Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/8BINkXZm1EetWEP91G9RB3UNfA0.roa
File: 8BINkXZm1EetWEP91G9RB3UNfA0.roa (raw, json)
Hash identifier: cpa58KkX2800TzdluXGx13y66bsfjvIk99BaP/934JI=
Subject key identifier: F0:12:0D:91:76:66:D4:47:AD:58:43:FD:D4:6F:51:07:75:0D:7C:0D
Certificate issuer: /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial: 018A00933FAA766060832AC2F3EB27547D8E
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/8BINkXZm1EetWEP91G9RB3UNfA0.roa
Signing time: Wed 16 Aug 2023 22:59:24 +0000
ROA not before: Wed 16 Aug 2023 22:59:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58321
IP address blocks: 194.169.227.0/24 maxlen: 24
185.123.160.0/24 maxlen: 24
195.114.0.0/23 maxlen: 24
195.242.116.0/23 maxlen: 24
91.199.22.0/24 maxlen: 24
195.78.66.0/23 maxlen: 24
195.2.254.0/23 maxlen: 24
178.250.40.0/21 maxlen: 24
193.218.152.0/22 maxlen: 24
94.152.254.0/24 maxlen: 24
94.152.255.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:00:93:3f:aa:76:60:60:83:2a:c2:f3:eb:27:54:7d:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
Validity
Not Before: Aug 16 22:59:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f0120d917666d447ad5843fdd46f5107750d7c0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:68:e4:6c:34:e9:f7:d9:ba:28:1f:c0:6d:39:
6f:2d:6e:ef:60:46:f4:d4:1d:66:d8:e1:2e:a0:35:
1f:44:dd:52:d7:43:b8:68:f0:12:1e:50:fe:49:18:
87:ed:aa:5a:9f:36:82:d1:94:26:c2:22:7b:0c:3b:
ac:84:34:fc:1d:1b:83:4b:4a:f7:e9:2e:44:8f:84:
0a:30:9a:1e:4a:5d:e0:81:63:87:f6:ae:13:8f:5a:
ab:3c:2f:a2:09:40:b8:32:e7:73:29:9c:d2:92:cd:
8d:b9:10:e8:bd:f7:33:88:90:c9:27:52:7b:99:d4:
6c:87:1b:6c:5b:b0:8a:b7:67:d6:e7:ac:7f:c4:a0:
7c:2d:e2:01:4b:69:52:00:46:e1:f2:45:7c:a5:a4:
df:c8:31:d4:b3:0c:6e:51:68:00:e2:92:04:cd:34:
2f:da:c9:4f:d6:38:0b:76:6d:75:90:d6:56:b1:d5:
de:f1:d4:9c:c3:8c:aa:79:6c:96:b9:cf:6f:19:cb:
c7:f4:8b:55:45:cd:4f:32:90:b2:5d:95:34:bf:b1:
c9:98:7b:91:96:1c:45:94:7a:17:0a:da:11:0d:15:
e9:bb:85:15:8a:19:c5:c8:19:89:5e:71:77:54:1d:
86:b7:99:6f:91:fd:22:15:87:d6:2b:c8:fd:ff:02:
d5:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:12:0D:91:76:66:D4:47:AD:58:43:FD:D4:6F:51:07:75:0D:7C:0D
X509v3 Authority Key Identifier:
keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/8BINkXZm1EetWEP91G9RB3UNfA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.199.22.0/24
94.152.254.0/23
178.250.40.0/21
185.123.160.0/24
193.218.152.0/22
194.169.227.0/24
195.2.254.0/23
195.78.66.0/23
195.114.0.0/23
195.242.116.0/23
Signature Algorithm: sha256WithRSAEncryption
a4:9c:12:3b:49:8c:e8:4c:96:60:55:0b:35:16:fe:66:c6:84:
78:78:1c:2e:18:2a:b1:cd:64:18:1d:c7:19:cb:ca:4a:7a:ca:
ba:81:aa:b6:73:64:07:7c:02:bc:06:e8:96:42:a4:12:45:2d:
d1:13:e3:10:9e:fa:7b:90:b5:af:fb:e5:37:06:e0:36:73:58:
d7:8e:7a:d7:b9:84:92:be:30:b5:ba:e5:ca:8e:39:b2:2f:12:
d9:4d:36:b2:ab:e8:14:e2:f0:61:48:0c:e0:05:9d:5b:15:90:
5f:cb:66:25:47:07:e9:48:58:a4:b1:92:d2:6c:34:db:34:c5:
34:b8:cd:63:59:eb:60:f3:e5:58:df:fc:88:b9:f0:ae:c1:fa:
7c:02:ba:f1:b4:e3:59:26:fe:f0:3a:c7:ce:cc:cf:24:51:4c:
3c:58:ec:5c:2d:31:8b:20:e4:68:68:71:7c:f4:72:05:b3:c5:
c2:7e:72:07:33:c0:22:51:90:04:4a:65:65:66:8b:f1:80:61:
d7:0d:81:98:88:68:9d:0b:47:e3:a5:86:be:17:0b:6c:d8:83:
aa:7a:bc:33:8a:46:bf:6d:1b:c3:5a:20:60:82:9f:f8:41:bd:
f8:b2:f3:62:6c:c7:82:fe:fb:17:45:f8:34:23:75:a6:84:d1:
7e:aa:c2:c2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYoAkz+qdmBggyrC8+snVH2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjMwODE2MjI1OTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDEyMGQ5MTc2NjZkNDQ3YWQ1ODQzZmRkNDZmNTEwNzc1MGQ3YzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomjkbDTp99m6KB/AbTlvLW7vYEb0
1B1m2OEuoDUfRN1S10O4aPASHlD+SRiH7apanzaC0ZQmwiJ7DDushDT8HRuDS0r3
6S5Ej4QKMJoeSl3ggWOH9q4Tj1qrPC+iCUC4MudzKZzSks2NuRDovfcziJDJJ1J7
mdRshxtsW7CKt2fW56x/xKB8LeIBS2lSAEbh8kV8paTfyDHUswxuUWgA4pIEzTQv
2slP1jgLdm11kNZWsdXe8dScw4yqeWyWuc9vGcvH9ItVRc1PMpCyXZU0v7HJmHuR
lhxFlHoXCtoRDRXpu4UVihnFyBmJXnF3VB2Gt5lvkf0iFYfWK8j9/wLVeQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPASDZF2ZtRHrVhD/dRvUQd1DXwNMB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvOEJJTmtYWm0xRWV0V0VQOTFHOVJCM1VOZkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAW8cWAwQB
Xpj+AwQDsvooAwQAuXugAwQCwdqYAwQAwqnjAwQBwwL+AwQBw05CAwQBw3IAAwQB
w/J0MA0GCSqGSIb3DQEBCwUAA4IBAQCknBI7SYzoTJZgVQs1Fv5mxoR4eBwuGCqx
zWQYHccZy8pKesq6gaq2c2QHfAK8BuiWQqQSRS3RE+MQnvp7kLWv++U3BuA2c1jX
jnrXuYSSvjC1uuXKjjmyLxLZTTayq+gU4vBhSAzgBZ1bFZBfy2YlRwfpSFiksZLS
bDTbNMU0uM1jWetg8+VY3/yIufCuwfp8ArrxtONZJv7wOsfOzM8kUUw8WOxcLTGL
IORoaHF89HIFs8XCfnIHM8AiUZAESmVlZovxgGHXDYGYiGidC0fjpYa+Fwts2IOq
erwzika/bRvDWiBggp/4Qb34svNibMeC/vsXRfg0I3WmhNF+qsLC
-----END CERTIFICATE-----
Generated at Mon Apr 28 01:08:16 2025 by rpki-client