Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/GBM_Nje6Qina1yJdmG-M4hQFwoM.roa
File: GBM_Nje6Qina1yJdmG-M4hQFwoM.roa (raw, json)
Hash identifier: FfPANwWaFP8/SftwW0jks5F+ctQUbCk9l3fGeilcPP0=
Subject key identifier: 18:13:3F:36:37:BA:42:29:DA:D7:22:5D:98:6F:8C:E2:14:05:C2:83
Certificate issuer: /CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
Certificate serial: 01856F14CD8C00F520A292070AE76AB83D57
Authority key identifier: BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/GBM_Nje6Qina1yJdmG-M4hQFwoM.roa
Signing time: Sun 01 Jan 2023 20:45:12 +0000
ROA not before: Sun 01 Jan 2023 20:45:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47586
IP address blocks: 109.235.184.0/21 maxlen: 24
37.77.108.0/22 maxlen: 24
158.58.128.0/21 maxlen: 24
146.19.211.0/24 maxlen: 24
80.249.204.0/22 maxlen: 24
185.30.116.0/22 maxlen: 24
93.190.16.0/21 maxlen: 24
2a00:b160::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:14:cd:8c:00:f5:20:a2:92:07:0a:e7:6a:b8:3d:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
Validity
Not Before: Jan 1 20:45:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=18133f3637ba4229dad7225d986f8ce21405c283
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:91:a7:98:90:f6:f3:3a:d8:9b:d4:e2:50:64:
37:db:f9:3b:34:37:08:3c:23:d2:61:83:3d:17:4d:
18:a1:d7:63:ae:2e:5d:7d:35:aa:2e:6c:de:c0:55:
84:92:9d:e4:5a:09:c7:af:89:64:79:f7:e5:8f:0e:
05:a9:18:fd:2f:21:8b:fe:23:58:55:99:d3:5c:0d:
25:a0:ba:49:9b:8e:ab:aa:6c:a8:44:4c:18:c1:c8:
96:8f:c5:59:05:5a:21:92:2e:10:fe:12:89:86:3c:
70:98:19:e4:28:09:09:09:51:14:61:5c:c4:4f:67:
e2:ae:1e:8d:f6:56:e9:7d:7c:b8:63:19:24:42:14:
3b:95:cd:69:69:94:a5:e2:81:cb:9d:5b:af:b5:26:
40:59:cf:3d:2c:07:55:58:4d:72:f7:be:f3:70:91:
7f:11:dd:6a:99:fa:b4:d3:1b:22:08:d3:47:4d:df:
de:06:bc:f0:0b:5d:c0:a9:0b:04:cc:b2:b7:1b:05:
c1:3e:99:33:60:b2:3d:be:ad:01:c1:ec:0f:84:f8:
03:3a:5a:58:70:5f:b8:be:18:99:51:8c:89:7c:10:
37:91:7c:c7:73:13:db:c6:9a:98:b2:67:b5:ef:91:
bb:80:e6:38:d0:34:e4:77:db:de:a9:d7:6a:fa:51:
12:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:13:3F:36:37:BA:42:29:DA:D7:22:5D:98:6F:8C:E2:14:05:C2:83
X509v3 Authority Key Identifier:
keyid:BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/GBM_Nje6Qina1yJdmG-M4hQFwoM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/vGY8bnedrpvbBGhU8Yn-jFw8MuE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.77.108.0/22
80.249.204.0/22
93.190.16.0/21
109.235.184.0/21
146.19.211.0/24
158.58.128.0/21
185.30.116.0/22
IPv6:
2a00:b160::/32
Signature Algorithm: sha256WithRSAEncryption
b8:43:85:d5:bc:61:5c:3f:b0:64:c5:26:29:44:a0:37:d2:95:
bb:28:70:76:6e:1a:8d:94:21:85:6f:e6:63:c6:f2:1a:d8:a9:
e6:5f:ed:b2:a5:3a:6c:6e:0c:6a:dc:1f:ad:c4:34:81:02:0e:
78:ba:f2:3d:40:17:39:ce:7a:ea:45:61:35:0e:3f:0e:0f:0f:
38:e5:30:99:6a:3c:da:12:a0:50:24:0d:b4:99:de:b5:d8:98:
d9:32:d4:53:bf:8c:9f:ce:d4:50:4f:e6:15:18:b0:7f:52:4d:
98:43:cf:f0:08:f3:57:16:27:4e:62:03:21:23:47:03:1e:dd:
57:64:a8:82:d1:34:25:11:04:94:3e:54:39:9c:4d:4a:b2:2f:
33:c8:fe:f5:e6:19:d1:cc:3c:b9:30:5e:f6:ca:37:54:0c:6a:
d5:e1:d8:ae:45:07:f4:6e:48:54:f8:e7:d9:4e:07:c7:a2:02:
79:d2:39:bb:cf:a6:fc:00:03:5b:e8:20:5f:8c:69:23:02:7c:
1d:9f:b6:45:9a:27:89:d0:dd:ac:cb:c1:f0:17:f8:8f:91:c1:
16:61:8b:59:43:22:33:96:1d:f3:e1:da:bb:99:7f:da:2c:e0:
b7:84:00:d6:27:a6:c0:01:a1:25:d5:e9:99:d8:09:b4:59:ec:
b6:17:88:b6
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVvFM2MAPUgopIHCudquD1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjYzYzZlNzc5ZGFlOWJkYjA0Njg1NGYxODlmZThjNWMz
YzMyZTEwHhcNMjMwMTAxMjA0NTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODEzM2YzNjM3YmE0MjI5ZGFkNzIyNWQ5ODZmOGNlMjE0MDVjMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJGnmJD28zrYm9TiUGQ32/k7NDcI
PCPSYYM9F00Yoddjri5dfTWqLmzewFWEkp3kWgnHr4lkeffljw4FqRj9LyGL/iNY
VZnTXA0loLpJm46rqmyoREwYwciWj8VZBVohki4Q/hKJhjxwmBnkKAkJCVEUYVzE
T2firh6N9lbpfXy4YxkkQhQ7lc1paZSl4oHLnVuvtSZAWc89LAdVWE1y977zcJF/
Ed1qmfq00xsiCNNHTd/eBrzwC13AqQsEzLK3GwXBPpkzYLI9vq0BwewPhPgDOlpY
cF+4vhiZUYyJfBA3kXzHcxPbxpqYsme175G7gOY40DTkd9veqddq+lESIwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBgTPzY3ukIp2tciXZhvjOIUBcKDMB8GA1UdIwQY
MBaAFLxmPG53na6b2wRoVPGJ/oxcPDLhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2Et
MThiZGZlOGNjMGNkLzEvR0JNX05qZTZRaW5hMXlKZG1HLU00aFFGd29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2EtMThiZGZlOGNjMGNk
LzEvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCJU1sAwQC
UPnMAwQDXb4QAwQDbeu4AwQAkhPTAwQDnjqAAwQCuR50MA0EAgACMAcDBQAqALFg
MA0GCSqGSIb3DQEBCwUAA4IBAQC4Q4XVvGFcP7BkxSYpRKA30pW7KHB2bhqNlCGF
b+ZjxvIa2KnmX+2ypTpsbgxq3B+txDSBAg54uvI9QBc5znrqRWE1Dj8ODw845TCZ
ajzaEqBQJA20md612JjZMtRTv4yfztRQT+YVGLB/Uk2YQ8/wCPNXFidOYgMhI0cD
Ht1XZKiC0TQlEQSUPlQ5nE1Ksi8zyP715hnRzDy5MF72yjdUDGrV4diuRQf0bkhU
+OfZTgfHogJ50jm7z6b8AANb6CBfjGkjAnwdn7ZFmieJ0N2sy8HwF/iPkcEWYYtZ
QyIzlh3z4dq7mX/aLOC3hADWJ6bAAaEl1emZ2Am0Wey2F4i2
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:44:51 2025 by rpki-client