Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5eb130-a0f7-49af-a271-ebec2a42e60d/1/kLww190nbgDaj-rZzG7hohgUr1k.roa
File: kLww190nbgDaj-rZzG7hohgUr1k.roa (raw, json)
Hash identifier: i+RewcMrnE8HsWySd40DIABmql9aYKeXSpmxZTerEaw=
Subject key identifier: 90:BC:30:D7:DD:27:6E:00:DA:8F:EA:D9:CC:6E:E1:A2:18:14:AF:59
Certificate issuer: /CN=0260b70a50adead39b709b590046c52e0cc6929b
Certificate serial: 018C91D536239905B29E49A0168A96F92F23
Authority key identifier: 02:60:B7:0A:50:AD:EA:D3:9B:70:9B:59:00:46:C5:2E:0C:C6:92:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AmC3ClCt6tObcJtZAEbFLgzGkps.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/5eb130-a0f7-49af-a271-ebec2a42e60d/1/kLww190nbgDaj-rZzG7hohgUr1k.roa
Signing time: Fri 22 Dec 2023 14:01:58 +0000
ROA not before: Fri 22 Dec 2023 14:01:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200547
IP address blocks: 185.238.148.0/22 maxlen: 24
185.238.149.0/24 maxlen: 24
185.238.150.0/24 maxlen: 24
185.238.151.0/24 maxlen: 24
160.238.112.0/24 maxlen: 24
160.238.112.0/22 maxlen: 22
160.238.113.0/24 maxlen: 24
160.238.114.0/24 maxlen: 24
160.238.115.0/24 maxlen: 24
185.95.237.0/24 maxlen: 24
185.95.238.0/24 maxlen: 24
185.95.239.0/24 maxlen: 24
185.95.236.0/22 maxlen: 24
185.236.52.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:d5:36:23:99:05:b2:9e:49:a0:16:8a:96:f9:2f:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0260b70a50adead39b709b590046c52e0cc6929b
Validity
Not Before: Dec 22 14:01:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90bc30d7dd276e00da8fead9cc6ee1a21814af59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:e3:8f:fa:d4:8c:e6:8d:20:b6:98:46:97:e4:
1f:13:a3:94:01:f5:c0:88:67:0a:2e:72:27:1a:d4:
7d:b8:f4:61:34:5b:4e:0b:e7:5d:32:cb:e2:86:6e:
4d:f4:aa:54:6b:57:ce:00:4c:33:9c:de:89:11:fc:
ae:a8:0d:e7:d1:fd:4a:c8:eb:82:19:91:b8:0c:7d:
e0:63:9a:01:34:25:a2:2e:7a:08:51:93:d6:2e:62:
47:65:25:54:24:f9:ec:43:19:a6:1c:a5:55:16:d5:
85:89:64:08:3d:cd:ac:75:b4:04:1b:c5:04:83:f5:
7d:78:98:1e:31:62:92:03:65:54:00:bb:d6:ac:11:
c8:bb:ab:a7:0f:13:6c:0a:ce:f1:b7:78:db:25:2e:
7b:f4:be:1c:a2:8c:30:28:0b:a1:fe:e1:10:20:de:
d6:57:54:43:f4:26:c8:27:d3:1f:29:ac:92:d0:66:
73:58:03:0e:af:00:a4:4d:0c:f9:c1:10:aa:19:4d:
3f:67:c9:75:90:59:84:1c:38:a9:22:94:5a:4e:f5:
7c:9d:31:09:0a:a7:0a:43:eb:12:00:6f:fb:82:e6:
ca:2a:e4:1b:e7:84:c3:91:97:c5:fb:1d:8a:a4:76:
bb:73:43:46:e3:d7:30:be:80:63:8b:af:f9:27:66:
a0:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:BC:30:D7:DD:27:6E:00:DA:8F:EA:D9:CC:6E:E1:A2:18:14:AF:59
X509v3 Authority Key Identifier:
keyid:02:60:B7:0A:50:AD:EA:D3:9B:70:9B:59:00:46:C5:2E:0C:C6:92:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AmC3ClCt6tObcJtZAEbFLgzGkps.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5eb130-a0f7-49af-a271-ebec2a42e60d/1/kLww190nbgDaj-rZzG7hohgUr1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5eb130-a0f7-49af-a271-ebec2a42e60d/1/AmC3ClCt6tObcJtZAEbFLgzGkps.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
160.238.112.0/22
185.95.236.0/22
185.236.52.0/24
185.238.148.0/22
Signature Algorithm: sha256WithRSAEncryption
67:77:0f:1e:94:00:0c:49:96:33:1a:43:13:68:12:b3:59:d1:
04:4d:2d:2e:f5:db:7a:2e:3f:d3:5f:81:a1:26:47:c5:5f:f6:
2e:a6:e4:6f:0d:b5:62:7f:66:f0:6d:7b:64:d9:fc:c8:ee:1b:
2d:38:52:fe:7b:12:a1:e3:00:e1:23:58:11:a6:c1:e9:ca:7c:
d7:36:73:b4:0e:3e:db:8d:9c:ef:52:b6:7d:3f:d0:81:d3:30:
73:ec:67:b3:66:47:c3:d1:cc:21:28:ea:1d:46:39:ff:92:f6:
2a:28:b1:0f:df:fd:21:21:e5:b0:91:a1:8c:7f:60:b6:20:37:
37:5d:b2:c0:3f:eb:ff:bc:eb:90:56:57:a1:c0:68:28:1a:5a:
23:15:f4:94:2f:59:24:1a:0b:37:f8:c6:0f:8d:f0:08:fd:bc:
2a:87:d9:4a:7b:7b:46:c1:1f:f9:90:d7:b5:00:73:31:b4:9d:
a8:52:29:12:59:38:d4:70:01:41:9b:5e:7b:7b:92:8f:ef:e6:
9a:a9:90:b0:04:ee:40:c6:0d:49:17:09:63:ea:96:d3:25:82:
fb:9f:3c:22:c3:fa:c9:da:a2:bb:95:60:d4:3c:4d:e6:af:1a:
0c:da:72:3c:cd:c5:cb:01:1b:75:fe:27:f9:24:ec:a4:c7:8a:
4d:86:70:b1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYyR1TYjmQWynkmgFoqW+S8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNjBiNzBhNTBhZGVhZDM5YjcwOWI1OTAwNDZjNTJlMGNj
NjkyOWIwHhcNMjMxMjIyMTQwMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGJjMzBkN2RkMjc2ZTAwZGE4ZmVhZDljYzZlZTFhMjE4MTRhZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuOP+tSM5o0gtphGl+QfE6OUAfXA
iGcKLnInGtR9uPRhNFtOC+ddMsvihm5N9KpUa1fOAEwznN6JEfyuqA3n0f1KyOuC
GZG4DH3gY5oBNCWiLnoIUZPWLmJHZSVUJPnsQxmmHKVVFtWFiWQIPc2sdbQEG8UE
g/V9eJgeMWKSA2VUALvWrBHIu6unDxNsCs7xt3jbJS579L4coowwKAuh/uEQIN7W
V1RD9CbIJ9MfKayS0GZzWAMOrwCkTQz5wRCqGU0/Z8l1kFmEHDipIpRaTvV8nTEJ
CqcKQ+sSAG/7gubKKuQb54TDkZfF+x2KpHa7c0NG49cwvoBji6/5J2ag2QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJC8MNfdJ24A2o/q2cxu4aIYFK9ZMB8GA1UdIwQY
MBaAFAJgtwpQrerTm3CbWQBGxS4MxpKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW1DM0NsQ3Q2dE9iY0p0WkFFYkZMZ3pHa3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81ZWIxMzAtYTBmNy00OWFmLWEyNzEt
ZWJlYzJhNDJlNjBkLzEva0x3dzE5MG5iZ0Rhai1yWnpHN2hvaGdVcjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81ZWIxMzAtYTBmNy00OWFmLWEyNzEtZWJlYzJhNDJlNjBk
LzEvQW1DM0NsQ3Q2dE9iY0p0WkFFYkZMZ3pHa3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCoO5wAwQC
uV/sAwQAuew0AwQCue6UMA0GCSqGSIb3DQEBCwUAA4IBAQBndw8elAAMSZYzGkMT
aBKzWdEETS0u9dt6Lj/TX4GhJkfFX/YupuRvDbVif2bwbXtk2fzI7hstOFL+exKh
4wDhI1gRpsHpynzXNnO0Dj7bjZzvUrZ9P9CB0zBz7GezZkfD0cwhKOodRjn/kvYq
KLEP3/0hIeWwkaGMf2C2IDc3XbLAP+v/vOuQVlehwGgoGlojFfSUL1kkGgs3+MYP
jfAI/bwqh9lKe3tGwR/5kNe1AHMxtJ2oUikSWTjUcAFBm157e5KP7+aaqZCwBO5A
xg1JFwlj6pbTJYL7nzwiw/rJ2qK7lWDUPE3mrxoM2nI8zcXLARt1/if5JOykx4pN
hnCx
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:53:24 2025 by rpki-client