Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/xCXAAFFDaCLKUkqBG_T179xtY0Q.roa
File: xCXAAFFDaCLKUkqBG_T179xtY0Q.roa (raw, json)
Hash identifier: NHR6DWDpUgFqCNLwheaD6xydqC+aK84LBNqPG3gT344=
Subject key identifier: C4:25:C0:00:51:43:68:22:CA:52:4A:81:1B:F4:F5:EF:DC:6D:63:44
Certificate issuer: /CN=951d493b1bc0a8c852dd11cfc937891dac3f07c2
Certificate serial: 14B63119
Authority key identifier: 95:1D:49:3B:1B:C0:A8:C8:52:DD:11:CF:C9:37:89:1D:AC:3F:07:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lR1JOxvAqMhS3RHPyTeJHaw_B8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/xCXAAFFDaCLKUkqBG_T179xtY0Q.roa
Signing time: Sat 01 Jan 2022 06:04:17 +0000
ROA not before: Sat 01 Jan 2022 06:04:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204180
IP address blocks: 185.111.250.0/24 maxlen: 24
185.111.251.0/24 maxlen: 24
185.111.248.0/22 maxlen: 22
185.111.248.0/24 maxlen: 24
185.111.249.0/24 maxlen: 24
2a06:6080::/40 maxlen: 40
2a06:6080::/48 maxlen: 48
2a06:6080:1::/48 maxlen: 48
2a06:6080:2::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 347484441 (0x14b63119)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=951d493b1bc0a8c852dd11cfc937891dac3f07c2
Validity
Not Before: Jan 1 06:04:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c425c00051436822ca524a811bf4f5efdc6d6344
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:83:ce:a0:b2:79:3f:82:2d:ba:2b:04:67:bc:
9e:a4:15:22:1f:48:7e:fe:3e:c0:f5:9a:60:b5:4e:
50:5a:31:a8:18:36:e4:76:ea:a8:80:5c:aa:03:0c:
ff:b3:15:7b:d6:0a:9e:a6:c5:51:15:2f:ca:02:eb:
7b:14:a8:a6:52:82:0b:13:92:60:4d:e4:08:f3:05:
5f:15:91:73:29:83:22:cd:2c:91:19:61:f6:5d:b6:
cf:c3:dc:e9:6a:6f:ec:0a:53:cd:c2:a2:22:fb:9d:
c5:4e:94:e0:a8:7c:09:5b:75:55:c3:59:a0:47:c2:
6e:7e:54:6e:32:de:ff:74:86:f3:ce:79:23:24:6d:
b8:a0:91:6d:8c:1a:ce:d1:2f:2b:5c:ce:00:90:d4:
be:7b:1e:09:eb:48:5c:72:e9:d4:65:8a:e9:7d:a5:
6f:f0:7b:57:79:a7:1b:2f:89:5a:09:d0:0b:90:89:
c7:67:1e:fa:9a:1f:07:0b:bc:13:f3:38:27:48:a1:
86:49:8a:fc:de:6c:03:b9:0e:0e:50:9c:bd:0e:22:
ad:ac:e4:aa:de:fc:29:2d:03:4f:0d:02:bc:a9:a9:
52:4c:df:fc:c2:ac:39:4a:6a:1f:3b:78:20:66:e1:
d3:fb:39:a1:11:54:93:ff:d6:65:87:3c:e1:97:c2:
c8:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:25:C0:00:51:43:68:22:CA:52:4A:81:1B:F4:F5:EF:DC:6D:63:44
X509v3 Authority Key Identifier:
keyid:95:1D:49:3B:1B:C0:A8:C8:52:DD:11:CF:C9:37:89:1D:AC:3F:07:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lR1JOxvAqMhS3RHPyTeJHaw_B8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/xCXAAFFDaCLKUkqBG_T179xtY0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/lR1JOxvAqMhS3RHPyTeJHaw_B8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.111.248.0/22
IPv6:
2a06:6080::/40
Signature Algorithm: sha256WithRSAEncryption
16:32:bc:a0:e1:a6:c9:3e:89:a2:50:08:ef:74:34:15:76:54:
aa:3a:6c:11:07:b6:4c:18:c3:01:02:5e:b0:41:57:1a:6a:28:
a4:39:34:66:f8:88:12:38:96:d5:a7:b8:fa:3f:44:7b:a3:9e:
e9:07:0d:81:2d:f2:71:fa:d0:9c:1b:1f:3d:5e:da:4f:a7:ae:
43:c8:9c:61:11:3b:dd:92:fd:8a:89:9f:f5:fa:05:5b:cb:ba:
23:c2:05:17:74:69:b4:c9:2c:8f:5d:64:88:91:be:15:8d:f7:
9d:bf:67:93:cb:dd:28:b4:b5:22:44:f4:7a:40:04:36:4b:44:
d6:af:e3:89:da:0c:57:82:0a:a3:80:f6:e8:d1:d8:ff:ec:bb:
fb:f4:6a:4b:b9:81:f8:4c:f5:5f:c7:83:49:60:7f:00:79:70:
44:9a:a1:88:6d:09:e8:02:7e:b2:b9:1b:5d:de:0a:47:c7:f1:
b9:c7:0b:c2:2f:fa:48:0d:58:0a:7a:09:d7:d5:99:43:08:6f:
d1:73:6d:bc:44:8a:18:80:b1:d5:ff:40:99:cb:76:72:91:59:
3e:9f:ef:3e:cc:e5:a1:49:df:88:4d:6a:1a:fa:61:39:cf:4d:
4c:6b:16:d6:13:f8:4a:4d:f3:c1:59:3a:fa:fb:b0:c9:04:81:
40:93:90:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIEFLYxGTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NTFkNDkzYjFiYzBhOGM4NTJkZDExY2ZjOTM3ODkxZGFjM2YwN2MyMB4XDTIyMDEw
MTA2MDQxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzQyNWMwMDA1MTQz
NjgyMmNhNTI0YTgxMWJmNGY1ZWZkYzZkNjM0NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANuDzqCyeT+CLborBGe8nqQVIh9Ifv4+wPWaYLVOUFoxqBg2
5HbqqIBcqgMM/7MVe9YKnqbFURUvygLrexSoplKCCxOSYE3kCPMFXxWRcymDIs0s
kRlh9l22z8Pc6Wpv7ApTzcKiIvudxU6U4Kh8CVt1VcNZoEfCbn5UbjLe/3SG8855
IyRtuKCRbYwaztEvK1zOAJDUvnseCetIXHLp1GWK6X2lb/B7V3mnGy+JWgnQC5CJ
x2ce+pofBwu8E/M4J0ihhkmK/N5sA7kODlCcvQ4irazkqt78KS0DTw0CvKmpUkzf
/MKsOUpqHzt4IGbh0/s5oRFUk//WZYc84ZfCyE8CAwEAAaOCAhkwggIVMB0GA1Ud
DgQWBBTEJcAAUUNoIspSSoEb9PXv3G1jRDAfBgNVHSMEGDAWgBSVHUk7G8CoyFLd
Ec/JN4kdrD8HwjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xSMUpPeHZBcU1oUzNSSFB5VGVKSGF3X0I4SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDYvODliZjNhLWJmOTAtNDY3YS1hOTBiLTIyZTI0OGVkMjAxNC8x
L3hDWEFBRkZEYUNMS1VrcUJHX1QxNzl4dFkwUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYv
ODliZjNhLWJmOTAtNDY3YS1hOTBiLTIyZTI0OGVkMjAxNC8xL2xSMUpPeHZBcU1o
UzNSSFB5VGVKSGF3X0I4SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAv
BggrBgEFBQcBBwEB/wQgMB4wDAQCAAEwBgMEArlv+DAOBAIAAjAIAwYAKgZggAAw
DQYJKoZIhvcNAQELBQADggEBABYyvKDhpsk+iaJQCO90NBV2VKo6bBEHtkwYwwEC
XrBBVxpqKKQ5NGb4iBI4ltWnuPo/RHujnukHDYEt8nH60JwbHz1e2k+nrkPInGER
O92S/YqJn/X6BVvLuiPCBRd0abTJLI9dZIiRvhWN952/Z5PL3Si0tSJE9HpABDZL
RNav44naDFeCCqOA9ujR2P/su/v0aku5gfhM9V/Hg0lgfwB5cESaoYhtCegCfrK5
G13eCkfH8bnHC8Iv+kgNWAp6CdfVmUMIb9FzbbxEihiAsdX/QJnLdnKRWT6f7z7M
5aFJ34hNahr6YTnPTUxrFtYT+EpN88FZOvr7sMkEgUCTkM4=
-----END CERTIFICATE-----
Generated at Tue May 13 05:56:57 2025 by rpki-client