Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/bdiC9ia5IwXYE--gbgc9q3hamPk.roa
File: bdiC9ia5IwXYE--gbgc9q3hamPk.roa (raw, json)
Hash identifier: +sAqSV0LX2vdm7TXCgIzp1m+U8cww2ULVn9HM75UAg8=
Subject key identifier: 6D:D8:82:F6:26:B9:23:05:D8:13:EF:A0:6E:07:3D:AB:78:5A:98:F9
Certificate issuer: /CN=f16b28416ddbf39fb24b0996686acface76c98d5
Certificate serial: 0185727A2CBFAE0963B7CA7D85093F11034E
Authority key identifier: F1:6B:28:41:6D:DB:F3:9F:B2:4B:09:96:68:6A:CF:AC:E7:6C:98:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8WsoQW3b85-ySwmWaGrPrOdsmNU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/bdiC9ia5IwXYE--gbgc9q3hamPk.roa
Signing time: Mon 02 Jan 2023 12:34:47 +0000
ROA not before: Mon 02 Jan 2023 12:34:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209754
IP address blocks: 85.119.104.0/21 maxlen: 24
185.85.112.0/22 maxlen: 24
185.85.112.0/23 maxlen: 24
185.85.112.0/24 maxlen: 24
185.85.113.0/24 maxlen: 24
185.85.114.0/24 maxlen: 24
185.85.114.0/23 maxlen: 23
185.85.115.0/24 maxlen: 24
2a01:9780::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:7a:2c:bf:ae:09:63:b7:ca:7d:85:09:3f:11:03:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f16b28416ddbf39fb24b0996686acface76c98d5
Validity
Not Before: Jan 2 12:34:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6dd882f626b92305d813efa06e073dab785a98f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e0:4b:89:c9:3f:ef:70:2a:3c:6c:89:cf:6d:
56:be:7d:af:10:71:ec:6a:70:07:b2:14:02:1d:ce:
0f:f7:73:70:dc:57:5d:56:3d:f5:bd:b0:eb:7a:c8:
c4:f0:7d:1d:7c:e5:94:be:8e:f0:87:b8:59:ac:51:
9c:92:2f:d6:a3:b9:70:e9:ad:71:7f:be:ad:63:69:
75:f0:b8:cc:2f:3b:85:fb:bf:d1:b4:78:10:00:73:
6f:80:fe:5d:42:dc:d4:3e:df:ca:e2:04:37:f4:18:
43:be:e2:5b:0d:5d:ba:57:be:75:00:df:96:1c:b8:
ac:de:02:10:d7:8a:a6:cb:af:9c:08:29:b8:ae:3c:
f1:93:ba:0b:a0:47:88:84:76:88:02:47:ec:1a:08:
0e:5e:65:24:ae:68:d1:1c:80:2e:61:89:5e:26:84:
63:94:e2:39:be:5a:82:88:af:e3:0d:55:a6:a2:af:
a0:4a:73:b6:e0:51:75:56:80:bc:0c:ab:22:33:04:
60:5a:98:d1:9b:ec:cf:09:84:18:ef:c3:d3:0c:4d:
75:a8:c9:72:77:97:31:bd:0f:3c:c1:26:dc:2d:a3:
70:bf:be:5f:6a:4b:d3:08:06:ee:f5:f6:38:13:53:
e0:c0:eb:31:81:43:a2:46:ce:f6:4f:19:60:f7:a4:
90:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:D8:82:F6:26:B9:23:05:D8:13:EF:A0:6E:07:3D:AB:78:5A:98:F9
X509v3 Authority Key Identifier:
keyid:F1:6B:28:41:6D:DB:F3:9F:B2:4B:09:96:68:6A:CF:AC:E7:6C:98:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8WsoQW3b85-ySwmWaGrPrOdsmNU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/bdiC9ia5IwXYE--gbgc9q3hamPk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b165ca-2f33-4e8e-a896-cdaa581518f3/1/8WsoQW3b85-ySwmWaGrPrOdsmNU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.119.104.0/21
185.85.112.0/22
IPv6:
2a01:9780::/32
Signature Algorithm: sha256WithRSAEncryption
5f:a1:88:16:ac:49:15:1e:90:25:7a:f0:d4:5e:09:c8:b7:9b:
cf:e9:4d:42:c8:d9:e1:b7:6d:20:5d:6b:90:aa:17:80:e2:16:
75:c4:b1:80:df:6e:eb:48:e6:01:d6:a8:06:3c:f3:dc:da:06:
b6:af:b5:83:24:0b:50:d2:0b:12:b8:0d:df:c3:15:76:6f:fe:
65:b7:42:a1:7e:7a:5d:48:0f:a7:97:a0:41:4a:d6:84:e4:68:
24:b6:dd:94:95:69:a9:fc:36:32:8b:2d:a8:ef:79:cd:72:e3:
c8:56:0a:27:d2:43:22:52:52:a7:23:0e:7f:c1:ed:ad:d8:91:
60:c4:65:72:35:7b:6c:ad:ee:c8:21:61:42:e9:24:ef:27:ab:
4c:1a:5b:be:33:68:d8:40:46:66:19:f3:51:81:69:11:8d:81:
72:30:c1:17:15:98:75:ee:8e:9f:62:a8:a6:dd:a9:8f:71:54:
32:c3:68:f7:94:b7:20:72:fb:f9:e2:33:27:a0:be:13:72:08:
7e:92:f3:7a:cb:c1:b0:3d:23:51:d2:33:7f:94:7e:c8:9e:a6:
17:7d:3e:b4:49:02:b0:53:ea:f1:83:82:da:82:24:f1:9c:c3:
c6:75:3d:0a:96:2e:01:69:e9:9b:d8:ed:b4:d3:ff:a7:a1:21:
16:55:88:11
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVyeiy/rgljt8p9hQk/EQNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNmIyODQxNmRkYmYzOWZiMjRiMDk5NjY4NmFjZmFjZTc2
Yzk4ZDUwHhcNMjMwMTAyMTIzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ4ODJmNjI2YjkyMzA1ZDgxM2VmYTA2ZTA3M2RhYjc4NWE5OGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuBLick/73AqPGyJz21Wvn2vEHHs
anAHshQCHc4P93Nw3FddVj31vbDresjE8H0dfOWUvo7wh7hZrFGcki/Wo7lw6a1x
f76tY2l18LjMLzuF+7/RtHgQAHNvgP5dQtzUPt/K4gQ39BhDvuJbDV26V751AN+W
HLis3gIQ14qmy6+cCCm4rjzxk7oLoEeIhHaIAkfsGggOXmUkrmjRHIAuYYleJoRj
lOI5vlqCiK/jDVWmoq+gSnO24FF1VoC8DKsiMwRgWpjRm+zPCYQY78PTDE11qMly
d5cxvQ88wSbcLaNwv75fakvTCAbu9fY4E1PgwOsxgUOiRs72Txlg96SQcQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG3YgvYmuSMF2BPvoG4HPat4Wpj5MB8GA1UdIwQY
MBaAFPFrKEFt2/OfsksJlmhqz6znbJjVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFdzb1FXM2I4NS15U3dtV2FHclByT2RzbU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9iMTY1Y2EtMmYzMy00ZThlLWE4OTYt
Y2RhYTU4MTUxOGYzLzEvYmRpQzlpYTVJd1hZRS0tZ2JnYzlxM2hhbVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9iMTY1Y2EtMmYzMy00ZThlLWE4OTYtY2RhYTU4MTUxOGYz
LzEvOFdzb1FXM2I4NS15U3dtV2FHclByT2RzbU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVXdoAwQC
uVVwMA0EAgACMAcDBQAqAZeAMA0GCSqGSIb3DQEBCwUAA4IBAQBfoYgWrEkVHpAl
evDUXgnIt5vP6U1CyNnht20gXWuQqheA4hZ1xLGA327rSOYB1qgGPPPc2ga2r7WD
JAtQ0gsSuA3fwxV2b/5lt0KhfnpdSA+nl6BBStaE5Ggktt2UlWmp/DYyiy2o73nN
cuPIVgon0kMiUlKnIw5/we2t2JFgxGVyNXtsre7IIWFC6STvJ6tMGlu+M2jYQEZm
GfNRgWkRjYFyMMEXFZh17o6fYqim3amPcVQyw2j3lLcgcvv54jMnoL4Tcgh+kvN6
y8GwPSNR0jN/lH7InqYXfT60SQKwU+rxg4LagiTxnMPGdT0Kli4Baemb2O200/+n
oSEWVYgR
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:15:21 2025 by rpki-client