Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/fDG4ok4uWLjpJ0wzhMNMotsByzI.roa
File: fDG4ok4uWLjpJ0wzhMNMotsByzI.roa (raw, json)
Hash identifier: HbGOl0dCRLXas7K+gPHbDsuS56CbpS5jzvIso52vtrY=
Subject key identifier: 7C:31:B8:A2:4E:2E:58:B8:E9:27:4C:33:84:C3:4C:A2:DB:01:CB:32
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 01850CCAC507E3DD63D022E47FA83C865000
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/fDG4ok4uWLjpJ0wzhMNMotsByzI.roa
Signing time: Tue 13 Dec 2022 18:41:33 +0000
ROA not before: Tue 13 Dec 2022 18:41:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 109.122.43.0/24 maxlen: 24
109.122.40.0/24 maxlen: 24
109.122.41.0/24 maxlen: 24
109.122.42.0/24 maxlen: 24
109.122.47.0/24 maxlen: 24
109.122.45.0/24 maxlen: 24
109.122.46.0/24 maxlen: 24
91.226.57.0/24 maxlen: 24
193.93.54.0/23 maxlen: 24
193.93.52.0/24 maxlen: 24
193.93.53.0/24 maxlen: 24
87.237.167.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:0c:ca:c5:07:e3:dd:63:d0:22:e4:7f:a8:3c:86:50:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Dec 13 18:41:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7c31b8a24e2e58b8e9274c3384c34ca2db01cb32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:c5:0d:d5:87:73:f0:4c:54:9e:02:16:86:04:
43:5c:35:09:4a:52:a6:c8:18:8b:23:04:82:47:9f:
1a:46:95:4b:44:41:6e:00:a3:e3:65:8b:78:57:14:
c8:03:02:68:e3:5d:27:b5:b8:65:fd:35:c3:8d:37:
03:94:7f:85:bd:c8:75:b8:58:a1:b5:97:3a:33:bc:
fe:05:9f:98:d1:bb:ec:95:ba:7f:8f:dc:a7:05:6f:
4b:87:26:b9:15:dd:a0:e3:4f:2f:f2:6b:4c:ea:a7:
af:ad:1c:20:5f:f7:84:b3:c8:97:6f:6f:e1:12:58:
28:ab:6e:04:22:83:97:86:d1:af:64:b6:ef:dd:1e:
1e:d9:e0:b7:b3:bf:69:35:cb:ad:d8:21:38:84:75:
f4:1d:23:61:c1:02:a7:59:6b:69:70:c1:45:e3:ba:
6e:77:9c:05:da:a8:cb:45:5f:6e:dd:d4:0d:ab:e3:
ce:80:66:84:96:7a:40:31:4c:94:61:ae:d2:a6:1e:
5f:e4:e8:3a:2e:73:0e:c8:84:85:b1:39:f7:21:d6:
12:0b:ee:1e:81:bb:bb:11:87:70:45:9d:a9:0d:a2:
f1:66:1a:0a:4d:b4:db:da:9c:0b:48:c3:b6:ab:79:
c0:db:d7:f0:2b:c9:5c:97:39:09:3f:25:c3:6c:fb:
30:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:31:B8:A2:4E:2E:58:B8:E9:27:4C:33:84:C3:4C:A2:DB:01:CB:32
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/fDG4ok4uWLjpJ0wzhMNMotsByzI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.237.167.0/24
91.226.57.0/24
109.122.40.0/22
109.122.45.0-109.122.47.255
193.93.52.0/22
Signature Algorithm: sha256WithRSAEncryption
3e:33:e7:ab:c0:cc:5c:bd:de:a6:c6:2f:84:ab:d9:c3:5e:0f:
b3:2a:53:72:99:15:93:7d:73:b3:9b:8f:51:f0:c4:51:44:af:
17:a7:5a:4a:d4:3b:42:fc:3f:b9:46:9a:d5:e9:f6:a0:20:26:
f3:a5:a8:f2:2b:2d:c9:2c:4d:05:36:40:2d:39:5f:42:df:41:
96:39:a0:14:67:07:3f:13:e3:81:6a:29:7c:b0:77:78:93:bf:
0d:cf:5d:10:f8:70:3d:7d:f9:f2:e8:bd:18:81:93:ff:17:c2:
75:e5:83:f7:61:05:61:f4:64:bb:2d:70:18:cd:4b:ab:6b:42:
49:7d:91:74:8f:93:85:1a:65:2d:4e:eb:48:00:ef:ec:1c:10:
64:9e:cc:b5:ea:85:ec:1a:84:cc:00:df:08:61:f2:b9:ff:9d:
99:f7:82:35:56:6c:6e:f1:6c:fc:92:d5:30:01:89:03:de:0b:
fc:98:1e:95:41:7b:0d:80:18:0a:78:78:c9:19:db:22:16:28:
5e:a0:34:4c:13:00:6c:83:94:ea:8c:6a:c5:e0:d7:2d:d1:ae:
f4:9a:e2:37:4d:97:34:0e:80:e3:65:35:45:96:e2:45:06:2b:
91:5c:4a:70:8b:dc:3e:ce:76:60:9b:35:c1:7e:8c:ad:46:6e:
48:ff:4c:1f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYUMysUH491j0CLkf6g8hlAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjIxMjEzMTg0MTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMxYjhhMjRlMmU1OGI4ZTkyNzRjMzM4NGMzNGNhMmRiMDFjYjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8UN1Ydz8ExUngIWhgRDXDUJSlKm
yBiLIwSCR58aRpVLREFuAKPjZYt4VxTIAwJo410ntbhl/TXDjTcDlH+Fvch1uFih
tZc6M7z+BZ+Y0bvslbp/j9ynBW9Lhya5Fd2g408v8mtM6qevrRwgX/eEs8iXb2/h
Elgoq24EIoOXhtGvZLbv3R4e2eC3s79pNcut2CE4hHX0HSNhwQKnWWtpcMFF47pu
d5wF2qjLRV9u3dQNq+POgGaElnpAMUyUYa7Sph5f5Og6LnMOyISFsTn3IdYSC+4e
gbu7EYdwRZ2pDaLxZhoKTbTb2pwLSMO2q3nA29fwK8lclzkJPyXDbPswrwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFHwxuKJOLli46SdMM4TDTKLbAcsyMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvZkRHNG9rNHVXTGpwSjB3emhNTk1vdHNCeXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAV+2nAwQA
W+I5AwQCbXooMAwDBABtei0DBARteiADBALBXTQwDQYJKoZIhvcNAQELBQADggEB
AD4z56vAzFy93qbGL4Sr2cNeD7MqU3KZFZN9c7Obj1HwxFFErxenWkrUO0L8P7lG
mtXp9qAgJvOlqPIrLcksTQU2QC05X0LfQZY5oBRnBz8T44FqKXywd3iTvw3PXRD4
cD19+fLovRiBk/8XwnXlg/dhBWH0ZLstcBjNS6trQkl9kXSPk4UaZS1O60gA7+wc
EGSezLXqhewahMwA3whh8rn/nZn3gjVWbG7xbPyS1TABiQPeC/yYHpVBew2AGAp4
eMkZ2yIWKF6gNEwTAGyDlOqMasXg1y3RrvSa4jdNlzQOgONlNUWW4kUGK5FcSnCL
3D7OdmCbNcF+jK1Gbkj/TB8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:06 2024 by rpki-client on console-ams.rpki-client.org