Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/T4Q4lJXcsgOaM9mgIBuQlgtVUB0.roa
File: T4Q4lJXcsgOaM9mgIBuQlgtVUB0.roa (raw, json)
Hash identifier: apiXw3XW9caljdFLyYNaXPkOmCMioRpWFfV24EgSKhI=
Subject key identifier: 4F:84:38:94:95:DC:B2:03:9A:33:D9:A0:20:1B:90:96:0B:55:50:1D
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018534FEC953E3B55EAD39B81D54DB3EC95F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/T4Q4lJXcsgOaM9mgIBuQlgtVUB0.roa
Signing time: Wed 21 Dec 2022 14:03:10 +0000
ROA not before: Wed 21 Dec 2022 14:03:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207713
IP address blocks: 194.87.218.0/24 maxlen: 24
194.87.216.0/24 maxlen: 24
62.76.233.0/24 maxlen: 24
195.133.88.0/24 maxlen: 24
194.87.31.0/24 maxlen: 24
194.87.45.0/24 maxlen: 24
212.192.14.0/24 maxlen: 24
194.87.71.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:34:fe:c9:53:e3:b5:5e:ad:39:b8:1d:54:db:3e:c9:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 21 14:03:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4f84389495dcb2039a33d9a0201b90960b55501d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:2e:1c:d6:7c:20:a3:14:2a:f7:02:c4:c7:d7:
72:d3:40:57:fd:68:c6:95:c5:5e:a2:02:ad:97:ca:
70:5d:17:86:d5:1f:59:3e:8b:d4:37:a4:50:5a:e8:
47:d8:b4:04:e9:e8:14:86:ec:0a:9a:1c:41:41:14:
7b:f2:e0:e5:16:7d:27:9b:1b:fd:2f:f4:33:2a:b4:
c9:85:d7:d0:17:1b:38:c3:62:d2:1b:3a:a4:f1:3b:
4b:79:12:24:5e:9a:04:8e:2a:62:8c:1e:51:bf:3b:
a9:96:cc:3c:38:37:5b:a2:c1:f1:5b:50:e1:51:e5:
7c:ec:b3:de:7f:6b:af:c8:de:b6:c7:56:54:bb:9d:
29:42:07:da:54:c9:77:bf:eb:d0:8c:a3:9d:ef:cf:
3d:1a:e6:23:6e:86:4b:6d:82:3e:cd:6d:ce:2c:60:
32:d8:69:30:28:b5:93:6b:b5:27:46:a1:d7:fe:ff:
8b:67:2b:6c:7b:73:c8:d3:24:f6:c0:1d:a4:10:37:
d2:06:92:26:c6:dd:47:d2:1d:f4:b2:69:08:30:3d:
b9:dc:42:aa:1a:06:b8:07:e2:de:b1:31:65:00:4d:
9a:2e:e3:ac:0d:1b:66:b8:33:68:f0:e2:cb:1a:e7:
bb:0e:f3:62:d3:ec:60:90:da:54:7b:bb:f1:2d:d9:
4d:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:84:38:94:95:DC:B2:03:9A:33:D9:A0:20:1B:90:96:0B:55:50:1D
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/T4Q4lJXcsgOaM9mgIBuQlgtVUB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.233.0/24
194.87.31.0/24
194.87.45.0/24
194.87.71.0/24
194.87.216.0/24
194.87.218.0/24
195.133.88.0/24
212.192.14.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:7d:3f:9d:b2:db:06:d6:58:f1:3d:f5:52:74:22:c3:bb:bc:
e6:cb:d5:46:50:08:9f:8e:fd:4e:69:29:6e:eb:57:2a:d5:f3:
45:79:f2:ad:64:74:5b:49:a2:81:c1:ea:ac:84:9e:4c:ef:00:
e2:0a:e1:24:f1:89:f5:02:c9:d5:07:c9:37:15:46:7f:f1:98:
05:62:89:aa:9e:7a:bf:f5:ce:e4:80:e3:26:a0:7c:ce:07:df:
3d:df:29:c2:db:67:7d:54:43:6f:21:eb:08:29:0b:bf:64:c9:
bd:2a:a7:ef:b5:b8:ef:ad:02:04:08:b6:d1:ed:e3:6d:8f:81:
1a:8b:21:e5:0c:b0:29:9b:8a:f0:71:88:7f:04:ac:8f:4e:53:
66:58:1e:22:11:c7:e0:20:ba:65:c6:dd:b3:70:3f:d0:3a:ee:
19:9c:fd:3e:42:d8:f8:d6:09:f8:d3:6b:a0:9f:7a:12:8a:ae:
aa:b1:0e:7d:63:94:c8:95:d9:7d:49:3c:0e:b7:21:62:74:96:
ab:d6:ab:2c:4d:a1:a5:e9:fe:7e:68:d9:fa:f1:81:9a:b9:da:
e5:fa:74:2a:bb:d0:71:de:c3:a0:dc:47:f1:e2:ac:ab:e2:47:
6e:7e:1b:3e:ed:cb:83:63:8d:a8:13:ae:1b:fd:81:7e:b5:f3:
fb:97:4a:f1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYU0/slT47VerTm4HVTbPslfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjIxMTQwMzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjg0Mzg5NDk1ZGNiMjAzOWEzM2Q5YTAyMDFiOTA5NjBiNTU1MDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhS4c1nwgoxQq9wLEx9dy00BX/WjG
lcVeogKtl8pwXReG1R9ZPovUN6RQWuhH2LQE6egUhuwKmhxBQRR78uDlFn0nmxv9
L/QzKrTJhdfQFxs4w2LSGzqk8TtLeRIkXpoEjipijB5Rvzuplsw8ODdbosHxW1Dh
UeV87LPef2uvyN62x1ZUu50pQgfaVMl3v+vQjKOd7889GuYjboZLbYI+zW3OLGAy
2GkwKLWTa7UnRqHX/v+LZytse3PI0yT2wB2kEDfSBpImxt1H0h30smkIMD253EKq
Gga4B+LesTFlAE2aLuOsDRtmuDNo8OLLGue7DvNi0+xgkNpUe7vxLdlN7QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFE+EOJSV3LIDmjPZoCAbkJYLVVAdMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVDRRNGxKWGNzZ09hTTltZ0lCdVFsZ3RWVUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAPkzpAwQA
wlcfAwQAwlctAwQAwldHAwQAwlfYAwQAwlfaAwQAw4VYAwQA1MAOMA0GCSqGSIb3
DQEBCwUAA4IBAQA7fT+dstsG1ljxPfVSdCLDu7zmy9VGUAifjv1OaSlu61cq1fNF
efKtZHRbSaKBweqshJ5M7wDiCuEk8Yn1AsnVB8k3FUZ/8ZgFYomqnnq/9c7kgOMm
oHzOB9893ynC22d9VENvIesIKQu/ZMm9KqfvtbjvrQIECLbR7eNtj4EaiyHlDLAp
m4rwcYh/BKyPTlNmWB4iEcfgILplxt2zcD/QOu4ZnP0+Qtj41gn402ugn3oSiq6q
sQ59Y5TIldl9STwOtyFidJar1qssTaGl6f5+aNn68YGaudrl+nQqu9Bx3sOg3Efx
4qyr4kdufhs+7cuDY42oE64b/YF+tfP7l0rx
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:58 2023 by rpki-client on console-ams.rpki-client.org