Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/CKwqcp5fTbDqU1cLTddUfINHhiU.roa
File: CKwqcp5fTbDqU1cLTddUfINHhiU.roa (raw, json)
Hash identifier: v0pQ9sHj0BeglkKuYlCTvF/6VhhTiB4Q3AcUA4ybrYU=
Subject key identifier: 08:AC:2A:72:9E:5F:4D:B0:EA:53:57:0B:4D:D7:54:7C:83:47:86:25
Certificate issuer: /CN=940ff880330af762ae6cc050de5f34b5f57b0b09
Certificate serial: 0AD8EE5B
Authority key identifier: 94:0F:F8:80:33:0A:F7:62:AE:6C:C0:50:DE:5F:34:B5:F5:7B:0B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lA_4gDMK92KubMBQ3l80tfV7Cwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/CKwqcp5fTbDqU1cLTddUfINHhiU.roa
Signing time: Sat 01 Jan 2022 13:55:37 +0000
ROA not before: Sat 01 Jan 2022 13:55:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 20723
IP address blocks: 217.112.160.0/20 maxlen: 20
185.84.232.0/22 maxlen: 22
178.20.136.0/21 maxlen: 21
131.117.208.0/21 maxlen: 21
79.170.248.0/21 maxlen: 21
217.115.240.0/20 maxlen: 20
2a00:6500::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 181988955 (0xad8ee5b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=940ff880330af762ae6cc050de5f34b5f57b0b09
Validity
Not Before: Jan 1 13:55:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=08ac2a729e5f4db0ea53570b4dd7547c83478625
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:c1:09:80:09:d5:4b:81:a8:7b:9f:11:92:4a:
22:66:4b:57:43:98:ad:3f:8b:a8:ea:e4:f4:44:ce:
b0:ba:75:3c:89:20:b0:5c:51:2f:bc:37:51:65:79:
5a:01:db:01:de:3e:2f:7e:07:b5:cd:38:1c:e8:a4:
eb:82:3f:9d:f9:96:d3:a0:ec:50:d4:45:a4:11:a4:
5c:66:f4:03:98:60:d6:c6:37:d3:af:77:00:0f:9a:
27:50:1f:d8:ad:ab:cf:35:2e:fa:52:fb:4d:25:0a:
29:8b:c0:20:42:6e:be:a0:70:76:cc:0d:22:ca:72:
ab:af:87:a5:10:94:11:94:ca:8b:0b:60:bf:56:6c:
62:ec:f8:ee:27:32:30:d1:a5:71:51:2b:64:37:df:
5b:1c:c2:78:75:19:13:95:5d:e7:51:44:d2:02:26:
e1:80:82:ca:3a:da:ee:7a:24:df:1b:e3:fd:09:b6:
60:6e:2c:d0:5b:44:16:3d:b2:8c:7e:62:4d:9c:4a:
d8:c9:f8:d7:97:54:9a:73:41:8d:8e:ce:54:6b:4d:
56:68:7b:89:50:85:eb:ed:e5:be:bd:cb:0f:a6:72:
01:ac:53:0b:39:e3:e0:b9:4f:e0:80:3c:f6:d6:d5:
11:2e:64:8f:3f:c3:ff:ba:b4:9f:17:09:db:0c:bd:
96:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:AC:2A:72:9E:5F:4D:B0:EA:53:57:0B:4D:D7:54:7C:83:47:86:25
X509v3 Authority Key Identifier:
keyid:94:0F:F8:80:33:0A:F7:62:AE:6C:C0:50:DE:5F:34:B5:F5:7B:0B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lA_4gDMK92KubMBQ3l80tfV7Cwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/CKwqcp5fTbDqU1cLTddUfINHhiU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/lA_4gDMK92KubMBQ3l80tfV7Cwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.170.248.0/21
131.117.208.0/21
178.20.136.0/21
185.84.232.0/22
217.112.160.0/20
217.115.240.0/20
IPv6:
2a00:6500::/29
Signature Algorithm: sha256WithRSAEncryption
85:7d:53:72:9d:bf:6d:e2:e6:bb:12:be:f9:b9:f0:da:1a:56:
f3:45:4c:1f:9a:34:53:88:0e:4d:62:5b:d5:aa:a9:b6:af:e5:
20:9d:de:40:39:b1:c6:a2:aa:05:e1:8d:6d:37:e7:95:c6:d7:
af:c7:1e:24:8d:69:fc:44:98:4f:55:cf:ec:52:04:91:09:3b:
17:83:c8:5a:5e:b6:42:23:63:16:14:6f:b2:41:56:3e:91:0c:
58:5a:dd:69:9a:c8:47:63:0f:d4:7f:5e:aa:f4:1b:aa:5a:cf:
de:3b:41:6a:3a:7f:69:45:b9:31:1c:a1:c3:04:5f:38:89:f2:
0a:51:f1:0b:50:c6:53:7d:cc:f3:84:e0:5c:9a:db:26:37:8b:
49:13:ef:bf:14:5a:34:3e:05:9d:a1:f1:a6:1d:6e:08:2d:ce:
3e:87:48:9a:a9:24:38:e2:1f:0c:af:ca:50:a5:f8:94:9e:9b:
7d:d9:d1:ef:a0:d3:03:d0:a1:f1:86:0d:b9:cb:ac:e2:7e:6b:
86:b0:be:4e:99:8d:b4:83:d3:8c:e1:c9:43:36:dc:2f:3f:10:
fc:74:49:84:95:c9:36:58:bf:25:da:67:54:56:27:59:75:02:
a7:3d:a7:13:25:18:01:30:7d:6e:85:ab:10:82:0b:b9:20:eb:
31:8b:a4:67
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIECtjuWzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDBmZjg4MDMzMGFmNzYyYWU2Y2MwNTBkZTVmMzRiNWY1N2IwYjA5MB4XDTIyMDEw
MTEzNTUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDhhYzJhNzI5ZTVm
NGRiMGVhNTM1NzBiNGRkNzU0N2M4MzQ3ODYyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOfBCYAJ1UuBqHufEZJKImZLV0OYrT+LqOrk9ETOsLp1PIkg
sFxRL7w3UWV5WgHbAd4+L34Htc04HOik64I/nfmW06DsUNRFpBGkXGb0A5hg1sY3
0693AA+aJ1Af2K2rzzUu+lL7TSUKKYvAIEJuvqBwdswNIspyq6+HpRCUEZTKiwtg
v1ZsYuz47icyMNGlcVErZDffWxzCeHUZE5Vd51FE0gIm4YCCyjra7nok3xvj/Qm2
YG4s0FtEFj2yjH5iTZxK2Mn415dUmnNBjY7OVGtNVmh7iVCF6+3lvr3LD6ZyAaxT
Cznj4LlP4IA89tbVES5kjz/D/7q0nxcJ2wy9llsCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBQIrCpynl9NsOpTVwtN11R8g0eGJTAfBgNVHSMEGDAWgBSUD/iAMwr3Yq5s
wFDeXzS19XsLCTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xBXzRnRE1LOTJLdWJNQlEzbDgwdGZWN0N3ay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDYvMjNlMTZlLTk0M2UtNDU5NS05NTMwLWE4MmY2NThhMmFhMS8x
L0NLd3FjcDVmVGJEcVUxY0xUZGRVZklOSGhpVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYv
MjNlMTZlLTk0M2UtNDU5NS05NTMwLWE4MmY2NThhMmFhMS8xL2xBXzRnRE1LOTJL
dWJNQlEzbDgwdGZWN0N3ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEA0+q+AMEA4N10AMEA7IUiAMEArlU
6AMEBNlwoAMEBNlz8DANBAIAAjAHAwUDKgBlADANBgkqhkiG9w0BAQsFAAOCAQEA
hX1Tcp2/beLmuxK++bnw2hpW80VMH5o0U4gOTWJb1aqptq/lIJ3eQDmxxqKqBeGN
bTfnlcbXr8ceJI1p/ESYT1XP7FIEkQk7F4PIWl62QiNjFhRvskFWPpEMWFrdaZrI
R2MP1H9eqvQbqlrP3jtBajp/aUW5MRyhwwRfOInyClHxC1DGU33M84TgXJrbJjeL
SRPvvxRaND4FnaHxph1uCC3OPodImqkkOOIfDK/KUKX4lJ6bfdnR76DTA9Ch8YYN
ucus4n5rhrC+TpmNtIPTjOHJQzbcLz8Q/HRJhJXJNli/JdpnVFYnWXUCpz2nEyUY
ATB9boWrEIILuSDrMYukZw==
-----END CERTIFICATE-----
Generated at Tue Apr 29 05:20:19 2025 by rpki-client