Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/bfch9KyQFZsfb8_jXJkZMgoXn5Q.roa
File: bfch9KyQFZsfb8_jXJkZMgoXn5Q.roa (raw, json)
Hash identifier: nHqun+qOb0gd00phqrl2o5+Y0etONjLmCYOqjQMYGYw=
Subject key identifier: 6D:F7:21:F4:AC:90:15:9B:1F:6F:CF:E3:5C:99:19:32:0A:17:9F:94
Certificate issuer: /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial: 018C81693AECAEF76BE5A4C3FA0C39485A58
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/bfch9KyQFZsfb8_jXJkZMgoXn5Q.roa
Signing time: Tue 19 Dec 2023 09:30:06 +0000
ROA not before: Tue 19 Dec 2023 09:30:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28907
IP address blocks: 195.39.197.0/24 maxlen: 24
195.39.196.0/24 maxlen: 24
195.39.196.0/23 maxlen: 23
5.149.124.0/22 maxlen: 24
5.149.120.0/21 maxlen: 21
193.178.144.0/23 maxlen: 23
193.178.146.0/23 maxlen: 23
77.87.192.0/21 maxlen: 21
89.184.64.0/22 maxlen: 24
89.184.64.0/19 maxlen: 24
89.184.66.0/23 maxlen: 23
89.184.65.0/24 maxlen: 24
89.184.72.0/21 maxlen: 21
89.184.80.0/21 maxlen: 24
89.184.88.0/21 maxlen: 21
78.27.192.0/19 maxlen: 24
2a02:2278:235::/48 maxlen: 48
2a02:2278:204::/48 maxlen: 48
2a02:2278:100::/44 maxlen: 56
2a02:2278:236::/48 maxlen: 48
2a02:2278:ff00::/40 maxlen: 56
2a02:2278:7000::/40 maxlen: 56
2a02:2278:800::/40 maxlen: 56
2a02:2278:200::/40 maxlen: 56
2a02:2278::/40 maxlen: 56
2a02:2278::/32 maxlen: 32
2a02:2278:220::/48 maxlen: 48
2a02:2278:234::/48 maxlen: 48
2a02:2278:208::/48 maxlen: 48
2a02:2278:221::/48 maxlen: 48
2a02:2278:237::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:81:69:3a:ec:ae:f7:6b:e5:a4:c3:fa:0c:39:48:5a:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Validity
Not Before: Dec 19 09:30:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6df721f4ac90159b1f6fcfe35c9919320a179f94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:a2:21:01:22:1f:ef:9d:29:d7:5b:fa:8c:83:
34:c1:83:35:20:bd:6c:53:18:d9:ca:d7:b4:17:cf:
93:c2:47:c2:ef:08:01:84:9f:4a:27:7e:71:3a:4e:
71:ac:35:33:42:ae:9e:6e:ab:91:8f:89:79:92:f5:
ec:5a:83:10:00:08:38:75:04:d9:6b:83:95:13:78:
8e:56:6d:c9:4f:b4:f2:b0:b9:d7:50:8d:82:30:96:
1e:b7:a4:28:c8:a9:05:e0:47:1e:e5:ce:8f:35:70:
8f:2e:ba:3a:f0:c5:47:ca:ba:97:8a:72:b2:64:d1:
36:50:ef:33:72:55:b0:b4:dd:6c:90:4e:45:ed:4b:
69:a2:91:a5:34:45:62:02:6b:a7:e4:52:d0:45:fd:
57:14:02:8c:1d:65:44:64:cf:13:19:e0:f6:8b:d5:
8f:01:92:3a:83:7e:22:3d:e1:59:55:ad:e3:a9:84:
f7:ba:0a:c7:a0:a7:cf:44:77:76:2e:d1:c4:58:5a:
19:c7:31:39:6e:91:ab:bd:2d:d9:f5:53:a8:33:05:
9e:34:98:e1:b5:ad:97:ae:60:51:f7:6f:8d:b6:e1:
ea:e7:34:73:8d:8a:e7:95:8d:1a:34:a1:67:7a:e3:
7e:37:03:1e:2c:2f:0c:a2:36:07:d9:22:3e:12:76:
26:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:F7:21:F4:AC:90:15:9B:1F:6F:CF:E3:5C:99:19:32:0A:17:9F:94
X509v3 Authority Key Identifier:
keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/bfch9KyQFZsfb8_jXJkZMgoXn5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.149.120.0/21
77.87.192.0/21
78.27.192.0/19
89.184.64.0/19
193.178.144.0/22
195.39.196.0/23
IPv6:
2a02:2278::/32
Signature Algorithm: sha256WithRSAEncryption
c2:ec:d5:a5:a3:4b:b0:78:93:fc:f4:ea:53:4c:b1:b8:9d:58:
65:27:dd:b2:fd:1b:16:e6:8b:a2:d5:f3:2a:b2:4d:ba:62:61:
64:55:57:ec:9a:88:a5:ca:75:03:a7:4c:fc:e7:0d:fe:85:07:
9a:e6:f4:24:cb:27:4a:e6:61:a8:96:dc:08:49:86:03:41:17:
6d:6f:97:dc:91:f4:c4:81:9f:38:13:d9:ed:9f:b8:0d:56:6b:
1f:3e:12:a7:d6:a2:08:b5:09:09:b3:b1:b1:c8:e8:e1:fc:9d:
01:2f:83:f6:d9:16:2d:3d:8c:18:40:42:6c:c9:62:fc:5b:a3:
98:3a:a4:1c:23:07:40:77:15:30:c1:d2:4a:bb:08:7b:1d:0c:
01:5d:8f:37:71:26:d8:6e:e3:8e:f3:81:f9:74:b1:5a:be:60:
80:0a:aa:19:15:f2:0e:85:01:85:a6:f6:7f:ac:95:8e:82:8b:
c7:c9:17:9c:3f:d1:c9:ef:14:9a:de:e1:59:e7:4b:ca:56:bb:
d3:94:5c:b2:5f:16:ac:bf:22:5d:c1:e4:c1:6a:6e:f7:6a:e1:
90:90:f4:0b:e9:62:6f:bd:13:b2:62:19:f1:3d:83:33:07:e4:
a8:81:a0:92:18:21:71:92:cc:2f:01:bb:39:d7:70:3d:22:31:
f4:f8:fb:8d
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYyBaTrsrvdr5aTD+gw5SFpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMxMjE5MDkzMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY3MjFmNGFjOTAxNTliMWY2ZmNmZTM1Yzk5MTkzMjBhMTc5Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaIhASIf750p11v6jIM0wYM1IL1s
UxjZyte0F8+TwkfC7wgBhJ9KJ35xOk5xrDUzQq6ebquRj4l5kvXsWoMQAAg4dQTZ
a4OVE3iOVm3JT7TysLnXUI2CMJYet6QoyKkF4Ece5c6PNXCPLro68MVHyrqXinKy
ZNE2UO8zclWwtN1skE5F7UtpopGlNEViAmun5FLQRf1XFAKMHWVEZM8TGeD2i9WP
AZI6g34iPeFZVa3jqYT3ugrHoKfPRHd2LtHEWFoZxzE5bpGrvS3Z9VOoMwWeNJjh
ta2XrmBR92+NtuHq5zRzjYrnlY0aNKFneuN+NwMeLC8MojYH2SI+EnYmFwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFG33IfSskBWbH2/P41yZGTIKF5+UMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvYmZjaDlLeVFGWnNmYjhfalhKa1pNZ29YbjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDBZV4AwQD
TVfAAwQFThvAAwQFWbhAAwQCwbKQAwQBwyfEMA0EAgACMAcDBQAqAiJ4MA0GCSqG
SIb3DQEBCwUAA4IBAQDC7NWlo0uweJP89OpTTLG4nVhlJ92y/RsW5oui1fMqsk26
YmFkVVfsmoilynUDp0z85w3+hQea5vQkyydK5mGoltwISYYDQRdtb5fckfTEgZ84
E9ntn7gNVmsfPhKn1qIItQkJs7GxyOjh/J0BL4P22RYtPYwYQEJsyWL8W6OYOqQc
IwdAdxUwwdJKuwh7HQwBXY83cSbYbuOO84H5dLFavmCACqoZFfIOhQGFpvZ/rJWO
govHyRecP9HJ7xSa3uFZ50vKVrvTlFyyXxasvyJdweTBam73auGQkPQL6WJvvROy
YhnxPYMzB+SogaCSGCFxkswvAbs513A9IjH0+PuN
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:15 2025 by rpki-client