Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/a0K2qCcXq73lW2oLkVI-WaAHDGs.roa
File: a0K2qCcXq73lW2oLkVI-WaAHDGs.roa (raw, json)
Hash identifier: mOW66liQ2k8QcuP27pzw4lSfIgLwm0YITOsO1fvsFWA=
Subject key identifier: 6B:42:B6:A8:27:17:AB:BD:E5:5B:6A:0B:91:52:3E:59:A0:07:0C:6B
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 0185059115B140E027FD2709310729AEFC5F
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/a0K2qCcXq73lW2oLkVI-WaAHDGs.roa
Signing time: Mon 12 Dec 2022 09:01:12 +0000
ROA not before: Mon 12 Dec 2022 09:01:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42891
IP address blocks: 193.201.228.0/22 maxlen: 24
212.14.160.0/19 maxlen: 24
188.162.0.0/16 maxlen: 24
195.230.64.0/19 maxlen: 24
195.149.111.0/24 maxlen: 24
195.16.96.0/19 maxlen: 24
195.5.128.0/19 maxlen: 24
195.78.116.0/23 maxlen: 24
91.193.212.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:05:91:15:b1:40:e0:27:fd:27:09:31:07:29:ae:fc:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Dec 12 09:01:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6b42b6a82717abbde55b6a0b91523e59a0070c6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:8c:10:ec:aa:50:27:a9:81:bd:97:89:7d:b3:
5a:d1:48:01:17:8c:c8:25:0b:c7:78:71:5f:88:bb:
1d:db:5d:b4:4b:e9:16:6d:0a:2b:48:83:8d:c7:73:
13:8e:6b:de:a0:cd:c1:02:75:da:ec:1c:ad:12:72:
fb:de:61:30:d5:8e:d5:f7:ff:89:9c:fe:b2:6b:ac:
51:c1:b7:59:35:21:2a:ce:1a:b7:59:f8:cc:5d:1b:
94:9b:94:92:84:7b:e4:67:e6:f5:bc:4d:2b:ae:05:
cd:df:0f:7e:3a:d8:cf:39:c9:16:e8:c0:e7:52:99:
0d:66:a9:0a:b5:33:8f:05:14:3f:3a:55:d6:76:70:
92:30:27:7b:ba:8c:59:e3:7b:76:27:56:e2:52:46:
8e:b4:0c:2b:43:a0:e4:ed:91:42:cf:0a:a2:0d:98:
79:aa:bf:f2:ac:63:e8:46:b6:03:c7:a0:b1:2a:1b:
53:e2:bf:0b:8e:90:30:d4:f8:50:5e:ef:f7:2c:d0:
22:94:7e:e7:e4:a3:b8:b0:c9:e1:97:db:07:10:44:
b0:f8:61:ff:1b:2e:b4:7f:e5:c9:f2:a3:e3:86:fa:
dd:6f:fd:93:26:01:18:a0:7f:8c:61:be:bb:7a:3e:
3c:13:25:83:a8:22:21:65:30:e3:27:4f:e5:dd:af:
ef:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:42:B6:A8:27:17:AB:BD:E5:5B:6A:0B:91:52:3E:59:A0:07:0C:6B
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/a0K2qCcXq73lW2oLkVI-WaAHDGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.193.212.0/22
188.162.0.0/16
193.201.228.0/22
195.5.128.0/19
195.16.96.0/19
195.78.116.0/23
195.149.111.0/24
195.230.64.0/19
212.14.160.0/19
Signature Algorithm: sha256WithRSAEncryption
1c:fe:80:8e:c0:de:51:0a:83:30:cd:3d:18:6f:65:73:8d:e9:
39:06:6e:11:2b:31:1a:d8:89:72:17:ee:cb:ed:b5:7c:b8:b7:
7a:c5:5a:04:57:7b:b6:cb:05:8f:ff:52:f1:e3:1a:27:19:ac:
fd:00:9b:63:cb:ca:66:39:4d:1c:cd:5a:38:70:cf:5f:40:5c:
86:24:6d:06:43:d0:f8:e3:83:ae:e1:0d:d4:56:20:82:f5:c2:
2d:e3:e0:2d:14:91:8a:8d:67:4c:62:a7:31:d9:6d:e3:ab:ad:
44:d7:8c:62:69:00:83:60:b1:f8:8c:ce:d5:4f:8c:3f:53:19:
d0:dc:17:ed:bb:63:7e:1b:b5:1c:94:0b:5b:15:c5:a2:fb:55:
fc:2f:f5:77:1c:f2:e7:31:73:16:c8:21:76:36:e4:42:9d:1a:
a4:21:45:3c:a5:53:fc:66:4a:19:08:ee:70:19:de:fa:b3:fe:
e7:ab:88:ef:7e:52:cf:1e:0e:f5:06:55:d2:64:c9:71:b1:76:
e8:31:d1:fd:96:0a:45:56:4a:b7:52:4c:88:c4:b5:b9:bf:df:
15:42:40:e8:f0:18:ce:45:e8:d6:fe:53:6c:0c:ee:b6:5d:b3:
d5:39:3e:c6:b3:d9:8b:3f:25:29:fe:d9:72:2c:d6:0d:28:c6:
7e:a5:18:5e
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYUFkRWxQOAn/ScJMQcprvxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjEyMDkwMTEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQyYjZhODI3MTdhYmJkZTU1YjZhMGI5MTUyM2U1OWEwMDcwYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4wQ7KpQJ6mBvZeJfbNa0UgBF4zI
JQvHeHFfiLsd2120S+kWbQorSIONx3MTjmveoM3BAnXa7BytEnL73mEw1Y7V9/+J
nP6ya6xRwbdZNSEqzhq3WfjMXRuUm5SShHvkZ+b1vE0rrgXN3w9+OtjPOckW6MDn
UpkNZqkKtTOPBRQ/OlXWdnCSMCd7uoxZ43t2J1biUkaOtAwrQ6Dk7ZFCzwqiDZh5
qr/yrGPoRrYDx6CxKhtT4r8LjpAw1PhQXu/3LNAilH7n5KO4sMnhl9sHEESw+GH/
Gy60f+XJ8qPjhvrdb/2TJgEYoH+MYb67ej48EyWDqCIhZTDjJ0/l3a/v5wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFGtCtqgnF6u95VtqC5FSPlmgBwxrMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvYTBLMnFDY1hxNzNsVzJvTGtWSS1XYUFIREdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1AwQCW8HUAwMA
vKIDBALByeQDBAXDBYADBAXDEGADBAHDTnQDBADDlW8DBAXD5kADBAXUDqAwDQYJ
KoZIhvcNAQELBQADggEBABz+gI7A3lEKgzDNPRhvZXON6TkGbhErMRrYiXIX7svt
tXy4t3rFWgRXe7bLBY//UvHjGicZrP0Am2PLymY5TRzNWjhwz19AXIYkbQZD0Pjj
g67hDdRWIIL1wi3j4C0UkYqNZ0xipzHZbeOrrUTXjGJpAINgsfiMztVPjD9TGdDc
F+27Y34btRyUC1sVxaL7Vfwv9Xcc8ucxcxbIIXY25EKdGqQhRTylU/xmShkI7nAZ
3vqz/ueriO9+Us8eDvUGVdJkyXGxdugx0f2WCkVWSrdSTIjEtbm/3xVCQOjwGM5F
6Nb+U2wM7rZds9U5Psaz2Ys/JSn+2XIs1g0oxn6lGF4=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:34:18 2025 by rpki-client