Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/qkmNTqs5l8SfM8yA7frOLSFmnWY.roa
File: qkmNTqs5l8SfM8yA7frOLSFmnWY.roa (raw, json)
Hash identifier: 14XIsJzkCHMZMj7fW6wriAsKq8uex2wNzdMGVyJ0qEs=
Subject key identifier: AA:49:8D:4E:AB:39:97:C4:9F:33:CC:80:ED:FA:CE:2D:21:66:9D:66
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 0184C7D3E3F7A611572E440B79646B51E40F
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/qkmNTqs5l8SfM8yA7frOLSFmnWY.roa
Signing time: Wed 30 Nov 2022 09:17:43 +0000
ROA not before: Wed 30 Nov 2022 09:17:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31205
IP address blocks: 109.188.0.0/16 maxlen: 24
195.16.96.0/19 maxlen: 24
85.26.128.0/17 maxlen: 24
188.170.247.0/24 maxlen: 24
79.171.8.0/21 maxlen: 24
193.201.228.0/22 maxlen: 24
178.23.144.0/21 maxlen: 24
109.124.64.0/18 maxlen: 24
213.154.160.0/19 maxlen: 24
213.168.32.0/19 maxlen: 24
185.3.32.0/22 maxlen: 24
94.25.128.0/17 maxlen: 24
93.153.128.0/17 maxlen: 24
86.109.192.0/19 maxlen: 24
212.69.96.0/19 maxlen: 24
78.25.64.0/18 maxlen: 24
185.210.140.0/22 maxlen: 24
212.119.160.0/19 maxlen: 24
178.176.240.0/22 maxlen: 22
178.176.244.0/22 maxlen: 22
80.247.176.0/20 maxlen: 24
91.193.212.0/22 maxlen: 24
37.29.86.0/23 maxlen: 23
188.170.240.0/22 maxlen: 22
31.173.240.0/23 maxlen: 23
195.5.128.0/19 maxlen: 24
31.173.242.0/23 maxlen: 23
128.204.64.0/18 maxlen: 24
31.173.244.0/22 maxlen: 22
95.137.0.0/17 maxlen: 24
212.14.160.0/19 maxlen: 24
195.230.64.0/19 maxlen: 24
195.149.111.0/24 maxlen: 24
81.24.128.0/20 maxlen: 24
83.149.50.0/24 maxlen: 24
78.41.100.0/22 maxlen: 24
83.149.48.0/24 maxlen: 24
83.149.51.0/24 maxlen: 24
195.78.116.0/23 maxlen: 24
83.149.49.0/24 maxlen: 24
178.176.48.0/24 maxlen: 24
83.169.192.0/18 maxlen: 24
109.74.112.0/20 maxlen: 24
188.162.0.0/16 maxlen: 24
188.94.168.0/21 maxlen: 24
46.232.202.0/23 maxlen: 23
46.232.200.0/23 maxlen: 23
213.243.64.0/18 maxlen: 24
217.115.80.0/20 maxlen: 24
83.222.192.0/19 maxlen: 24
83.229.128.0/17 maxlen: 24
212.44.64.0/19 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c7:d3:e3:f7:a6:11:57:2e:44:0b:79:64:6b:51:e4:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Nov 30 09:17:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=aa498d4eab3997c49f33cc80edface2d21669d66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:54:88:18:00:9a:cb:e5:2a:01:4b:9a:6a:fb:
7c:ae:69:4b:b2:ba:38:93:74:2d:72:88:d4:24:86:
39:8c:dc:e3:c8:5b:6f:8e:ce:5d:65:47:e8:ee:5d:
2a:d8:b2:82:96:20:f9:f9:41:e7:3a:c2:c0:c8:fe:
24:9d:cb:bd:13:ae:c5:49:73:01:93:de:69:60:a5:
ff:32:9a:54:eb:f6:95:21:48:91:41:7c:04:18:8c:
48:34:f0:bc:64:e2:f1:56:8f:d9:b6:f7:75:ab:c8:
38:b7:92:49:31:91:18:20:15:da:69:75:9d:13:09:
1d:52:69:70:3d:68:11:dc:01:0a:7a:ef:05:f6:73:
e9:24:a8:a5:80:e6:10:45:e7:8a:aa:2e:2b:89:df:
dc:e5:06:5b:7e:db:b3:6c:95:f3:e0:c4:1d:c0:42:
02:b2:13:1e:76:a6:71:7e:6d:76:58:dc:de:92:c7:
d4:b9:05:82:5d:6e:e5:83:44:29:36:f0:b8:cd:98:
f7:c4:05:06:bf:ba:9e:d9:27:d0:52:73:07:96:78:
ab:40:36:26:8e:77:da:3f:a9:55:7e:12:7f:37:06:
dd:9b:33:ff:0f:2b:ca:62:4e:12:d6:dc:50:e9:9d:
96:66:52:b1:d3:e1:d1:8e:76:da:52:37:b5:c8:8b:
86:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:49:8D:4E:AB:39:97:C4:9F:33:CC:80:ED:FA:CE:2D:21:66:9D:66
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/qkmNTqs5l8SfM8yA7frOLSFmnWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.173.240.0/21
37.29.86.0/23
46.232.200.0/22
78.25.64.0/18
78.41.100.0/22
79.171.8.0/21
80.247.176.0/20
81.24.128.0/20
83.149.48.0/22
83.169.192.0/18
83.222.192.0/19
83.229.128.0/17
85.26.128.0/17
86.109.192.0/19
91.193.212.0/22
93.153.128.0/17
94.25.128.0/17
95.137.0.0/17
109.74.112.0/20
109.124.64.0/18
109.188.0.0/16
128.204.64.0/18
178.23.144.0/21
178.176.48.0/24
178.176.240.0/21
185.3.32.0/22
185.210.140.0/22
188.94.168.0/21
188.162.0.0/16
188.170.240.0/22
188.170.247.0/24
193.201.228.0/22
195.5.128.0/19
195.16.96.0/19
195.78.116.0/23
195.149.111.0/24
195.230.64.0/19
212.14.160.0/19
212.44.64.0/19
212.69.96.0/19
212.119.160.0/19
213.154.160.0/19
213.168.32.0/19
213.243.64.0/18
217.115.80.0/20
Signature Algorithm: sha256WithRSAEncryption
a2:a7:03:fa:e5:f6:7d:b9:7f:2a:17:60:3f:46:24:ec:c3:d2:
3c:5c:20:83:ba:6e:13:2d:97:67:2f:8c:bc:b1:2c:ae:e7:12:
56:32:7a:ad:d0:64:42:28:ea:cd:f8:f4:b5:b7:f5:05:6f:47:
ad:91:5e:64:23:35:75:3d:53:e6:d6:10:0c:1c:68:54:d9:85:
31:82:08:96:a5:64:ce:73:5e:a6:be:41:60:32:15:d5:6b:b1:
72:8d:b1:a4:96:3a:05:e1:8e:f2:14:c3:7a:bc:df:f0:9e:43:
5e:d4:72:27:ba:1d:56:1e:cf:19:05:80:03:9f:ef:85:ba:55:
af:7c:88:8e:e8:bb:7d:df:e2:80:6f:e9:42:cb:78:b1:1b:39:
a4:94:2c:d2:78:02:ca:6b:43:ad:d8:e5:eb:8e:b8:03:f6:f2:
12:c0:b0:44:94:48:5f:2f:ae:8f:35:69:95:c1:9f:6b:a1:87:
ca:18:09:a8:22:00:52:89:9b:ab:e6:7f:25:86:54:30:dd:58:
3f:ae:6a:82:a8:6f:ef:a0:6b:50:14:44:61:15:1c:4a:5c:86:
64:ea:54:72:41:d5:8d:df:a1:a6:02:14:2a:65:fa:48:91:94:
a4:49:93:ec:90:7a:04:42:2f:c7:df:05:fa:a8:20:2d:a0:c2:
4c:bb:e1:a1
-----BEGIN CERTIFICATE-----
MIIGDTCCBPWgAwIBAgISAYTH0+P3phFXLkQLeWRrUeQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMTMwMDkxNzQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ5OGQ0ZWFiMzk5N2M0OWYzM2NjODBlZGZhY2UyZDIxNjY5ZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVSIGACay+UqAUuaavt8rmlLsro4
k3QtcojUJIY5jNzjyFtvjs5dZUfo7l0q2LKCliD5+UHnOsLAyP4kncu9E67FSXMB
k95pYKX/MppU6/aVIUiRQXwEGIxINPC8ZOLxVo/Ztvd1q8g4t5JJMZEYIBXaaXWd
EwkdUmlwPWgR3AEKeu8F9nPpJKilgOYQReeKqi4rid/c5QZbftuzbJXz4MQdwEIC
shMedqZxfm12WNzeksfUuQWCXW7lg0QpNvC4zZj3xAUGv7qe2SfQUnMHlnirQDYm
jnfaP6lVfhJ/NwbdmzP/DyvKYk4S1txQ6Z2WZlKx0+HRjnbaUje1yIuGvwIDAQAB
o4IDGTCCAxUwHQYDVR0OBBYEFKpJjU6rOZfEnzPMgO36zi0hZp1mMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvcWttTlRxczVsOFNmTTh5QTdmck9MU0ZtbldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLQYIKwYBBQUHAQcBAf8EggEcMIIBGDCCARQEAgABMIIB
DAMEAx+t8AMEASUdVgMEAi7oyAMEBk4ZQAMEAk4pZAMEA0+rCAMEBFD3sAMEBFEY
gAMEAlOVMAMEBlOpwAMEBVPewAMEB1PlgAMEB1UagAMEBVZtwAMEAlvB1AMEB12Z
gAMEB14ZgAMEB1+JAAMEBG1KcAMEBm18QAMDAG28AwQGgMxAAwQDsheQAwQAsrAw
AwQDsrDwAwQCuQMgAwQCudKMAwQDvF6oAwMAvKIDBAK8qvADBAC8qvcDBALByeQD
BAXDBYADBAXDEGADBAHDTnQDBADDlW8DBAXD5kADBAXUDqADBAXULEADBAXURWAD
BAXUd6ADBAXVmqADBAXVqCADBAbV80ADBATZc1AwDQYJKoZIhvcNAQELBQADggEB
AKKnA/rl9n25fyoXYD9GJOzD0jxcIIO6bhMtl2cvjLyxLK7nElYyeq3QZEIo6s34
9LW39QVvR62RXmQjNXU9U+bWEAwcaFTZhTGCCJalZM5zXqa+QWAyFdVrsXKNsaSW
OgXhjvIUw3q83/CeQ17Ucie6HVYezxkFgAOf74W6Va98iI7ou33f4oBv6ULLeLEb
OaSULNJ4AsprQ63Y5euOuAP28hLAsESUSF8vro81aZXBn2uhh8oYCagiAFKJm6vm
fyWGVDDdWD+uaoKob++ga1AURGEVHEpchmTqVHJB1Y3foaYCFCpl+kiRlKRJk+yQ
egRCL8ffBfqoIC2gwky74aE=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:55:10 2025 by rpki-client