Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/bbd64b-ebb8-46d8-b4e3-62eafed5922e/1/g9pXI9AcUZGCoK2o4nmZ5r0-YOM.roa
File: g9pXI9AcUZGCoK2o4nmZ5r0-YOM.roa (raw, json)
Hash identifier: qgjbXLH7bUMPWyY7gKpDVGt3ZwyAet162Cf4GUPLXDY=
Subject key identifier: 83:DA:57:23:D0:1C:51:91:82:A0:AD:A8:E2:79:99:E6:BD:3E:60:E3
Certificate issuer: /CN=4f3bf7ac28e830656cf6e999c4993ba76cb1a98a
Certificate serial: 0187096FAF8B9CEA9A5B882B4CB0D5F81B71
Authority key identifier: 4F:3B:F7:AC:28:E8:30:65:6C:F6:E9:99:C4:99:3B:A7:6C:B1:A9:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tzv3rCjoMGVs9umZxJk7p2yxqYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/bbd64b-ebb8-46d8-b4e3-62eafed5922e/1/g9pXI9AcUZGCoK2o4nmZ5r0-YOM.roa
Signing time: Wed 22 Mar 2023 13:08:46 +0000
ROA not before: Wed 22 Mar 2023 13:08:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21263
IP address blocks: 185.124.220.0/22 maxlen: 24
185.4.232.0/22 maxlen: 24
178.157.80.0/23 maxlen: 24
178.157.83.0/24 maxlen: 24
217.73.152.0/21 maxlen: 24
5.154.226.0/23 maxlen: 24
5.154.230.0/23 maxlen: 24
188.119.150.0/23 maxlen: 23
188.119.152.0/24 maxlen: 24
185.68.188.0/24 maxlen: 24
128.0.35.0/24 maxlen: 24
2a05:7ac0::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:09:6f:af:8b:9c:ea:9a:5b:88:2b:4c:b0:d5:f8:1b:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f3bf7ac28e830656cf6e999c4993ba76cb1a98a
Validity
Not Before: Mar 22 13:08:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=83da5723d01c519182a0ada8e27999e6bd3e60e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:c4:93:03:6d:c5:64:3f:23:48:3d:93:74:c4:
25:30:6e:6d:29:66:48:04:27:4c:3b:f6:54:07:79:
8d:48:20:5e:ed:5d:5d:f8:3a:1c:fc:b9:c3:60:f3:
76:09:37:30:27:ff:a1:63:40:20:a9:55:d7:a7:1b:
b1:d2:ed:c1:43:21:c6:9d:e0:44:8d:26:58:3b:34:
76:48:ef:15:83:52:35:b7:62:af:70:b8:f5:dd:58:
f6:78:06:c5:f6:68:a3:aa:53:6c:b0:d4:34:97:c1:
e0:e4:b9:99:d6:99:3b:96:be:0a:43:f8:6b:c1:80:
01:c6:92:f8:4b:2c:e6:bb:4c:19:f7:03:df:ee:9f:
92:69:e3:8e:3d:d2:0e:28:4c:84:c5:f7:c3:71:41:
11:80:13:0c:7b:5f:11:e2:d0:28:bd:13:bb:b2:54:
4c:f0:6f:e7:82:21:d3:77:a7:64:42:ab:8f:c4:78:
f8:38:d6:c9:cc:47:ef:9b:ad:a9:ac:03:76:4c:5e:
83:5f:1f:73:5f:70:af:a2:82:1e:c6:cd:41:7f:2c:
21:42:ba:0f:53:01:bd:be:09:98:cb:d5:52:50:21:
cf:60:f3:0a:9e:ea:b5:36:90:14:56:99:05:6b:3d:
cf:2c:10:71:f4:9a:be:d7:94:34:ef:1d:f6:e4:e3:
29:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:DA:57:23:D0:1C:51:91:82:A0:AD:A8:E2:79:99:E6:BD:3E:60:E3
X509v3 Authority Key Identifier:
keyid:4F:3B:F7:AC:28:E8:30:65:6C:F6:E9:99:C4:99:3B:A7:6C:B1:A9:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tzv3rCjoMGVs9umZxJk7p2yxqYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/bbd64b-ebb8-46d8-b4e3-62eafed5922e/1/g9pXI9AcUZGCoK2o4nmZ5r0-YOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/bbd64b-ebb8-46d8-b4e3-62eafed5922e/1/Tzv3rCjoMGVs9umZxJk7p2yxqYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.154.226.0/23
5.154.230.0/23
128.0.35.0/24
178.157.80.0/23
178.157.83.0/24
185.4.232.0/22
185.68.188.0/24
185.124.220.0/22
188.119.150.0-188.119.152.255
217.73.152.0/21
IPv6:
2a05:7ac0::/29
Signature Algorithm: sha256WithRSAEncryption
77:d3:b1:43:11:72:38:b6:14:53:40:fe:1a:fb:d5:15:a6:28:
88:8a:77:b7:52:9c:d9:e8:3d:11:a7:81:aa:b0:ad:49:32:c4:
17:69:6b:76:53:ac:d8:62:9c:4f:74:2a:78:66:71:45:bd:8a:
00:47:7d:58:cd:a5:ab:95:9c:0d:9f:8b:5f:ff:2d:67:3f:5a:
cf:12:11:57:69:c3:2b:06:b0:ca:e9:d9:16:a0:7f:60:13:83:
13:b4:f3:c2:28:37:4d:20:40:8d:38:35:f9:51:6a:cf:ba:ee:
b8:51:69:41:c1:41:fe:f5:55:27:96:67:b4:12:e9:2c:8b:32:
b8:1a:73:83:1f:4e:b3:0b:5c:56:22:7e:f4:d4:c4:ec:db:a2:
26:d8:07:ce:33:94:4b:98:0b:96:27:2c:fc:ee:de:a1:4d:4b:
e8:99:2f:c3:47:4b:8e:b3:ac:67:6d:0b:85:a8:ef:fc:07:45:
34:1a:b9:cf:e0:7b:7c:f7:68:ca:86:6b:f9:12:d2:fe:a1:42:
40:fa:4d:77:51:f5:67:46:b9:ec:6a:77:7f:bf:7b:e0:a9:4a:
89:77:af:13:b3:6a:2e:74:a7:e0:37:fe:31:a5:de:9a:1c:21:
33:9c:67:51:92:8a:f9:f2:fe:c4:5a:c3:0b:a4:50:29:d1:2c:
87:e2:6a:c3
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYcJb6+LnOqaW4grTLDV+BtxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmM2JmN2FjMjhlODMwNjU2Y2Y2ZTk5OWM0OTkzYmE3NmNi
MWE5OGEwHhcNMjMwMzIyMTMwODQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2RhNTcyM2QwMWM1MTkxODJhMGFkYThlMjc5OTllNmJkM2U2MGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisSTA23FZD8jSD2TdMQlMG5tKWZI
BCdMO/ZUB3mNSCBe7V1d+Doc/LnDYPN2CTcwJ/+hY0AgqVXXpxux0u3BQyHGneBE
jSZYOzR2SO8Vg1I1t2KvcLj13Vj2eAbF9mijqlNssNQ0l8Hg5LmZ1pk7lr4KQ/hr
wYABxpL4Syzmu0wZ9wPf7p+SaeOOPdIOKEyExffDcUERgBMMe18R4tAovRO7slRM
8G/ngiHTd6dkQquPxHj4ONbJzEfvm62prAN2TF6DXx9zX3CvooIexs1BfywhQroP
UwG9vgmYy9VSUCHPYPMKnuq1NpAUVpkFaz3PLBBx9Jq+15Q07x325OMpHwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFIPaVyPQHFGRgqCtqOJ5mea9PmDjMB8GA1UdIwQY
MBaAFE8796wo6DBlbPbpmcSZO6dssamKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHp2M3JDam9NR1ZzOXVtWnhKazdwMnl4cVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9iYmQ2NGItZWJiOC00NmQ4LWI0ZTMt
NjJlYWZlZDU5MjJlLzEvZzlwWEk5QWNVWkdDb0sybzRubVo1cjAtWU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9iYmQ2NGItZWJiOC00NmQ4LWI0ZTMtNjJlYWZlZDU5MjJl
LzEvVHp2M3JDam9NR1ZzOXVtWnhKazdwMnl4cVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQBBZriAwQB
BZrmAwQAgAAjAwQBsp1QAwQAsp1TAwQCuQToAwQAuUS8AwQCuXzcMAwDBAG8d5YD
BAC8d5gDBAPZSZgwDQQCAAIwBwMFAyoFesAwDQYJKoZIhvcNAQELBQADggEBAHfT
sUMRcji2FFNA/hr71RWmKIiKd7dSnNnoPRGngaqwrUkyxBdpa3ZTrNhinE90Knhm
cUW9igBHfVjNpauVnA2fi1//LWc/Ws8SEVdpwysGsMrp2Ragf2ATgxO088IoN00g
QI04NflRas+67rhRaUHBQf71VSeWZ7QS6SyLMrgac4MfTrMLXFYifvTUxOzboibY
B84zlEuYC5YnLPzu3qFNS+iZL8NHS46zrGdtC4Wo7/wHRTQauc/ge3z3aMqGa/kS
0v6hQkD6TXdR9WdGuexqd3+/e+CpSol3rxOzai50p+A3/jGl3pocITOcZ1GSivny
/sRawwukUCnRLIfiasM=
-----END CERTIFICATE-----
Generated at Wed Apr 23 01:14:38 2025 by rpki-client