Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/33a888-4cf3-4a8c-9297-a1e0db1a17df/1/bKNXD0uT2W55J6mb4yh1RuWNhz4.roa
File: bKNXD0uT2W55J6mb4yh1RuWNhz4.roa (raw, json)
Hash identifier: osnNza7ZPGmbjnEBf5dn9QwYw0rauxv3Ca43u93YE9w=
Subject key identifier: 6C:A3:57:0F:4B:93:D9:6E:79:27:A9:9B:E3:28:75:46:E5:8D:87:3E
Certificate issuer: /CN=844492db9cbb0a0eb6bf69c25c86961f49183c9b
Certificate serial: 018C3437CDF918E69E3C06D362DEFBDCD266
Authority key identifier: 84:44:92:DB:9C:BB:0A:0E:B6:BF:69:C2:5C:86:96:1F:49:18:3C:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hESS25y7Cg62v2nCXIaWH0kYPJs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/33a888-4cf3-4a8c-9297-a1e0db1a17df/1/bKNXD0uT2W55J6mb4yh1RuWNhz4.roa
Signing time: Mon 04 Dec 2023 09:45:21 +0000
ROA not before: Mon 04 Dec 2023 09:45:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29684
IP address blocks: 146.19.71.0/24 maxlen: 24
193.242.127.0/24 maxlen: 24
176.98.35.0/24 maxlen: 24
176.98.32.0/24 maxlen: 24
176.98.32.0/22 maxlen: 22
176.98.33.0/24 maxlen: 24
176.98.34.0/24 maxlen: 24
176.98.34.0/23 maxlen: 23
194.104.226.0/24 maxlen: 24
176.97.216.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:34:37:cd:f9:18:e6:9e:3c:06:d3:62:de:fb:dc:d2:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=844492db9cbb0a0eb6bf69c25c86961f49183c9b
Validity
Not Before: Dec 4 09:45:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6ca3570f4b93d96e7927a99be3287546e58d873e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:db:4d:fd:f6:53:20:28:94:d7:1a:18:55:7a:
82:c1:14:6a:40:52:70:e3:82:ae:80:cc:c4:dc:73:
79:1f:c7:d8:ee:5d:f9:ac:8d:82:0f:d8:d8:89:fb:
35:92:5c:7e:d1:b7:17:f5:11:98:89:ee:a2:eb:71:
eb:7a:a9:79:3f:1d:48:53:b6:99:83:66:b2:83:85:
be:5c:98:e8:e5:61:c3:85:76:a8:98:47:8d:3c:f4:
28:43:47:bb:57:6e:78:85:58:cc:a3:f8:06:ef:f5:
b2:73:77:74:58:92:48:f1:2e:23:fe:b9:49:8c:e9:
da:1d:9a:14:87:49:2e:08:f8:7d:18:66:72:8e:ae:
12:d6:64:ec:f8:2e:4e:b7:71:37:d9:5e:49:fe:b6:
6f:a3:ff:dc:df:b8:68:21:37:d2:18:b7:03:f1:5f:
4e:a2:79:21:41:ba:89:09:e9:9d:58:6c:51:b3:8e:
de:11:36:17:f2:26:02:83:80:94:ec:01:71:84:f4:
19:25:6b:69:4d:47:af:e8:0e:59:bc:5e:43:92:21:
69:a4:bb:51:55:7a:f8:26:21:e9:15:47:ac:ca:d4:
cb:24:60:c9:ad:16:1a:a5:93:3b:7a:b4:43:bc:a5:
f2:0b:c5:f7:5b:2d:60:d5:22:37:48:4e:fe:f7:76:
c0:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:A3:57:0F:4B:93:D9:6E:79:27:A9:9B:E3:28:75:46:E5:8D:87:3E
X509v3 Authority Key Identifier:
keyid:84:44:92:DB:9C:BB:0A:0E:B6:BF:69:C2:5C:86:96:1F:49:18:3C:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hESS25y7Cg62v2nCXIaWH0kYPJs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/33a888-4cf3-4a8c-9297-a1e0db1a17df/1/bKNXD0uT2W55J6mb4yh1RuWNhz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/33a888-4cf3-4a8c-9297-a1e0db1a17df/1/hESS25y7Cg62v2nCXIaWH0kYPJs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.19.71.0/24
176.97.216.0/24
176.98.32.0/22
193.242.127.0/24
194.104.226.0/24
Signature Algorithm: sha256WithRSAEncryption
73:98:26:7a:4a:1b:4a:35:fb:dd:a4:f6:5f:e0:e7:c2:66:ab:
99:96:2c:a1:e1:cb:d7:2f:d1:34:9d:31:e7:cf:28:a1:b3:53:
4d:48:9f:37:f4:46:d7:ec:6e:bc:a2:9f:52:d0:dd:42:88:71:
b7:ac:9f:ff:07:e9:52:2d:7c:89:d1:69:b7:8e:7f:c9:dd:22:
75:08:e4:ab:ba:6e:be:51:23:39:20:15:72:bd:98:51:24:16:
1a:69:d7:57:aa:44:c5:6c:27:af:52:f1:ab:9c:b2:4d:4c:e7:
90:22:8f:24:48:dd:0e:1c:b4:21:d4:d5:75:22:92:bd:a2:72:
2f:81:b0:86:b7:de:19:35:6a:01:b2:fa:3b:c0:dc:1a:f8:ac:
85:7e:61:0e:ed:87:17:a7:0c:26:fe:14:c6:bd:57:57:ab:82:
02:33:1c:73:34:55:32:46:15:bd:a0:eb:0e:83:06:a1:9c:12:
3a:1f:eb:bb:2d:e4:e8:40:53:e7:a3:99:94:eb:57:ec:93:d8:
1d:d7:f3:4d:a9:c5:c1:c9:32:6c:58:cd:e1:4d:70:1d:5b:c8:
35:d3:f3:9c:51:05:17:98:05:59:4f:a5:21:73:c3:9e:14:67:
a7:d9:b1:2f:f0:42:12:09:b9:24:ce:7a:c3:c3:63:ee:a8:1d:
f9:d2:d0:bc
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYw0N835GOaePAbTYt773NJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDQ5MmRiOWNiYjBhMGViNmJmNjljMjVjODY5NjFmNDkx
ODNjOWIwHhcNMjMxMjA0MDk0NTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2EzNTcwZjRiOTNkOTZlNzkyN2E5OWJlMzI4NzU0NmU1OGQ4NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NtN/fZTICiU1xoYVXqCwRRqQFJw
44KugMzE3HN5H8fY7l35rI2CD9jYifs1klx+0bcX9RGYie6i63Hreql5Px1IU7aZ
g2ayg4W+XJjo5WHDhXaomEeNPPQoQ0e7V254hVjMo/gG7/Wyc3d0WJJI8S4j/rlJ
jOnaHZoUh0kuCPh9GGZyjq4S1mTs+C5Ot3E32V5J/rZvo//c37hoITfSGLcD8V9O
onkhQbqJCemdWGxRs47eETYX8iYCg4CU7AFxhPQZJWtpTUev6A5ZvF5DkiFppLtR
VXr4JiHpFUesytTLJGDJrRYapZM7erRDvKXyC8X3Wy1g1SI3SE7+93bAGwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGyjVw9Lk9lueSepm+ModUbljYc+MB8GA1UdIwQY
MBaAFIREktucuwoOtr9pwlyGlh9JGDybMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVTUzI1eTdDZzYydjJuQ1hJYVdIMGtZUEpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8zM2E4ODgtNGNmMy00YThjLTkyOTct
YTFlMGRiMWExN2RmLzEvYktOWEQwdVQyVzU1SjZtYjR5aDFSdVdOaHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8zM2E4ODgtNGNmMy00YThjLTkyOTctYTFlMGRiMWExN2Rm
LzEvaEVTUzI1eTdDZzYydjJuQ1hJYVdIMGtZUEpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAkhNHAwQA
sGHYAwQCsGIgAwQAwfJ/AwQAwmjiMA0GCSqGSIb3DQEBCwUAA4IBAQBzmCZ6ShtK
NfvdpPZf4OfCZquZliyh4cvXL9E0nTHnzyihs1NNSJ839EbX7G68op9S0N1CiHG3
rJ//B+lSLXyJ0Wm3jn/J3SJ1COSrum6+USM5IBVyvZhRJBYaaddXqkTFbCevUvGr
nLJNTOeQIo8kSN0OHLQh1NV1IpK9onIvgbCGt94ZNWoBsvo7wNwa+KyFfmEO7YcX
pwwm/hTGvVdXq4ICMxxzNFUyRhW9oOsOgwahnBI6H+u7LeToQFPno5mU61fsk9gd
1/NNqcXByTJsWM3hTXAdW8g10/OcUQUXmAVZT6Uhc8OeFGen2bEv8EISCbkkznrD
w2PuqB350tC8
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:58:53 2025 by rpki-client