Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/Qbon0-h9zB6BFqx6ElEZwRpzKmg.roa
File: Qbon0-h9zB6BFqx6ElEZwRpzKmg.roa (raw, json)
Hash identifier: 5K5XcE/UgG3GIwEny8jXcFjBelO3gHJHb8yZOL/mMn0=
Subject key identifier: 41:BA:27:D3:E8:7D:CC:1E:81:16:AC:7A:12:51:19:C1:1A:73:2A:68
Certificate issuer: /CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
Certificate serial: 0184669E53AE3AE952C7042A68B2F89C228B
Authority key identifier: 16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/Qbon0-h9zB6BFqx6ElEZwRpzKmg.roa
Signing time: Fri 11 Nov 2022 12:16:02 +0000
ROA not before: Fri 11 Nov 2022 12:16:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42697
IP address blocks: 185.29.78.0/23 maxlen: 23
109.200.64.0/20 maxlen: 20
185.29.77.0/24 maxlen: 24
77.243.48.0/20 maxlen: 20
2a03:dc86::/32 maxlen: 32
2a03:dc84::/32 maxlen: 32
2a03:dc80::/32 maxlen: 32
2a03:dc82::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:66:9e:53:ae:3a:e9:52:c7:04:2a:68:b2:f8:9c:22:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
Validity
Not Before: Nov 11 12:16:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=41ba27d3e87dcc1e8116ac7a125119c11a732a68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e8:8e:21:c7:57:f4:ca:4c:64:ed:c6:8f:3e:
31:df:2b:a1:ce:4e:86:25:70:64:cc:7a:96:5a:0f:
1b:43:47:de:e2:98:f5:01:83:20:af:34:24:55:41:
bf:34:b9:02:c7:58:3e:9c:2a:82:2c:03:aa:8e:ed:
c7:cc:94:04:30:83:29:05:6c:ea:02:b2:cd:fd:f7:
7c:cd:75:0d:80:ce:9c:90:1a:08:25:77:08:47:35:
55:e3:40:48:7e:27:95:68:2c:c2:47:48:a0:9a:1b:
c3:f3:d4:90:e3:dd:ff:21:87:26:c7:ac:42:e2:55:
42:43:e9:fc:7a:a3:d7:56:58:a0:4a:4b:c7:7f:2c:
f0:29:38:24:2e:1c:2b:9c:0d:d5:f9:8d:9a:84:ce:
2f:29:76:8b:dc:df:8e:11:b5:f8:60:ac:d3:f3:6e:
47:14:c0:1d:8b:d1:da:93:99:c5:8e:2e:ea:31:91:
c2:ab:9d:99:89:c5:bb:dd:c1:fb:aa:9c:07:ab:54:
05:53:e3:a4:a1:ae:61:fe:da:67:ad:7f:18:e0:0b:
66:36:2c:32:0f:f1:33:3c:01:cf:ae:c5:d1:2a:b0:
0c:b6:af:d1:1f:46:ab:75:a0:e1:1b:97:8a:bc:60:
0b:4b:9c:c6:3e:69:2e:6b:7f:dd:c3:ab:a6:7b:e7:
f3:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:BA:27:D3:E8:7D:CC:1E:81:16:AC:7A:12:51:19:C1:1A:73:2A:68
X509v3 Authority Key Identifier:
keyid:16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/Qbon0-h9zB6BFqx6ElEZwRpzKmg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.243.48.0/20
109.200.64.0/20
185.29.77.0-185.29.79.255
IPv6:
2a03:dc80::/32
2a03:dc82::/32
2a03:dc84::/32
2a03:dc86::/32
Signature Algorithm: sha256WithRSAEncryption
35:61:b9:b6:71:9d:cb:a7:0f:00:a7:a8:51:3c:3f:6e:72:c0:
5a:cb:7d:ce:92:1a:85:a3:56:89:18:d3:b4:35:84:45:5f:bc:
f6:e7:20:1e:a0:fa:cf:44:ad:04:b4:58:b9:a1:a6:92:ad:97:
c0:ec:85:c4:26:91:06:eb:08:78:5d:cf:72:1e:d9:90:58:41:
c9:0a:c2:ab:1d:ea:71:80:d2:28:5d:83:7c:b9:ad:3c:ab:91:
fb:38:4a:4a:c7:9e:3c:b8:dc:7c:e2:6c:bc:de:d4:ec:6e:ec:
7f:ca:e5:5b:bf:df:fc:ad:26:1a:5c:71:bd:4a:01:fa:cd:c2:
53:61:90:ef:61:21:67:e6:46:9e:0e:99:c9:73:6c:2a:7d:b7:
f8:a4:c7:21:6d:6d:05:27:b5:2c:d5:2f:e0:c9:14:32:4b:15:
26:d4:93:64:cf:2e:5b:f7:24:dd:2e:1c:84:6c:ac:00:75:36:
b1:df:4f:4a:0f:02:0f:42:d2:d9:be:73:64:ae:22:52:db:53:
24:f9:52:7c:4e:60:52:e9:d0:06:44:b1:13:4c:0e:09:8c:e9:
1e:8e:95:25:0f:62:c8:bf:19:a8:09:44:6f:07:bd:e0:c4:a9:
51:1a:ea:da:dd:32:c2:28:67:a1:d9:25:f7:07:65:1c:c4:6b:
ea:e9:a9:9c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYRmnlOuOulSxwQqaLL4nCKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTA5NzBkZGJiNzYxOWNjODIxODZkZGI1MzZlYjRlODk4
NWQyZGUwHhcNMjIxMTExMTIxNjAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJhMjdkM2U4N2RjYzFlODExNmFjN2ExMjUxMTljMTFhNzMyYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOiOIcdX9MpMZO3Gjz4x3yuhzk6G
JXBkzHqWWg8bQ0fe4pj1AYMgrzQkVUG/NLkCx1g+nCqCLAOqju3HzJQEMIMpBWzq
ArLN/fd8zXUNgM6ckBoIJXcIRzVV40BIfieVaCzCR0igmhvD89SQ493/IYcmx6xC
4lVCQ+n8eqPXVligSkvHfyzwKTgkLhwrnA3V+Y2ahM4vKXaL3N+OEbX4YKzT825H
FMAdi9Hak5nFji7qMZHCq52ZicW73cH7qpwHq1QFU+Okoa5h/tpnrX8Y4AtmNiwy
D/EzPAHPrsXRKrAMtq/RH0ardaDhG5eKvGALS5zGPmkua3/dw6ume+fz8QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEG6J9PofcwegRasehJRGcEacypoMB8GA1UdIwQY
MBaAFBaQlw3bt2GcyCGG3bU2606JhdLeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUt
Y2MwM2JkMzE1ZmY5LzEvUWJvbjAtaDl6QjZCRnF4NkVsRVp3UnB6S21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUtY2MwM2JkMzE1ZmY5
LzEvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAgBAIAATAaAwQETfMwAwQE
bchAMAwDBAC5HU0DBAS5HUAwIgQCAAIwHAMFACoD3IADBQAqA9yCAwUAKgPchAMF
ACoD3IYwDQYJKoZIhvcNAQELBQADggEBADVhubZxncunDwCnqFE8P25ywFrLfc6S
GoWjVokY07Q1hEVfvPbnIB6g+s9ErQS0WLmhppKtl8DshcQmkQbrCHhdz3Ie2ZBY
QckKwqsd6nGA0ihdg3y5rTyrkfs4SkrHnjy43HzibLze1Oxu7H/K5Vu/3/ytJhpc
cb1KAfrNwlNhkO9hIWfmRp4OmclzbCp9t/ikxyFtbQUntSzVL+DJFDJLFSbUk2TP
Llv3JN0uHIRsrAB1NrHfT0oPAg9C0tm+c2SuIlLbUyT5UnxOYFLp0AZEsRNMDgmM
6R6OlSUPYsi/GagJRG8HveDEqVEa6trdMsIoZ6HZJfcHZRzEa+rpqZw=
-----END CERTIFICATE-----
Generated at Sat Apr 19 04:56:25 2025 by rpki-client