Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/6iWIMkT7Cep0XdtK7GELBRhP7Dc.roa
File: 6iWIMkT7Cep0XdtK7GELBRhP7Dc.roa (raw, json)
Hash identifier: 4Z8VK5nVfRDTujzt0UW5qsHfuP0JYatSG6upcNhDRxw=
Subject key identifier: EA:25:88:32:44:FB:09:EA:74:5D:DB:4A:EC:61:0B:05:18:4F:EC:37
Certificate issuer: /CN=54791dde2c9bdea366ce7ec6c5a800c5da633454
Certificate serial: 01856F15176B595C8ACE1AFF690AB35C13D7
Authority key identifier: 54:79:1D:DE:2C:9B:DE:A3:66:CE:7E:C6:C5:A8:00:C5:DA:63:34:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VHkd3iyb3qNmzn7GxagAxdpjNFQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/6iWIMkT7Cep0XdtK7GELBRhP7Dc.roa
Signing time: Sun 01 Jan 2023 20:45:31 +0000
ROA not before: Sun 01 Jan 2023 20:45:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212772
IP address blocks: 185.113.28.0/22 maxlen: 24
94.140.14.0/23 maxlen: 24
45.156.136.0/22 maxlen: 24
92.255.56.0/24 maxlen: 24
217.72.12.0/22 maxlen: 24
46.243.228.0/22 maxlen: 24
92.255.68.0/22 maxlen: 24
92.255.84.0/24 maxlen: 24
2a10:50c0::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:15:17:6b:59:5c:8a:ce:1a:ff:69:0a:b3:5c:13:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=54791dde2c9bdea366ce7ec6c5a800c5da633454
Validity
Not Before: Jan 1 20:45:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ea25883244fb09ea745ddb4aec610b05184fec37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:29:1a:3b:67:6b:58:33:74:9f:98:54:fd:c3:
cf:cf:0c:62:35:b3:49:2f:d3:fc:99:72:a1:50:2b:
c6:5a:6b:3c:23:10:26:e3:02:1a:13:be:30:e5:92:
0d:e9:4c:0d:23:57:f4:aa:e2:ab:f5:49:56:ca:45:
d8:9d:56:3d:68:c3:f1:88:65:df:f1:ed:3b:d5:07:
08:fb:bb:a2:30:ee:a2:57:c5:6b:4d:5f:1f:bb:7c:
91:0e:89:bd:e5:1e:8f:9b:48:cb:c5:3c:03:82:48:
ad:3b:d1:49:70:03:6f:14:21:81:75:0d:88:b5:24:
7b:63:d1:50:7e:be:20:71:23:7d:e2:24:b8:34:76:
95:a7:f5:0a:01:2c:29:75:10:4d:1d:64:ed:12:8f:
0e:7c:7c:2b:81:01:c9:c5:f4:22:da:0f:11:a4:34:
26:d9:53:9e:ac:70:b9:48:8f:08:cf:29:2e:0a:ac:
df:31:c2:00:da:fc:88:b9:a3:6d:8c:80:65:5d:2b:
32:8d:ec:a4:58:e9:b2:d9:fc:bd:ae:c2:d7:b4:c0:
d8:99:ce:d5:3e:3a:d9:5e:b6:62:02:a8:d7:50:2f:
6e:34:23:32:c8:b5:47:fe:14:ee:ab:29:2b:53:ec:
e9:1a:cf:45:07:c7:79:f3:d9:71:6d:30:b8:f0:ac:
0f:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:25:88:32:44:FB:09:EA:74:5D:DB:4A:EC:61:0B:05:18:4F:EC:37
X509v3 Authority Key Identifier:
keyid:54:79:1D:DE:2C:9B:DE:A3:66:CE:7E:C6:C5:A8:00:C5:DA:63:34:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHkd3iyb3qNmzn7GxagAxdpjNFQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/6iWIMkT7Cep0XdtK7GELBRhP7Dc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/VHkd3iyb3qNmzn7GxagAxdpjNFQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.136.0/22
46.243.228.0/22
92.255.56.0/24
92.255.68.0/22
92.255.84.0/24
94.140.14.0/23
185.113.28.0/22
217.72.12.0/22
IPv6:
2a10:50c0::/32
Signature Algorithm: sha256WithRSAEncryption
43:ea:d4:df:e6:71:41:99:06:62:68:ee:78:35:19:60:06:79:
8d:be:61:cf:d6:2e:af:81:1e:cf:c0:f8:0c:c6:ef:b5:16:74:
ee:73:fd:6a:cb:b7:e5:c3:37:40:57:1f:36:ca:67:fd:22:76:
85:a0:41:f3:f6:b4:d8:bd:4d:f0:f3:95:e8:8c:7d:34:90:0d:
a3:3c:93:46:8c:8f:16:32:30:0b:12:22:78:50:6f:11:8d:b2:
f2:92:e5:5e:c7:94:d7:08:2b:1e:91:01:43:98:b0:00:ca:04:
b2:bd:27:54:32:80:5d:b9:a6:b5:f1:e1:96:7a:97:91:38:23:
16:1c:1c:f2:91:97:e3:69:26:7e:0a:98:69:49:80:d8:ac:6a:
ed:92:7e:99:b9:93:8f:07:16:09:9d:a3:cf:e5:a3:c8:24:eb:
19:7c:32:99:27:27:9a:da:05:02:08:d5:f2:bc:9c:76:27:a5:
fa:89:c4:3d:e5:e2:c8:fb:6b:68:f7:fc:6e:b6:ab:bc:4b:af:
ea:18:65:ea:ce:98:56:89:48:7f:4d:30:27:ec:be:02:3f:42:
84:6a:61:cc:52:ee:7a:c8:29:8d:cc:d9:e2:31:ea:d9:57:2f:
42:44:a8:36:26:29:29:65:af:3c:ee:85:57:76:6c:18:75:fa:
13:c3:eb:4b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVvFRdrWVyKzhr/aQqzXBPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NzkxZGRlMmM5YmRlYTM2NmNlN2VjNmM1YTgwMGM1ZGE2
MzM0NTQwHhcNMjMwMTAxMjA0NTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTI1ODgzMjQ0ZmIwOWVhNzQ1ZGRiNGFlYzYxMGIwNTE4NGZlYzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgikaO2drWDN0n5hU/cPPzwxiNbNJ
L9P8mXKhUCvGWms8IxAm4wIaE74w5ZIN6UwNI1f0quKr9UlWykXYnVY9aMPxiGXf
8e071QcI+7uiMO6iV8VrTV8fu3yRDom95R6Pm0jLxTwDgkitO9FJcANvFCGBdQ2I
tSR7Y9FQfr4gcSN94iS4NHaVp/UKASwpdRBNHWTtEo8OfHwrgQHJxfQi2g8RpDQm
2VOerHC5SI8IzykuCqzfMcIA2vyIuaNtjIBlXSsyjeykWOmy2fy9rsLXtMDYmc7V
PjrZXrZiAqjXUC9uNCMyyLVH/hTuqykrU+zpGs9FB8d589lxbTC48KwPJQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFOoliDJE+wnqdF3bSuxhCwUYT+w3MB8GA1UdIwQY
MBaAFFR5Hd4sm96jZs5+xsWoAMXaYzRUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhrZDNpeWIzcU5tem43R3hhZ0F4ZHBqTkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xN2U1NjctOWU0NC00NDRhLWFjNjQt
MThiMzRiZWE5YjA2LzEvNmlXSU1rVDdDZXAwWGR0SzdHRUxCUmhQN0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xN2U1NjctOWU0NC00NDRhLWFjNjQtMThiMzRiZWE5YjA2
LzEvVkhrZDNpeWIzcU5tem43R3hhZ0F4ZHBqTkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLZyIAwQC
LvPkAwQAXP84AwQCXP9EAwQAXP9UAwQBXowOAwQCuXEcAwQC2UgMMA0EAgACMAcD
BQAqEFDAMA0GCSqGSIb3DQEBCwUAA4IBAQBD6tTf5nFBmQZiaO54NRlgBnmNvmHP
1i6vgR7PwPgMxu+1FnTuc/1qy7flwzdAVx82ymf9InaFoEHz9rTYvU3w85XojH00
kA2jPJNGjI8WMjALEiJ4UG8RjbLykuVex5TXCCsekQFDmLAAygSyvSdUMoBduaa1
8eGWepeROCMWHBzykZfjaSZ+CphpSYDYrGrtkn6ZuZOPBxYJnaPP5aPIJOsZfDKZ
Jyea2gUCCNXyvJx2J6X6icQ95eLI+2to9/xutqu8S6/qGGXqzphWiUh/TTAn7L4C
P0KEamHMUu56yCmNzNniMerZVy9CRKg2JikpZa887oVXdmwYdfoTw+tL
-----END CERTIFICATE-----
Generated at Mon Apr 21 16:09:24 2025 by rpki-client