Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ODg0bdXWdAhUk7Cy0hlRSeVc9ag.roa
File: ODg0bdXWdAhUk7Cy0hlRSeVc9ag.roa (raw, json)
Hash identifier: Ch/aVbk274pyVTNksyn1ecaZUVE2LckHu3RsLSp8os0=
Subject key identifier: 38:38:34:6D:D5:D6:74:08:54:93:B0:B2:D2:19:51:49:E5:5C:F5:A8
Certificate issuer: /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial: 01856F26E0F13437D7F64E271B24D1D400B5
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ODg0bdXWdAhUk7Cy0hlRSeVc9ag.roa
Signing time: Sun 01 Jan 2023 21:04:56 +0000
ROA not before: Sun 01 Jan 2023 21:04:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34219
IP address blocks: 178.255.16.0/22 maxlen: 22
178.255.22.0/24 maxlen: 24
178.255.20.0/23 maxlen: 23
159.253.112.0/22 maxlen: 22
159.253.118.0/24 maxlen: 24
159.253.116.0/23 maxlen: 23
159.253.119.0/24 maxlen: 24
93.94.4.0/23 maxlen: 23
185.2.56.0/22 maxlen: 22
2a03:1e00::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:26:e0:f1:34:37:d7:f6:4e:27:1b:24:d1:d4:00:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Validity
Not Before: Jan 1 21:04:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3838346dd5d674085493b0b2d2195149e55cf5a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:f4:96:02:64:ae:1c:16:bf:0e:53:df:87:72:
9c:b8:67:c5:c0:82:78:77:ac:2e:de:19:dd:d5:5a:
e3:f5:e4:08:63:c8:8a:da:87:89:e4:09:6d:d1:7d:
df:36:96:c7:42:d8:c7:de:c6:f7:7d:e9:9b:88:ec:
4f:4b:a0:0d:75:4e:d9:43:4b:03:1d:9f:0d:13:0a:
e6:61:27:f5:2b:71:72:87:47:1d:c8:5e:be:9c:cc:
aa:32:7f:c8:c0:e3:77:5f:85:54:25:ec:28:0c:59:
26:d3:8b:26:9f:c9:38:00:2f:93:e9:19:3b:b6:b7:
00:49:15:32:51:97:4c:f4:30:01:20:77:57:a5:ec:
b4:81:02:24:c9:9f:98:86:97:80:46:dc:20:de:2c:
75:91:fd:43:bd:e3:e1:34:c8:02:cb:9d:33:66:35:
0b:06:cb:0a:93:90:1c:78:19:0f:87:17:28:53:0d:
56:3d:91:e0:b7:d4:ce:a1:66:62:69:6e:31:7f:96:
e0:9b:6f:9d:0c:7e:7e:e0:61:ee:c3:7e:ec:24:ad:
8e:53:1c:13:3b:a0:d5:7c:f5:10:fc:82:a7:83:f6:
e1:9e:06:34:ef:de:de:c0:1a:44:85:01:c5:8b:c5:
ce:68:02:54:fb:4c:ff:4b:8e:97:0a:ee:f9:13:35:
29:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:38:34:6D:D5:D6:74:08:54:93:B0:B2:D2:19:51:49:E5:5C:F5:A8
X509v3 Authority Key Identifier:
keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ODg0bdXWdAhUk7Cy0hlRSeVc9ag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.94.4.0/23
159.253.112.0/21
178.255.16.0-178.255.22.255
185.2.56.0/22
IPv6:
2a03:1e00::/32
Signature Algorithm: sha256WithRSAEncryption
58:e7:28:3d:42:be:eb:f5:17:6d:dd:30:c3:03:70:97:81:a3:
80:9e:15:99:2a:ef:d4:6c:6e:f3:d9:74:78:cd:da:85:a2:4b:
6a:a6:36:67:c9:19:0c:02:41:39:d9:b8:2e:d7:85:b7:9a:e3:
e8:83:38:2f:86:6e:08:d4:99:41:97:2b:50:08:df:ce:d6:de:
02:59:14:48:19:fd:db:e5:bf:11:78:42:9d:21:c1:60:25:a9:
2e:ee:3d:8b:ec:de:ca:81:4a:5e:a1:f2:b3:8a:52:89:1c:84:
38:1a:72:b1:6b:e6:43:b4:4f:f0:34:a4:09:57:de:b9:1c:33:
39:a8:89:e1:79:ca:8f:a1:f1:f7:02:b8:35:e2:1d:6d:27:13:
50:f1:f7:36:7c:6d:3d:de:6f:93:6c:0b:6b:ce:cd:47:45:69:
42:e9:63:d3:ca:eb:79:2e:10:b3:f7:ea:1e:ec:94:ac:1e:ca:
23:b2:8f:96:3e:a5:a3:46:fc:f5:8c:1b:0d:b2:34:27:f9:84:
36:6e:7d:f3:8d:d3:ff:b5:a0:4a:6e:fb:c1:9d:1a:81:2c:3a:
da:f8:b6:91:b9:a1:7e:b7:d4:39:16:cc:6b:ef:a0:58:85:74:
bc:45:5e:a8:db:dc:73:31:ee:15:d5:6e:b8:45:9b:fb:de:8d:
2b:95:2d:f5
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVvJuDxNDfX9k4nGyTR1AC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjMwMTAxMjEwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM4MzQ2ZGQ1ZDY3NDA4NTQ5M2IwYjJkMjE5NTE0OWU1NWNmNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPSWAmSuHBa/DlPfh3KcuGfFwIJ4
d6wu3hnd1Vrj9eQIY8iK2oeJ5Alt0X3fNpbHQtjH3sb3fembiOxPS6ANdU7ZQ0sD
HZ8NEwrmYSf1K3Fyh0cdyF6+nMyqMn/IwON3X4VUJewoDFkm04smn8k4AC+T6Rk7
trcASRUyUZdM9DABIHdXpey0gQIkyZ+YhpeARtwg3ix1kf1DvePhNMgCy50zZjUL
BssKk5AceBkPhxcoUw1WPZHgt9TOoWZiaW4xf5bgm2+dDH5+4GHuw37sJK2OUxwT
O6DVfPUQ/IKng/bhngY0797ewBpEhQHFi8XOaAJU+0z/S46XCu75EzUpAQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFDg4NG3V1nQIVJOwstIZUUnlXPWoMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvT0RnMGJkWFdkQWhVazdDeTBobFJTZVZjOWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQBXV4EAwQD
n/1wMAwDBASy/xADBACy/xYDBAK5AjgwDQQCAAIwBwMFACoDHgAwDQYJKoZIhvcN
AQELBQADggEBAFjnKD1Cvuv1F23dMMMDcJeBo4CeFZkq79RsbvPZdHjN2oWiS2qm
NmfJGQwCQTnZuC7Xhbea4+iDOC+GbgjUmUGXK1AI387W3gJZFEgZ/dvlvxF4Qp0h
wWAlqS7uPYvs3sqBSl6h8rOKUokchDgacrFr5kO0T/A0pAlX3rkcMzmoieF5yo+h
8fcCuDXiHW0nE1Dx9zZ8bT3eb5NsC2vOzUdFaULpY9PK63kuELP36h7slKweyiOy
j5Y+paNG/PWMGw2yNCf5hDZuffON0/+1oEpu+8GdGoEsOtr4tpG5oX631DkWzGvv
oFiFdLxFXqjb3HMx7hXVbrhFm/vejSuVLfU=
-----END CERTIFICATE-----
Generated at Sun Apr 6 22:35:28 2025 by rpki-client