![](/console.gif)
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ykAhXPTuE_hi4EtN9y5U40eMEbI.roa
File: ykAhXPTuE_hi4EtN9y5U40eMEbI.roa (raw, json)
Hash identifier: EEBxXOXLR/JxMCAAGNouWPuXGXuUphIbYcRDjxmvq8o=
Subject key identifier: CA:40:21:5C:F4:EE:13:F8:62:E0:4B:4D:F7:2E:54:E3:47:8C:11:B2
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 0184E2AF4AB5EDA4D654E617766BF231885A
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ykAhXPTuE_hi4EtN9y5U40eMEbI.roa
Signing time: Mon 05 Dec 2022 14:27:29 +0000
ROA not before: Mon 05 Dec 2022 14:27:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 20632
IP address blocks: 109.188.0.0/16 maxlen: 24
84.204.230.0/24 maxlen: 24
195.16.96.0/19 maxlen: 24
84.204.160.0/20 maxlen: 20
84.204.176.0/21 maxlen: 21
79.171.8.0/21 maxlen: 21
84.204.188.0/22 maxlen: 22
84.204.192.0/18 maxlen: 18
193.201.228.0/22 maxlen: 24
217.195.64.0/19 maxlen: 19
178.23.144.0/21 maxlen: 24
109.124.64.0/18 maxlen: 24
213.154.160.0/19 maxlen: 24
213.168.32.0/19 maxlen: 24
185.3.32.0/22 maxlen: 24
84.204.0.0/17 maxlen: 17
94.25.128.0/17 maxlen: 24
93.153.128.0/17 maxlen: 24
86.109.192.0/19 maxlen: 24
212.69.96.0/19 maxlen: 24
185.210.140.0/22 maxlen: 24
212.119.160.0/19 maxlen: 24
80.247.176.0/20 maxlen: 20
91.193.212.0/22 maxlen: 24
84.204.132.0/22 maxlen: 22
84.204.138.0/24 maxlen: 24
84.204.136.0/24 maxlen: 24
84.204.139.0/24 maxlen: 24
84.204.140.0/22 maxlen: 22
84.204.144.0/20 maxlen: 20
195.5.128.0/19 maxlen: 24
82.140.64.0/18 maxlen: 18
128.204.64.0/18 maxlen: 24
82.140.93.0/24 maxlen: 24
95.137.0.0/17 maxlen: 24
212.14.160.0/19 maxlen: 24
195.230.64.0/19 maxlen: 24
195.149.111.0/24 maxlen: 24
82.196.64.0/19 maxlen: 19
81.24.128.0/20 maxlen: 20
195.78.116.0/23 maxlen: 24
213.172.0.0/19 maxlen: 19
188.162.0.0/16 maxlen: 24
188.94.168.0/21 maxlen: 24
109.74.112.0/20 maxlen: 24
195.144.224.0/19 maxlen: 19
81.3.128.0/18 maxlen: 18
213.243.64.0/18 maxlen: 24
213.182.160.0/19 maxlen: 19
217.115.80.0/20 maxlen: 24
212.44.64.0/19 maxlen: 24
46.47.192.0/18 maxlen: 18
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e2:af:4a:b5:ed:a4:d6:54:e6:17:76:6b:f2:31:88:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Dec 5 14:27:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ca40215cf4ee13f862e04b4df72e54e3478c11b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:f4:77:55:1c:7e:57:86:6e:16:9c:86:ff:0d:
6a:7b:c5:f3:d3:11:cf:18:ce:5f:9d:48:12:82:39:
af:04:d7:d3:19:ee:55:83:60:2b:fb:6c:77:e8:0b:
b6:0d:d1:1a:06:47:32:8a:a6:ae:64:25:b5:62:09:
97:c0:33:c3:ab:76:96:57:2b:ac:9e:1d:ec:ce:a4:
f1:5b:25:93:84:a9:0d:dd:29:31:21:6e:dd:7f:4b:
73:12:52:6f:0d:b8:a2:cd:98:7e:70:78:f3:c5:7f:
c1:8f:af:fc:1a:9e:e1:01:45:8b:08:34:a8:c9:52:
b8:de:1a:cb:e5:20:dc:11:90:82:9c:e4:d5:88:a9:
f6:06:29:6f:c5:16:ff:cc:9d:c8:9a:0c:92:ab:f1:
7e:a6:7b:83:b7:e2:5b:cd:60:1b:9c:d4:a9:23:f6:
c1:6d:de:a5:e3:8b:c3:3e:0b:6a:a1:f4:3a:40:e4:
60:b5:31:61:6f:58:83:d2:db:3b:07:c6:09:66:8c:
e9:10:76:fa:2f:d2:8d:a2:9e:39:77:6e:ef:c0:6e:
ab:30:b5:d9:9e:79:b2:62:b3:01:5f:eb:1c:84:d5:
bf:ae:be:51:f6:0d:ae:ca:e7:45:6a:57:5f:a8:fa:
85:cf:85:ae:10:fe:f0:a0:42:f4:6e:35:06:6f:e8:
14:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:40:21:5C:F4:EE:13:F8:62:E0:4B:4D:F7:2E:54:E3:47:8C:11:B2
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ykAhXPTuE_hi4EtN9y5U40eMEbI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.47.192.0/18
79.171.8.0/21
80.247.176.0/20
81.3.128.0/18
81.24.128.0/20
82.140.64.0/18
82.196.64.0/19
84.204.0.0/17
84.204.132.0-84.204.136.255
84.204.138.0-84.204.183.255
84.204.188.0-84.204.255.255
86.109.192.0/19
91.193.212.0/22
93.153.128.0/17
94.25.128.0/17
95.137.0.0/17
109.74.112.0/20
109.124.64.0/18
109.188.0.0/16
128.204.64.0/18
178.23.144.0/21
185.3.32.0/22
185.210.140.0/22
188.94.168.0/21
188.162.0.0/16
193.201.228.0/22
195.5.128.0/19
195.16.96.0/19
195.78.116.0/23
195.144.224.0/19
195.149.111.0/24
195.230.64.0/19
212.14.160.0/19
212.44.64.0/19
212.69.96.0/19
212.119.160.0/19
213.154.160.0/19
213.168.32.0/19
213.172.0.0/19
213.182.160.0/19
213.243.64.0/18
217.115.80.0/20
217.195.64.0/19
Signature Algorithm: sha256WithRSAEncryption
8f:d6:8c:24:62:6b:c0:71:2a:d0:8c:31:67:e7:4f:4c:81:6b:
44:e3:c4:d9:46:a2:37:4f:cd:35:ef:7c:ad:ae:39:91:20:64:
62:53:b0:df:a3:46:c1:a7:c7:93:2b:a0:24:6f:ba:0e:ad:f4:
1f:28:12:ac:71:e8:82:c5:dd:1e:8a:8c:14:de:79:24:73:5f:
e2:30:0a:f8:5d:29:f0:68:5a:7b:b2:de:af:48:d1:25:20:0f:
21:54:c8:97:92:72:0e:f1:e7:a2:d4:fe:1e:8c:de:7d:65:99:
07:08:55:7c:6c:03:dc:d4:44:77:f5:04:e7:9b:f8:a8:b8:09:
43:cb:67:f7:c3:cb:ae:b5:21:44:1d:e5:2d:69:dd:b1:e2:7f:
8e:4c:c8:47:3b:37:1d:c5:21:cf:29:27:ca:fa:b4:03:2e:1f:
fb:76:f0:0e:0f:16:88:e2:c3:94:31:5e:c9:76:2c:f0:d1:d0:
3e:23:da:a7:44:6a:05:a6:d9:41:27:df:39:1d:bf:97:9d:49:
5d:07:b9:c1:5a:5c:05:6d:63:91:06:b3:e1:bc:d3:26:c4:2f:
37:ba:47:30:8c:59:58:24:78:d7:d1:a2:bb:8a:77:b9:b4:ce:
fe:6a:f8:12:b4:2b:f2:c1:43:f9:db:9c:29:95:3c:64:2d:00:
28:35:0a:78
-----BEGIN CERTIFICATE-----
MIIGGDCCBQCgAwIBAgISAYTir0q17aTWVOYXdmvyMYhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjA1MTQyNzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQwMjE1Y2Y0ZWUxM2Y4NjJlMDRiNGRmNzJlNTRlMzQ3OGMxMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfR3VRx+V4ZuFpyG/w1qe8Xz0xHP
GM5fnUgSgjmvBNfTGe5Vg2Ar+2x36Au2DdEaBkcyiqauZCW1YgmXwDPDq3aWVyus
nh3szqTxWyWThKkN3SkxIW7df0tzElJvDbiizZh+cHjzxX/Bj6/8Gp7hAUWLCDSo
yVK43hrL5SDcEZCCnOTViKn2BilvxRb/zJ3ImgySq/F+pnuDt+JbzWAbnNSpI/bB
bd6l44vDPgtqofQ6QORgtTFhb1iD0ts7B8YJZozpEHb6L9KNop45d27vwG6rMLXZ
nnmyYrMBX+schNW/rr5R9g2uyudFaldfqPqFz4WuEP7woEL0bjUGb+gUCQIDAQAB
o4IDJDCCAyAwHQYDVR0OBBYEFMpAIVz07hP4YuBLTfcuVONHjBGyMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEveWtBaFhQVHVFX2hpNEV0Tjl5NVU0MGVNRWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOAYIKwYBBQUHAQcBAf8EggEnMIIBIzCCAR8EAgABMIIB
FwMEBi4vwAMEA0+rCAMEBFD3sAMEBlEDgAMEBFEYgAMEBlKMQAMEBVLEQAMEB1TM
ADAMAwQCVMyEAwQAVMyIMAwDBAFUzIoDBANUzLAwCwMEAlTMvAMDAFTMAwQFVm3A
AwQCW8HUAwQHXZmAAwQHXhmAAwQHX4kAAwQEbUpwAwQGbXxAAwMAbbwDBAaAzEAD
BAOyF5ADBAK5AyADBAK50owDBAO8XqgDAwC8ogMEAsHJ5AMEBcMFgAMEBcMQYAME
AcNOdAMEBcOQ4AMEAMOVbwMEBcPmQAMEBdQOoAMEBdQsQAMEBdRFYAMEBdR3oAME
BdWaoAMEBdWoIAMEBdWsAAMEBdW2oAMEBtXzQAMEBNlzUAMEBdnDQDANBgkqhkiG
9w0BAQsFAAOCAQEAj9aMJGJrwHEq0IwxZ+dPTIFrROPE2UaiN0/NNe98ra45kSBk
YlOw36NGwafHkyugJG+6Dq30HygSrHHogsXdHoqMFN55JHNf4jAK+F0p8Ghae7Le
r0jRJSAPIVTIl5JyDvHnotT+HozefWWZBwhVfGwD3NREd/UE55v4qLgJQ8tn98PL
rrUhRB3lLWndseJ/jkzIRzs3HcUhzyknyvq0Ay4f+3bwDg8WiOLDlDFeyXYs8NHQ
PiPap0RqBabZQSffOR2/l51JXQe5wVpcBW1jkQaz4bzTJsQvN7pHMIxZWCR419Gi
u4p3ubTO/mr4ErQr8sFD+ducKZU8ZC0AKDUKeA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:47 2025 by rpki-client