Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/RA20FQR6ekSraCzuKL522Ih3DNg.roa
File: RA20FQR6ekSraCzuKL522Ih3DNg.roa (raw, json)
Hash identifier: c5mZQLfWOiZejJZuuWR+2ig8liCxgBIkQsNNUbzGD28=
Subject key identifier: 44:0D:B4:15:04:7A:7A:44:AB:68:2C:EE:28:BE:76:D8:88:77:0C:D8
Certificate issuer: /CN=d9d0318f2685e32d2dba923f6662771427359738
Certificate serial: 01856E82109ABA58CA62DED43C54EF5D8875
Authority key identifier: D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/RA20FQR6ekSraCzuKL522Ih3DNg.roa
Signing time: Sun 01 Jan 2023 18:04:55 +0000
ROA not before: Sun 01 Jan 2023 18:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8728
IP address blocks: 84.52.0.0/18 maxlen: 32
212.7.0.0/19 maxlen: 32
82.147.160.0/19 maxlen: 32
82.147.160.0/21 maxlen: 32
185.200.68.0/22 maxlen: 32
82.147.168.0/21 maxlen: 32
212.7.30.0/24 maxlen: 32
89.235.192.0/18 maxlen: 32
109.235.240.0/21 maxlen: 32
2001:1b28::/32 maxlen: 128
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:82:10:9a:ba:58:ca:62:de:d4:3c:54:ef:5d:88:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9d0318f2685e32d2dba923f6662771427359738
Validity
Not Before: Jan 1 18:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=440db415047a7a44ab682cee28be76d888770cd8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:7f:04:db:26:a7:59:45:65:00:fd:99:2e:b4:
c5:98:62:f6:70:55:3a:60:5b:2f:f4:75:dd:ba:e9:
d3:0a:fb:de:e2:d3:38:52:63:3c:66:7d:48:0d:d9:
fc:86:c8:9e:f0:e0:3c:f0:33:2c:43:d4:a1:40:bc:
97:1d:1c:8e:b7:0d:d2:66:0b:61:91:aa:8f:60:bd:
34:2a:71:7a:29:e1:1c:24:91:c1:b5:b6:77:42:ee:
d8:49:37:6d:75:23:8d:fd:c0:3e:4b:d9:33:9a:70:
99:da:ef:1f:0c:d2:e2:ca:61:9d:0c:8e:5a:0d:13:
22:58:c6:a0:7d:f2:ae:b9:c5:b2:a4:79:c0:0d:74:
f5:57:18:16:7d:96:0b:46:72:00:54:96:5a:d0:a6:
3b:2c:19:90:03:72:df:fa:f0:8e:3c:34:ab:66:11:
5e:40:10:dc:d8:79:c4:b6:ab:74:52:60:ee:fd:28:
a0:0c:29:0f:5e:0b:ef:09:05:fe:1f:96:4c:5e:ea:
ce:1a:76:55:e2:3c:cb:11:f0:f5:67:aa:4a:03:b8:
f9:69:98:36:78:01:51:8a:f7:59:4a:72:39:f8:45:
07:29:d6:c3:23:3a:c0:d9:4f:5a:75:88:42:9c:48:
25:2b:c3:ac:03:19:4f:97:69:c0:b9:0e:af:81:6f:
41:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:0D:B4:15:04:7A:7A:44:AB:68:2C:EE:28:BE:76:D8:88:77:0C:D8
X509v3 Authority Key Identifier:
keyid:D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/RA20FQR6ekSraCzuKL522Ih3DNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.147.160.0/19
84.52.0.0/18
89.235.192.0/18
109.235.240.0/21
185.200.68.0/22
212.7.0.0/19
IPv6:
2001:1b28::/32
Signature Algorithm: sha256WithRSAEncryption
9b:a4:48:a9:4a:ee:ef:8c:6f:f5:1b:73:9a:24:41:74:4e:08:
98:85:17:be:50:28:a2:13:dd:48:f7:4c:29:8d:0f:3b:e1:50:
81:3d:b1:02:94:fc:da:92:5a:d8:df:dd:f6:7e:9e:ae:c2:f3:
42:8b:dd:26:d1:87:df:c6:8f:18:44:30:6b:09:2d:6e:49:1c:
d8:f1:51:19:1a:88:9d:7f:66:92:2c:61:36:cc:0a:dd:28:98:
82:44:12:1f:fe:b6:16:47:4e:f1:7e:70:00:34:5a:f5:b1:df:
4e:08:8a:ef:9a:97:89:7a:16:38:42:12:94:fa:8c:3c:da:3d:
47:b5:f3:80:fd:b3:d4:05:82:40:15:28:03:05:db:37:58:10:
74:70:6c:15:c8:50:e4:62:d8:30:84:bf:c7:71:fb:f0:86:60:
91:94:37:95:5b:ec:61:7f:18:e1:b7:76:82:07:0c:1b:1b:31:
c4:82:8b:ac:37:9b:79:6b:d9:a3:f1:b5:45:7f:14:17:65:09:
54:47:ec:36:66:5f:d8:d9:f0:d5:e0:a0:ce:da:0c:3c:61:20:
40:5b:85:e5:b1:4f:8d:07:ad:a4:7e:55:5e:d2:bc:9b:68:44:
b3:66:26:d7:2e:6e:1d:10:88:3c:a1:85:9a:26:05:0e:ca:9b:
9b:84:8f:07
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVughCauljKYt7UPFTvXYh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDAzMThmMjY4NWUzMmQyZGJhOTIzZjY2NjI3NzE0Mjcz
NTk3MzgwHhcNMjMwMTAxMTgwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBkYjQxNTA0N2E3YTQ0YWI2ODJjZWUyOGJlNzZkODg4NzcwY2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi38E2yanWUVlAP2ZLrTFmGL2cFU6
YFsv9HXduunTCvve4tM4UmM8Zn1IDdn8hsie8OA88DMsQ9ShQLyXHRyOtw3SZgth
kaqPYL00KnF6KeEcJJHBtbZ3Qu7YSTdtdSON/cA+S9kzmnCZ2u8fDNLiymGdDI5a
DRMiWMagffKuucWypHnADXT1VxgWfZYLRnIAVJZa0KY7LBmQA3Lf+vCOPDSrZhFe
QBDc2HnEtqt0UmDu/SigDCkPXgvvCQX+H5ZMXurOGnZV4jzLEfD1Z6pKA7j5aZg2
eAFRivdZSnI5+EUHKdbDIzrA2U9adYhCnEglK8OsAxlPl2nAuQ6vgW9B8QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFEQNtBUEenpEq2gs7ii+dtiIdwzYMB8GA1UdIwQY
MBaAFNnQMY8mheMtLbqSP2ZidxQnNZc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEt
OTZkZGQ1YTAyMzlkLzEvUkEyMEZRUjZla1NyYUN6dUtMNTIySWgzRE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEtOTZkZGQ1YTAyMzlk
LzEvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFUpOgAwQG
VDQAAwQGWevAAwQDbevwAwQCuchEAwQF1AcAMA0EAgACMAcDBQAgARsoMA0GCSqG
SIb3DQEBCwUAA4IBAQCbpEipSu7vjG/1G3OaJEF0TgiYhRe+UCiiE91I90wpjQ87
4VCBPbEClPzaklrY3932fp6uwvNCi90m0Yffxo8YRDBrCS1uSRzY8VEZGoidf2aS
LGE2zArdKJiCRBIf/rYWR07xfnAANFr1sd9OCIrvmpeJehY4QhKU+ow82j1HtfOA
/bPUBYJAFSgDBds3WBB0cGwVyFDkYtgwhL/HcfvwhmCRlDeVW+xhfxjht3aCBwwb
GzHEgousN5t5a9mj8bVFfxQXZQlUR+w2Zl/Y2fDV4KDO2gw8YSBAW4XlsU+NB62k
flVe0rybaESzZibXLm4dEIg8oYWaJgUOypubhI8H
-----END CERTIFICATE-----
Generated at Fri May 9 21:53:12 2025 by rpki-client