Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/1bCFIGK1Rd4rQBK6suQc1EV0B4k.roa
File: 1bCFIGK1Rd4rQBK6suQc1EV0B4k.roa (raw, json)
Hash identifier: CAjGY74qz+LN5hSFHb4JCHPCSQ2Aai6KON959tlCQqY=
Subject key identifier: D5:B0:85:20:62:B5:45:DE:2B:40:12:BA:B2:E4:1C:D4:45:74:07:89
Certificate issuer: /CN=12cd9add16137e8bab98d78e2a3360bc8bd6f0f1
Certificate serial: 01856F0B3924ACBF1BAADE508775B7293EC5
Authority key identifier: 12:CD:9A:DD:16:13:7E:8B:AB:98:D7:8E:2A:33:60:BC:8B:D6:F0:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Es2a3RYTfourmNeOKjNgvIvW8PE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/1bCFIGK1Rd4rQBK6suQc1EV0B4k.roa
Signing time: Sun 01 Jan 2023 20:34:44 +0000
ROA not before: Sun 01 Jan 2023 20:34:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15389
IP address blocks: 198.137.136.0/22 maxlen: 22
185.74.208.0/22 maxlen: 22
193.34.105.0/24 maxlen: 24
193.34.104.0/22 maxlen: 22
81.18.224.0/20 maxlen: 20
178.19.192.0/20 maxlen: 20
212.55.32.0/19 maxlen: 19
88.85.32.0/19 maxlen: 19
217.172.80.0/20 maxlen: 20
2a02:e90::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:0b:39:24:ac:bf:1b:aa:de:50:87:75:b7:29:3e:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=12cd9add16137e8bab98d78e2a3360bc8bd6f0f1
Validity
Not Before: Jan 1 20:34:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d5b0852062b545de2b4012bab2e41cd445740789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:1b:9e:44:3a:94:e6:24:a7:b7:5c:1c:5f:c7:
f3:6b:10:b1:fa:2f:9f:1d:81:19:08:e4:0b:a5:23:
4d:e2:8c:58:fd:07:6d:9b:6b:0f:e8:c2:89:97:88:
2b:9d:4b:57:66:4f:22:89:67:5b:6d:0e:ca:69:e3:
64:28:81:ac:74:56:02:ab:7a:8a:ac:6c:8f:13:51:
ca:5e:b5:b7:c8:0d:74:9e:59:9f:d0:bc:62:f3:22:
01:c9:25:ca:99:39:0e:51:9a:99:f9:ec:ea:ce:c6:
e0:82:c1:0f:19:48:b1:49:93:85:8b:a7:b8:d8:14:
a6:6e:d2:77:5d:b9:81:d9:81:1f:a0:92:5f:62:bf:
c0:78:bb:b3:c4:00:c0:de:dc:64:01:e9:57:8f:ba:
28:cf:52:5c:d1:67:99:28:3d:2c:cb:0d:f3:92:9c:
b6:8d:76:b4:56:3c:ce:6b:ce:d1:bf:b3:b0:42:5e:
62:7c:38:b4:e8:f3:3d:de:bf:c7:58:8b:21:08:72:
dd:ff:fb:b3:71:47:3c:c5:45:ea:51:77:3e:a8:29:
be:54:5c:06:6a:49:c7:03:2f:83:f0:04:ec:e7:1f:
4e:d7:0b:83:e6:fd:ab:8b:23:f0:28:9b:36:a5:72:
16:f3:ee:58:dc:32:37:0f:ca:a6:a8:c1:cc:61:a7:
69:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:B0:85:20:62:B5:45:DE:2B:40:12:BA:B2:E4:1C:D4:45:74:07:89
X509v3 Authority Key Identifier:
keyid:12:CD:9A:DD:16:13:7E:8B:AB:98:D7:8E:2A:33:60:BC:8B:D6:F0:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Es2a3RYTfourmNeOKjNgvIvW8PE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/1bCFIGK1Rd4rQBK6suQc1EV0B4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/Es2a3RYTfourmNeOKjNgvIvW8PE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.18.224.0/20
88.85.32.0/19
178.19.192.0/20
185.74.208.0/22
193.34.104.0/22
198.137.136.0/22
212.55.32.0/19
217.172.80.0/20
IPv6:
2a02:e90::/32
Signature Algorithm: sha256WithRSAEncryption
17:bf:90:68:c9:46:d4:bf:17:24:2b:07:fe:c1:71:a9:b5:fc:
f9:e0:ba:6c:e5:bf:40:46:51:bb:af:bc:5c:44:1f:f5:ee:5c:
d2:99:d7:18:52:1c:eb:dd:86:14:44:91:46:2f:87:f7:31:52:
22:f0:b3:4d:f5:e8:96:aa:ae:cb:5e:d7:eb:11:a8:b6:ce:99:
20:50:1e:7c:b8:a3:66:5a:bb:2f:b6:56:c0:24:d0:10:35:11:
21:b5:2d:49:de:74:31:4b:c4:99:c1:72:a6:47:06:2b:2d:16:
6b:4d:0d:1f:8f:1b:26:1f:56:94:52:ad:4e:dc:d2:9f:2d:d9:
dd:d7:78:14:9e:fe:77:1a:9c:89:61:56:59:a9:d4:ad:07:87:
ef:40:80:d9:2d:33:52:fe:5c:a6:5a:fd:d9:a7:ce:43:44:f1:
33:01:ae:6b:5c:34:7f:57:7f:a5:2b:b8:12:0e:f0:9b:86:b3:
25:a4:4c:78:57:bb:70:f3:a0:94:52:f3:6f:da:24:46:57:5c:
85:04:80:a7:1c:a2:55:42:30:81:c7:34:57:11:7c:55:0c:a5:
e9:51:7b:52:6e:2b:39:f5:9a:e4:d3:0e:fc:75:61:54:50:d0:
b4:4f:97:5a:84:23:59:96:84:a5:6b:86:94:62:92:51:92:c9:
e7:f0:83:54
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVvCzkkrL8bqt5Qh3W3KT7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyY2Q5YWRkMTYxMzdlOGJhYjk4ZDc4ZTJhMzM2MGJjOGJk
NmYwZjEwHhcNMjMwMTAxMjAzNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWIwODUyMDYyYjU0NWRlMmI0MDEyYmFiMmU0MWNkNDQ1NzQwNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRueRDqU5iSnt1wcX8fzaxCx+i+f
HYEZCOQLpSNN4oxY/Qdtm2sP6MKJl4grnUtXZk8iiWdbbQ7KaeNkKIGsdFYCq3qK
rGyPE1HKXrW3yA10nlmf0Lxi8yIBySXKmTkOUZqZ+ezqzsbggsEPGUixSZOFi6e4
2BSmbtJ3XbmB2YEfoJJfYr/AeLuzxADA3txkAelXj7ooz1Jc0WeZKD0syw3zkpy2
jXa0VjzOa87Rv7OwQl5ifDi06PM93r/HWIshCHLd//uzcUc8xUXqUXc+qCm+VFwG
aknHAy+D8ATs5x9O1wuD5v2riyPwKJs2pXIW8+5Y3DI3D8qmqMHMYadpOQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNWwhSBitUXeK0ASurLkHNRFdAeJMB8GA1UdIwQY
MBaAFBLNmt0WE36Lq5jXjiozYLyL1vDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXMyYTNSWVRmb3VybU5lT0tqTmd2SXZXOFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81N2NjNmUtOGIxYS00ODI3LTk5OWMt
MTcyZGY2YmNkNDViLzEvMWJDRklHSzFSZDRyUUJLNnN1UWMxRVYwQjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81N2NjNmUtOGIxYS00ODI3LTk5OWMtMTcyZGY2YmNkNDVi
LzEvRXMyYTNSWVRmb3VybU5lT0tqTmd2SXZXOFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEURLgAwQF
WFUgAwQEshPAAwQCuUrQAwQCwSJoAwQCxomIAwQF1DcgAwQE2axQMA0EAgACMAcD
BQAqAg6QMA0GCSqGSIb3DQEBCwUAA4IBAQAXv5BoyUbUvxckKwf+wXGptfz54Lps
5b9ARlG7r7xcRB/17lzSmdcYUhzr3YYURJFGL4f3MVIi8LNN9eiWqq7LXtfrEai2
zpkgUB58uKNmWrsvtlbAJNAQNREhtS1J3nQxS8SZwXKmRwYrLRZrTQ0fjxsmH1aU
Uq1O3NKfLdnd13gUnv53GpyJYVZZqdStB4fvQIDZLTNS/lymWv3Zp85DRPEzAa5r
XDR/V3+lK7gSDvCbhrMlpEx4V7tw86CUUvNv2iRGV1yFBICnHKJVQjCBxzRXEXxV
DKXpUXtSbis59Zrk0w78dWFUUNC0T5dahCNZloSla4aUYpJRksnn8INU
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:40 2025 by rpki-client