Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XUIHYP62SDy2eUIHCfHRCI8NSww.roa
File: XUIHYP62SDy2eUIHCfHRCI8NSww.roa (raw, json)
Hash identifier: l2w2OMwBOU0lG4jN3ZUzL0GyPLyVbEztS22ITXU0T2w=
Subject key identifier: 5D:42:07:60:FE:B6:48:3C:B6:79:42:07:09:F1:D1:08:8F:0D:4B:0C
Certificate issuer: /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial: 0182016F130C355A9F54EFF477DF1023E319
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XUIHYP62SDy2eUIHCfHRCI8NSww.roa
Signing time: Fri 15 Jul 2022 10:37:12 +0000
ROA not before: Fri 15 Jul 2022 10:37:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 400377
IP address blocks: 193.233.178.0/24 maxlen: 24
193.233.182.0/24 maxlen: 24
193.233.183.0/24 maxlen: 24
193.233.180.0/24 maxlen: 24
193.233.181.0/24 maxlen: 24
193.233.186.0/24 maxlen: 24
193.233.184.0/24 maxlen: 24
193.233.185.0/24 maxlen: 24
193.233.189.0/24 maxlen: 24
193.233.190.0/24 maxlen: 24
193.233.191.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:01:6f:13:0c:35:5a:9f:54:ef:f4:77:df:10:23:e3:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
Validity
Not Before: Jul 15 10:37:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5d420760feb6483cb679420709f1d1088f0d4b0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:02:6b:bb:3e:b2:47:d4:db:f4:61:78:95:29:
17:2e:87:3b:32:31:20:4f:ce:da:d8:bd:c7:b1:a8:
9a:59:1a:96:cf:f3:07:ef:b2:9b:32:b0:04:b8:4f:
d7:1e:c8:5a:df:8e:e9:78:12:1a:04:de:bf:7a:d7:
1f:b8:e0:2a:9c:12:30:87:af:d8:a8:65:a8:99:dc:
86:ec:f1:3c:43:9b:48:79:9d:25:4d:b5:1b:89:d9:
a9:70:f7:11:ce:b7:87:f8:19:d0:51:88:76:7c:36:
a0:4d:52:54:7a:fe:48:a9:31:56:34:86:4d:2d:f0:
46:9c:9a:bf:a1:2e:85:64:50:6c:59:5e:a9:26:c0:
f1:37:3f:d7:1a:b2:d7:04:89:3f:1b:77:3a:58:c8:
30:73:39:78:60:dc:cd:36:0f:e2:7a:e3:83:84:fe:
8e:49:c6:2b:83:63:ef:0f:68:28:aa:4c:4f:74:c6:
07:1f:87:21:69:8a:a6:cf:ac:3f:a9:c1:5d:74:f5:
32:4e:51:1e:a4:8a:2b:6f:3e:2c:d9:4b:ed:d1:44:
fa:cb:83:7b:3c:6d:bf:51:10:a6:c1:b7:0c:fe:ff:
b0:f6:f0:1c:14:ab:2e:54:05:b8:12:db:47:0d:dc:
2f:4e:c1:15:43:6c:78:cf:d5:47:25:fa:0b:33:5f:
3c:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:42:07:60:FE:B6:48:3C:B6:79:42:07:09:F1:D1:08:8F:0D:4B:0C
X509v3 Authority Key Identifier:
keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XUIHYP62SDy2eUIHCfHRCI8NSww.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.233.178.0/24
193.233.180.0-193.233.186.255
193.233.189.0-193.233.191.255
Signature Algorithm: sha256WithRSAEncryption
91:ee:a7:d1:c1:75:57:d4:a2:ff:18:70:c5:fc:44:b8:82:78:
f8:b2:a7:c8:1e:82:d8:b1:d0:74:11:c2:b0:1b:26:f8:d7:27:
9f:ed:cb:66:14:f6:7e:54:17:b1:1c:55:81:9e:c4:50:45:f9:
61:c3:75:3b:8f:8b:74:6c:8c:9c:4e:63:74:91:19:18:b3:a9:
90:4f:69:c8:3c:06:be:ad:3c:1a:e5:71:72:91:22:1d:0d:cd:
0e:32:fd:52:b5:1b:78:8c:80:3e:d4:1f:72:5f:d5:78:07:94:
88:1b:d0:90:73:0c:81:14:23:74:b1:66:ba:f8:18:6c:2e:a7:
b7:95:c7:02:90:2a:80:a9:70:6b:39:bb:78:22:44:29:e9:3e:
2f:60:c4:7e:22:6e:e3:3b:01:b3:a5:4d:4b:4a:28:58:e2:34:
be:a6:97:e7:7c:51:c2:6b:49:01:ac:d0:c7:01:4a:f8:94:11:
db:9f:df:ee:8e:4c:4d:6e:c9:16:88:5e:65:c4:a3:4f:32:26:
ed:c7:c5:c4:48:2f:4c:a2:13:0b:e2:82:67:24:ff:75:69:e3:
98:32:56:af:d3:5b:f9:4e:87:9c:ac:18:f7:3a:e9:9f:4b:b7:
1b:e4:b8:a6:5f:0e:8d:d2:26:e6:a7:c7:90:92:33:08:65:11:
81:fb:3c:59
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYIBbxMMNVqfVO/0d98QI+MZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjIwNzE1MTAzNzEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQyMDc2MGZlYjY0ODNjYjY3OTQyMDcwOWYxZDEwODhmMGQ0YjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AJruz6yR9Tb9GF4lSkXLoc7MjEg
T87a2L3HsaiaWRqWz/MH77KbMrAEuE/XHsha347peBIaBN6/etcfuOAqnBIwh6/Y
qGWomdyG7PE8Q5tIeZ0lTbUbidmpcPcRzreH+BnQUYh2fDagTVJUev5IqTFWNIZN
LfBGnJq/oS6FZFBsWV6pJsDxNz/XGrLXBIk/G3c6WMgwczl4YNzNNg/ieuODhP6O
ScYrg2PvD2goqkxPdMYHH4chaYqmz6w/qcFddPUyTlEepIorbz4s2Uvt0UT6y4N7
PG2/URCmwbcM/v+w9vAcFKsuVAW4EttHDdwvTsEVQ2x4z9VHJfoLM188MwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFF1CB2D+tkg8tnlCBwnx0QiPDUsMMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvWFVJSFlQNjJTRHkyZVVJSENmSFJDSThOU3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAwemyMAwD
BALB6bQDBADB6bowDAMEAMHpvQMEBsHpgDANBgkqhkiG9w0BAQsFAAOCAQEAke6n
0cF1V9Si/xhwxfxEuIJ4+LKnyB6C2LHQdBHCsBsm+Ncnn+3LZhT2flQXsRxVgZ7E
UEX5YcN1O4+LdGyMnE5jdJEZGLOpkE9pyDwGvq08GuVxcpEiHQ3NDjL9UrUbeIyA
PtQfcl/VeAeUiBvQkHMMgRQjdLFmuvgYbC6nt5XHApAqgKlwazm7eCJEKek+L2DE
fiJu4zsBs6VNS0ooWOI0vqaX53xRwmtJAazQxwFK+JQR25/f7o5MTW7JFoheZcSj
TzIm7cfFxEgvTKITC+KCZyT/dWnjmDJWr9Nb+U6HnKwY9zrpn0u3G+S4pl8OjdIm
5qfHkJIzCGURgfs8WQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:43:38 2023 by rpki-client on console-fra.rpki-client.org