Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/Ls86RRzsMy8F5WpXHP5eKopAfyc.roa
File: Ls86RRzsMy8F5WpXHP5eKopAfyc.roa (raw, json)
Hash identifier: SpqdEwJoNQDskivGAQqvdQbnUxu2yk5jqLmaF2Ztoc4=
Subject key identifier: 2E:CF:3A:45:1C:EC:33:2F:05:E5:6A:57:1C:FE:5E:2A:8A:40:7F:27
Certificate issuer: /CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Certificate serial: 018CAA141491A71BD76277BEE3D463BC986A
Authority key identifier: BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/Ls86RRzsMy8F5WpXHP5eKopAfyc.roa
Signing time: Wed 27 Dec 2023 07:01:31 +0000
ROA not before: Wed 27 Dec 2023 07:01:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50596
IP address blocks: 46.254.160.0/21 maxlen: 22
37.75.200.0/21 maxlen: 22
93.179.104.0/21 maxlen: 22
109.201.96.0/21 maxlen: 21
109.201.96.0/19 maxlen: 22
109.201.104.0/21 maxlen: 21
109.201.112.0/20 maxlen: 22
188.68.8.0/21 maxlen: 22
185.8.220.0/22 maxlen: 23
188.68.168.0/21 maxlen: 22
188.68.192.0/21 maxlen: 22
178.57.208.0/21 maxlen: 22
2a03:3cc0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:aa:14:14:91:a7:1b:d7:62:77:be:e3:d4:63:bc:98:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Validity
Not Before: Dec 27 07:01:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ecf3a451cec332f05e56a571cfe5e2a8a407f27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:07:4e:15:0c:93:62:4d:73:ed:31:37:a6:7d:
33:f3:30:6b:58:a7:84:bc:fa:d7:83:b2:4d:12:af:
65:fa:d3:2c:be:12:cc:11:3c:e4:90:a4:86:64:89:
f2:6a:0d:6d:02:a8:c5:2c:2e:bf:64:30:c0:f5:04:
94:c2:7e:92:c3:29:17:e6:38:bd:ae:07:ac:f6:90:
d4:dc:67:c3:2d:d6:bc:a0:61:2a:48:58:7e:42:9d:
c1:c0:83:f6:f7:7b:26:68:9e:bd:75:4c:e1:70:77:
8b:12:e1:fa:9e:cc:4d:69:4c:97:d5:80:d7:b5:c4:
0c:58:ef:48:1e:42:5a:15:68:ef:50:39:3b:07:50:
8a:67:79:78:ce:e1:66:a6:fe:e8:6e:73:68:97:ac:
f1:31:44:41:81:cc:96:77:fa:7e:66:0b:6b:71:ad:
aa:35:2f:a2:ef:98:f6:87:35:fb:f7:f9:be:52:bc:
f8:31:5b:c9:d2:62:60:bd:e7:16:14:2f:0a:3e:41:
5b:51:30:3a:8f:65:97:1d:c3:b7:a6:57:98:0b:60:
f3:8b:6e:7d:41:da:bb:39:42:aa:3a:23:5c:a7:15:
d9:0e:88:56:d1:8a:36:fd:58:2d:bc:a4:e6:58:e7:
7d:40:dd:2a:f4:ae:71:39:a5:f0:32:36:fa:aa:fe:
11:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:CF:3A:45:1C:EC:33:2F:05:E5:6A:57:1C:FE:5E:2A:8A:40:7F:27
X509v3 Authority Key Identifier:
keyid:BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/Ls86RRzsMy8F5WpXHP5eKopAfyc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/ug4SZOB7Nwi8udtaFOfMknCGOVg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.75.200.0/21
46.254.160.0/21
93.179.104.0/21
109.201.96.0/19
178.57.208.0/21
185.8.220.0/22
188.68.8.0/21
188.68.168.0/21
188.68.192.0/21
IPv6:
2a03:3cc0::/29
Signature Algorithm: sha256WithRSAEncryption
4b:0d:b1:82:9d:9b:8d:5f:6b:3d:b8:cc:c7:28:c0:16:c0:78:
5a:40:77:2d:e8:00:e1:f6:98:54:81:b2:31:ff:49:59:49:48:
f7:af:3e:49:14:dd:7f:22:5f:1d:26:6e:56:4f:cc:30:9d:8e:
51:8c:ca:ec:98:2f:68:2d:8b:4f:ee:32:2e:b2:04:46:e0:0a:
06:29:9d:bb:32:d8:35:7e:ca:e2:b3:14:37:1d:b3:9e:81:20:
61:95:8b:49:9d:04:56:41:77:21:f4:9b:09:9a:e6:cc:15:1c:
ff:8b:e5:7c:c0:89:82:b7:46:f0:35:46:f6:1c:4c:9d:6d:33:
31:84:11:d5:c9:47:40:f0:d5:c4:4a:b6:40:12:9e:31:56:e6:
79:d8:3e:36:14:e0:b3:4d:1b:e2:e3:b2:5d:63:82:6a:f8:36:
a6:10:92:27:e1:33:34:4a:7a:2a:22:7d:b4:5f:93:aa:7e:61:
86:8a:f1:45:74:1c:a7:07:e6:9d:b7:b2:e1:1f:d3:de:b7:fc:
f7:5d:57:a9:13:48:f8:6e:69:86:27:65:3b:b7:ad:53:a4:36:
04:80:2f:0e:1c:3f:dc:e0:95:c1:45:d7:1e:bf:d4:63:93:c1:
e5:5c:53:15:a3:45:a6:4d:39:f8:be:e4:e6:2e:b7:56:3e:b4:
7f:18:20:60
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYyqFBSRpxvXYne+49RjvJhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMGUxMjY0ZTA3YjM3MDhiY2I5ZGI1YTE0ZTdjYzkyNzA4
NjM5NTgwHhcNMjMxMjI3MDcwMTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWNmM2E0NTFjZWMzMzJmMDVlNTZhNTcxY2ZlNWUyYThhNDA3ZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwdOFQyTYk1z7TE3pn0z8zBrWKeE
vPrXg7JNEq9l+tMsvhLMETzkkKSGZInyag1tAqjFLC6/ZDDA9QSUwn6SwykX5ji9
rges9pDU3GfDLda8oGEqSFh+Qp3BwIP293smaJ69dUzhcHeLEuH6nsxNaUyX1YDX
tcQMWO9IHkJaFWjvUDk7B1CKZ3l4zuFmpv7obnNol6zxMURBgcyWd/p+Zgtrca2q
NS+i75j2hzX79/m+Urz4MVvJ0mJgvecWFC8KPkFbUTA6j2WXHcO3pleYC2Dzi259
Qdq7OUKqOiNcpxXZDohW0Yo2/VgtvKTmWOd9QN0q9K5xOaXwMjb6qv4RywIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFC7POkUc7DMvBeVqVxz+XiqKQH8nMB8GA1UdIwQY
MBaAFLoOEmTgezcIvLnbWhTnzJJwhjlYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4Yzkt
YmZlMGNjYjc5ZmNjLzEvTHM4NlJSenNNeThGNVdwWEhQNWVLb3BBZnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4YzktYmZlMGNjYjc5ZmNj
LzEvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJUvIAwQD
Lv6gAwQDXbNoAwQFbclgAwQDsjnQAwQCuQjcAwQDvEQIAwQDvESoAwQDvETAMA0E
AgACMAcDBQMqAzzAMA0GCSqGSIb3DQEBCwUAA4IBAQBLDbGCnZuNX2s9uMzHKMAW
wHhaQHct6ADh9phUgbIx/0lZSUj3rz5JFN1/Il8dJm5WT8wwnY5RjMrsmC9oLYtP
7jIusgRG4AoGKZ27Mtg1fsrisxQ3HbOegSBhlYtJnQRWQXch9JsJmubMFRz/i+V8
wImCt0bwNUb2HEydbTMxhBHVyUdA8NXESrZAEp4xVuZ52D42FOCzTRvi47JdY4Jq
+DamEJIn4TM0SnoqIn20X5OqfmGGivFFdBynB+adt7LhH9Pet/z3XVepE0j4bmmG
J2U7t61TpDYEgC8OHD/c4JXBRdcev9Rjk8HlXFMVo0WmTTn4vuTmLrdWPrR/GCBg
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:34:05 2025 by rpki-client