Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/KcqPJQ-RAKu4B96hYemLMszVRyU.roa
File: KcqPJQ-RAKu4B96hYemLMszVRyU.roa (raw, json)
Hash identifier: Sxa2d8mb/OHD4HFmmdyIqQUDZNR7XfcLXaO4SXzYTn0=
Subject key identifier: 29:CA:8F:25:0F:91:00:AB:B8:07:DE:A1:61:E9:8B:32:CC:D5:47:25
Certificate issuer: /CN=e0a0106cd2857ef13234867cb7f16a23a93faa93
Certificate serial: 01856BEED5423EFCFD5E3BBAA9F3B905139F
Authority key identifier: E0:A0:10:6C:D2:85:7E:F1:32:34:86:7C:B7:F1:6A:23:A9:3F:AA:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/KcqPJQ-RAKu4B96hYemLMszVRyU.roa
Signing time: Sun 01 Jan 2023 06:04:52 +0000
ROA not before: Sun 01 Jan 2023 06:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48885
IP address blocks: 37.252.128.0/24 maxlen: 24
37.252.128.0/19 maxlen: 19
217.146.51.0/24 maxlen: 24
217.146.50.0/24 maxlen: 24
217.146.49.0/24 maxlen: 24
217.146.48.0/24 maxlen: 24
217.146.48.0/20 maxlen: 24
217.146.52.0/24 maxlen: 24
217.146.63.0/24 maxlen: 24
2a00:dbc0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ee:d5:42:3e:fc:fd:5e:3b:ba:a9:f3:b9:05:13:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0a0106cd2857ef13234867cb7f16a23a93faa93
Validity
Not Before: Jan 1 06:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=29ca8f250f9100abb807dea161e98b32ccd54725
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:91:85:b1:6e:17:e7:de:f1:a2:0d:68:d7:cd:
da:59:82:fd:7a:c4:f6:9e:86:10:da:b8:25:37:9a:
e6:ea:be:91:a9:c6:aa:6b:5d:cd:3d:77:13:e4:a0:
0b:bc:47:76:4e:01:9f:5f:49:e4:49:da:28:02:63:
85:19:15:29:ee:a5:ff:1c:87:c7:58:7c:3f:ad:24:
2d:52:49:e2:49:59:17:f2:36:c8:05:6f:17:ee:eb:
89:56:0d:63:ea:b1:66:e8:a1:1e:6b:86:ff:64:dc:
a7:4f:f7:e1:72:0a:88:82:49:f8:58:39:fd:b4:8a:
82:d4:58:77:1d:1b:76:f0:a5:e9:85:38:89:8a:70:
83:a2:11:9c:22:f3:67:11:11:6a:c6:99:7d:b0:ab:
9d:47:e0:12:3e:71:eb:85:90:b9:f3:3b:fd:be:69:
09:62:1b:34:fe:73:4e:3d:e1:e0:36:a8:91:14:f1:
76:d2:35:6b:b0:04:02:51:25:3c:25:48:98:04:39:
84:97:0e:b0:47:7a:58:d6:b4:87:8a:dd:58:65:e9:
6b:8f:a3:7d:f1:ea:38:4e:81:83:39:38:9f:d6:b0:
77:90:8e:07:d5:15:ff:b0:5b:9f:f0:46:a3:98:14:
57:81:c5:27:de:3a:18:d8:95:79:66:c0:cd:27:36:
78:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:CA:8F:25:0F:91:00:AB:B8:07:DE:A1:61:E9:8B:32:CC:D5:47:25
X509v3 Authority Key Identifier:
keyid:E0:A0:10:6C:D2:85:7E:F1:32:34:86:7C:B7:F1:6A:23:A9:3F:AA:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/KcqPJQ-RAKu4B96hYemLMszVRyU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.128.0/19
217.146.48.0/20
IPv6:
2a00:dbc0::/32
Signature Algorithm: sha256WithRSAEncryption
33:0b:5f:7f:82:1a:da:81:12:bb:82:fb:4f:29:2b:39:0b:bb:
f1:02:99:c1:50:7c:29:b2:10:2c:99:d1:ec:aa:d6:50:8e:51:
29:03:62:23:4e:2c:0d:5f:91:db:30:49:5f:71:1e:6b:da:a8:
4b:8c:14:90:77:e7:56:e6:a8:b8:c5:1d:5b:7c:a0:55:39:6b:
2c:f5:c7:18:e5:f4:12:9c:1c:69:55:ad:4f:68:ca:58:fa:57:
84:82:86:d6:89:49:6d:aa:05:94:2f:b5:19:5d:9f:eb:d0:fa:
50:0d:98:37:b2:d6:ce:ae:31:71:d9:9d:31:ff:90:20:4c:2d:
5d:4e:2a:a1:3b:5e:b6:ab:25:da:7b:d5:6c:82:b9:46:fb:f6:
76:02:8f:ad:eb:39:63:e6:7e:38:b2:9e:93:ac:da:bb:d8:72:
be:d4:78:59:04:e5:38:7b:de:83:f4:0b:77:18:ef:8f:ff:09:
2a:ad:3c:ff:00:d1:e2:c2:7e:cc:bb:54:cd:95:10:b2:92:80:
1d:4b:61:72:b1:e0:25:82:cb:5b:33:d2:66:af:bc:d5:d4:a8:
36:1b:93:83:c0:27:ba:64:f3:a2:be:f2:60:8b:4c:77:4b:29:
69:e8:30:3f:47:78:d9:e8:3d:c2:c7:82:a0:b2:4a:a5:20:87:
2b:28:9c:44
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVr7tVCPvz9Xju6qfO5BROfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYTAxMDZjZDI4NTdlZjEzMjM0ODY3Y2I3ZjE2YTIzYTkz
ZmFhOTMwHhcNMjMwMTAxMDYwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNhOGYyNTBmOTEwMGFiYjgwN2RlYTE2MWU5OGIzMmNjZDU0NzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5GFsW4X597xog1o183aWYL9esT2
noYQ2rglN5rm6r6Rqcaqa13NPXcT5KALvEd2TgGfX0nkSdooAmOFGRUp7qX/HIfH
WHw/rSQtUkniSVkX8jbIBW8X7uuJVg1j6rFm6KEea4b/ZNynT/fhcgqIgkn4WDn9
tIqC1Fh3HRt28KXphTiJinCDohGcIvNnERFqxpl9sKudR+ASPnHrhZC58zv9vmkJ
Yhs0/nNOPeHgNqiRFPF20jVrsAQCUSU8JUiYBDmElw6wR3pY1rSHit1YZelrj6N9
8eo4ToGDOTif1rB3kI4H1RX/sFuf8EajmBRXgcUn3joY2JV5ZsDNJzZ4TwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCnKjyUPkQCruAfeoWHpizLM1UclMB8GA1UdIwQY
MBaAFOCgEGzShX7xMjSGfLfxaiOpP6qTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtBUWJOS0ZmdkV5TklaOHRfRnFJNmtfcXBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80NmYxNDctMTczZi00MjYwLWFhN2It
M2E2YmY4OTBhMDFkLzEvS2NxUEpRLVJBS3U0Qjk2aFllbUxNc3pWUnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi80NmYxNDctMTczZi00MjYwLWFhN2ItM2E2YmY4OTBhMDFk
LzEvNEtBUWJOS0ZmdkV5TklaOHRfRnFJNmtfcXBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFJfyAAwQE
2ZIwMA0EAgACMAcDBQAqANvAMA0GCSqGSIb3DQEBCwUAA4IBAQAzC19/ghragRK7
gvtPKSs5C7vxApnBUHwpshAsmdHsqtZQjlEpA2IjTiwNX5HbMElfcR5r2qhLjBSQ
d+dW5qi4xR1bfKBVOWss9ccY5fQSnBxpVa1PaMpY+leEgobWiUltqgWUL7UZXZ/r
0PpQDZg3stbOrjFx2Z0x/5AgTC1dTiqhO162qyXae9VsgrlG+/Z2Ao+t6zlj5n44
sp6TrNq72HK+1HhZBOU4e96D9At3GO+P/wkqrTz/ANHiwn7Mu1TNlRCykoAdS2Fy
seAlgstbM9Jmr7zV1Kg2G5ODwCe6ZPOivvJgi0x3Sylp6DA/R3jZ6D3Cx4Kgskql
IIcrKJxE
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:30:45 2025 by rpki-client