Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PL2RHPy_A5mckQv-usTAxO74qN8.roa
File: PL2RHPy_A5mckQv-usTAxO74qN8.roa (raw, json)
Hash identifier: VzLmge4U4inaeBCGrpB92hIFQGNzsHYy4ISfql+cVLc=
Subject key identifier: 3C:BD:91:1C:FC:BF:03:99:9C:91:0B:FE:BA:C4:C0:C4:EE:F8:A8:DF
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0184D1ED544894725BBF29F38C7E174B466C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PL2RHPy_A5mckQv-usTAxO74qN8.roa
Signing time: Fri 02 Dec 2022 08:21:42 +0000
ROA not before: Fri 02 Dec 2022 08:21:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211252
IP address blocks: 194.87.205.0/24 maxlen: 24
193.124.44.0/24 maxlen: 24
194.87.151.0/24 maxlen: 24
212.192.8.0/24 maxlen: 24
195.133.18.0/24 maxlen: 24
195.133.38.0/24 maxlen: 24
195.133.40.0/24 maxlen: 24
212.192.30.0/24 maxlen: 24
194.87.84.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:d1:ed:54:48:94:72:5b:bf:29:f3:8c:7e:17:4b:46:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 2 08:21:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3cbd911cfcbf03999c910bfebac4c0c4eef8a8df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:9e:a1:95:f5:60:10:89:69:bb:0e:1c:e4:50:
d9:f2:ad:26:31:c0:a9:a1:29:78:cb:84:9d:18:15:
d9:89:c4:65:c2:0e:21:21:e6:23:12:ef:da:7a:9f:
4d:97:b9:cc:05:0e:77:d8:9d:fc:a7:40:76:4c:e6:
a5:39:e7:d4:de:91:cf:26:73:cd:b0:b7:61:f9:e0:
76:b1:d6:19:ac:73:99:c3:bc:6c:36:c7:4c:21:e5:
c5:6c:45:a9:9c:c8:08:6d:22:ac:22:98:e3:11:3f:
54:d5:8b:c7:73:b5:a8:e4:ef:64:2b:df:1f:10:95:
34:38:69:2e:c1:18:cc:1f:d2:94:34:2e:e7:d2:e0:
88:2a:a3:a3:4b:4e:5d:29:1f:c6:b2:c8:6b:02:a7:
c6:57:1f:ae:0e:bf:af:e2:59:e1:17:0c:48:64:86:
31:b8:a4:0f:94:62:61:9d:1d:b8:68:b8:ba:30:a5:
c5:9e:58:46:e2:fb:c1:f2:f6:49:3a:4c:9a:09:35:
02:29:76:ab:20:94:e5:53:f4:be:a8:46:4f:24:41:
e8:ef:12:b3:cc:79:39:87:23:5f:af:af:e6:c4:dd:
8f:cb:cd:4c:85:9a:0f:30:fa:bd:0b:60:f7:ed:99:
04:cc:5d:b3:35:2c:84:7b:06:34:18:a9:2e:fc:c6:
86:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:BD:91:1C:FC:BF:03:99:9C:91:0B:FE:BA:C4:C0:C4:EE:F8:A8:DF
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PL2RHPy_A5mckQv-usTAxO74qN8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.44.0/24
194.87.84.0/22
194.87.151.0/24
194.87.205.0/24
195.133.18.0/24
195.133.38.0/24
195.133.40.0/24
212.192.8.0/24
212.192.30.0/24
Signature Algorithm: sha256WithRSAEncryption
02:31:30:19:9b:b9:02:60:54:23:4b:2f:03:d1:f7:8d:f9:f7:
e8:aa:54:5a:b2:29:0b:cc:61:82:9d:aa:b8:fc:90:3a:75:23:
35:37:e6:38:39:41:3c:b0:9c:78:62:1b:6f:38:48:d0:4a:e3:
a7:6d:ec:7e:95:77:73:32:94:15:8e:6d:59:85:70:f9:ca:35:
a2:64:e5:bf:51:e2:b7:40:a0:fd:9d:5d:84:0c:c4:af:18:d5:
1d:37:81:c8:2d:99:ec:97:05:74:46:2f:b5:4d:ca:7e:11:88:
86:43:1f:6f:d8:29:42:19:e3:28:8b:81:78:cc:16:a1:f1:ac:
41:c8:85:db:17:8b:dc:93:11:99:4e:68:21:33:65:2d:bd:ee:
8d:1e:d8:85:19:94:83:45:c5:13:7c:19:fb:de:ff:ff:9f:78:
52:23:80:1c:d4:9d:a6:31:3f:13:80:21:ec:03:87:1d:fc:ac:
5c:2d:cd:60:db:f9:bb:8b:4b:44:00:e5:05:c0:e4:7d:fa:79:
97:7a:8a:c9:76:6c:db:0b:82:a3:5a:60:bd:05:69:7f:47:7e:
56:0f:8f:99:c4:1d:11:13:ff:89:4f:b3:c0:47:64:2e:f6:df:
4f:ed:18:d2:54:81:30:59:73:40:fc:2b:7f:2f:04:70:9f:bf:
28:d3:83:69
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYTR7VRIlHJbvynzjH4XS0ZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjAyMDgyMTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2JkOTExY2ZjYmYwMzk5OWM5MTBiZmViYWM0YzBjNGVlZjhhOGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi56hlfVgEIlpuw4c5FDZ8q0mMcCp
oSl4y4SdGBXZicRlwg4hIeYjEu/aep9Nl7nMBQ532J38p0B2TOalOefU3pHPJnPN
sLdh+eB2sdYZrHOZw7xsNsdMIeXFbEWpnMgIbSKsIpjjET9U1YvHc7Wo5O9kK98f
EJU0OGkuwRjMH9KUNC7n0uCIKqOjS05dKR/GsshrAqfGVx+uDr+v4lnhFwxIZIYx
uKQPlGJhnR24aLi6MKXFnlhG4vvB8vZJOkyaCTUCKXarIJTlU/S+qEZPJEHo7xKz
zHk5hyNfr6/mxN2Py81MhZoPMPq9C2D37ZkEzF2zNSyEewY0GKku/MaGPQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDy9kRz8vwOZnJEL/rrEwMTu+KjfMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUEwyUkhQeV9BNW1ja1F2LXVzVEF4Tzc0cU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwXwsAwQC
wldUAwQAwleXAwQAwlfNAwQAw4USAwQAw4UmAwQAw4UoAwQA1MAIAwQA1MAeMA0G
CSqGSIb3DQEBCwUAA4IBAQACMTAZm7kCYFQjSy8D0feN+ffoqlRasikLzGGCnaq4
/JA6dSM1N+Y4OUE8sJx4YhtvOEjQSuOnbex+lXdzMpQVjm1ZhXD5yjWiZOW/UeK3
QKD9nV2EDMSvGNUdN4HILZnslwV0Ri+1Tcp+EYiGQx9v2ClCGeMoi4F4zBah8axB
yIXbF4vckxGZTmghM2Utve6NHtiFGZSDRcUTfBn73v//n3hSI4Ac1J2mMT8TgCHs
A4cd/KxcLc1g2/m7i0tEAOUFwOR9+nmXeorJdmzbC4KjWmC9BWl/R35WD4+ZxB0R
E/+JT7PAR2Qu9t9P7RjSVIEwWXNA/Ct/LwRwn78o04Np
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:02 2023 by rpki-client on console-fra.rpki-client.org