Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bofociPXHx86IlVVqafRR1bzbcw.roa
File: bofociPXHx86IlVVqafRR1bzbcw.roa (raw, json)
Hash identifier: QpQeZhB5FKzNYT+aJs5EPzEJaJtB5CXlxwwfgi/WwQI=
Subject key identifier: 6E:87:E8:72:23:D7:1F:1F:3A:22:55:55:A9:A7:D1:47:56:F3:6D:CC
Certificate issuer: /CN=6d5f83ee02b173748be5de3b3b9c2531799268e8
Certificate serial: 0185711E4FD11D76F98FEE81E7D8A6C59C3A
Authority key identifier: 6D:5F:83:EE:02:B1:73:74:8B:E5:DE:3B:3B:9C:25:31:79:92:68:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bV-D7gKxc3SL5d47O5wlMXmSaOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bofociPXHx86IlVVqafRR1bzbcw.roa
Signing time: Mon 02 Jan 2023 06:14:49 +0000
ROA not before: Mon 02 Jan 2023 06:14:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50838
IP address blocks: 2001:67c:2ca6::/48 maxlen: 48
2001:67c:2ca1::/48 maxlen: 48
2001:67c:2ca4::/48 maxlen: 48
2001:67c:2c84::/48 maxlen: 48
2001:67c:2ca7::/48 maxlen: 48
2001:67c:2ca2::/48 maxlen: 48
2001:67c:2ca5::/48 maxlen: 48
2001:67c:2ca0::/48 maxlen: 48
2001:67c:2ca3::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:1e:4f:d1:1d:76:f9:8f:ee:81:e7:d8:a6:c5:9c:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d5f83ee02b173748be5de3b3b9c2531799268e8
Validity
Not Before: Jan 2 06:14:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6e87e87223d71f1f3a225555a9a7d14756f36dcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:3a:6a:9f:97:89:42:d0:2c:e2:35:81:a5:0e:
13:2c:73:f6:35:0e:06:2b:48:93:ab:0a:46:af:8b:
f2:72:c9:c7:f9:b0:88:cb:74:c0:01:84:0f:a2:8a:
98:9d:28:84:2d:db:38:b2:7d:7b:bd:a7:da:b0:7e:
88:e8:8d:38:6b:ef:78:b3:9c:40:f4:b8:b3:b5:85:
70:e3:e8:20:e4:1b:45:f3:fe:87:71:66:65:1e:7a:
7d:9d:58:7b:8f:39:e9:4c:f4:81:93:79:40:4e:40:
19:84:86:77:4d:4b:2a:15:55:fb:3c:32:2f:6d:dd:
ac:11:24:4a:85:38:1b:04:36:1c:c7:e5:06:33:5f:
8e:e4:fc:3c:6c:ea:c2:a7:fd:45:6e:e2:44:0a:b0:
44:e0:70:55:9a:e1:85:24:22:39:b6:db:2e:2c:ee:
51:30:97:84:a2:41:fd:93:0d:05:05:a7:3a:b9:bc:
00:c9:e5:9e:ee:f7:c2:82:86:7b:13:67:68:b7:55:
84:39:e0:b6:d6:c6:69:c8:0a:75:97:f6:5e:dc:53:
80:13:d2:51:33:64:d1:d0:6e:1e:27:86:a0:38:df:
f7:15:8a:c3:d8:4c:f2:6f:01:52:7e:68:33:71:10:
17:82:a2:ee:84:a2:b1:8c:88:f6:1f:75:33:2b:fb:
b3:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:87:E8:72:23:D7:1F:1F:3A:22:55:55:A9:A7:D1:47:56:F3:6D:CC
X509v3 Authority Key Identifier:
keyid:6D:5F:83:EE:02:B1:73:74:8B:E5:DE:3B:3B:9C:25:31:79:92:68:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bV-D7gKxc3SL5d47O5wlMXmSaOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bofociPXHx86IlVVqafRR1bzbcw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/f9503e-da85-45fc-b032-b2e7feff402f/1/bV-D7gKxc3SL5d47O5wlMXmSaOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:2c84::/48
2001:67c:2ca0::/45
Signature Algorithm: sha256WithRSAEncryption
58:4e:03:e2:69:20:c6:24:27:db:92:4d:fb:94:27:3f:dc:c3:
44:a8:97:79:75:8a:28:e9:0f:6d:4b:ba:80:12:c1:61:5f:69:
12:b1:f8:b0:00:90:9c:fa:6b:90:0a:df:a9:0a:8a:f7:c8:33:
a8:09:c4:22:98:b8:9e:28:a5:2e:9c:0c:07:50:40:08:9a:92:
35:6e:1f:e8:28:b2:fe:e8:84:01:a1:eb:0c:dd:21:42:e2:68:
c3:3d:56:63:65:02:ea:95:72:49:11:ac:f4:05:ce:9c:53:b7:
a7:96:c0:78:0b:4d:ab:bb:6f:bf:42:3f:1e:26:34:8c:41:15:
84:72:4e:6c:62:7d:2e:29:3d:ab:5b:57:61:a2:35:9d:dc:aa:
7e:cd:ae:c1:30:1e:27:fb:84:3b:95:05:31:1d:7e:33:b2:0e:
4c:b9:82:3e:c5:9d:85:94:03:b4:32:2c:97:6d:be:24:62:e1:
07:b7:8a:d7:46:6b:dd:bd:3e:49:b1:74:0e:67:46:00:14:63:
88:7e:77:1b:b7:97:4a:42:4e:4f:e5:96:18:e4:a7:c9:82:f2:
c6:fb:51:3a:7a:78:fd:c3:dd:15:c4:d0:da:f3:c2:2c:19:41:
37:67:7b:fd:16:7a:17:e0:7e:f0:71:53:0c:16:51:1b:ea:1a:
a9:62:5c:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVxHk/RHXb5j+6B59imxZw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNWY4M2VlMDJiMTczNzQ4YmU1ZGUzYjNiOWMyNTMxNzk5
MjY4ZTgwHhcNMjMwMTAyMDYxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTg3ZTg3MjIzZDcxZjFmM2EyMjU1NTVhOWE3ZDE0NzU2ZjM2ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDpqn5eJQtAs4jWBpQ4TLHP2NQ4G
K0iTqwpGr4vycsnH+bCIy3TAAYQPooqYnSiELds4sn17vafasH6I6I04a+94s5xA
9LiztYVw4+gg5BtF8/6HcWZlHnp9nVh7jznpTPSBk3lATkAZhIZ3TUsqFVX7PDIv
bd2sESRKhTgbBDYcx+UGM1+O5Pw8bOrCp/1FbuJECrBE4HBVmuGFJCI5ttsuLO5R
MJeEokH9kw0FBac6ubwAyeWe7vfCgoZ7E2dot1WEOeC21sZpyAp1l/Ze3FOAE9JR
M2TR0G4eJ4agON/3FYrD2EzybwFSfmgzcRAXgqLuhKKxjIj2H3UzK/uzpQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG6H6HIj1x8fOiJVVamn0UdW823MMB8GA1UdIwQY
MBaAFG1fg+4CsXN0i+XeOzucJTF5kmjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlYtRDdnS3hjM1NMNWQ0N081d2xNWG1TYU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9mOTUwM2UtZGE4NS00NWZjLWIwMzIt
YjJlN2ZlZmY0MDJmLzEvYm9mb2NpUFhIeDg2SWxWVnFhZlJSMWJ6YmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9mOTUwM2UtZGE4NS00NWZjLWIwMzItYjJlN2ZlZmY0MDJm
LzEvYlYtRDdnS3hjM1NMNWQ0N081d2xNWG1TYU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfCyE
AwcDIAEGfCygMA0GCSqGSIb3DQEBCwUAA4IBAQBYTgPiaSDGJCfbkk37lCc/3MNE
qJd5dYoo6Q9tS7qAEsFhX2kSsfiwAJCc+muQCt+pCor3yDOoCcQimLieKKUunAwH
UEAImpI1bh/oKLL+6IQBoesM3SFC4mjDPVZjZQLqlXJJEaz0Bc6cU7enlsB4C02r
u2+/Qj8eJjSMQRWEck5sYn0uKT2rW1dhojWd3Kp+za7BMB4n+4Q7lQUxHX4zsg5M
uYI+xZ2FlAO0MiyXbb4kYuEHt4rXRmvdvT5JsXQOZ0YAFGOIfncbt5dKQk5P5ZYY
5KfJgvLG+1E6enj9w90VxNDa88IsGUE3Z3v9FnoX4H7wcVMMFlEb6hqpYlw+
-----END CERTIFICATE-----
Generated at Mon Feb 3 20:02:17 2025 by rpki-client