Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/oIw-dnfykA6ubFuAVrgjwlz8Bbc.roa
File: oIw-dnfykA6ubFuAVrgjwlz8Bbc.roa (raw, json)
Hash identifier: MU+Oieh88p8Sk1rBhNf8StsJPP9/5OVuvQbpsD0/1/g=
Subject key identifier: A0:8C:3E:76:77:F2:90:0E:AE:6C:5B:80:56:B8:23:C2:5C:FC:05:B7
Certificate issuer: /CN=df3b82005fdbe961020f740ab43c554e5a38451f
Certificate serial: 139A5F20
Authority key identifier: DF:3B:82:00:5F:DB:E9:61:02:0F:74:0A:B4:3C:55:4E:5A:38:45:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3zuCAF_b6WECD3QKtDxVTlo4RR8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/oIw-dnfykA6ubFuAVrgjwlz8Bbc.roa
Signing time: Sat 01 Jan 2022 08:54:03 +0000
ROA not before: Sat 01 Jan 2022 08:54:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34265
IP address blocks: 193.138.187.0/24 maxlen: 24
176.106.1.0/24 maxlen: 24
176.106.0.0/21 maxlen: 21
176.106.0.0/24 maxlen: 24
176.112.120.0/24 maxlen: 24
176.112.121.0/24 maxlen: 24
176.112.120.0/21 maxlen: 21
176.112.127.0/24 maxlen: 24
213.108.72.0/21 maxlen: 21
213.108.78.0/24 maxlen: 24
213.108.75.0/24 maxlen: 24
193.138.184.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 328884000 (0x139a5f20)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3b82005fdbe961020f740ab43c554e5a38451f
Validity
Not Before: Jan 1 08:54:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a08c3e7677f2900eae6c5b8056b823c25cfc05b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:6b:9b:4b:80:53:eb:fc:dd:4d:9f:f5:33:a8:
fb:41:bf:78:c5:f9:29:78:95:39:fc:47:b7:da:ce:
1e:a7:c2:47:ea:9f:e8:f4:8e:48:d3:8f:92:9c:80:
ad:17:a3:01:dc:bf:2c:4a:7f:71:28:8d:67:e8:83:
42:03:9c:d5:94:2a:bc:4a:b0:2c:6a:35:67:24:04:
d4:0a:6d:dc:d5:bc:9a:53:69:da:79:c6:ac:1d:4d:
f6:1e:1f:6d:db:42:ff:78:1d:98:cc:59:29:fb:32:
f0:1a:73:85:c9:7d:aa:7b:11:c5:c1:68:5e:6a:ae:
9a:29:f7:8b:6b:c2:ae:1f:79:25:6e:c5:eb:8e:0a:
9b:67:d7:c0:bd:0f:68:e6:de:ad:f1:e1:64:38:9e:
d4:98:c5:b5:67:f1:91:b6:88:61:2d:0a:be:29:4c:
2b:17:e0:59:5e:99:4d:45:b0:8e:56:43:ae:89:fd:
f6:e4:30:65:8f:22:3a:dc:d2:ba:56:50:e1:4c:4a:
70:ea:d2:59:97:db:ce:98:23:70:55:c7:0f:3a:db:
61:c2:0a:d9:14:8b:e8:d9:14:6f:64:ab:36:bb:87:
54:2d:6c:6d:84:bb:37:49:0e:22:17:53:f7:97:11:
b2:42:2e:ee:8b:a0:af:df:a3:a9:64:7c:46:67:dd:
d4:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:8C:3E:76:77:F2:90:0E:AE:6C:5B:80:56:B8:23:C2:5C:FC:05:B7
X509v3 Authority Key Identifier:
keyid:DF:3B:82:00:5F:DB:E9:61:02:0F:74:0A:B4:3C:55:4E:5A:38:45:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3zuCAF_b6WECD3QKtDxVTlo4RR8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/oIw-dnfykA6ubFuAVrgjwlz8Bbc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/3zuCAF_b6WECD3QKtDxVTlo4RR8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.106.0.0/21
176.112.120.0/21
193.138.184.0/22
213.108.72.0/21
Signature Algorithm: sha256WithRSAEncryption
02:0c:f8:22:dc:0a:32:bc:49:3a:a4:07:c3:ac:2a:dc:b9:dc:
7b:5d:4c:b3:eb:e8:cd:1a:6d:86:50:d0:32:33:65:da:b4:35:
a2:9e:a7:cf:56:d3:84:61:9e:8b:d5:79:85:5a:cd:ef:90:fe:
6e:84:4e:31:74:68:95:aa:9a:17:d6:f6:cc:a7:52:99:8f:1d:
49:44:af:6b:00:35:90:8e:ed:fd:89:93:80:ac:dd:04:b3:57:
0c:28:ed:38:0c:41:eb:e6:f5:56:e9:03:c3:e5:57:2b:90:04:
5e:17:00:9f:5a:1a:a8:6e:ed:8e:25:8d:ad:f5:7c:66:d0:26:
2d:b2:96:db:a6:65:86:9f:fa:cb:85:96:46:a4:a0:ab:6c:17:
37:9b:35:74:9e:7c:fc:fe:02:46:49:c7:bb:19:0a:3e:e9:eb:
25:22:3e:72:9c:77:91:a3:f0:ce:38:c8:cc:18:48:94:da:5d:
1e:b7:fa:e1:8e:e3:57:80:1e:f7:52:bb:9b:e8:e8:97:b7:0f:
87:a1:72:cf:33:fe:b6:f6:35:4c:70:95:da:be:01:1b:2a:4b:
b0:f3:98:15:c9:b1:73:a7:90:04:73:86:c0:22:87:95:7e:12:
a3:c8:77:eb:a3:88:ee:e1:81:69:07:8b:6b:4b:b8:03:86:c8:
99:e7:53:46
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEE5pfIDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
ZjNiODIwMDVmZGJlOTYxMDIwZjc0MGFiNDNjNTU0ZTVhMzg0NTFmMB4XDTIyMDEw
MTA4NTQwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTA4YzNlNzY3N2Yy
OTAwZWFlNmM1YjgwNTZiODIzYzI1Y2ZjMDViNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIxrm0uAU+v83U2f9TOo+0G/eMX5KXiVOfxHt9rOHqfCR+qf
6PSOSNOPkpyArRejAdy/LEp/cSiNZ+iDQgOc1ZQqvEqwLGo1ZyQE1Apt3NW8mlNp
2nnGrB1N9h4fbdtC/3gdmMxZKfsy8Bpzhcl9qnsRxcFoXmqumin3i2vCrh95JW7F
644Km2fXwL0PaOberfHhZDie1JjFtWfxkbaIYS0KvilMKxfgWV6ZTUWwjlZDron9
9uQwZY8iOtzSulZQ4UxKcOrSWZfbzpgjcFXHDzrbYcIK2RSL6NkUb2SrNruHVC1s
bYS7N0kOIhdT95cRskIu7ougr9+jqWR8Rmfd1NMCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSgjD52d/KQDq5sW4BWuCPCXPwFtzAfBgNVHSMEGDAWgBTfO4IAX9vpYQIP
dAq0PFVOWjhFHzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzN6dUNBRl9iNldFQ0QzUUt0RHhWVGxvNFJSOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmEvMzhmZjM2LTdkNzMtNDg1Yy04OTEwLTM3YzE0MDkyZWIyNy8x
L29Jdy1kbmZ5a0E2dWJGdUFWcmdqd2x6OEJiYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEv
MzhmZjM2LTdkNzMtNDg1Yy04OTEwLTM3YzE0MDkyZWIyNy8xLzN6dUNBRl9iNldF
Q0QzUUt0RHhWVGxvNFJSOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEA7BqAAMEA7BweAMEAsGKuAMEA9Vs
SDANBgkqhkiG9w0BAQsFAAOCAQEAAgz4ItwKMrxJOqQHw6wq3Lnce11Ms+vozRpt
hlDQMjNl2rQ1op6nz1bThGGei9V5hVrN75D+boROMXRolaqaF9b2zKdSmY8dSUSv
awA1kI7t/YmTgKzdBLNXDCjtOAxB6+b1VukDw+VXK5AEXhcAn1oaqG7tjiWNrfV8
ZtAmLbKW26Zlhp/6y4WWRqSgq2wXN5s1dJ58/P4CRknHuxkKPunrJSI+cpx3kaPw
zjjIzBhIlNpdHrf64Y7jV4Ae91K7m+jol7cPh6FyzzP+tvY1THCV2r4BGypLsPOY
Fcmxc6eQBHOGwCKHlX4So8h366OI7uGBaQeLa0u4A4bImedTRg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:42 2024 by rpki-client on console-fra.rpki-client.org