb:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19622650048107918adf1b22cdf087c8a834f79c
Validity
Not Before: Jan 22 22:21:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4154124085d669c8701023a92fff1cb7958f133b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:c3:b9:64:59:19:c0:5a:da:1d:5f:97:78:b8:
2d:6f:55:3a:fc:06:3e:f3:bc:d6:7b:b5:29:04:9b:
65:05:fb:e5:ff:56:99:f1:d4:39:b5:25:0a:bf:a4:
21:c7:1b:e9:70:1b:a6:d1:f7:34:2b:50:43:b5:92:
64:fe:2e:cd:8e:31:ba:c2:a2:2b:a5:da:d1:46:8b:
d7:b0:7e:84:27:40:02:27:f6:e5:4e:70:c4:a6:fa:
f4:31:ce:2f:0f:9f:e1:8c:53:8b:58:f1:61:2d:d6:
8b:86:f0:b5:cb:b8:86:17:79:95:11:09:68:51:86:
f9:6e:0b:db:a7:fa:e1:a5:a9:ab:17:0c:9e:67:c4:
b4:6f:2e:df:c0:24:f5:e3:fb:0b:50:88:48:50:9e:
d8:e8:b2:51:c5:41:39:f7:cc:6b:c6:77:0e:75:67:
84:55:a2:5b:e9:6d:10:85:e2:76:c4:8d:cb:5c:94:
f4:fd:1b:0a:e2:66:22:8d:cf:22:81:14:6f:97:f1:
40:f2:16:8c:ff:32:66:77:7c:1f:82:12:2b:c8:1d:
4e:ad:29:01:40:12:3b:48:74:4e:70:88:15:77:9f:
92:53:9c:1d:21:c3:46:cd:31:d7:00:d0:8c:27:0c:
bf:64:15:a2:48:fe:4f:ad:3d:f7:75:02:a7:d4:c1:
25:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:54:12:40:85:D6:69:C8:70:10:23:A9:2F:FF:1C:B7:95:8F:13:3B
X509v3 Authority Key Identifier:
keyid:19:62:26:50:04:81:07:91:8A:DF:1B:22:CD:F0:87:C8:A8:34:F7:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GWImUASBB5GK3xsizfCHyKg095w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/QVQSQIXWachwECOpL_8ct5WPEzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/GWImUASBB5GK3xsizfCHyKg095w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.106.25.0/24
86.107.103.0/24
185.189.48.0/22
188.66.60.0/22
195.85.54.0/24
IPv6:
2001:67c:750::/48
2a0b:dc80::/29
Signature Algorithm: sha256WithRSAEncryption
68:85:03:3d:c7:48:ab:1e:3d:e9:f2:28:a9:ea:f9:c7:fc:6f:
86:7b:bf:a9:66:04:51:4b:d1:35:b7:bb:72:fb:9e:8d:05:b4:
9a:93:92:b0:4c:64:4e:67:85:c2:e8:e4:25:13:94:9f:e6:7a:
ff:bc:ac:75:1c:71:0d:60:1a:71:e6:42:39:10:50:ea:ef:b7:
2f:07:68:9f:95:47:47:47:eb:7c:5a:58:73:71:4f:40:93:dc:
20:04:19:46:44:76:c9:7f:12:c7:b4:b2:55:b9:50:28:b7:ab:
f9:c8:b0:e3:09:87:f4:20:fe:32:99:79:90:eb:0b:a1:4c:d0:
b9:52:51:b0:dd:e1:6a:52:36:d1:d7:c9:49:fd:7c:87:20:bf:
f9:c3:52:31:d8:7a:bb:6f:b2:0a:cd:3a:99:dd:2d:91:f7:19:
df:1a:0b:6c:45:cb:cf:7f:cf:d2:1e:95:0f:00:7b:b8:44:fd:
68:52:72:c0:a3:9e:02:d7:b4:f3:b7:29:13:5a:a4:63:ee:c5:
08:c0:32:b1:93:d9:2d:9d:c7:fe:57:2c:cd:00:ba:fe:d1:38:
98:f6:e3:28:32:09:6c:69:c2:c8:48:bc:7c:f8:18:c1:e8:a8:
21:d5:9b:1d:78:19:42:d0:55:5f:5f:25:34:ea:14:90:5d:8c:
0d:f6:8a:33
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYXbkp7EDnI6ILfBDjfuDMv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NjIyNjUwMDQ4MTA3OTE4YWRmMWIyMmNkZjA4N2M4YTgz
NGY3OWMwHhcNMjMwMTIyMjIyMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTU0MTI0MDg1ZDY2OWM4NzAxMDIzYTkyZmZmMWNiNzk1OGYxMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18O5ZFkZwFraHV+XeLgtb1U6/AY+
87zWe7UpBJtlBfvl/1aZ8dQ5tSUKv6QhxxvpcBum0fc0K1BDtZJk/i7NjjG6wqIr
pdrRRovXsH6EJ0ACJ/blTnDEpvr0Mc4vD5/hjFOLWPFhLdaLhvC1y7iGF3mVEQlo
UYb5bgvbp/rhpamrFwyeZ8S0by7fwCT14/sLUIhIUJ7Y6LJRxUE598xrxncOdWeE
VaJb6W0QheJ2xI3LXJT0/RsK4mYijc8igRRvl/FA8haM/zJmd3wfghIryB1OrSkB
QBI7SHROcIgVd5+SU5wdIcNGzTHXANCMJwy/ZBWiSP5PrT33dQKn1MEllQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEFUEkCF1mnIcBAjqS//HLeVjxM7MB8GA1UdIwQY
MBaAFBliJlAEgQeRit8bIs3wh8ioNPecMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1dJbVVBU0JCNUdLM3hzaXpmQ0h5S2cwOTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jNTAyYzEtZjMxNC00MGIxLWEwMjQt
OGQxMGZlZTU4NGZlLzEvUVZRU1FJWFdhY2h3RUNPcExfOGN0NVdQRXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jNTAyYzEtZjMxNC00MGIxLWEwMjQtOGQxMGZlZTU4NGZl
LzEvR1dJbVVBU0JCNUdLM3hzaXpmQ0h5S2cwOTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQAVmoZAwQA
VmtnAwQCub0wAwQCvEI8AwQAw1U2MBYEAgACMBADBwAgAQZ8B1ADBQMqC9yAMA0G
CSqGSIb3DQEBCwUAA4IBAQBohQM9x0irHj3p8iip6vnH/G+Ge7+pZgRRS9E1t7ty
+56NBbSak5KwTGROZ4XC6OQlE5Sf5nr/vKx1HHENYBpx5kI5EFDq77cvB2iflUdH
R+t8WlhzcU9Ak9wgBBlGRHbJfxLHtLJVuVAot6v5yLDjCYf0IP4ymXmQ6wuhTNC5
UlGw3eFqUjbR18lJ/XyHIL/5w1Ix2Hq7b7IKzTqZ3S2R9xnfGgtsRcvPf8/SHpUP
AHu4RP1oUnLAo54C17TztykTWqRj7sUIwDKxk9ktncf+VyzNALr+0TiY9uMoMgls
acLISLx8+BjB6Kgh1ZsdeBlC0FVfXyU06hSQXYwN9ooz
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:51 2025 by rpki-client