Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BC5lkgrLTX5fH3X7dqc9wOsuDnk.roa
File: BC5lkgrLTX5fH3X7dqc9wOsuDnk.roa (raw, json)
Hash identifier: e8S/Z5jJXkDrbACLQqrr7nV4F800LjSCSrQ1XypTrDs=
Subject key identifier: 04:2E:65:92:0A:CB:4D:7E:5F:1F:75:FB:76:A7:3D:C0:EB:2E:0E:79
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0186743F192CA9854756909C77B68FA06F1F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BC5lkgrLTX5fH3X7dqc9wOsuDnk.roa
Signing time: Tue 21 Feb 2023 13:52:17 +0000
ROA not before: Tue 21 Feb 2023 13:52:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211237
IP address blocks: 84.32.71.0/24 maxlen: 24
88.216.199.0/24 maxlen: 24
84.32.88.0/24 maxlen: 24
84.32.10.0/24 maxlen: 24
84.32.8.0/24 maxlen: 24
84.32.232.0/24 maxlen: 24
84.32.245.0/24 maxlen: 24
84.32.50.0/24 maxlen: 24
88.216.92.0/24 maxlen: 24
84.32.108.0/24 maxlen: 24
88.216.3.0/24 maxlen: 24
84.32.150.0/24 maxlen: 24
84.32.151.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:74:3f:19:2c:a9:85:47:56:90:9c:77:b6:8f:a0:6f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Feb 21 13:52:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=042e65920acb4d7e5f1f75fb76a73dc0eb2e0e79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:e9:7d:ca:09:06:47:7e:f2:b1:f3:c8:31:ad:
81:4f:ee:2f:08:ec:35:67:04:69:3c:28:92:eb:46:
f7:05:f2:fa:70:6f:2d:e2:bc:e0:79:73:98:da:66:
39:e9:e9:b6:32:86:04:9d:a5:8d:1b:0c:a1:b6:10:
ce:ae:4a:34:a6:f0:fb:d4:1d:a4:7f:53:d5:27:24:
d1:64:da:5a:02:3a:b5:79:48:ee:7b:23:56:79:85:
c5:5e:b8:df:9d:d0:93:52:ec:59:a9:df:40:0d:63:
24:7d:e5:5a:45:2b:d2:b6:2c:6f:a1:95:0a:ba:ca:
ac:ca:e4:25:52:3c:03:41:3f:87:57:89:81:55:37:
c2:54:8d:e7:f0:b0:a2:13:e3:08:f6:d2:81:fd:53:
58:8d:d7:62:3e:38:9e:d2:35:9d:db:b8:32:11:fe:
14:b9:18:a6:78:68:9d:ce:5c:63:de:f5:75:d7:7f:
9d:4b:01:9b:59:1f:b8:41:73:74:87:14:cb:c6:c4:
b4:e7:6b:b2:67:c9:44:d7:07:bf:ce:c1:af:09:be:
46:ff:ca:bb:93:dd:61:e0:d7:c9:1e:cb:a1:e1:75:
49:7e:ab:ff:1a:28:16:e9:ec:47:b9:75:34:84:df:
a6:61:df:5a:e8:43:8a:99:18:ee:e7:b4:1c:48:f9:
f9:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:2E:65:92:0A:CB:4D:7E:5F:1F:75:FB:76:A7:3D:C0:EB:2E:0E:79
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BC5lkgrLTX5fH3X7dqc9wOsuDnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.8.0/24
84.32.10.0/24
84.32.50.0/24
84.32.71.0/24
84.32.88.0/24
84.32.108.0/24
84.32.150.0/23
84.32.232.0/24
84.32.245.0/24
88.216.3.0/24
88.216.92.0/24
88.216.199.0/24
Signature Algorithm: sha256WithRSAEncryption
02:e4:f6:24:58:e5:24:e0:bd:c0:a2:18:f7:f3:f3:0b:6b:bf:
5c:9e:1d:bf:e6:cd:70:47:f2:14:2f:0f:3c:85:c7:04:ab:1d:
f1:1c:41:d3:2e:39:6f:45:d2:08:05:fa:09:a2:a3:ee:85:a6:
b6:cb:66:2a:85:08:21:a9:2a:70:8a:64:00:23:1f:ca:4e:23:
08:b8:5c:3e:7b:2a:94:6a:1d:29:ed:b2:ee:07:30:23:fd:c3:
38:09:a6:0c:c1:fa:fa:29:aa:28:ae:b1:b1:4f:bc:4f:e9:db:
a3:cf:89:64:5e:b7:0d:d9:ba:21:33:d3:d9:f5:2a:6d:0c:cf:
e6:5e:0e:4d:9d:ff:f3:a0:70:10:07:ad:e3:c7:57:c0:4c:6f:
76:d0:8f:1f:d6:cc:b2:f8:c9:49:e0:96:39:f6:a3:ac:3c:95:
b0:5e:f7:17:7e:aa:03:f5:52:6f:d6:fd:6d:be:d2:ec:18:73:
eb:9c:52:9e:65:93:e6:55:21:41:c9:ad:bc:5f:52:87:ef:b5:
6e:a2:c7:3f:6e:3a:3d:ea:3b:5d:c6:6f:af:8f:0a:f1:2a:b5:
39:fb:9f:8a:7b:a9:7b:5e:42:e9:2e:a3:cb:d5:cf:01:d6:9e:
ef:70:47:7c:6d:15:ac:1c:c8:8d:a7:19:fd:20:32:5b:e6:1e:
f8:b6:f4:2f
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYZ0PxksqYVHVpCcd7aPoG8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMjIxMTM1MjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDJlNjU5MjBhY2I0ZDdlNWYxZjc1ZmI3NmE3M2RjMGViMmUwZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ul9ygkGR37ysfPIMa2BT+4vCOw1
ZwRpPCiS60b3BfL6cG8t4rzgeXOY2mY56em2MoYEnaWNGwyhthDOrko0pvD71B2k
f1PVJyTRZNpaAjq1eUjueyNWeYXFXrjfndCTUuxZqd9ADWMkfeVaRSvStixvoZUK
usqsyuQlUjwDQT+HV4mBVTfCVI3n8LCiE+MI9tKB/VNYjddiPjie0jWd27gyEf4U
uRimeGidzlxj3vV113+dSwGbWR+4QXN0hxTLxsS052uyZ8lE1we/zsGvCb5G/8q7
k91h4NfJHsuh4XVJfqv/GigW6exHuXU0hN+mYd9a6EOKmRju57QcSPn5GwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAQuZZIKy01+Xx91+3anPcDrLg55MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvQkM1bGtnckxUWDVmSDNYN2RxYzl3T3N1RG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAVCAIAwQA
VCAKAwQAVCAyAwQAVCBHAwQAVCBYAwQAVCBsAwQBVCCWAwQAVCDoAwQAVCD1AwQA
WNgDAwQAWNhcAwQAWNjHMA0GCSqGSIb3DQEBCwUAA4IBAQAC5PYkWOUk4L3Aohj3
8/MLa79cnh2/5s1wR/IULw88hccEqx3xHEHTLjlvRdIIBfoJoqPuhaa2y2YqhQgh
qSpwimQAIx/KTiMIuFw+eyqUah0p7bLuBzAj/cM4CaYMwfr6KaoorrGxT7xP6duj
z4lkXrcN2bohM9PZ9SptDM/mXg5Nnf/zoHAQB63jx1fATG920I8f1syy+MlJ4JY5
9qOsPJWwXvcXfqoD9VJv1v1tvtLsGHPrnFKeZZPmVSFBya28X1KH77Vuosc/bjo9
6jtdxm+vjwrxKrU5+5+Ke6l7XkLpLqPL1c8B1p7vcEd8bRWsHMiNpxn9IDJb5h74
tvQv
-----END CERTIFICATE-----
Generated at Sun May 11 15:10:58 2025 by rpki-client