Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/36e6f0-eb2c-4cf8-8565-b363bb6caa02/1/kVjpEPLQ-OpXfNdWoB8Z5_DCPXs.roa
File: kVjpEPLQ-OpXfNdWoB8Z5_DCPXs.roa (raw, json)
Hash identifier: N6T0tydGUw6cSg9sXRx/N5c7xDZ/HMqGz0Ijr1nGE28=
Subject key identifier: 91:58:E9:10:F2:D0:F8:EA:57:7C:D7:56:A0:1F:19:E7:F0:C2:3D:7B
Certificate issuer: /CN=fa23aeb6a5d9a34b83607777776fb8764fb76f00
Certificate serial: 01856B40D7B2F8A58BC2ECDD27294CC7E059
Authority key identifier: FA:23:AE:B6:A5:D9:A3:4B:83:60:77:77:77:6F:B8:76:4F:B7:6F:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-iOutqXZo0uDYHd3d2-4dk-3bwA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2c/36e6f0-eb2c-4cf8-8565-b363bb6caa02/1/kVjpEPLQ-OpXfNdWoB8Z5_DCPXs.roa
Signing time: Sun 01 Jan 2023 02:54:49 +0000
ROA not before: Sun 01 Jan 2023 02:54:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61200
IP address blocks: 185.16.21.0/24 maxlen: 24
185.16.20.0/22 maxlen: 22
185.16.20.0/24 maxlen: 24
185.16.20.0/23 maxlen: 23
185.16.23.0/24 maxlen: 24
185.16.22.0/23 maxlen: 23
185.16.22.0/24 maxlen: 24
2a03:cbc0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:40:d7:b2:f8:a5:8b:c2:ec:dd:27:29:4c:c7:e0:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fa23aeb6a5d9a34b83607777776fb8764fb76f00
Validity
Not Before: Jan 1 02:54:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9158e910f2d0f8ea577cd756a01f19e7f0c23d7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:26:c9:a9:aa:c7:63:1e:bf:77:ca:48:b5:0a:
a7:9b:a4:7f:b4:80:22:77:9b:af:a2:82:b9:d2:eb:
3d:a6:a2:6e:6f:db:d9:fb:89:80:4d:66:39:96:0a:
f1:b5:b7:a3:c4:eb:b5:34:34:5b:b8:8f:a7:26:33:
1a:6a:14:f8:bb:d1:5d:79:6b:95:51:49:ff:38:58:
7d:5a:ff:63:f3:39:69:6d:79:5e:3f:03:e0:1f:09:
46:5e:c9:89:9c:8f:c8:ad:71:f6:23:22:9c:7d:b5:
c3:36:75:e5:07:95:f1:d5:2b:71:8d:03:1e:2f:0b:
53:88:1b:f1:84:10:9a:ee:17:06:94:6e:10:73:fd:
01:5c:45:06:1a:90:f5:ad:7c:cb:d8:1e:65:10:db:
5c:c6:32:18:15:1b:a5:39:e4:16:1b:dd:c8:35:f1:
20:f9:38:d6:23:c1:65:d3:88:bd:d8:5f:d0:c0:ad:
91:47:9e:f2:85:7f:72:9f:87:56:8f:67:38:21:e9:
56:19:0a:46:67:0c:9e:2a:ba:9f:28:66:19:4f:e4:
b0:e0:b8:fc:24:89:85:7b:cb:82:9d:95:c4:72:5d:
6d:3d:16:fa:ae:98:46:e1:1a:97:13:0a:09:61:60:
e2:aa:34:33:f7:48:20:24:58:f3:3d:97:e3:1c:ad:
36:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:58:E9:10:F2:D0:F8:EA:57:7C:D7:56:A0:1F:19:E7:F0:C2:3D:7B
X509v3 Authority Key Identifier:
keyid:FA:23:AE:B6:A5:D9:A3:4B:83:60:77:77:77:6F:B8:76:4F:B7:6F:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-iOutqXZo0uDYHd3d2-4dk-3bwA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/36e6f0-eb2c-4cf8-8565-b363bb6caa02/1/kVjpEPLQ-OpXfNdWoB8Z5_DCPXs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/36e6f0-eb2c-4cf8-8565-b363bb6caa02/1/1-iOutqXZo0uDYHd3d2-4dk-3bwA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.16.20.0/22
IPv6:
2a03:cbc0::/29
Signature Algorithm: sha256WithRSAEncryption
dd:89:22:74:ab:d6:4b:23:8d:0c:fe:e0:54:f5:49:a6:6a:2c:
33:50:01:0e:75:5e:75:6f:d0:89:8e:f7:86:d9:82:18:64:67:
6d:c7:0e:4e:dd:32:8b:7e:20:2b:2c:4d:a5:22:de:e4:af:0c:
f5:dd:07:29:b9:1e:7b:51:66:c2:8e:63:33:87:5c:72:27:ff:
ef:21:6a:d9:3d:02:68:25:42:26:b5:19:c4:8d:2f:1b:0d:6d:
93:c3:01:35:32:a6:df:86:ed:04:de:4c:6d:32:6f:42:99:ea:
6d:e6:be:ca:40:34:4f:dd:13:cf:b6:80:fa:f3:8f:5f:9c:74:
84:43:7d:ba:9a:7a:2c:ca:f2:ed:b9:a9:4c:25:1c:1e:4a:79:
fa:32:9f:96:38:b9:d4:82:d1:96:d1:b2:c4:ab:df:5b:0b:75:
21:d3:64:4c:45:c8:c7:a8:83:e6:b1:d5:68:6d:25:38:ae:d7:
dc:a5:5e:df:02:9d:cb:42:41:8e:29:02:15:3d:a7:22:39:6c:
e1:bf:f7:5d:3c:83:70:46:9c:0a:d1:41:d2:00:6c:70:61:72:
49:0f:7a:e4:28:96:3b:95:7a:0f:66:e4:10:fb:0e:07:75:c3:
cd:6d:80:b2:c1:c2:ee:d4:4e:4b:d0:6b:91:cc:bc:1d:6a:90:
9e:a2:55:29
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVrQNey+KWLwuzdJylMx+BZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMjNhZWI2YTVkOWEzNGI4MzYwNzc3Nzc3NmZiODc2NGZi
NzZmMDAwHhcNMjMwMTAxMDI1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU4ZTkxMGYyZDBmOGVhNTc3Y2Q3NTZhMDFmMTllN2YwYzIzZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgybJqarHYx6/d8pItQqnm6R/tIAi
d5uvooK50us9pqJub9vZ+4mATWY5lgrxtbejxOu1NDRbuI+nJjMaahT4u9FdeWuV
UUn/OFh9Wv9j8zlpbXlePwPgHwlGXsmJnI/IrXH2IyKcfbXDNnXlB5Xx1StxjQMe
LwtTiBvxhBCa7hcGlG4Qc/0BXEUGGpD1rXzL2B5lENtcxjIYFRulOeQWG93INfEg
+TjWI8Fl04i92F/QwK2RR57yhX9yn4dWj2c4IelWGQpGZwyeKrqfKGYZT+Sw4Lj8
JImFe8uCnZXEcl1tPRb6rphG4RqXEwoJYWDiqjQz90ggJFjzPZfjHK02wQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJFY6RDy0PjqV3zXVqAfGefwwj17MB8GA1UdIwQY
MBaAFPojrral2aNLg2B3d3dvuHZPt28AMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pT3V0cVhabzB1RFlIZDNkMi00ZGstM2J3QS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvMzZlNmYwLWViMmMtNGNmOC04NTY1
LWIzNjNiYjZjYWEwMi8xL2tWanBFUExRLU9wWGZOZFdvQjhaNV9EQ1BYcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmMvMzZlNmYwLWViMmMtNGNmOC04NTY1LWIzNjNiYjZjYWEw
Mi8xLzEtaU91dHFYWm8wdURZSGQzZDItNGRrLTNid0EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5EBQw
DQQCAAIwBwMFAyoDy8AwDQYJKoZIhvcNAQELBQADggEBAN2JInSr1ksjjQz+4FT1
SaZqLDNQAQ51XnVv0ImO94bZghhkZ23HDk7dMot+ICssTaUi3uSvDPXdBym5HntR
ZsKOYzOHXHIn/+8hatk9AmglQia1GcSNLxsNbZPDATUypt+G7QTeTG0yb0KZ6m3m
vspANE/dE8+2gPrzj1+cdIRDfbqaeizK8u25qUwlHB5Kefoyn5Y4udSC0ZbRssSr
31sLdSHTZExFyMeog+ax1WhtJTiu19ylXt8CnctCQY4pAhU9pyI5bOG/9108g3BG
nArRQdIAbHBhckkPeuQoljuVeg9m5BD7Dgd1w81tgLLBwu7UTkvQa5HMvB1qkJ6i
VSk=
-----END CERTIFICATE-----
Generated at Wed Apr 30 06:29:44 2025 by rpki-client