Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/KCo7Gu7I8h_St8cgBbuI5Rk5bc8.roa
File: KCo7Gu7I8h_St8cgBbuI5Rk5bc8.roa (raw, json)
Hash identifier: ag1p5aUQsMyPuxrXIdEbEcZ2oPfmOYjU8l234iTiNiM=
Subject key identifier: 28:2A:3B:1A:EE:C8:F2:1F:D2:B7:C7:20:05:BB:88:E5:19:39:6D:CF
Certificate issuer: /CN=086282e751286fbbecc75ea6edcc254192c55c76
Certificate serial: 3B9D075D
Authority key identifier: 08:62:82:E7:51:28:6F:BB:EC:C7:5E:A6:ED:CC:25:41:92:C5:5C:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CGKC51Eob7vsx16m7cwlQZLFXHY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/KCo7Gu7I8h_St8cgBbuI5Rk5bc8.roa
Signing time: Sat 01 Jan 2022 14:04:14 +0000
ROA not before: Sat 01 Jan 2022 14:04:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34086
IP address blocks: 160.44.0.0/16 maxlen: 24
217.150.144.0/20 maxlen: 24
94.100.240.0/20 maxlen: 24
46.29.96.0/21 maxlen: 24
93.188.240.0/21 maxlen: 24
82.192.98.0/23 maxlen: 24
160.44.192.0/20 maxlen: 24
160.44.192.0/21 maxlen: 21
160.44.200.0/21 maxlen: 21
185.9.216.0/22 maxlen: 24
2a00:da8:fffb::/48 maxlen: 48
2a00:da8::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1000146781 (0x3b9d075d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=086282e751286fbbecc75ea6edcc254192c55c76
Validity
Not Before: Jan 1 14:04:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=282a3b1aeec8f21fd2b7c72005bb88e519396dcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:e2:7b:a5:3f:d4:ad:a7:a7:c1:eb:1e:05:5b:
f1:60:83:26:ac:3f:a6:fb:a5:cd:5a:e9:ea:70:e4:
df:4d:6d:eb:2d:80:ea:33:c3:b6:b1:83:0b:57:36:
2f:b4:f8:d9:4a:71:f4:89:54:87:a5:f5:f8:d4:df:
a4:7d:5d:90:91:8d:af:42:6b:8f:6c:e3:01:a9:43:
2d:33:82:42:45:56:46:3e:ed:d0:48:00:de:3d:65:
c8:d6:60:a5:cc:c1:fb:7a:a6:fd:dd:69:b3:2d:98:
fa:8d:fb:be:4a:60:35:82:68:71:18:92:15:c8:d6:
eb:b7:ee:c3:1b:72:f8:94:e1:19:ac:a5:4a:1a:14:
20:fd:73:2f:79:9e:d0:da:ae:89:9d:4a:54:7d:39:
b6:69:ec:f2:4f:5e:9a:72:48:a4:90:02:e7:99:2c:
fd:98:2e:ee:d4:b6:25:95:74:0c:99:c0:85:87:b1:
7d:7e:e8:1b:c5:e0:50:7c:b7:f1:32:21:b9:e3:61:
b4:bb:74:1e:b4:76:b1:b9:13:7b:df:de:fb:38:a0:
b4:04:9e:4e:9d:ce:43:ad:59:91:b4:e0:2f:0c:8d:
87:75:89:1c:7b:df:19:ac:31:67:6f:b3:ab:2f:a7:
cb:6c:3e:fe:82:ca:e9:fe:59:00:0b:c4:3a:20:98:
4c:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:2A:3B:1A:EE:C8:F2:1F:D2:B7:C7:20:05:BB:88:E5:19:39:6D:CF
X509v3 Authority Key Identifier:
keyid:08:62:82:E7:51:28:6F:BB:EC:C7:5E:A6:ED:CC:25:41:92:C5:5C:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGKC51Eob7vsx16m7cwlQZLFXHY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/KCo7Gu7I8h_St8cgBbuI5Rk5bc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/CGKC51Eob7vsx16m7cwlQZLFXHY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.29.96.0/21
82.192.98.0/23
93.188.240.0/21
94.100.240.0/20
160.44.0.0/16
185.9.216.0/22
217.150.144.0/20
IPv6:
2a00:da8::/32
Signature Algorithm: sha256WithRSAEncryption
ac:fe:8c:b3:e3:1d:6e:bc:a6:ec:0d:a5:f3:ff:f1:4e:b3:61:
5c:af:3a:f5:ef:19:1c:f9:a8:64:e6:e2:3c:9b:dd:a4:47:bd:
07:bd:7d:9c:b7:b3:af:ca:dc:da:dd:c9:11:8d:b9:92:a3:cd:
68:43:b5:73:fe:1d:02:52:ae:c6:3c:0b:7d:24:0a:5d:0a:b2:
d2:97:05:d8:4f:6b:ea:d2:f3:01:6b:5b:54:00:fb:3c:78:d1:
54:84:b7:41:11:86:a6:b1:20:99:da:7e:33:12:09:1c:e6:e2:
df:70:1b:9b:2c:e9:0b:77:55:94:a0:2f:ab:dc:f6:17:10:06:
06:6d:82:14:dd:95:8e:5b:bf:3d:3c:f5:6e:eb:0f:db:6b:e1:
75:40:08:dd:56:7e:73:33:d6:99:d3:f5:42:8b:0b:9f:2a:63:
f8:c8:32:37:59:cf:a5:45:66:24:b9:ee:f0:f5:1e:4b:20:9c:
6c:27:d9:52:b9:f8:98:8f:f1:4c:9a:8e:50:e3:9c:55:1d:e6:
bd:f3:98:c3:32:41:c5:43:e9:e6:dd:6c:93:2b:3a:e1:31:a9:
7d:5f:78:58:d9:9b:a0:a8:7a:39:f0:cd:8c:b9:45:01:06:82:
3f:73:e2:a7:74:18:c1:8d:ab:ad:51:0b:62:7c:96:b5:75:29:
9a:09:b1:8f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEO50HXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ODYyODJlNzUxMjg2ZmJiZWNjNzVlYTZlZGNjMjU0MTkyYzU1Yzc2MB4XDTIyMDEw
MTE0MDQxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjgyYTNiMWFlZWM4
ZjIxZmQyYjdjNzIwMDViYjg4ZTUxOTM5NmRjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJnie6U/1K2np8HrHgVb8WCDJqw/pvulzVrp6nDk301t6y2A
6jPDtrGDC1c2L7T42Upx9IlUh6X1+NTfpH1dkJGNr0Jrj2zjAalDLTOCQkVWRj7t
0EgA3j1lyNZgpczB+3qm/d1psy2Y+o37vkpgNYJocRiSFcjW67fuwxty+JThGayl
ShoUIP1zL3me0NquiZ1KVH05tmns8k9emnJIpJAC55ks/Zgu7tS2JZV0DJnAhYex
fX7oG8XgUHy38TIhueNhtLt0HrR2sbkTe9/e+zigtASeTp3OQ61ZkbTgLwyNh3WJ
HHvfGawxZ2+zqy+ny2w+/oLK6f5ZAAvEOiCYTI8CAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBQoKjsa7sjyH9K3xyAFu4jlGTltzzAfBgNVHSMEGDAWgBQIYoLnUShvu+zH
XqbtzCVBksVcdjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NHS0M1MUVvYjd2c3gxNm03Y3dsUVpMRlhIWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGUvOWQ4NTk4LWU5ZTItNDcwOS1iNTM1LTZiMDRhYWRlZWYxMC8x
L0tDbzdHdTdJOGhfU3Q4Y2dCYnVJNVJrNWJjOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGUv
OWQ4NTk4LWU5ZTItNDcwOS1iNTM1LTZiMDRhYWRlZWYxMC8xL0NHS0M1MUVvYjd2
c3gxNm03Y3dsUVpMRlhIWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwLwQCAAEwKQMEAy4dYAMEAVLAYgMEA1288AMEBF5k
8AMDAKAsAwQCuQnYAwQE2ZaQMA0EAgACMAcDBQAqAA2oMA0GCSqGSIb3DQEBCwUA
A4IBAQCs/oyz4x1uvKbsDaXz//FOs2Fcrzr17xkc+ahk5uI8m92kR70HvX2ct7Ov
ytza3ckRjbmSo81oQ7Vz/h0CUq7GPAt9JApdCrLSlwXYT2vq0vMBa1tUAPs8eNFU
hLdBEYamsSCZ2n4zEgkc5uLfcBubLOkLd1WUoC+r3PYXEAYGbYIU3ZWOW789PPVu
6w/ba+F1QAjdVn5zM9aZ0/VCiwufKmP4yDI3Wc+lRWYkue7w9R5LIJxsJ9lSufiY
j/FMmo5Q45xVHea985jDMkHFQ+nm3WyTKzrhMal9X3hY2ZugqHo58M2MuUUBBoI/
c+KndBjBjautUQtifJa1dSmaCbGP
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:52:51 2025 by rpki-client