Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/yI8Fa7nvBo69s7AyLmzPMbQ-Jes.roa
File: yI8Fa7nvBo69s7AyLmzPMbQ-Jes.roa (raw, json)
Hash identifier: okCVfPH/sUIqVfv8QNrEMv9tlhXIa+mZuBsPgI/TwxQ=
Subject key identifier: C8:8F:05:6B:B9:EF:06:8E:BD:B3:B0:32:2E:6C:CF:31:B4:3E:25:EB
Certificate issuer: /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial: 018C638C93252D4E51690F0212BB1E4A62B3
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/yI8Fa7nvBo69s7AyLmzPMbQ-Jes.roa
Signing time: Wed 13 Dec 2023 14:20:06 +0000
ROA not before: Wed 13 Dec 2023 14:20:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8648
IP address blocks: 5.11.48.0/21 maxlen: 24
91.206.142.0/23 maxlen: 24
185.80.92.0/22 maxlen: 24
82.141.0.0/18 maxlen: 24
91.220.49.0/24 maxlen: 24
185.137.168.0/22 maxlen: 24
212.110.96.0/19 maxlen: 24
128.127.64.0/21 maxlen: 24
213.146.96.0/19 maxlen: 24
109.75.176.0/20 maxlen: 24
93.190.64.0/21 maxlen: 24
45.87.136.0/22 maxlen: 24
95.130.248.0/21 maxlen: 24
94.154.148.0/22 maxlen: 24
91.203.108.0/22 maxlen: 24
185.65.88.0/22 maxlen: 24
178.250.168.0/21 maxlen: 24
93.90.176.0/20 maxlen: 24
91.203.212.0/22 maxlen: 24
109.237.128.0/20 maxlen: 24
37.218.248.0/21 maxlen: 24
195.62.96.0/19 maxlen: 24
185.117.248.0/22 maxlen: 24
141.101.32.0/21 maxlen: 24
185.84.80.0/23 maxlen: 24
185.84.80.0/22 maxlen: 24
185.84.82.0/24 maxlen: 24
178.20.96.0/21 maxlen: 24
84.254.120.0/24 maxlen: 24
192.162.84.0/22 maxlen: 24
91.226.88.0/22 maxlen: 24
31.47.240.0/20 maxlen: 24
46.243.88.0/21 maxlen: 24
185.32.116.0/22 maxlen: 24
81.88.16.0/20 maxlen: 24
89.22.96.0/19 maxlen: 24
185.143.164.0/22 maxlen: 24
185.51.8.0/22 maxlen: 24
81.88.27.0/24 maxlen: 24
185.3.232.0/22 maxlen: 24
81.88.32.0/20 maxlen: 24
5.44.96.0/20 maxlen: 24
2a02:248::/32 maxlen: 48
2001:880::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:63:8c:93:25:2d:4e:51:69:0f:02:12:bb:1e:4a:62:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
Validity
Not Before: Dec 13 14:20:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c88f056bb9ef068ebdb3b0322e6ccf31b43e25eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:54:1d:17:ba:ff:f3:2f:e3:42:de:ec:4b:bf:
5e:19:cc:d5:89:4b:77:20:4b:9b:4f:e2:22:31:c3:
b0:c4:b9:a8:fd:b4:e6:a5:ad:c6:2f:2b:94:e8:16:
6f:e4:f8:a7:cc:ca:5e:b1:79:7d:a2:f7:81:93:3d:
a7:6d:23:03:9f:80:97:bc:f6:5e:cf:20:ca:30:88:
55:ce:61:0a:ce:8b:18:c3:1c:e9:54:b2:38:fe:9d:
2a:1c:ca:47:01:3c:72:e9:09:fd:00:36:d8:c7:f1:
9a:5f:3b:5b:e8:05:a1:e7:f5:15:c1:1b:19:1f:7a:
89:0e:0b:cf:07:17:78:92:93:e3:c0:f9:98:e8:87:
9c:19:ac:df:ea:9e:f0:69:5c:96:de:7f:55:08:f5:
de:e5:53:86:a9:47:84:64:44:74:a0:0b:d5:69:e1:
ef:da:79:82:1d:24:84:29:ac:78:e9:46:b3:f9:bc:
48:7a:5e:c0:8d:a2:1c:87:0e:74:76:3a:2a:7b:e9:
8e:7b:38:ec:9b:d9:92:4e:d9:b9:24:27:5e:36:d3:
19:88:cf:2f:a4:15:3a:69:49:72:9f:04:8a:48:c9:
a7:90:e3:af:99:ee:75:8d:da:3c:3a:1e:04:f3:b4:
c2:7c:cc:6e:80:f2:9f:5a:7f:04:3a:c0:0b:eb:b3:
45:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:8F:05:6B:B9:EF:06:8E:BD:B3:B0:32:2E:6C:CF:31:B4:3E:25:EB
X509v3 Authority Key Identifier:
keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/yI8Fa7nvBo69s7AyLmzPMbQ-Jes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.11.48.0/21
5.44.96.0/20
31.47.240.0/20
37.218.248.0/21
45.87.136.0/22
46.243.88.0/21
81.88.16.0-81.88.47.255
82.141.0.0/18
84.254.120.0/24
89.22.96.0/19
91.203.108.0/22
91.203.212.0/22
91.206.142.0/23
91.220.49.0/24
91.226.88.0/22
93.90.176.0/20
93.190.64.0/21
94.154.148.0/22
95.130.248.0/21
109.75.176.0/20
109.237.128.0/20
128.127.64.0/21
141.101.32.0/21
178.20.96.0/21
178.250.168.0/21
185.3.232.0/22
185.32.116.0/22
185.51.8.0/22
185.65.88.0/22
185.80.92.0/22
185.84.80.0/22
185.117.248.0/22
185.137.168.0/22
185.143.164.0/22
192.162.84.0/22
195.62.96.0/19
212.110.96.0/19
213.146.96.0/19
IPv6:
2001:880::/32
2a02:248::/32
Signature Algorithm: sha256WithRSAEncryption
19:27:d5:e5:6f:88:b8:b1:eb:d5:de:9d:fa:3c:5b:5b:94:96:
e3:a4:29:0e:9d:a2:26:19:43:82:45:e0:90:87:ad:61:5f:72:
4c:c1:f4:ba:f3:ed:ba:36:b9:74:f0:dd:bd:38:06:bb:1a:b5:
98:b2:16:8e:13:cc:fc:96:74:30:f6:99:2e:4a:1c:0e:68:59:
3b:66:56:47:d8:55:d9:a6:a6:7e:a6:db:e6:6d:77:a3:12:05:
49:bd:3d:18:a2:9e:b8:f3:9e:dd:03:63:22:83:e0:2f:fb:bd:
0f:41:a9:2c:a5:6a:23:13:b6:dd:ec:e0:5d:e2:a4:04:43:7b:
e7:77:5f:c4:72:75:64:33:24:ff:60:98:83:a6:8d:27:68:2a:
e0:5b:a4:19:ef:26:6d:f5:77:e5:41:64:e3:87:5a:d8:54:a7:
ca:4f:c9:e5:ce:d0:8c:f0:62:ec:95:e0:a8:97:7c:ec:2d:8b:
97:57:69:f6:c8:b2:7c:8f:bf:ad:09:3d:1d:6a:79:32:70:7c:
d9:c8:6d:04:a2:08:54:6c:48:8d:22:89:b5:18:50:78:ab:31:
d9:49:61:c1:9c:09:e2:8c:a0:9a:3b:a9:a4:be:6c:a4:7a:e0:
75:ad:0c:dc:6b:33:e3:79:f7:c2:56:07:e7:9f:57:94:41:82:
59:44:f6:53
-----BEGIN CERTIFICATE-----
MIIGATCCBOmgAwIBAgISAYxjjJMlLU5RaQ8CErseSmKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjMxMjEzMTQyMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhmMDU2YmI5ZWYwNjhlYmRiM2IwMzIyZTZjY2YzMWI0M2UyNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVQdF7r/8y/jQt7sS79eGczViUt3
IEubT+IiMcOwxLmo/bTmpa3GLyuU6BZv5PinzMpesXl9oveBkz2nbSMDn4CXvPZe
zyDKMIhVzmEKzosYwxzpVLI4/p0qHMpHATxy6Qn9ADbYx/GaXztb6AWh5/UVwRsZ
H3qJDgvPBxd4kpPjwPmY6IecGazf6p7waVyW3n9VCPXe5VOGqUeEZER0oAvVaeHv
2nmCHSSEKax46Uaz+bxIel7AjaIchw50djoqe+mOezjsm9mSTtm5JCdeNtMZiM8v
pBU6aUlynwSKSMmnkOOvme51jdo8Oh4E87TCfMxugPKfWn8EOsAL67NFwQIDAQAB
o4IDDTCCAwkwHQYDVR0OBBYEFMiPBWu57waOvbOwMi5szzG0PiXrMB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEveUk4RmE3bnZCbzY5czdBeUxtelBNYlEtSmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIQYIKwYBBQUHAQcBAf8EggEQMIIBDDCB8wQCAAEwgewD
BAMFCzADBAQFLGADBAQfL/ADBAMl2vgDBAItV4gDBAMu81gwDAMEBFFYEAMEBFFY
IAMEBlKNAAMEAFT+eAMEBVkWYAMEAlvLbAMEAlvL1AMEAVvOjgMEAFvcMQMEAlvi
WAMEBF1asAMEA12+QAMEAl6alAMEA1+C+AMEBG1LsAMEBG3tgAMEA4B/QAMEA41l
IAMEA7IUYAMEA7L6qAMEArkD6AMEArkgdAMEArkzCAMEArlBWAMEArlQXAMEArlU
UAMEArl1+AMEArmJqAMEArmPpAMEAsCiVAMEBcM+YAMEBdRuYAMEBdWSYDAUBAIA
AjAOAwUAIAEIgAMFACoCAkgwDQYJKoZIhvcNAQELBQADggEBABkn1eVviLix69Xe
nfo8W1uUluOkKQ6doiYZQ4JF4JCHrWFfckzB9Lrz7bo2uXTw3b04BrsatZiyFo4T
zPyWdDD2mS5KHA5oWTtmVkfYVdmmpn6m2+Ztd6MSBUm9PRiinrjznt0DYyKD4C/7
vQ9BqSylaiMTtt3s4F3ipARDe+d3X8RydWQzJP9gmIOmjSdoKuBbpBnvJm31d+VB
ZOOHWthUp8pPyeXO0IzwYuyV4KiXfOwti5dXafbIsnyPv60JPR1qeTJwfNnIbQSi
CFRsSI0iibUYUHirMdlJYcGcCeKMoJo7qaS+bKR64HWtDNxrM+N598JWB+efV5RB
gllE9lM=
-----END CERTIFICATE-----
Generated at Mon Jun 9 00:21:28 2025 by rpki-client