Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/X-toNGzz03uhUd8ftJPmQI-Pjr4.roa
File: X-toNGzz03uhUd8ftJPmQI-Pjr4.roa (raw, json)
Hash identifier: l4xeeXGcnKV7PErR+pS1EcEjPttquAi23m3735GcL68=
Subject key identifier: 5F:EB:68:34:6C:F3:D3:7B:A1:51:DF:1F:B4:93:E6:40:8F:8F:8E:BE
Certificate issuer: /CN=34e110b59362f673eae33b66ee7aea3c4028294e
Certificate serial: 01BD7A
Authority key identifier: 34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/X-toNGzz03uhUd8ftJPmQI-Pjr4.roa
Signing time: Wed 09 Mar 2022 12:17:03 +0000
ROA not before: Wed 09 Mar 2022 12:17:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29028
IP address blocks: 141.105.124.0/24 maxlen: 24
141.105.124.0/23 maxlen: 24
141.105.125.0/24 maxlen: 24
141.105.120.0/22 maxlen: 24
141.105.126.0/23 maxlen: 24
178.21.118.0/24 maxlen: 24
178.21.112.0/21 maxlen: 24
193.200.132.0/24 maxlen: 24
194.145.200.0/23 maxlen: 24
185.2.44.0/22 maxlen: 24
2a02:2308::/32 maxlen: 32
2a02:2308:30::/48 maxlen: 48
2a02:2308:20::/48 maxlen: 48
2a02:2308::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 114042 (0x1bd7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34e110b59362f673eae33b66ee7aea3c4028294e
Validity
Not Before: Mar 9 12:17:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5feb68346cf3d37ba151df1fb493e6408f8f8ebe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:12:26:4e:d3:88:06:a2:3c:0a:80:0e:ed:e3:
13:ee:ea:de:c1:4a:d2:e7:d9:6b:1b:fb:7e:86:dc:
b3:0c:bd:47:db:8a:b5:25:2a:45:8e:8c:4c:88:7a:
aa:6e:c9:49:9c:60:48:a0:3f:3e:53:2a:bb:4f:a6:
bf:ac:d9:5d:b5:01:9f:79:70:a5:5f:93:02:f3:e6:
0d:ef:f9:84:b6:62:b1:11:aa:53:90:71:15:44:89:
75:a9:d1:08:05:7f:c5:16:34:29:d8:6f:fd:48:4a:
78:ce:92:66:ad:29:0f:02:44:44:7b:fa:c5:6c:53:
a1:16:3a:7a:f8:71:db:ec:b9:02:71:c8:41:8f:aa:
32:35:62:81:88:0f:5a:f2:b4:40:3f:d6:db:bc:8e:
bd:43:aa:9e:03:27:da:90:4c:17:57:3a:0b:4d:b9:
3d:eb:42:40:a0:bd:0c:1a:fa:6f:e1:ff:70:53:35:
55:79:53:83:30:ad:54:40:93:f7:6e:22:0e:8d:4d:
de:37:a2:fc:36:56:02:b1:35:79:15:37:5f:ae:f8:
8f:92:24:fe:78:d5:0e:d2:ee:a0:12:8c:f3:e8:6c:
7d:c8:d6:51:7b:c6:7f:52:ab:0d:48:a2:73:b3:1d:
2f:5c:a2:29:ee:9a:39:d9:82:64:59:60:63:7b:8b:
3e:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:EB:68:34:6C:F3:D3:7B:A1:51:DF:1F:B4:93:E6:40:8F:8F:8E:BE
X509v3 Authority Key Identifier:
keyid:34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/X-toNGzz03uhUd8ftJPmQI-Pjr4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/NOEQtZNi9nPq4ztm7nrqPEAoKU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.120.0/21
178.21.112.0/21
185.2.44.0/22
193.200.132.0/24
194.145.200.0/23
IPv6:
2a02:2308::/32
Signature Algorithm: sha256WithRSAEncryption
8e:6d:a6:1c:84:bb:70:88:47:84:dc:2b:b6:d3:cd:70:0b:4a:
ad:b5:27:0c:07:43:d3:b3:fe:f1:2c:8e:b6:36:f3:74:7a:3d:
2d:0b:84:5f:70:d7:01:84:0d:8c:e4:8e:88:02:4e:a1:73:ad:
77:59:be:20:6b:2e:2f:ce:a0:00:57:13:9e:07:0d:27:34:30:
58:df:6f:5e:c2:03:bf:f3:f6:64:b0:16:c4:e9:1d:a9:dd:27:
a3:26:d0:34:23:b6:01:0b:8c:f2:1b:cf:17:4c:6d:da:21:a5:
4d:59:d5:3b:ae:e4:01:ea:4f:aa:72:f3:b0:7f:80:fb:97:bc:
05:9d:0d:28:f3:8b:da:3e:e3:d5:6f:10:35:80:0f:13:21:93:
33:80:82:ec:d6:c4:d3:62:92:86:65:8f:d4:84:ed:78:8f:47:
f3:9d:ea:33:b4:de:f4:32:20:be:0a:b0:6d:22:4c:03:0b:32:
9e:d2:4d:89:7c:ee:51:da:93:e2:c7:74:81:9f:3d:2c:d6:ee:
7f:b0:37:1a:3d:47:d8:0b:5a:1b:6a:ad:9b:d2:4d:01:ea:3b:
7a:44:a2:b1:11:79:39:36:81:02:e1:fc:b6:e7:b0:eb:fe:ae:
5f:38:19:17:e2:55:03:c4:51:5b:15:14:62:28:95:5c:9c:4d:
6c:17:8a:da
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIDAb16MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDM0
ZTExMGI1OTM2MmY2NzNlYWUzM2I2NmVlN2FlYTNjNDAyODI5NGUwHhcNMjIwMzA5
MTIxNzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1ZmViNjgzNDZjZjNk
MzdiYTE1MWRmMWZiNDkzZTY0MDhmOGY4ZWJlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqxImTtOIBqI8CoAO7eMT7urewUrS59lrG/t+htyzDL1H24q1
JSpFjoxMiHqqbslJnGBIoD8+Uyq7T6a/rNldtQGfeXClX5MC8+YN7/mEtmKxEapT
kHEVRIl1qdEIBX/FFjQp2G/9SEp4zpJmrSkPAkREe/rFbFOhFjp6+HHb7LkCcchB
j6oyNWKBiA9a8rRAP9bbvI69Q6qeAyfakEwXVzoLTbk960JAoL0MGvpv4f9wUzVV
eVODMK1UQJP3biIOjU3eN6L8NlYCsTV5FTdfrviPkiT+eNUO0u6gEozz6Gx9yNZR
e8Z/UqsNSKJzsx0vXKIp7po52YJkWWBje4s+OQIDAQABo4ICMDCCAiwwHQYDVR0O
BBYEFF/raDRs89N7oVHfH7ST5kCPj46+MB8GA1UdIwQYMBaAFDThELWTYvZz6uM7
Zu566jxAKClOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
Tk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYtMWJiMjdjNWQzOTdlLzEv
WC10b05HenowM3VoVWQ4ZnRKUG1RSS1QanI0LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8w
YmY4ZmItMTYwNC00Y2QxLTlkYTYtMWJiMjdjNWQzOTdlLzEvTk9FUXRaTmk5blBx
NHp0bTducnFQRUFvS1U0LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYG
CCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDjWl4AwQDshVwAwQCuQIsAwQAwciE
AwQBwpHIMA0EAgACMAcDBQAqAiMIMA0GCSqGSIb3DQEBCwUAA4IBAQCObaYchLtw
iEeE3Cu2081wC0qttScMB0PTs/7xLI62NvN0ej0tC4RfcNcBhA2M5I6IAk6hc613
Wb4gay4vzqAAVxOeBw0nNDBY329ewgO/8/ZksBbE6R2p3SejJtA0I7YBC4zyG88X
TG3aIaVNWdU7ruQB6k+qcvOwf4D7l7wFnQ0o84vaPuPVbxA1gA8TIZMzgILs1sTT
YpKGZY/UhO14j0fzneoztN70MiC+CrBtIkwDCzKe0k2JfO5R2pPix3SBnz0s1u5/
sDcaPUfYC1obaq2b0k0B6jt6RKKxEXk5NoEC4fy257Dr/q5fOBkX4lUDxFFbFRRi
KJVcnE1sF4ra
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:26 2024 by rpki-client on console-ams.rpki-client.org