Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/41MWrfbFN5uQPkh6ZH3cIfIF_WE.roa
File: 41MWrfbFN5uQPkh6ZH3cIfIF_WE.roa (raw, json)
Hash identifier: mOOusnRk5HJoq9DKXK14uxyhwhqr26ufbZMLCJKVN5k=
Subject key identifier: E3:53:16:AD:F6:C5:37:9B:90:3E:48:7A:64:7D:DC:21:F2:05:FD:61
Certificate issuer: /CN=bb22cf4c71a95911bd6046d05c0a8ba1646c9ead
Certificate serial: 0D896F12
Authority key identifier: BB:22:CF:4C:71:A9:59:11:BD:60:46:D0:5C:0A:8B:A1:64:6C:9E:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/41MWrfbFN5uQPkh6ZH3cIfIF_WE.roa
Signing time: Sat 01 Jan 2022 01:52:13 +0000
ROA not before: Sat 01 Jan 2022 01:52:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 198721
IP address blocks: 185.199.112.0/22 maxlen: 24
94.140.28.0/22 maxlen: 24
185.29.204.0/22 maxlen: 24
188.214.0.0/22 maxlen: 24
91.238.116.0/22 maxlen: 24
85.209.112.0/22 maxlen: 24
2a00:a9a0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 227110674 (0xd896f12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bb22cf4c71a95911bd6046d05c0a8ba1646c9ead
Validity
Not Before: Jan 1 01:52:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e35316adf6c5379b903e487a647ddc21f205fd61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:e5:0e:8d:7d:01:20:34:b1:1c:ca:b5:b1:d1:
9f:4b:1e:68:5c:eb:94:b0:df:ea:e5:fa:d4:9c:f6:
45:b3:a4:01:7a:de:09:7a:f1:1a:fe:c7:25:2d:db:
63:ea:1f:6c:cd:dc:77:8d:d2:c7:6e:53:5c:60:67:
35:d6:0c:68:39:40:59:f0:be:28:2b:e6:60:27:5a:
f0:81:0d:5c:99:aa:e9:7d:d0:29:12:ef:a5:1a:e2:
79:47:01:69:2c:32:00:eb:af:9d:41:42:a5:2d:d8:
ea:43:40:62:3b:c9:12:06:1e:87:d6:c3:e0:0f:c8:
5a:2c:1b:b1:35:42:12:1e:8b:19:f4:38:c3:c8:f3:
9d:dc:6a:48:7a:1c:5c:45:a3:8d:b8:b7:66:12:92:
23:7a:31:32:c5:33:02:4e:55:88:48:81:dd:7d:d5:
59:c7:b7:7f:73:f0:0e:83:fc:a8:36:4d:cd:48:5e:
9e:68:8c:2d:95:59:ea:03:9b:eb:5d:62:19:1a:e8:
61:18:1f:4c:df:b7:0f:4c:1f:b9:1e:6a:4d:17:82:
07:63:96:c5:b0:54:de:80:a0:ed:e0:e6:a0:be:5f:
38:f3:61:27:a6:8a:37:01:35:1a:a9:6e:ae:89:ca:
fd:cb:aa:b0:a8:52:a4:e2:46:00:f0:30:72:e0:55:
0f:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:53:16:AD:F6:C5:37:9B:90:3E:48:7A:64:7D:DC:21:F2:05:FD:61
X509v3 Authority Key Identifier:
keyid:BB:22:CF:4C:71:A9:59:11:BD:60:46:D0:5C:0A:8B:A1:64:6C:9E:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/41MWrfbFN5uQPkh6ZH3cIfIF_WE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.112.0/22
91.238.116.0/22
94.140.28.0/22
185.29.204.0/22
185.199.112.0/22
188.214.0.0/22
IPv6:
2a00:a9a0::/32
Signature Algorithm: sha256WithRSAEncryption
9a:3a:81:46:49:54:fa:b6:b3:c1:df:1c:44:38:70:72:ca:bd:
55:35:9f:a7:cf:03:82:55:9d:84:ce:48:18:af:3f:df:e3:57:
75:cd:99:b0:73:c6:cb:da:37:43:28:d0:cd:f4:c9:d0:86:21:
d5:20:76:fe:58:4d:de:b6:06:df:06:1e:04:55:c5:62:83:1f:
de:80:05:c6:2f:a5:c7:f8:4b:73:87:4f:8e:ef:a5:03:ad:02:
33:d1:43:93:13:d9:8f:da:d8:6d:0d:59:71:7d:11:23:77:0b:
25:94:84:44:8e:85:c5:7c:31:e9:49:48:21:c8:de:93:e2:12:
7d:c4:7a:51:41:ce:cc:52:57:bb:19:1c:e3:99:5b:19:85:0b:
17:16:88:ab:38:7c:55:8a:e3:03:d4:7d:c5:a1:8f:b9:55:2e:
a5:7f:af:09:6f:94:60:c0:77:79:fb:cb:e3:62:35:04:5f:99:
5e:3b:45:58:ec:e6:5b:f6:95:3d:49:4a:97:da:fb:2d:51:8d:
1a:d4:37:b3:b5:89:ae:8b:6e:82:9f:6d:d2:76:af:16:34:06:
04:e4:0b:5d:3e:7c:8e:b9:bc:13:ef:f5:f6:d3:dc:df:44:60:
3d:59:9e:ff:cd:e8:90:cb:ab:e3:93:de:ea:a4:94:d3:a1:1f:
f9:39:53:31
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEDYlvEjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YjIyY2Y0YzcxYTk1OTExYmQ2MDQ2ZDA1YzBhOGJhMTY0NmM5ZWFkMB4XDTIyMDEw
MTAxNTIxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTM1MzE2YWRmNmM1
Mzc5YjkwM2U0ODdhNjQ3ZGRjMjFmMjA1ZmQ2MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJnlDo19ASA0sRzKtbHRn0seaFzrlLDf6uX61Jz2RbOkAXre
CXrxGv7HJS3bY+ofbM3cd43Sx25TXGBnNdYMaDlAWfC+KCvmYCda8IENXJmq6X3Q
KRLvpRrieUcBaSwyAOuvnUFCpS3Y6kNAYjvJEgYeh9bD4A/IWiwbsTVCEh6LGfQ4
w8jzndxqSHocXEWjjbi3ZhKSI3oxMsUzAk5ViEiB3X3VWce3f3PwDoP8qDZNzUhe
nmiMLZVZ6gOb611iGRroYRgfTN+3D0wfuR5qTReCB2OWxbBU3oCg7eDmoL5fOPNh
J6aKNwE1GqluronK/cuqsKhSpOJGAPAwcuBVD8cCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBTjUxat9sU3m5A+SHpkfdwh8gX9YTAfBgNVHSMEGDAWgBS7Is9McalZEb1g
RtBcCouhZGyerTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3V5TFBUSEdwV1JHOVlFYlFYQXFMb1dSc25xMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2UvYWU4MjVmLTZmNTQtNDNlYS05YjgzLWJiYWVjNzUwNWQ5Ny8x
LzQxTVdyZmJGTjV1UVBraDZaSDNjSWZJRl9XRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Uv
YWU4MjVmLTZmNTQtNDNlYS05YjgzLWJiYWVjNzUwNWQ5Ny8xL3V5TFBUSEdwV1JH
OVlFYlFYQXFMb1dSc25xMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAlXRcAMEAlvudAMEAl6MHAMEArkd
zAMEArnHcAMEArzWADANBAIAAjAHAwUAKgCpoDANBgkqhkiG9w0BAQsFAAOCAQEA
mjqBRklU+razwd8cRDhwcsq9VTWfp88DglWdhM5IGK8/3+NXdc2ZsHPGy9o3QyjQ
zfTJ0IYh1SB2/lhN3rYG3wYeBFXFYoMf3oAFxi+lx/hLc4dPju+lA60CM9FDkxPZ
j9rYbQ1ZcX0RI3cLJZSERI6FxXwx6UlIIcjek+ISfcR6UUHOzFJXuxkc45lbGYUL
FxaIqzh8VYrjA9R9xaGPuVUupX+vCW+UYMB3efvL42I1BF+ZXjtFWOzmW/aVPUlK
l9r7LVGNGtQ3s7WJrotugp9t0navFjQGBOQLXT58jrm8E+/19tPc30RgPVme/83o
kMur45Pe6qSU06Ef+TlTMQ==
-----END CERTIFICATE-----
Generated at Thu Apr 17 03:11:29 2025 by rpki-client