Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/9ZP3VKjVtvnq3lBeQVUBQ4qUJfY.roa
File: 9ZP3VKjVtvnq3lBeQVUBQ4qUJfY.roa (raw, json)
Hash identifier: Rej7drKhI/9wqw1ZzBW2DniLiiHU8S+VL3Za6ovp1rI=
Subject key identifier: F5:93:F7:54:A8:D5:B6:F9:EA:DE:50:5E:41:55:01:43:8A:94:25:F6
Certificate issuer: /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial: 018C6C9B9B3F1F4F37BFE8AF82BACA8B7559
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/9ZP3VKjVtvnq3lBeQVUBQ4qUJfY.roa
Signing time: Fri 15 Dec 2023 08:33:06 +0000
ROA not before: Fri 15 Dec 2023 08:33:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8477
IP address blocks: 213.156.112.0/22 maxlen: 22
213.156.108.0/22 maxlen: 22
213.156.116.0/22 maxlen: 22
213.156.120.0/22 maxlen: 22
213.156.124.0/22 maxlen: 22
109.232.24.0/22 maxlen: 22
213.156.96.0/22 maxlen: 22
185.13.168.0/22 maxlen: 22
213.156.104.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6c:9b:9b:3f:1f:4f:37:bf:e8:af:82:ba:ca:8b:75:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Validity
Not Before: Dec 15 08:33:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f593f754a8d5b6f9eade505e415501438a9425f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:e6:be:7e:c1:cd:1f:24:8f:03:4b:8a:21:04:
ce:b8:f0:c5:47:2b:71:96:68:b9:b8:54:4e:38:cb:
76:7e:7b:97:5d:ba:c1:21:99:b6:8a:3e:80:da:a4:
14:c0:3a:69:bc:12:de:48:35:03:a8:48:1c:be:41:
af:e4:d3:35:1d:cc:4d:70:aa:7a:d1:df:b1:15:58:
0a:bf:21:95:b3:7c:96:6f:31:88:68:a1:a4:e9:e6:
70:36:ff:ad:39:ec:27:cc:3a:41:44:65:37:64:b5:
c3:fd:1a:95:25:47:bc:12:c9:ed:d6:8e:19:fb:dd:
4a:0f:7a:d5:39:06:d6:ae:72:33:2d:74:21:49:c9:
86:b9:48:e0:83:b2:6a:46:b2:82:73:fc:b6:35:c5:
01:4e:4f:6a:80:c6:25:d5:7d:0b:26:05:2d:10:b9:
ad:e1:7f:7a:29:65:0a:78:2c:cc:d4:cf:99:66:fa:
3f:57:1f:f8:37:ab:39:84:fd:c8:ef:27:ed:2e:ba:
36:bd:f4:08:a2:03:91:cb:1a:42:1c:8c:c1:5d:df:
cf:1e:ed:eb:1f:be:89:27:b6:74:af:5c:29:6a:c7:
25:2f:6f:69:94:65:33:c3:5e:7e:57:e0:05:9f:bf:
d1:53:21:7d:df:e3:fd:ee:46:6c:ec:ed:df:f7:01:
d7:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:93:F7:54:A8:D5:B6:F9:EA:DE:50:5E:41:55:01:43:8A:94:25:F6
X509v3 Authority Key Identifier:
keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/9ZP3VKjVtvnq3lBeQVUBQ4qUJfY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.232.24.0/22
185.13.168.0/22
213.156.96.0/22
213.156.104.0-213.156.127.255
Signature Algorithm: sha256WithRSAEncryption
48:cb:02:3f:b4:9d:c6:7a:dd:7e:78:2c:81:2b:77:cd:1b:c1:
c6:00:bc:9f:89:6e:d5:e6:1a:d3:43:36:10:67:60:40:c9:34:
7a:11:e3:af:cc:10:09:aa:de:e3:9b:37:6c:96:92:6c:39:41:
fb:3e:c0:40:e2:f9:ed:1f:e5:56:ef:ca:a1:6b:2b:cc:af:82:
0b:c3:45:8c:ff:97:2a:c0:8c:14:9a:32:2b:58:69:01:07:c0:
d7:44:63:d6:e9:9d:3c:62:b5:2d:df:45:3b:f7:0e:85:67:9e:
ca:50:2c:8d:87:60:ee:73:e5:f0:d9:e5:88:d2:82:e1:24:ab:
12:c3:3a:99:63:67:9c:ca:a1:71:cc:47:48:54:28:7c:04:12:
6c:39:35:d6:b6:65:11:b2:52:a8:4c:1d:53:7e:ce:73:9f:cb:
c5:bc:2e:0d:1d:92:45:46:9e:5c:c4:f7:07:55:a9:c6:8c:1b:
43:08:ce:91:97:8f:f8:9e:56:f3:ea:36:49:c7:64:03:8e:03:
5c:8b:43:8b:c5:fa:44:7b:05:3c:32:bc:78:b8:4c:26:53:87:
04:bf:06:bf:a6:81:4e:ee:8d:00:10:67:15:e1:dc:eb:c4:3c:
1e:8a:0d:36:4d:db:50:56:72:e6:9a:c8:93:ba:1a:15:03:20:
69:0b:9b:d9
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYxsm5s/H083v+ivgrrKi3VZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjMxMjE1MDgzMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTkzZjc1NGE4ZDViNmY5ZWFkZTUwNWU0MTU1MDE0MzhhOTQyNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOa+fsHNHySPA0uKIQTOuPDFRytx
lmi5uFROOMt2fnuXXbrBIZm2ij6A2qQUwDppvBLeSDUDqEgcvkGv5NM1HcxNcKp6
0d+xFVgKvyGVs3yWbzGIaKGk6eZwNv+tOewnzDpBRGU3ZLXD/RqVJUe8Esnt1o4Z
+91KD3rVOQbWrnIzLXQhScmGuUjgg7JqRrKCc/y2NcUBTk9qgMYl1X0LJgUtELmt
4X96KWUKeCzM1M+ZZvo/Vx/4N6s5hP3I7yftLro2vfQIogORyxpCHIzBXd/PHu3r
H76JJ7Z0r1wpasclL29plGUzw15+V+AFn7/RUyF93+P97kZs7O3f9wHXOQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPWT91So1bb56t5QXkFVAUOKlCX2MB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvOVpQM1ZLalZ0dm5xM2xCZVFWVUJRNHFVSmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCbegYAwQC
uQ2oAwQC1ZxgMAwDBAPVnGgDBAfVnAAwDQYJKoZIhvcNAQELBQADggEBAEjLAj+0
ncZ63X54LIErd80bwcYAvJ+JbtXmGtNDNhBnYEDJNHoR46/MEAmq3uObN2yWkmw5
Qfs+wEDi+e0f5VbvyqFrK8yvggvDRYz/lyrAjBSaMitYaQEHwNdEY9bpnTxitS3f
RTv3DoVnnspQLI2HYO5z5fDZ5YjSguEkqxLDOpljZ5zKoXHMR0hUKHwEEmw5Nda2
ZRGyUqhMHVN+znOfy8W8Lg0dkkVGnlzE9wdVqcaMG0MIzpGXj/ieVvPqNknHZAOO
A1yLQ4vF+kR7BTwyvHi4TCZThwS/Br+mgU7ujQAQZxXh3OvEPB6KDTZN21BWcuaa
yJO6GhUDIGkLm9k=
-----END CERTIFICATE-----
Generated at Wed Jun 18 15:25:09 2025 by rpki-client