Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/db4526-e0ef-4e22-8ff9-5030d0ae6ebc/1/rzhyQT5Dj-r9SG685BgSIRg-BUc.roa
File: rzhyQT5Dj-r9SG685BgSIRg-BUc.roa (raw, json)
Hash identifier: cs7oocu65Y1Thv9nfhlxrQ/VzEKTo9IQdAynxVJ4HeY=
Subject key identifier: AF:38:72:41:3E:43:8F:EA:FD:48:6E:BC:E4:18:12:21:18:3E:05:47
Certificate issuer: /CN=97de85c684fcff83ec4148ab5f6f67cd1504f93d
Certificate serial: 018B68AD665CC653328D117AF102F836B786
Authority key identifier: 97:DE:85:C6:84:FC:FF:83:EC:41:48:AB:5F:6F:67:CD:15:04:F9:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l96FxoT8_4PsQUirX29nzRUE-T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/db4526-e0ef-4e22-8ff9-5030d0ae6ebc/1/rzhyQT5Dj-r9SG685BgSIRg-BUc.roa
Signing time: Wed 25 Oct 2023 21:11:16 +0000
ROA not before: Wed 25 Oct 2023 21:11:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200698
IP address blocks: 185.212.109.0/24 maxlen: 24
185.212.108.0/22 maxlen: 22
185.212.110.0/24 maxlen: 24
185.212.108.0/24 maxlen: 24
185.212.111.0/24 maxlen: 24
45.156.250.0/24 maxlen: 24
45.156.251.0/24 maxlen: 24
45.156.249.0/24 maxlen: 24
45.156.248.0/24 maxlen: 24
45.156.248.0/22 maxlen: 22
185.164.32.0/22 maxlen: 22
185.164.33.0/24 maxlen: 24
185.164.34.0/24 maxlen: 24
185.164.32.0/24 maxlen: 24
185.164.35.0/24 maxlen: 24
185.99.2.0/24 maxlen: 24
185.99.3.0/24 maxlen: 24
185.99.0.0/24 maxlen: 24
185.99.1.0/24 maxlen: 24
185.99.0.0/22 maxlen: 22
2a00:8620::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:68:ad:66:5c:c6:53:32:8d:11:7a:f1:02:f8:36:b7:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97de85c684fcff83ec4148ab5f6f67cd1504f93d
Validity
Not Before: Oct 25 21:11:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=af3872413e438feafd486ebce4181221183e0547
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:bb:fc:b2:2a:54:1e:0a:f4:9d:55:22:4f:e5:
71:cc:03:3b:29:2a:05:7e:1b:a0:f7:e7:01:03:fa:
41:f2:70:1d:e8:37:99:ff:7f:67:78:07:b1:72:8a:
68:f1:84:fc:f7:9b:f5:65:1d:01:01:de:09:b5:d8:
9d:e8:57:78:64:f4:73:96:32:0e:6a:87:b1:35:38:
35:5f:c8:ce:80:ee:2c:a7:89:69:98:ef:f1:8e:ea:
ff:52:fc:91:f1:94:5f:4a:a1:cc:eb:87:24:6b:42:
bf:16:56:d9:e0:91:8f:d3:ed:8c:d7:76:0e:39:db:
bc:75:f5:4b:fe:42:6f:1f:9f:d5:59:0d:8e:da:20:
8e:e5:bc:14:6c:ac:b6:57:1e:62:58:b7:c8:81:47:
7d:08:eb:1b:18:b1:d1:19:7f:34:69:c3:e9:93:ea:
d4:1b:47:2a:dd:c3:cf:e4:71:93:de:5a:8b:a0:4e:
0d:4c:79:6f:b0:10:ad:69:f5:f4:ef:60:b6:b1:be:
b3:4b:a6:0f:0d:2b:09:64:a9:3c:71:b3:e3:8c:14:
1a:bb:4a:ba:76:10:0c:b1:2a:c9:8a:1a:bf:a9:87:
ee:dd:82:65:17:67:22:6c:8f:9e:58:ae:66:42:09:
bd:d2:eb:91:b2:85:75:7d:88:4f:b3:4a:0b:88:dd:
ed:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:38:72:41:3E:43:8F:EA:FD:48:6E:BC:E4:18:12:21:18:3E:05:47
X509v3 Authority Key Identifier:
keyid:97:DE:85:C6:84:FC:FF:83:EC:41:48:AB:5F:6F:67:CD:15:04:F9:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l96FxoT8_4PsQUirX29nzRUE-T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/db4526-e0ef-4e22-8ff9-5030d0ae6ebc/1/rzhyQT5Dj-r9SG685BgSIRg-BUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/db4526-e0ef-4e22-8ff9-5030d0ae6ebc/1/l96FxoT8_4PsQUirX29nzRUE-T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.248.0/22
185.99.0.0/22
185.164.32.0/22
185.212.108.0/22
IPv6:
2a00:8620::/32
Signature Algorithm: sha256WithRSAEncryption
46:bc:fd:fd:1c:3d:dd:cb:11:7a:92:6d:21:27:92:8d:58:cc:
bf:62:00:aa:7f:50:cc:56:42:7b:a4:9a:95:58:eb:53:3d:d0:
14:1a:d3:9f:f5:a2:21:dc:bb:b8:4b:2b:8f:4b:3a:52:ad:1b:
b1:83:24:10:8e:38:f5:b5:f0:6d:ae:37:1c:14:24:0d:fb:6a:
74:b8:b0:87:78:63:48:09:91:6d:d4:e0:32:ad:60:a2:22:55:
ab:6c:6d:7f:c9:9e:b1:15:1d:f3:9e:22:c8:49:73:ff:5e:4a:
62:df:20:08:89:24:37:a5:d6:a0:5b:27:58:4c:d0:38:05:ac:
be:bf:e3:8e:3b:02:ca:d0:c5:51:bd:02:e0:04:4d:84:9e:a1:
d4:f9:dc:2a:9c:e5:8b:b9:0e:16:ff:7a:57:4b:b3:22:90:57:
f6:97:f4:e4:f9:00:a7:af:6a:e5:5e:dc:6f:89:82:12:cb:94:
63:4b:2a:b5:53:b4:80:95:88:ad:92:dd:57:83:fc:a6:2b:3d:
73:0b:ac:27:11:a0:c6:09:20:cf:99:0a:58:fa:8c:f4:b6:60:
62:f2:6a:40:d5:49:e8:49:4e:56:2d:ae:55:80:c6:f9:7a:a7:
6f:4d:c0:32:2b:8f:57:d8:82:d7:64:05:49:37:8a:d9:88:94:
f8:52:87:e2
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYtorWZcxlMyjRF68QL4NreGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZGU4NWM2ODRmY2ZmODNlYzQxNDhhYjVmNmY2N2NkMTUw
NGY5M2QwHhcNMjMxMDI1MjExMTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM4NzI0MTNlNDM4ZmVhZmQ0ODZlYmNlNDE4MTIyMTE4M2UwNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLv8sipUHgr0nVUiT+VxzAM7KSoF
fhug9+cBA/pB8nAd6DeZ/39neAexcopo8YT895v1ZR0BAd4Jtdid6Fd4ZPRzljIO
aoexNTg1X8jOgO4sp4lpmO/xjur/UvyR8ZRfSqHM64cka0K/FlbZ4JGP0+2M13YO
Odu8dfVL/kJvH5/VWQ2O2iCO5bwUbKy2Vx5iWLfIgUd9COsbGLHRGX80acPpk+rU
G0cq3cPP5HGT3lqLoE4NTHlvsBCtafX072C2sb6zS6YPDSsJZKk8cbPjjBQau0q6
dhAMsSrJihq/qYfu3YJlF2cibI+eWK5mQgm90uuRsoV1fYhPs0oLiN3teQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFK84ckE+Q4/q/UhuvOQYEiEYPgVHMB8GA1UdIwQY
MBaAFJfehcaE/P+D7EFIq19vZ80VBPk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDk2RnhvVDhfNFBzUVVpclgyOW56UlVFLVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kYjQ1MjYtZTBlZi00ZTIyLThmZjkt
NTAzMGQwYWU2ZWJjLzEvcnpoeVFUNURqLXI5U0c2ODVCZ1NJUmctQlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kYjQ1MjYtZTBlZi00ZTIyLThmZjktNTAzMGQwYWU2ZWJj
LzEvbDk2RnhvVDhfNFBzUVVpclgyOW56UlVFLVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLZz4AwQC
uWMAAwQCuaQgAwQCudRsMA0EAgACMAcDBQAqAIYgMA0GCSqGSIb3DQEBCwUAA4IB
AQBGvP39HD3dyxF6km0hJ5KNWMy/YgCqf1DMVkJ7pJqVWOtTPdAUGtOf9aIh3Lu4
SyuPSzpSrRuxgyQQjjj1tfBtrjccFCQN+2p0uLCHeGNICZFt1OAyrWCiIlWrbG1/
yZ6xFR3zniLISXP/Xkpi3yAIiSQ3pdagWydYTNA4Bay+v+OOOwLK0MVRvQLgBE2E
nqHU+dwqnOWLuQ4W/3pXS7MikFf2l/Tk+QCnr2rlXtxviYISy5RjSyq1U7SAlYit
kt1Xg/ymKz1zC6wnEaDGCSDPmQpY+oz0tmBi8mpA1UnoSU5WLa5VgMb5eqdvTcAy
K49X2ILXZAVJN4rZiJT4Uofi
-----END CERTIFICATE-----
Generated at Sun Apr 13 02:47:19 2025 by rpki-client