Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/bPEMI3S10WgLEuhxooLRyIXczD8.roa
File: bPEMI3S10WgLEuhxooLRyIXczD8.roa (raw, json)
Hash identifier: DdtSPq76RK4GfJK6z5xfK0CDm1XPT0+PMH3O2dOzwe0=
Subject key identifier: 6C:F1:0C:23:74:B5:D1:68:0B:12:E8:71:A2:82:D1:C8:85:DC:CC:3F
Certificate issuer: /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial: 018C67B0C140F4DEAEF3B74F72FD3E0A569E
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/bPEMI3S10WgLEuhxooLRyIXczD8.roa
Signing time: Thu 14 Dec 2023 09:38:06 +0000
ROA not before: Thu 14 Dec 2023 09:38:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216134
IP address blocks: 149.238.159.0/24 maxlen: 24
149.238.0.0/19 maxlen: 24
2a13:cb40::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:67:b0:c1:40:f4:de:ae:f3:b7:4f:72:fd:3e:0a:56:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Validity
Not Before: Dec 14 09:38:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6cf10c2374b5d1680b12e871a282d1c885dccc3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:5c:6f:6e:f9:64:69:d3:5a:f7:48:fe:c2:94:
56:af:10:4d:ef:b0:db:95:3b:9a:0d:6d:14:63:af:
ad:71:fd:cf:22:dc:6b:9f:4f:27:07:be:82:b0:89:
2b:be:a9:ad:ea:be:6d:ef:38:8f:fd:cb:fc:52:5c:
f5:f7:d1:6a:92:63:d9:30:2e:7d:14:bd:90:05:65:
37:b3:28:e4:bc:ed:2e:95:ac:26:e1:67:9a:22:1c:
30:03:0e:65:91:9c:3d:62:de:e1:63:02:a0:35:81:
8f:d6:e9:58:24:17:14:1f:2a:d4:c4:bd:d6:d2:7d:
ce:b0:38:a5:13:03:95:16:69:8b:5f:81:94:34:54:
d0:6e:40:00:d8:9d:9f:17:4a:16:0e:46:6c:dc:a3:
d0:8d:94:68:35:aa:13:8b:a1:e7:20:77:8a:b2:d5:
55:70:ad:0f:03:60:bc:22:82:1a:4d:85:b3:f9:c3:
30:ee:92:77:42:7b:25:6a:b9:10:de:52:6c:19:77:
a0:dd:08:1a:33:41:46:94:88:b2:d4:b5:42:5d:a8:
5b:81:35:f1:2b:49:8d:a4:b3:28:1e:71:cc:af:8c:
70:7a:82:85:78:33:06:84:56:2a:f8:c5:03:91:b5:
24:c8:5c:62:44:52:9b:e4:56:49:b1:7d:a8:30:c4:
9e:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:F1:0C:23:74:B5:D1:68:0B:12:E8:71:A2:82:D1:C8:85:DC:CC:3F
X509v3 Authority Key Identifier:
keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/bPEMI3S10WgLEuhxooLRyIXczD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.238.0.0/19
149.238.159.0/24
IPv6:
2a13:cb40::/29
Signature Algorithm: sha256WithRSAEncryption
5a:03:40:18:5b:8b:6c:35:86:03:6f:c8:4d:7a:61:62:5d:3b:
46:9a:5b:84:c3:c3:65:28:79:d0:b3:6d:bd:c3:12:db:3c:d7:
86:28:72:2f:64:e0:d8:b2:ca:00:7e:4b:4d:e4:c4:50:13:eb:
2a:6d:92:3a:f2:c3:e0:db:79:2f:b6:cc:f5:c5:d6:0e:f7:bc:
aa:43:36:4d:a3:34:d9:49:99:6f:b1:db:13:44:51:44:ee:65:
f9:51:6a:0f:10:aa:7b:4a:2e:a4:0e:74:86:af:48:18:0a:a3:
43:56:bf:ec:e1:78:99:71:c2:67:5a:cc:ee:72:68:68:98:cb:
cc:85:89:cd:2f:80:0b:a0:26:20:0a:59:6d:77:19:ef:cf:21:
81:06:b4:22:a9:fc:68:d7:fe:8b:be:c0:7f:73:9b:a8:06:0f:
bd:03:5a:b0:86:78:ac:53:83:11:88:89:08:3a:b2:1b:36:23:
33:15:3c:12:a0:35:6b:4b:73:01:de:0b:74:9e:1c:63:08:62:
8b:7c:31:18:c3:3e:07:81:b5:58:5a:80:2e:82:8d:aa:40:68:
98:5e:4c:8a:44:3c:00:fa:96:00:f8:38:4f:0f:aa:18:a3:2e:
cb:bf:9d:b8:f6:da:ac:74:81:47:59:b2:52:9e:12:bc:0d:1b:
53:bd:98:9f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYxnsMFA9N6u87dPcv0+ClaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjMxMjE0MDkzODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2YxMGMyMzc0YjVkMTY4MGIxMmU4NzFhMjgyZDFjODg1ZGNjYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1xvbvlkadNa90j+wpRWrxBN77Db
lTuaDW0UY6+tcf3PItxrn08nB76CsIkrvqmt6r5t7ziP/cv8Ulz199FqkmPZMC59
FL2QBWU3syjkvO0ulawm4WeaIhwwAw5lkZw9Yt7hYwKgNYGP1ulYJBcUHyrUxL3W
0n3OsDilEwOVFmmLX4GUNFTQbkAA2J2fF0oWDkZs3KPQjZRoNaoTi6HnIHeKstVV
cK0PA2C8IoIaTYWz+cMw7pJ3QnslarkQ3lJsGXeg3QgaM0FGlIiy1LVCXahbgTXx
K0mNpLMoHnHMr4xweoKFeDMGhFYq+MUDkbUkyFxiRFKb5FZJsX2oMMSe9QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGzxDCN0tdFoCxLocaKC0ciF3Mw/MB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvYlBFTUkzUzEwV2dMRXVoeG9vTFJ5SVhjekQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFle4AAwQA
le6fMA0EAgACMAcDBQMqE8tAMA0GCSqGSIb3DQEBCwUAA4IBAQBaA0AYW4tsNYYD
b8hNemFiXTtGmluEw8NlKHnQs229wxLbPNeGKHIvZODYssoAfktN5MRQE+sqbZI6
8sPg23kvtsz1xdYO97yqQzZNozTZSZlvsdsTRFFE7mX5UWoPEKp7Si6kDnSGr0gY
CqNDVr/s4XiZccJnWszucmhomMvMhYnNL4ALoCYgClltdxnvzyGBBrQiqfxo1/6L
vsB/c5uoBg+9A1qwhnisU4MRiIkIOrIbNiMzFTwSoDVrS3MB3gt0nhxjCGKLfDEY
wz4HgbVYWoAugo2qQGiYXkyKRDwA+pYA+DhPD6oYoy7Lv5249tqsdIFHWbJSnhK8
DRtTvZif
-----END CERTIFICATE-----
Generated at Fri May 9 20:47:46 2025 by rpki-client