Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/bfbe5f-97c8-4347-8a8c-e01bb48863a9/1/srQVeZNBEW5qq_i0oK6eDK1j0Gs.roa
File: srQVeZNBEW5qq_i0oK6eDK1j0Gs.roa (raw, json)
Hash identifier: 6UjX6XBaEYmR0KsSR2XrBkseszF9+HKAQ10U78qE9Uo=
Subject key identifier: B2:B4:15:79:93:41:11:6E:6A:AB:F8:B4:A0:AE:9E:0C:AD:63:D0:6B
Certificate issuer: /CN=ef8c33a8a6201d40a60220bd639b5d352212673e
Certificate serial: 018B9053D8941F29A5FD4E3D88BC8AC81E73
Authority key identifier: EF:8C:33:A8:A6:20:1D:40:A6:02:20:BD:63:9B:5D:35:22:12:67:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/74wzqKYgHUCmAiC9Y5tdNSISZz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/bfbe5f-97c8-4347-8a8c-e01bb48863a9/1/srQVeZNBEW5qq_i0oK6eDK1j0Gs.roa
Signing time: Thu 02 Nov 2023 13:58:15 +0000
ROA not before: Thu 02 Nov 2023 13:58:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21040
IP address blocks: 185.71.112.0/22 maxlen: 22
213.196.128.0/18 maxlen: 18
109.205.200.0/21 maxlen: 21
185.71.16.0/22 maxlen: 22
185.178.120.0/22 maxlen: 22
84.20.56.0/21 maxlen: 21
185.19.120.0/22 maxlen: 22
37.203.248.0/21 maxlen: 21
37.203.252.0/22 maxlen: 22
37.203.248.0/22 maxlen: 22
2a02:24e8::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:90:53:d8:94:1f:29:a5:fd:4e:3d:88:bc:8a:c8:1e:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef8c33a8a6201d40a60220bd639b5d352212673e
Validity
Not Before: Nov 2 13:58:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b2b415799341116e6aabf8b4a0ae9e0cad63d06b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:94:af:a9:88:62:e4:f9:ea:a8:a2:75:55:4f:
a0:9d:ba:58:82:ac:a4:a4:a7:17:a6:2b:6e:25:72:
36:3b:c4:5a:63:53:98:14:d3:d4:6b:6e:a4:36:ba:
3f:ce:4f:73:0c:74:e9:be:fe:fc:f6:37:05:29:07:
06:96:a4:51:64:d7:7d:bd:70:59:bf:9b:74:b3:9a:
bb:8c:69:72:92:0d:52:4b:58:40:44:c8:ca:dd:c1:
2a:d7:89:13:d6:0c:16:7b:a5:b6:dd:4a:4b:a4:78:
c6:8d:d7:d2:50:73:d1:4c:32:80:38:64:07:c5:bf:
40:71:e4:90:a5:83:69:72:3e:a8:cd:c2:91:d3:3e:
79:ab:3f:30:61:82:95:cf:43:1d:6d:a5:d9:c3:d7:
a6:b6:68:e8:88:da:bb:a4:5a:4f:ec:49:6a:e2:28:
39:07:6a:d4:d9:cb:f5:02:ef:bb:2a:c1:2f:b6:5c:
43:7e:3e:9f:88:45:4c:d3:14:b2:14:57:02:f1:9a:
0e:b2:b8:aa:24:ca:b4:74:30:0b:03:e4:0f:1a:ca:
2c:b9:d9:0a:17:94:94:d9:ef:bb:b3:ba:6b:c5:67:
f5:f4:c8:89:ed:e4:46:77:4e:e5:a9:5d:50:d3:9f:
56:e4:25:98:2e:20:6a:e4:06:30:ee:c5:dd:c4:fd:
64:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:B4:15:79:93:41:11:6E:6A:AB:F8:B4:A0:AE:9E:0C:AD:63:D0:6B
X509v3 Authority Key Identifier:
keyid:EF:8C:33:A8:A6:20:1D:40:A6:02:20:BD:63:9B:5D:35:22:12:67:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/74wzqKYgHUCmAiC9Y5tdNSISZz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/bfbe5f-97c8-4347-8a8c-e01bb48863a9/1/srQVeZNBEW5qq_i0oK6eDK1j0Gs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/bfbe5f-97c8-4347-8a8c-e01bb48863a9/1/74wzqKYgHUCmAiC9Y5tdNSISZz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.203.248.0/21
84.20.56.0/21
109.205.200.0/21
185.19.120.0/22
185.71.16.0/22
185.71.112.0/22
185.178.120.0/22
213.196.128.0/18
IPv6:
2a02:24e8::/29
Signature Algorithm: sha256WithRSAEncryption
65:60:df:56:a2:37:02:c9:af:e4:b8:9a:d7:de:4a:ce:fb:5b:
12:63:92:c8:06:25:13:a4:03:51:17:03:80:a4:31:e7:e1:25:
aa:46:70:f3:1e:af:ce:a2:7d:9a:3d:61:08:83:2a:87:4c:c2:
6a:43:b5:af:69:1a:02:96:29:0d:c3:5c:89:71:bc:c9:ee:71:
b2:91:d8:19:91:ba:dd:bf:b7:3f:e0:af:6c:cf:ec:0c:53:54:
d9:83:6d:6a:3a:45:0c:19:e0:a8:8a:33:e1:62:94:c2:e3:57:
a9:8d:dd:da:54:a0:b2:a0:fd:d4:b2:4f:00:9a:a2:b8:b4:b4:
3a:14:c0:96:84:85:23:66:91:36:ee:3f:df:bc:e4:c2:df:7b:
14:37:ff:57:66:1b:d6:d7:91:b9:84:8a:dc:2d:7f:de:46:e7:
75:f1:87:cb:21:dc:0d:5d:08:4b:ee:b5:8b:02:ef:3f:86:a3:
ec:47:74:d4:f3:35:f0:61:fb:c5:a2:2a:34:63:54:bc:2c:dc:
a4:dd:11:8f:b8:93:ef:cd:44:80:34:d3:5c:c0:4b:39:a2:b1:
61:51:82:c0:92:25:2c:72:86:6c:bb:33:37:3d:0d:c6:fa:7c:
5a:e2:96:38:c7:e0:f7:25:e5:09:f1:11:82:01:d5:c5:fa:c7:
63:9b:3d:8d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYuQU9iUHyml/U49iLyKyB5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOGMzM2E4YTYyMDFkNDBhNjAyMjBiZDYzOWI1ZDM1MjIx
MjY3M2UwHhcNMjMxMTAyMTM1ODE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmI0MTU3OTkzNDExMTZlNmFhYmY4YjRhMGFlOWUwY2FkNjNkMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5SvqYhi5PnqqKJ1VU+gnbpYgqyk
pKcXpituJXI2O8RaY1OYFNPUa26kNro/zk9zDHTpvv789jcFKQcGlqRRZNd9vXBZ
v5t0s5q7jGlykg1SS1hARMjK3cEq14kT1gwWe6W23UpLpHjGjdfSUHPRTDKAOGQH
xb9AceSQpYNpcj6ozcKR0z55qz8wYYKVz0MdbaXZw9emtmjoiNq7pFpP7Elq4ig5
B2rU2cv1Au+7KsEvtlxDfj6fiEVM0xSyFFcC8ZoOsriqJMq0dDALA+QPGsosudkK
F5SU2e+7s7prxWf19MiJ7eRGd07lqV1Q059W5CWYLiBq5AYw7sXdxP1kgwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFLK0FXmTQRFuaqv4tKCungytY9BrMB8GA1UdIwQY
MBaAFO+MM6imIB1ApgIgvWObXTUiEmc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzR3enFLWWdIVUNtQWlDOVk1dGROU0lTWno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9iZmJlNWYtOTdjOC00MzQ3LThhOGMt
ZTAxYmI0ODg2M2E5LzEvc3JRVmVaTkJFVzVxcV9pMG9LNmVESzFqMEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9iZmJlNWYtOTdjOC00MzQ3LThhOGMtZTAxYmI0ODg2M2E5
LzEvNzR3enFLWWdIVUNtQWlDOVk1dGROU0lTWno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDJcv4AwQD
VBQ4AwQDbc3IAwQCuRN4AwQCuUcQAwQCuUdwAwQCubJ4AwQG1cSAMA0EAgACMAcD
BQMqAiToMA0GCSqGSIb3DQEBCwUAA4IBAQBlYN9WojcCya/kuJrX3krO+1sSY5LI
BiUTpANRFwOApDHn4SWqRnDzHq/Oon2aPWEIgyqHTMJqQ7WvaRoClikNw1yJcbzJ
7nGykdgZkbrdv7c/4K9sz+wMU1TZg21qOkUMGeCoijPhYpTC41epjd3aVKCyoP3U
sk8AmqK4tLQ6FMCWhIUjZpE27j/fvOTC33sUN/9XZhvW15G5hIrcLX/eRud18YfL
IdwNXQhL7rWLAu8/hqPsR3TU8zXwYfvFoio0Y1S8LNyk3RGPuJPvzUSANNNcwEs5
orFhUYLAkiUscoZsuzM3PQ3G+nxa4pY4x+D3JeUJ8RGCAdXF+sdjmz2N
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:49:47 2025 by rpki-client