Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/cNq-FqwcryCPAa-wCaQ2x-QmGio.roa
File: cNq-FqwcryCPAa-wCaQ2x-QmGio.roa (raw, json)
Hash identifier: 9Ss45+sFMLCFEqgzlwgwIFFpMW4cdWbxs2JRMKiVe/A=
Subject key identifier: 70:DA:BE:16:AC:1C:AF:20:8F:01:AF:B0:09:A4:36:C7:E4:26:1A:2A
Certificate issuer: /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial: 0187C97B6A72116612E405ED005E47679BA1
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/cNq-FqwcryCPAa-wCaQ2x-QmGio.roa
Signing time: Fri 28 Apr 2023 20:08:41 +0000
ROA not before: Fri 28 Apr 2023 20:08:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203020
IP address blocks: 5.183.94.0/24 maxlen: 24
185.244.8.0/23 maxlen: 23
185.244.11.0/24 maxlen: 24
171.22.248.0/23 maxlen: 23
171.22.251.0/24 maxlen: 24
171.22.250.0/24 maxlen: 24
45.146.204.0/22 maxlen: 24
45.82.223.0/24 maxlen: 24
193.42.226.0/23 maxlen: 23
45.135.18.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:c9:7b:6a:72:11:66:12:e4:05:ed:00:5e:47:67:9b:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Validity
Not Before: Apr 28 20:08:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=70dabe16ac1caf208f01afb009a436c7e4261a2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:20:70:a2:c2:2d:d7:ac:d5:cf:07:08:dc:cd:
a9:4d:1b:96:b5:38:76:dc:65:b8:e8:47:05:b7:7e:
e2:71:7d:e1:a0:6e:9c:c2:22:6c:2d:6e:11:19:3b:
fe:d5:0f:43:a8:e8:5d:ae:db:99:b2:04:99:a5:29:
c2:1e:c0:ab:c2:d5:62:d6:51:ed:b2:30:d8:c6:26:
3d:9d:c0:ba:f8:02:bc:76:18:45:83:52:c1:63:2c:
ff:bc:6f:39:6c:ba:7c:46:7c:16:26:07:51:27:4e:
64:7e:b5:3e:35:55:90:c0:18:09:76:a0:e6:d2:f3:
d9:5b:fd:e6:33:6c:9f:c9:69:f3:db:04:b0:fb:55:
47:3d:04:47:b5:86:63:12:4f:87:56:7a:07:26:17:
43:e9:8e:7c:12:c5:19:ab:2b:da:27:6f:96:d7:eb:
eb:0a:44:7d:5c:8d:82:ab:4e:fa:7b:a1:53:56:a7:
64:2b:c8:2d:e1:61:28:8c:01:3c:28:c7:61:05:14:
c6:ba:f4:a8:ac:7e:ab:09:d7:82:19:f2:d2:e3:a0:
ca:e7:0b:ae:ba:20:9f:3b:5f:c8:70:70:71:f7:05:
7b:68:72:71:34:cc:52:b2:4d:b9:fe:03:4f:88:4f:
ca:08:b6:b0:9a:fa:29:d4:ca:b7:a6:28:d3:3f:8c:
79:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:DA:BE:16:AC:1C:AF:20:8F:01:AF:B0:09:A4:36:C7:E4:26:1A:2A
X509v3 Authority Key Identifier:
keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/cNq-FqwcryCPAa-wCaQ2x-QmGio.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.183.94.0/24
45.82.223.0/24
45.135.18.0/23
45.146.204.0/22
171.22.248.0/22
185.244.8.0/23
185.244.11.0/24
193.42.226.0/23
Signature Algorithm: sha256WithRSAEncryption
0a:02:65:24:ee:4a:71:e7:6d:e3:99:5f:b4:87:b4:ce:17:8f:
63:1e:95:ed:8e:10:14:c4:01:68:a0:65:9d:a0:20:0d:15:8d:
5e:f2:fa:a3:f8:74:e3:02:e3:35:eb:b2:29:82:a4:6f:ad:89:
6a:57:17:f7:88:21:c8:e0:6f:ee:ca:b6:da:8d:fa:7d:cb:0c:
3d:33:46:9a:de:28:8c:03:f0:c1:fb:b2:e3:ff:f8:0e:49:73:
4a:ab:2b:91:c9:2a:44:c8:fd:cd:25:3b:04:6e:95:e6:36:17:
63:fc:88:e8:98:66:81:e6:a9:1c:02:a0:4a:44:75:23:e1:e6:
86:c3:9b:10:a3:32:76:dc:f2:67:36:2c:f6:e2:fd:ec:01:c0:
56:1c:a1:eb:5c:5c:63:7f:f0:fc:fa:0b:f1:b1:d2:1b:b2:e4:
be:0c:9e:77:42:f7:9b:b1:e1:22:10:64:21:6e:f3:ae:a0:a2:
70:0d:02:ae:0d:d1:44:07:3e:bc:28:84:41:c2:90:44:44:9b:
2b:e6:7b:62:93:df:1f:a0:5d:62:18:77:f5:6e:20:b3:53:d6:
2c:71:67:a3:77:39:b9:df:da:73:61:55:95:54:2d:4e:16:5b:
1b:18:a6:bd:77:9a:d4:01:61:f7:27:13:28:8f:ad:2a:18:1b:
50:a1:67:6d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYfJe2pyEWYS5AXtAF5HZ5uhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjMwNDI4MjAwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGRhYmUxNmFjMWNhZjIwOGYwMWFmYjAwOWE0MzZjN2U0MjYxYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCBwosIt16zVzwcI3M2pTRuWtTh2
3GW46EcFt37icX3hoG6cwiJsLW4RGTv+1Q9DqOhdrtuZsgSZpSnCHsCrwtVi1lHt
sjDYxiY9ncC6+AK8dhhFg1LBYyz/vG85bLp8RnwWJgdRJ05kfrU+NVWQwBgJdqDm
0vPZW/3mM2yfyWnz2wSw+1VHPQRHtYZjEk+HVnoHJhdD6Y58EsUZqyvaJ2+W1+vr
CkR9XI2Cq076e6FTVqdkK8gt4WEojAE8KMdhBRTGuvSorH6rCdeCGfLS46DK5wuu
uiCfO1/IcHBx9wV7aHJxNMxSsk25/gNPiE/KCLawmvop1Mq3pijTP4x5/QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHDavhasHK8gjwGvsAmkNsfkJhoqMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvY05xLUZxd2NyeUNQQWEtd0NhUTJ4LVFtR2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQABbdeAwQA
LVLfAwQBLYcSAwQCLZLMAwQCqxb4AwQBufQIAwQAufQLAwQBwSriMA0GCSqGSIb3
DQEBCwUAA4IBAQAKAmUk7kpx523jmV+0h7TOF49jHpXtjhAUxAFooGWdoCANFY1e
8vqj+HTjAuM167IpgqRvrYlqVxf3iCHI4G/uyrbajfp9yww9M0aa3iiMA/DB+7Lj
//gOSXNKqyuRySpEyP3NJTsEbpXmNhdj/IjomGaB5qkcAqBKRHUj4eaGw5sQozJ2
3PJnNiz24v3sAcBWHKHrXFxjf/D8+gvxsdIbsuS+DJ53QvebseEiEGQhbvOuoKJw
DQKuDdFEBz68KIRBwpBERJsr5ntik98foF1iGHf1biCzU9YscWejdzm539pzYVWV
VC1OFlsbGKa9d5rUAWH3JxMoj60qGBtQoWdt
-----END CERTIFICATE-----
Generated at Sun Jun 15 18:59:48 2025 by rpki-client