Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/7zB9IWs_jFDsHT_nIugkZCq2f0k.roa
File: 7zB9IWs_jFDsHT_nIugkZCq2f0k.roa (raw, json)
Hash identifier: gsMuOslj53XcPVTDMuNhGJWjAXlQP+DbYpT8zr4jSG8=
Subject key identifier: EF:30:7D:21:6B:3F:8C:50:EC:1D:3F:E7:22:E8:24:64:2A:B6:7F:49
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 39A29DB4
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/7zB9IWs_jFDsHT_nIugkZCq2f0k.roa
Signing time: Fri 22 Apr 2022 10:47:02 +0000
ROA not before: Fri 22 Apr 2022 10:47:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34549
IP address blocks: 159.148.246.0/23 maxlen: 23
85.254.178.0/23 maxlen: 23
85.254.174.0/23 maxlen: 23
85.254.180.0/23 maxlen: 23
85.254.76.0/22 maxlen: 22
85.254.80.0/22 maxlen: 22
85.254.104.0/21 maxlen: 21
85.254.112.0/21 maxlen: 21
85.254.122.0/23 maxlen: 23
85.254.128.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 966958516 (0x39a29db4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Apr 22 10:47:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ef307d216b3f8c50ec1d3fe722e824642ab67f49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:a5:f3:0f:9f:d4:4d:17:72:d1:7f:85:d9:f0:
90:e4:42:15:d9:69:3b:57:6e:32:25:ef:1c:9d:ac:
7d:dd:50:03:38:01:f8:24:37:2d:67:ce:d6:fc:d8:
38:17:14:06:60:86:82:23:d5:ac:2a:78:d0:fc:36:
e8:68:0d:bc:cd:3e:0d:a9:ce:7e:e9:d3:f8:11:9b:
34:e9:54:53:c3:7d:cf:ea:1e:a3:4f:b6:0e:08:1e:
03:ce:9c:8f:7f:0e:86:53:f9:71:89:9a:8f:ff:dd:
4f:a8:c5:87:16:82:74:21:50:ae:c6:37:d3:9c:04:
80:9d:37:b0:a3:99:7a:dc:56:1f:80:67:6c:53:ea:
8f:1c:4c:2f:f7:76:6e:8d:18:07:e7:d0:62:b4:87:
b6:45:c9:1f:c4:c5:0c:a4:81:9e:e9:e1:e0:a5:04:
32:7b:61:22:80:f3:cf:7f:54:57:b4:15:68:6e:75:
4f:79:15:77:5e:6a:da:f6:05:92:69:16:3d:ec:5b:
ae:99:07:43:cc:48:73:30:02:3b:9d:02:16:81:0e:
9d:a0:0c:06:6a:fe:a8:88:98:62:12:82:e6:b3:27:
9b:a3:44:fb:24:c1:db:b7:6f:81:4b:e8:f2:b2:ea:
fe:dd:b5:9b:37:e2:95:a9:55:6d:9d:94:c9:b0:4d:
03:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:30:7D:21:6B:3F:8C:50:EC:1D:3F:E7:22:E8:24:64:2A:B6:7F:49
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/7zB9IWs_jFDsHT_nIugkZCq2f0k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.254.76.0-85.254.83.255
85.254.104.0-85.254.119.255
85.254.122.0/23
85.254.128.0/22
85.254.174.0/23
85.254.178.0-85.254.181.255
159.148.246.0/23
Signature Algorithm: sha256WithRSAEncryption
85:9b:16:b5:5b:1e:23:d6:d7:06:c9:55:f9:5a:6d:25:42:f3:
3a:84:1b:ca:e9:4e:e3:7b:ac:e9:f5:4a:fa:29:cc:04:ef:4e:
05:19:38:26:53:59:00:0f:c6:ad:df:b9:a2:5e:ce:68:87:ab:
31:32:d0:33:65:ea:5b:5d:8b:6d:2a:d0:a5:e4:6b:bd:9f:c7:
db:ec:cf:d9:64:23:9f:f3:d1:e0:68:60:f5:60:f7:bf:f9:db:
11:b0:c2:1b:d9:58:bb:49:ad:8d:37:b1:e6:d6:9f:d2:09:f4:
f4:15:a9:f7:6f:07:ae:18:d8:ac:bf:56:10:6c:2f:10:b5:c6:
40:70:5b:b8:fe:15:15:61:ba:e6:70:28:b4:22:b0:8f:7e:63:
13:3e:3a:dc:e7:db:31:d0:3e:5d:80:86:90:f6:c5:9a:a4:60:
41:03:43:06:5b:cd:70:32:cb:72:ea:84:88:33:0d:3a:d5:59:
e3:73:42:4d:12:3f:27:82:6c:10:5e:07:7a:1d:33:dd:64:50:
2b:4d:da:89:93:dd:f2:b4:34:d1:5d:83:a1:5c:4c:af:95:41:
d8:5e:72:1b:83:c5:88:34:b5:e2:a7:bb:62:2d:f8:21:2d:2c:
70:68:e1:f2:4a:a8:68:ca:98:ef:49:f2:9c:42:99:7e:66:32:
dc:b6:0f:38
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIEOaKdtDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YjA5NTJjOGJhOGRhZGIxZDM0ZGU2YzZhOTM4NjRhNjA5ZmM0MWVjMB4XDTIyMDQy
MjEwNDcwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWYzMDdkMjE2YjNm
OGM1MGVjMWQzZmU3MjJlODI0NjQyYWI2N2Y0OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL+l8w+f1E0XctF/hdnwkORCFdlpO1duMiXvHJ2sfd1QAzgB
+CQ3LWfO1vzYOBcUBmCGgiPVrCp40Pw26GgNvM0+DanOfunT+BGbNOlUU8N9z+oe
o0+2DggeA86cj38OhlP5cYmaj//dT6jFhxaCdCFQrsY305wEgJ03sKOZetxWH4Bn
bFPqjxxML/d2bo0YB+fQYrSHtkXJH8TFDKSBnunh4KUEMnthIoDzz39UV7QVaG51
T3kVd15q2vYFkmkWPexbrpkHQ8xIczACO50CFoEOnaAMBmr+qIiYYhKC5rMnm6NE
+yTB27dvgUvo8rLq/t21mzfilalVbZ2UybBNA40CAwEAAaOCAkUwggJBMB0GA1Ud
DgQWBBTvMH0haz+MUOwdP+ci6CRkKrZ/STAfBgNVHSMEGDAWgBSrCVLIuo2tsdNN
5sapOGSmCfxB7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3F3bFN5THFOcmJIVFRlYkdxVGhrcGduOFFldy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGUvMzU1NWZlLTEyY2QtNDAyYS1hODEwLTU1NTRkNmUxNjg2Zi8x
Lzd6QjlJV3NfakZEc0hUX25JdWdrWkNxMmYway5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGUv
MzU1NWZlLTEyY2QtNDAyYS1hODEwLTU1NTRkNmUxNjg2Zi8xL3F3bFN5THFOcmJI
VFRlYkdxVGhrcGduOFFldy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBb
BggrBgEFBQcBBwEB/wRMMEowSAQCAAEwQjAMAwQCVf5MAwQCVf5QMAwDBANV/mgD
BANV/nADBAFV/noDBAJV/oADBAFV/q4wDAMEAVX+sgMEAVX+tAMEAZ+U9jANBgkq
hkiG9w0BAQsFAAOCAQEAhZsWtVseI9bXBslV+VptJULzOoQbyulO43us6fVK+inM
BO9OBRk4JlNZAA/Grd+5ol7OaIerMTLQM2XqW12LbSrQpeRrvZ/H2+zP2WQjn/PR
4Ghg9WD3v/nbEbDCG9lYu0mtjTex5taf0gn09BWp928HrhjYrL9WEGwvELXGQHBb
uP4VFWG65nAotCKwj35jEz463OfbMdA+XYCGkPbFmqRgQQNDBlvNcDLLcuqEiDMN
OtVZ43NCTRI/J4JsEF4Heh0z3WRQK03aiZPd8rQ00V2DoVxMr5VB2F5yG4PFiDS1
4qe7Yi34IS0scGjh8kqoaMqY70nynEKZfmYy3LYPOA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:43:45 2023 by rpki-client on console-fra.rpki-client.org