Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/Q856URziYch68nJptAR4vUO3HW0.roa
File: Q856URziYch68nJptAR4vUO3HW0.roa (raw, json)
Hash identifier: lcHhIEsR9dF0Cjzzo7/mf/t+IPQRMjQQ7aSHEw3QHkk=
Subject key identifier: 43:CE:7A:51:1C:E2:61:C8:7A:F2:72:69:B4:04:78:BD:43:B7:1D:6D
Certificate issuer: /CN=5833294a1cdc1358afc439c0a72733b065a86f8b
Certificate serial: 0186CD0B92743F5AFFF8FBC72F7520C574E4
Authority key identifier: 58:33:29:4A:1C:DC:13:58:AF:C4:39:C0:A7:27:33:B0:65:A8:6F:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WDMpShzcE1ivxDnApyczsGWob4s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/Q856URziYch68nJptAR4vUO3HW0.roa
Signing time: Fri 10 Mar 2023 19:42:13 +0000
ROA not before: Fri 10 Mar 2023 19:42:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49352
IP address blocks: 213.189.195.0/24 maxlen: 24
213.189.193.0/24 maxlen: 24
213.189.199.0/24 maxlen: 24
213.189.194.0/24 maxlen: 24
188.93.213.0/24 maxlen: 24
188.93.208.0/23 maxlen: 23
188.93.215.0/24 maxlen: 24
188.93.214.0/24 maxlen: 24
178.21.14.0/23 maxlen: 23
178.21.13.0/24 maxlen: 24
178.21.12.0/22 maxlen: 22
178.21.12.0/24 maxlen: 24
185.38.16.0/24 maxlen: 24
185.38.17.0/24 maxlen: 24
185.38.18.0/24 maxlen: 24
185.38.19.0/24 maxlen: 24
194.67.64.0/24 maxlen: 24
194.67.75.0/24 maxlen: 24
194.67.76.0/23 maxlen: 23
176.99.4.0/24 maxlen: 24
176.99.9.0/24 maxlen: 24
176.99.5.0/24 maxlen: 24
176.99.7.0/24 maxlen: 24
176.99.8.0/24 maxlen: 24
176.99.6.0/24 maxlen: 24
176.99.5.190/32 maxlen: 32
188.93.209.127/32 maxlen: 32
194.67.106.0/24 maxlen: 24
188.93.208.172/32 maxlen: 32
178.21.9.0/24 maxlen: 24
62.113.93.0/24 maxlen: 24
2a02:f20::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:cd:0b:92:74:3f:5a:ff:f8:fb:c7:2f:75:20:c5:74:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5833294a1cdc1358afc439c0a72733b065a86f8b
Validity
Not Before: Mar 10 19:42:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43ce7a511ce261c87af27269b40478bd43b71d6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:99:6e:d8:1a:77:fd:fa:36:19:ac:f3:b4:09:
37:6f:bd:31:4a:25:bd:ff:03:f0:de:35:40:74:03:
54:58:60:43:31:ea:78:e2:3a:e8:bd:50:a2:0b:5f:
35:d1:87:5e:ee:50:7f:e1:f6:1e:6e:72:ca:55:fb:
be:31:6e:1f:e6:fd:1d:9b:60:99:58:1e:a2:cf:3a:
28:1f:1b:c2:d3:93:5d:cb:57:0c:c9:83:3d:c9:e2:
fc:e1:0e:65:28:8b:53:c2:5f:8f:28:fe:cc:7b:a2:
ea:47:b1:57:b0:fd:e9:85:15:99:ca:89:21:b9:b5:
cf:ae:3d:4c:1c:f7:70:47:36:e9:3b:fd:38:d5:20:
d0:51:07:7b:c6:8c:5e:f3:f4:d0:59:bf:88:22:45:
50:6a:55:19:fe:00:dd:dc:f1:4a:f6:ee:d3:97:ad:
52:06:44:82:97:04:22:6a:41:e1:bd:9d:7c:07:6c:
c4:ee:45:14:9d:d7:2e:92:9e:af:3c:98:48:da:0f:
de:0c:d1:70:26:f5:24:a4:77:11:70:ed:cc:0f:71:
49:30:86:b7:12:5a:17:68:33:4b:bd:24:0b:8b:6e:
29:22:23:b9:6b:59:7e:60:a9:4b:e1:14:3c:c1:1a:
3c:48:37:11:87:98:55:c6:bf:cb:63:e8:fc:5d:4c:
2e:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:CE:7A:51:1C:E2:61:C8:7A:F2:72:69:B4:04:78:BD:43:B7:1D:6D
X509v3 Authority Key Identifier:
keyid:58:33:29:4A:1C:DC:13:58:AF:C4:39:C0:A7:27:33:B0:65:A8:6F:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WDMpShzcE1ivxDnApyczsGWob4s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/Q856URziYch68nJptAR4vUO3HW0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/WDMpShzcE1ivxDnApyczsGWob4s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.113.93.0/24
176.99.4.0-176.99.9.255
178.21.9.0/24
178.21.12.0/22
185.38.16.0/22
188.93.208.0/23
188.93.213.0-188.93.215.255
194.67.64.0/24
194.67.75.0-194.67.77.255
194.67.106.0/24
213.189.193.0-213.189.195.255
213.189.199.0/24
IPv6:
2a02:f20::/32
Signature Algorithm: sha256WithRSAEncryption
52:c7:21:a0:31:22:e1:1e:b6:45:16:e1:2d:bb:11:1b:03:32:
7b:ba:e2:47:35:80:07:d7:9c:d1:07:b3:4f:fa:a8:42:32:1b:
4f:a0:29:3a:38:51:ad:8a:1d:4f:18:12:df:47:ee:9a:a7:d7:
ce:95:e5:e2:9f:2f:f9:7f:40:84:06:16:a8:57:14:92:e2:0b:
ac:fb:ab:92:a3:56:63:c0:7a:ef:cd:1e:55:75:d5:6a:02:93:
e3:da:1f:e9:e8:df:78:89:54:62:7c:8b:3d:fe:61:61:99:7b:
c8:70:fc:7c:06:5d:4f:72:0e:af:5f:1b:f0:4b:34:43:27:76:
e8:cc:70:5d:2a:87:50:26:e9:e4:99:df:ef:d2:c7:b3:50:57:
5f:43:7f:db:d3:72:8f:09:45:3d:ce:3b:3b:26:3e:85:8f:6b:
24:9f:c5:f8:cc:69:a4:d8:6d:bb:cf:cd:a0:72:50:6a:d6:21:
27:d7:ce:96:bd:55:35:00:f9:1a:5f:d3:d1:3d:c1:3e:1f:50:
33:d7:67:2f:4c:6d:24:71:3b:63:13:49:33:60:c7:ea:39:02:
ce:0d:32:bc:e6:b3:d3:67:ae:f1:32:53:eb:43:9b:f4:63:65:
94:3a:77:16:4f:f1:77:34:f3:9c:93:33:61:55:b0:14:96:5f:
4b:00:7b:b9
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAYbNC5J0P1r/+PvHL3UgxXTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MzMyOTRhMWNkYzEzNThhZmM0MzljMGE3MjczM2IwNjVh
ODZmOGIwHhcNMjMwMzEwMTk0MjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2NlN2E1MTFjZTI2MWM4N2FmMjcyNjliNDA0NzhiZDQzYjcxZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJlu2Bp3/fo2GazztAk3b70xSiW9
/wPw3jVAdANUWGBDMep44jrovVCiC1810Yde7lB/4fYebnLKVfu+MW4f5v0dm2CZ
WB6izzooHxvC05Ndy1cMyYM9yeL84Q5lKItTwl+PKP7Me6LqR7FXsP3phRWZyokh
ubXPrj1MHPdwRzbpO/041SDQUQd7xoxe8/TQWb+IIkVQalUZ/gDd3PFK9u7Tl61S
BkSClwQiakHhvZ18B2zE7kUUndcukp6vPJhI2g/eDNFwJvUkpHcRcO3MD3FJMIa3
EloXaDNLvSQLi24pIiO5a1l+YKlL4RQ8wRo8SDcRh5hVxr/LY+j8XUwuUQIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFEPOelEc4mHIevJyabQEeL1Dtx1tMB8GA1UdIwQY
MBaAFFgzKUoc3BNYr8Q5wKcnM7BlqG+LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0RNcFNoemNFMWl2eERuQXB5Y3pzR1dvYjRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YjQxOWMtY2Y4Zi00YzlhLTk0ZDct
YmI0YjY1YjZhMGQxLzEvUTg1NlVSemlZY2g2OG5KcHRBUjR2VU8zSFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YjQxOWMtY2Y4Zi00YzlhLTk0ZDctYmI0YjY1YjZhMGQx
LzEvV0RNcFNoemNFMWl2eERuQXB5Y3pzR1dvYjRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MG4EAgABMGgDBAA+cV0w
DAMEArBjBAMEAbBjCAMEALIVCQMEArIVDAMEArkmEAMEAbxd0DAMAwQAvF3VAwQD
vF3QAwQAwkNAMAwDBADCQ0sDBAHCQ0wDBADCQ2owDAMEANW9wQMEAtW9wAMEANW9
xzANBAIAAjAHAwUAKgIPIDANBgkqhkiG9w0BAQsFAAOCAQEAUschoDEi4R62RRbh
LbsRGwMye7riRzWAB9ec0QezT/qoQjIbT6ApOjhRrYodTxgS30fumqfXzpXl4p8v
+X9AhAYWqFcUkuILrPurkqNWY8B6780eVXXVagKT49of6ejfeIlUYnyLPf5hYZl7
yHD8fAZdT3IOr18b8Es0Qyd26MxwXSqHUCbp5Jnf79LHs1BXX0N/29NyjwlFPc47
OyY+hY9rJJ/F+MxppNhtu8/NoHJQatYhJ9fOlr1VNQD5Gl/T0T3BPh9QM9dnL0xt
JHE7YxNJM2DH6jkCzg0yvOaz02eu8TJT60Ob9GNllDp3Fk/xdzTznJMzYVWwFJZf
SwB7uQ==
-----END CERTIFICATE-----
Generated at Sat Apr 19 14:05:13 2025 by rpki-client