Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/qNO7xEnIdv193u7zNJo9sZ7N728.roa
File: qNO7xEnIdv193u7zNJo9sZ7N728.roa (raw, json)
Hash identifier: 8D9qNyXFF4ieXguJEcshHeWzmrK/5NlCZRoQGktTOZE=
Subject key identifier: A8:D3:BB:C4:49:C8:76:FD:7D:DE:EE:F3:34:9A:3D:B1:9E:CD:EF:6F
Certificate issuer: /CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Certificate serial: 0185715553B9C8BDFA4C081E41D92BD5CBA7
Authority key identifier: D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/qNO7xEnIdv193u7zNJo9sZ7N728.roa
Signing time: Mon 02 Jan 2023 07:14:55 +0000
ROA not before: Mon 02 Jan 2023 07:14:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25540
IP address blocks: 95.140.0.0/20 maxlen: 20
178.251.80.0/21 maxlen: 21
79.141.0.0/20 maxlen: 24
141.101.48.0/21 maxlen: 21
185.14.120.0/22 maxlen: 22
217.15.80.0/20 maxlen: 20
37.122.200.0/21 maxlen: 21
185.4.20.0/22 maxlen: 23
171.33.152.0/21 maxlen: 21
95.170.8.0/22 maxlen: 22
83.167.128.0/19 maxlen: 24
46.254.224.0/21 maxlen: 21
2a01:6380::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:55:53:b9:c8:bd:fa:4c:08:1e:41:d9:2b:d5:cb:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Validity
Not Before: Jan 2 07:14:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a8d3bbc449c876fd7ddeeef3349a3db19ecdef6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:d8:51:f5:bb:ca:68:3e:0f:9f:af:dc:77:1e:
e2:83:58:7c:60:f3:2c:e0:77:89:3b:2a:33:f1:d8:
7d:d6:32:4d:4a:f2:a2:f8:20:37:85:b8:6f:1f:09:
06:d0:8f:39:74:2f:11:3a:b3:84:ef:db:1c:2f:5e:
5f:9b:b8:99:43:cf:86:f0:06:58:34:4a:59:c9:e9:
47:fc:b6:4d:52:b4:d3:f5:0f:76:06:2b:4f:9f:06:
d6:2c:aa:7f:38:05:86:ef:30:a9:f4:f2:20:d8:d0:
24:85:75:a4:91:0f:4a:33:ab:f8:3a:20:37:04:63:
04:32:e9:0b:20:3d:c6:2c:59:71:b3:eb:20:7a:fa:
75:59:cd:26:09:9e:fc:dd:46:75:3c:20:2f:12:3d:
7d:82:d5:e1:7c:08:38:94:68:96:32:8b:44:ab:9b:
92:84:47:a6:66:02:c4:23:5f:d3:f1:f7:aa:3d:d1:
72:9c:fc:fe:06:17:9d:6a:1d:b1:b6:bc:b3:31:a7:
25:bc:44:e6:e5:3e:c5:fd:ca:4d:b6:a9:35:eb:5e:
fc:2c:a3:37:14:d2:ad:66:42:8e:05:02:9b:15:dc:
70:f6:9f:78:04:da:16:71:ba:5d:28:32:d3:89:51:
ba:ea:28:15:7f:6f:d3:64:50:23:73:b8:2b:e5:43:
bb:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:D3:BB:C4:49:C8:76:FD:7D:DE:EE:F3:34:9A:3D:B1:9E:CD:EF:6F
X509v3 Authority Key Identifier:
keyid:D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/qNO7xEnIdv193u7zNJo9sZ7N728.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.122.200.0/21
46.254.224.0/21
79.141.0.0/20
83.167.128.0/19
95.140.0.0/20
95.170.8.0/22
141.101.48.0/21
171.33.152.0/21
178.251.80.0/21
185.4.20.0/22
185.14.120.0/22
217.15.80.0/20
IPv6:
2a01:6380::/32
Signature Algorithm: sha256WithRSAEncryption
76:9f:c2:1d:72:88:9c:c2:8f:eb:99:fd:ed:4a:2b:be:e3:f6:
b0:28:f6:7d:b6:45:88:58:db:51:74:63:c1:d3:24:9c:2c:23:
4d:6a:27:3c:68:de:c3:0b:29:12:ce:de:ed:25:55:87:a9:cb:
08:f1:a9:ac:53:46:83:c0:e7:2a:bb:00:fe:7a:ac:4f:ee:48:
b0:6d:b6:16:d9:46:74:2b:93:40:f9:9e:a3:6a:6e:e8:0b:a4:
74:51:22:41:bd:11:c2:0f:52:73:b8:76:8a:0b:fd:18:64:cd:
9a:c3:59:42:b4:c3:46:db:ac:3b:5d:e8:23:0b:f0:e8:1f:c8:
5b:1c:6c:9a:7d:47:b0:f0:94:d7:18:94:7a:b0:a5:d2:98:f0:
e9:33:54:f9:fd:58:ed:45:94:23:da:49:7e:61:9a:68:ef:b4:
1b:93:be:00:8c:3c:61:61:2d:b2:68:50:92:0d:3c:c9:9f:f5:
5c:67:d7:c7:37:a4:6b:34:dc:63:e6:a2:e9:ab:4e:cb:eb:3d:
68:1f:30:6b:32:77:9b:9b:79:ef:d4:98:ba:d6:d9:10:20:5d:
64:fd:9d:5d:b6:f5:29:8e:80:79:06:4c:ee:e0:09:95:f3:11:
4a:da:5b:15:5b:41:d0:52:a5:6b:59:a5:4c:d8:5e:ba:72:af:
1e:eb:04:f4
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYVxVVO5yL36TAgeQdkr1cunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZWUwMzg5Njg3ZGJkNDQ1ZGU2ZjkyMzljMWQwMmMzNzcw
Y2Y1NzQwHhcNMjMwMTAyMDcxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGQzYmJjNDQ5Yzg3NmZkN2RkZWVlZjMzNDlhM2RiMTllY2RlZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNhR9bvKaD4Pn6/cdx7ig1h8YPMs
4HeJOyoz8dh91jJNSvKi+CA3hbhvHwkG0I85dC8ROrOE79scL15fm7iZQ8+G8AZY
NEpZyelH/LZNUrTT9Q92BitPnwbWLKp/OAWG7zCp9PIg2NAkhXWkkQ9KM6v4OiA3
BGMEMukLID3GLFlxs+sgevp1Wc0mCZ783UZ1PCAvEj19gtXhfAg4lGiWMotEq5uS
hEemZgLEI1/T8feqPdFynPz+Bhedah2xtryzMaclvETm5T7F/cpNtqk16178LKM3
FNKtZkKOBQKbFdxw9p94BNoWcbpdKDLTiVG66igVf2/TZFAjc7gr5UO7/QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFKjTu8RJyHb9fd7u8zSaPbGeze9vMB8GA1UdIwQY
MBaAFNDuA4lofb1EXeb5I5wdAsN3DPV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEt
MWEyOWE0NDhkMzA5LzEvcU5PN3hFbklkdjE5M3U3ek5KbzlzWjdONzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEtMWEyOWE0NDhkMzA5
LzEvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJXrIAwQD
Lv7gAwQET40AAwQFU6eAAwQEX4wAAwQCX6oIAwQDjWUwAwQDqyGYAwQDsvtQAwQC
uQQUAwQCuQ54AwQE2Q9QMA0EAgACMAcDBQAqAWOAMA0GCSqGSIb3DQEBCwUAA4IB
AQB2n8Idcoicwo/rmf3tSiu+4/awKPZ9tkWIWNtRdGPB0yScLCNNaic8aN7DCykS
zt7tJVWHqcsI8amsU0aDwOcquwD+eqxP7kiwbbYW2UZ0K5NA+Z6jam7oC6R0USJB
vRHCD1JzuHaKC/0YZM2aw1lCtMNG26w7XegjC/DoH8hbHGyafUew8JTXGJR6sKXS
mPDpM1T5/VjtRZQj2kl+YZpo77Qbk74AjDxhYS2yaFCSDTzJn/VcZ9fHN6RrNNxj
5qLpq07L6z1oHzBrMnebm3nv1Ji61tkQIF1k/Z1dtvUpjoB5Bkzu4AmV8xFK2lsV
W0HQUqVrWaVM2F66cq8e6wT0
-----END CERTIFICATE-----
Generated at Sun Apr 20 20:04:09 2025 by rpki-client