Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bIXbqy1g8PMeK8CLIo2nnWpMCgg.roa
File: bIXbqy1g8PMeK8CLIo2nnWpMCgg.roa (raw, json)
Hash identifier: 3TKzNl76JnPGQZPpov/+SbZb0HHXfMrfsGMIosl21Jk=
Subject key identifier: 6C:85:DB:AB:2D:60:F0:F3:1E:2B:C0:8B:22:8D:A7:9D:6A:4C:0A:08
Certificate issuer: /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial: 0D0894B9
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bIXbqy1g8PMeK8CLIo2nnWpMCgg.roa
Signing time: Thu 03 Mar 2022 07:12:03 +0000
ROA not before: Thu 03 Mar 2022 07:12:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16024
IP address blocks: 156.67.56.0/24 maxlen: 24
156.67.57.0/24 maxlen: 24
217.70.160.0/20 maxlen: 24
185.47.232.0/22 maxlen: 24
46.28.32.0/21 maxlen: 24
185.159.32.0/22 maxlen: 24
149.232.244.0/22 maxlen: 24
149.232.248.0/22 maxlen: 24
2a02:1670::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 218666169 (0xd0894b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Validity
Not Before: Mar 3 07:12:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6c85dbab2d60f0f31e2bc08b228da79d6a4c0a08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:86:4a:09:d5:3b:79:c6:c3:f7:d8:a8:e8:3d:
36:63:38:95:0d:a9:ea:d0:0f:78:a6:8b:9b:6b:00:
89:fb:0f:77:a5:4a:52:b6:da:6b:63:58:b6:e6:73:
14:b5:16:77:9e:90:bb:d2:98:9e:bd:b4:ba:cd:0e:
3e:df:ed:78:c9:e9:cb:15:01:62:b6:08:9f:c6:13:
9c:53:9c:06:91:76:79:6e:e1:f7:58:16:49:54:d7:
bf:ad:42:6f:17:7b:67:5a:97:9f:7e:40:32:ef:51:
9d:b9:78:f0:f6:7a:ec:19:74:c3:56:57:da:93:23:
d4:61:ef:2e:15:a1:7a:85:fa:3b:d1:ca:32:ef:92:
9a:6e:93:65:0a:a1:89:14:2c:a3:f7:c7:93:4e:e8:
5d:16:09:b4:24:f0:9d:e7:21:3d:bd:b3:45:a4:ae:
7f:e6:46:e0:7d:2f:af:e2:dc:ef:86:2c:33:fb:bd:
8c:70:c6:3b:4e:4d:8b:79:ee:07:68:42:d7:c1:03:
94:05:35:31:f9:74:44:9e:ce:d9:8f:ac:e8:c4:10:
e2:49:3a:b6:de:98:29:45:33:df:e7:ad:d1:5d:cc:
da:cd:48:0c:9f:36:c3:c5:09:9f:14:e0:6c:0e:1e:
ad:62:96:c3:bb:ee:24:df:bd:3c:68:81:5d:27:1c:
2a:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:85:DB:AB:2D:60:F0:F3:1E:2B:C0:8B:22:8D:A7:9D:6A:4C:0A:08
X509v3 Authority Key Identifier:
keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bIXbqy1g8PMeK8CLIo2nnWpMCgg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.28.32.0/21
149.232.244.0-149.232.251.255
156.67.56.0/23
185.47.232.0/22
185.159.32.0/22
217.70.160.0/20
IPv6:
2a02:1670::/32
Signature Algorithm: sha256WithRSAEncryption
22:68:d2:0e:f6:41:ed:28:bc:c9:19:96:cc:85:06:16:ab:c8:
98:d2:9c:65:4e:57:ce:90:d8:4f:81:d4:af:91:3c:17:d5:a2:
d0:d4:b3:e8:89:6d:1a:87:cb:38:1d:0e:c4:58:fb:d6:89:35:
11:de:27:ac:02:38:55:19:a0:e3:a5:af:fb:60:a8:fa:d5:ef:
e3:a2:8b:df:f8:31:04:97:35:63:f6:a3:43:92:e3:29:94:8a:
bd:26:bc:cf:e2:b2:07:9f:60:36:ee:6c:2a:75:b6:aa:43:fd:
b7:54:9d:fe:31:db:1b:09:53:7b:44:2f:4f:8f:ec:16:dd:97:
c6:8a:bd:9f:e0:5c:0d:90:24:31:54:7f:80:f4:df:48:7e:4d:
9b:82:76:9e:e2:82:5a:b8:08:e6:4b:af:74:17:2d:e1:6f:af:
b4:12:ee:05:5c:3a:d1:0d:e8:9a:c7:34:b7:d3:30:bd:c8:e7:
0e:98:26:6e:b7:b0:d9:dd:cd:4e:14:78:6e:7f:02:c4:d2:0f:
e6:76:72:c5:c7:e9:40:de:ca:45:24:ac:11:1c:f6:02:e3:dc:
67:68:dc:a8:6a:e9:63:87:ff:8e:be:27:34:3f:3b:83:e0:45:
ed:06:5c:0c:66:0b:50:99:8c:4b:fc:e6:1b:a0:13:b6:20:b4:
7a:4a:91:22
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIEDQiUuTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZjNkODlhODFmYzI5OWYzOWMwOTJlNGY2ZDAxNzNhOWE5Y2ZiYzY1MB4XDTIyMDMw
MzA3MTIwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmM4NWRiYWIyZDYw
ZjBmMzFlMmJjMDhiMjI4ZGE3OWQ2YTRjMGEwODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMyGSgnVO3nGw/fYqOg9NmM4lQ2p6tAPeKaLm2sAifsPd6VK
Urbaa2NYtuZzFLUWd56Qu9KYnr20us0OPt/teMnpyxUBYrYIn8YTnFOcBpF2eW7h
91gWSVTXv61Cbxd7Z1qXn35AMu9Rnbl48PZ67Bl0w1ZX2pMj1GHvLhWheoX6O9HK
Mu+Smm6TZQqhiRQso/fHk07oXRYJtCTwnechPb2zRaSuf+ZG4H0vr+Lc74YsM/u9
jHDGO05Ni3nuB2hC18EDlAU1Mfl0RJ7O2Y+s6MQQ4kk6tt6YKUUz3+et0V3M2s1I
DJ82w8UJnxTgbA4erWKWw7vuJN+9PGiBXSccKqECAwEAAaOCAj4wggI6MB0GA1Ud
DgQWBBRshdurLWDw8x4rwIsijaedakwKCDAfBgNVHSMEGDAWgBRvPYmoH8KZ85wJ
Lk9tAXOpqc+8ZTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2J6MkpxQl9DbWZPY0NTNVBiUUZ6cWFuUHZHVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODYvMDVlMGVlLWFlMDMtNDEyNC1iNjcwLTMwOWI3Yjk2MGQxNC8x
L2JJWGJxeTFnOFBNZUs4Q0xJbzJubldwTUNnZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYv
MDVlMGVlLWFlMDMtNDEyNC1iNjcwLTMwOWI3Yjk2MGQxNC8xL2J6MkpxQl9DbWZP
Y0NTNVBiUUZ6cWFuUHZHVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBU
BggrBgEFBQcBBwEB/wRFMEMwMgQCAAEwLAMEAy4cIDAMAwQClej0AwQClej4AwQB
nEM4AwQCuS/oAwQCuZ8gAwQE2UagMA0EAgACMAcDBQAqAhZwMA0GCSqGSIb3DQEB
CwUAA4IBAQAiaNIO9kHtKLzJGZbMhQYWq8iY0pxlTlfOkNhPgdSvkTwX1aLQ1LPo
iW0ah8s4HQ7EWPvWiTUR3iesAjhVGaDjpa/7YKj61e/joovf+DEElzVj9qNDkuMp
lIq9JrzP4rIHn2A27mwqdbaqQ/23VJ3+MdsbCVN7RC9Pj+wW3ZfGir2f4FwNkCQx
VH+A9N9Ifk2bgnae4oJauAjmS690Fy3hb6+0Eu4FXDrRDeiaxzS30zC9yOcOmCZu
t7DZ3c1OFHhufwLE0g/mdnLFx+lA3spFJKwRHPYC49xnaNyoauljh/+Ovic0PzuD
4EXtBlwMZgtQmYxL/OYboBO2ILR6SpEi
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:39:09 2025 by rpki-client