Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XKZAacZmWLD_zOBYoi1rmgSBPl0.roa
File: XKZAacZmWLD_zOBYoi1rmgSBPl0.roa (raw, json)
Hash identifier: WlHzUT90aTqCYe+N1/lK4/OM/e12sApl/gD0oqz137s=
Subject key identifier: 5C:A6:40:69:C6:66:58:B0:FF:CC:E0:58:A2:2D:6B:9A:04:81:3E:5D
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0183F9F6A1D819E886DC23059A6BED31E086
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XKZAacZmWLD_zOBYoi1rmgSBPl0.roa
Signing time: Fri 21 Oct 2022 09:53:53 +0000
ROA not before: Fri 21 Oct 2022 09:53:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 400377
IP address blocks: 195.133.193.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
194.135.23.0/24 maxlen: 24
194.87.252.0/24 maxlen: 24
212.192.5.0/24 maxlen: 24
212.192.9.0/24 maxlen: 24
192.124.180.0/24 maxlen: 24
192.124.183.0/24 maxlen: 24
193.124.90.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
194.87.199.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:f9:f6:a1:d8:19:e8:86:dc:23:05:9a:6b:ed:31:e0:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Oct 21 09:53:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5ca64069c66658b0ffcce058a22d6b9a04813e5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:45:8e:16:a7:03:88:de:f5:4f:10:84:ec:82:
e4:4a:3d:2e:6f:e1:60:4d:50:6f:3e:5b:6c:35:ed:
29:8e:32:b6:85:2d:e5:c6:df:2a:9d:22:f3:96:2b:
23:84:3d:f4:db:a0:16:f8:7e:61:c7:b0:29:1a:c4:
2f:a4:17:e0:e1:6f:df:55:ce:80:1d:3d:2a:a4:c4:
e9:12:d8:ba:44:46:2e:20:18:d7:10:7c:2f:3a:91:
9d:04:21:60:79:a0:2d:9c:1d:b9:5b:a9:28:f9:e8:
ca:36:d0:e7:8e:71:22:7b:b0:7e:5e:52:c5:58:00:
7c:db:72:0c:42:fe:0b:7f:bb:90:d9:32:a6:80:0e:
86:1b:2b:ca:94:e6:39:10:cf:c7:d3:a6:ad:df:50:
85:f7:fd:cc:f1:e3:4d:ac:77:60:10:9d:e3:a2:56:
a5:98:72:82:97:b9:63:c7:61:8f:bf:c5:d7:ee:5e:
b6:98:46:b4:3e:98:57:98:45:dd:65:42:91:b7:34:
8c:b1:14:50:f5:77:af:37:05:15:14:1b:2a:98:cf:
68:42:8a:2f:d2:14:af:38:84:e5:26:14:a0:7f:da:
c6:d2:49:8e:91:77:10:d1:e5:ff:e7:a1:a9:50:7a:
96:ad:d1:03:7b:1a:1e:0e:de:2a:da:a1:ad:94:68:
68:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:A6:40:69:C6:66:58:B0:FF:CC:E0:58:A2:2D:6B:9A:04:81:3E:5D
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XKZAacZmWLD_zOBYoi1rmgSBPl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.180.0/24
192.124.183.0/24
193.124.90.0/24
193.124.133.0/24
194.87.199.0/24
194.87.252.0/24
194.135.23.0/24
195.133.193.0/24
212.192.5.0/24
212.192.9.0/24
212.193.2.0/24
Signature Algorithm: sha256WithRSAEncryption
40:53:e7:27:cc:a2:b8:52:76:8d:19:be:1b:43:7c:be:2d:96:
e1:fd:cb:fe:1e:f6:45:05:5f:c4:fc:c4:9f:35:27:c2:49:8f:
cc:8a:bd:6e:ea:f0:bd:b7:9c:77:51:ce:35:5c:ac:12:51:2c:
58:57:35:3d:84:dd:6f:c5:0f:2e:01:8f:5e:55:9a:f6:70:b4:
cd:42:62:d2:5e:6a:b7:d7:e9:a3:fe:c9:c9:75:ab:59:c1:26:
14:41:af:db:48:06:d2:9b:bc:6d:af:0c:2e:9a:a6:df:ef:9e:
6c:59:81:f9:af:3f:9d:c0:00:fb:a4:72:d3:6d:53:4e:11:84:
05:7c:1e:2e:7c:87:06:5f:1a:9f:fc:05:f1:e8:42:7d:79:c1:
41:92:00:fd:b4:be:d9:ce:15:9d:5a:53:1b:d9:85:ea:0a:aa:
3d:48:15:04:82:b7:ae:12:3e:6d:32:a3:90:49:fa:e0:25:6f:
5a:34:6d:51:0b:8a:fe:20:87:05:8e:d9:84:e3:01:77:69:0e:
b9:c2:fc:ea:43:4b:78:30:e0:07:f1:9f:17:8d:9a:28:41:fd:
4e:64:37:c9:50:e8:1f:0a:6e:1b:d3:d9:ad:64:8f:8a:e4:e3:
07:08:51:e1:0a:ba:d9:19:00:bf:10:3e:cc:09:0c:b5:34:36:
bc:59:d9:b3
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYP59qHYGeiG3CMFmmvtMeCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDIxMDk1MzUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E2NDA2OWM2NjY1OGIwZmZjY2UwNThhMjJkNmI5YTA0ODEzZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEWOFqcDiN71TxCE7ILkSj0ub+Fg
TVBvPltsNe0pjjK2hS3lxt8qnSLzlisjhD3026AW+H5hx7ApGsQvpBfg4W/fVc6A
HT0qpMTpEti6REYuIBjXEHwvOpGdBCFgeaAtnB25W6ko+ejKNtDnjnEie7B+XlLF
WAB823IMQv4Lf7uQ2TKmgA6GGyvKlOY5EM/H06at31CF9/3M8eNNrHdgEJ3jolal
mHKCl7ljx2GPv8XX7l62mEa0PphXmEXdZUKRtzSMsRRQ9XevNwUVFBsqmM9oQoov
0hSvOITlJhSgf9rG0kmOkXcQ0eX/56GpUHqWrdEDexoeDt4q2qGtlGhoVQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFymQGnGZliw/8zgWKIta5oEgT5dMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWEtaQWFjWm1XTERfek9CWW9pMXJtZ1NCUGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwHy0AwQA
wHy3AwQAwXxaAwQAwXyFAwQAwlfHAwQAwlf8AwQAwocXAwQAw4XBAwQA1MAFAwQA
1MAJAwQA1MECMA0GCSqGSIb3DQEBCwUAA4IBAQBAU+cnzKK4UnaNGb4bQ3y+LZbh
/cv+HvZFBV/E/MSfNSfCSY/Mir1u6vC9t5x3Uc41XKwSUSxYVzU9hN1vxQ8uAY9e
VZr2cLTNQmLSXmq31+mj/snJdatZwSYUQa/bSAbSm7xtrwwumqbf755sWYH5rz+d
wAD7pHLTbVNOEYQFfB4ufIcGXxqf/AXx6EJ9ecFBkgD9tL7ZzhWdWlMb2YXqCqo9
SBUEgreuEj5tMqOQSfrgJW9aNG1RC4r+IIcFjtmE4wF3aQ65wvzqQ0t4MOAH8Z8X
jZooQf1OZDfJUOgfCm4b09mtZI+K5OMHCFHhCrrZGQC/ED7MCQy1NDa8Wdmz
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:05 2023 by rpki-client on console-fra.rpki-client.org