Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa
File: qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa (raw, json)
Hash identifier: AqT/wvty5WAJI78IzKytPz+TifYV7jDs2VTlr34s108=
Subject key identifier: AA:1D:41:B9:98:93:7C:AF:6B:2E:F0:7E:50:60:06:54:43:1F:80:5F
Certificate issuer: /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial: 018418E7614F5D4C75A64C8703A7B1F026DA
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa
Signing time: Thu 27 Oct 2022 10:05:27 +0000
ROA not before: Thu 27 Oct 2022 10:05:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35332
IP address blocks: 185.151.96.0/22 maxlen: 24
87.236.0.0/21 maxlen: 24
194.5.181.0/24 maxlen: 24
77.242.112.0/20 maxlen: 24
188.92.56.0/21 maxlen: 24
37.235.112.0/21 maxlen: 24
45.116.184.0/22 maxlen: 24
208.88.128.0/22 maxlen: 24
185.113.212.0/22 maxlen: 24
139.28.200.0/22 maxlen: 24
2a00:a000::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:18:e7:61:4f:5d:4c:75:a6:4c:87:03:a7:b1:f0:26:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Validity
Not Before: Oct 27 10:05:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=aa1d41b998937caf6b2ef07e50600654431f805f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:f7:84:23:aa:9e:79:ca:ae:6d:9c:d5:5b:98:
a4:27:30:3f:5d:b4:98:2a:b4:51:ad:67:2b:ae:be:
f2:ee:b7:52:17:10:91:61:f8:2c:66:47:78:90:6f:
97:d3:bd:4a:c5:b3:0c:01:6f:8f:ee:0a:98:67:fa:
b4:ce:d0:7d:43:f0:fd:b1:5f:79:10:2b:2a:98:a6:
79:bd:2a:8c:54:2c:c6:8c:cc:90:64:dd:57:b8:e4:
f7:34:24:b1:b2:4d:6c:e0:6c:ea:9d:e2:71:1d:37:
18:57:96:e4:a7:c1:bd:13:4b:b0:82:51:bb:32:0f:
29:13:fa:37:a5:09:51:d4:81:48:b8:ed:35:cf:fe:
df:d3:9f:69:64:e9:da:19:38:9a:9e:6e:29:5b:cd:
51:a8:af:0f:2c:3b:00:51:62:3a:88:25:c6:9c:77:
8a:e7:55:d9:09:e0:01:f5:1c:2a:40:1a:74:09:42:
62:45:8f:d0:0b:23:d1:51:50:82:b3:95:0c:e0:ca:
bb:6d:5f:fc:ab:de:cc:1b:e8:fa:91:a6:e2:8f:4c:
11:27:21:f7:62:73:a8:ea:08:c9:f0:59:49:09:97:
8f:14:ad:d7:bc:cc:bb:73:2e:31:39:fc:a0:d4:9a:
04:86:36:d8:b7:46:30:c6:f9:58:16:ca:08:60:7b:
b6:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:1D:41:B9:98:93:7C:AF:6B:2E:F0:7E:50:60:06:54:43:1F:80:5F
X509v3 Authority Key Identifier:
keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.112.0/21
45.116.184.0/22
77.242.112.0/20
87.236.0.0/21
139.28.200.0/22
185.113.212.0/22
185.151.96.0/22
188.92.56.0/21
194.5.181.0/24
208.88.128.0/22
IPv6:
2a00:a000::/32
Signature Algorithm: sha256WithRSAEncryption
34:33:da:fa:b9:ac:f4:d1:af:63:38:bb:b0:ff:9a:3f:08:15:
33:c3:d9:4f:65:cc:db:d8:99:d4:1d:95:d9:12:af:fa:c3:1f:
ca:9f:37:1e:93:11:be:84:d0:f2:17:ab:98:e8:92:8f:9b:90:
39:92:0f:49:2e:a1:a8:d0:bd:48:c4:6f:b5:de:b4:44:d3:2b:
26:7a:c8:30:db:70:ea:05:4d:be:3b:50:12:c4:20:d6:4f:d4:
67:7d:b7:ac:a7:84:76:fe:57:f0:c2:d8:58:be:eb:cd:43:da:
19:7a:de:f7:9e:08:9a:86:86:83:ed:39:80:48:29:43:8d:ac:
03:99:1a:7d:c8:35:00:ba:6a:ec:2c:73:69:37:0a:b3:13:83:
6b:be:4d:a5:4f:85:ac:b6:8a:96:6f:8c:bb:a0:73:d5:00:72:
37:cf:61:d1:2e:64:e6:c9:90:2a:c1:a6:4e:8d:ab:41:c5:03:
96:9e:f1:23:3e:97:3b:fa:c7:ec:6f:a3:bc:fe:02:ef:91:69:
8d:cd:d1:53:5a:10:1d:2d:b6:f5:1b:d9:d8:4f:e9:2a:37:b6:
f0:d3:fb:10:bb:ca:e7:f0:4f:8d:42:1f:46:31:4d:7a:ef:6e:
88:07:ac:5a:b8:43:34:dd:a3:a0:b6:c6:54:03:4a:94:91:69:
cb:fc:35:f4
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYQY52FPXUx1pkyHA6ex8CbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjIxMDI3MTAwNTI3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFkNDFiOTk4OTM3Y2FmNmIyZWYwN2U1MDYwMDY1NDQzMWY4MDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhveEI6qeecqubZzVW5ikJzA/XbSY
KrRRrWcrrr7y7rdSFxCRYfgsZkd4kG+X071KxbMMAW+P7gqYZ/q0ztB9Q/D9sV95
ECsqmKZ5vSqMVCzGjMyQZN1XuOT3NCSxsk1s4GzqneJxHTcYV5bkp8G9E0uwglG7
Mg8pE/o3pQlR1IFIuO01z/7f059pZOnaGTianm4pW81RqK8PLDsAUWI6iCXGnHeK
51XZCeAB9RwqQBp0CUJiRY/QCyPRUVCCs5UM4Mq7bV/8q97MG+j6kabij0wRJyH3
YnOo6gjJ8FlJCZePFK3XvMy7cy4xOfyg1JoEhjbYt0YwxvlYFsoIYHu2awIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKodQbmYk3yvay7wflBgBlRDH4BfMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvcWgxQnVaaVRmSzlyTHZCLVVHQUdWRU1mZ0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJetwAwQC
LXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQAwgW1AwQC
0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQA0M9r6uaz00a9j
OLuw/5o/CBUzw9lPZczb2JnUHZXZEq/6wx/KnzcekxG+hNDyF6uY6JKPm5A5kg9J
LqGo0L1IxG+13rRE0ysmesgw23DqBU2+O1ASxCDWT9Rnfbesp4R2/lfwwthYvuvN
Q9oZet73ngiahoaD7TmASClDjawDmRp9yDUAumrsLHNpNwqzE4Nrvk2lT4WstoqW
b4y7oHPVAHI3z2HRLmTmyZAqwaZOjatBxQOWnvEjPpc7+sfsb6O8/gLvkWmNzdFT
WhAdLbb1G9nYT+kqN7bw0/sQu8rn8E+NQh9GMU16726IB6xauEM03aOgtsZUA0qU
kWnL/DX0
-----END CERTIFICATE-----
Generated at Fri Apr 18 15:09:38 2025 by rpki-client