Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/stnH3Q9EqZals2eADgaHJC6EzDg.roa
File: stnH3Q9EqZals2eADgaHJC6EzDg.roa (raw, json)
Hash identifier: S0plbY6epDVwi39F5nIYfPiIotxa0FbueV+E9HsZUoY=
Subject key identifier: B2:D9:C7:DD:0F:44:A9:96:A5:B3:67:80:0E:06:87:24:2E:84:CC:38
Certificate issuer: /CN=2ace21090ee4d78677413423dcb2fe01a6e1c622
Certificate serial: 043AD5
Authority key identifier: 2A:CE:21:09:0E:E4:D7:86:77:41:34:23:DC:B2:FE:01:A6:E1:C6:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ks4hCQ7k14Z3QTQj3LL-AabhxiI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/stnH3Q9EqZals2eADgaHJC6EzDg.roa
Signing time: Fri 18 Feb 2022 12:16:52 +0000
ROA not before: Fri 18 Feb 2022 12:16:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15742
IP address blocks: 217.117.68.0/24 maxlen: 24
217.117.65.0/24 maxlen: 24
217.117.66.0/24 maxlen: 24
217.117.69.0/24 maxlen: 24
217.117.75.0/24 maxlen: 24
217.117.74.0/24 maxlen: 24
217.117.77.0/24 maxlen: 24
87.238.152.0/24 maxlen: 24
87.238.153.0/24 maxlen: 24
217.117.64.0/24 maxlen: 24
2a03:9220::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 277205 (0x43ad5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ace21090ee4d78677413423dcb2fe01a6e1c622
Validity
Not Before: Feb 18 12:16:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b2d9c7dd0f44a996a5b367800e0687242e84cc38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d0:ee:f1:54:69:7a:0c:37:04:06:ea:e1:39:
35:a2:7e:97:70:12:c1:c3:d0:ce:db:66:70:ef:92:
e0:60:91:3b:9c:47:d3:83:9e:9a:c6:03:f0:82:69:
86:1d:c2:d6:1e:95:53:ec:32:0c:f1:c6:ca:1e:73:
6f:fd:52:89:a5:44:4e:b7:80:49:7b:c7:72:49:96:
fd:32:df:1e:eb:8f:92:1f:7e:b7:ec:39:c5:65:c4:
8b:98:7b:50:9d:97:25:fe:8d:a1:92:74:00:b1:d6:
01:f7:bf:df:ca:ee:f4:6b:f8:1f:27:04:60:f1:5e:
70:aa:cb:9c:b5:fe:33:33:ae:dc:fb:3c:48:23:57:
37:6b:02:91:5a:28:92:78:80:7a:ff:1f:d7:7a:2b:
d5:41:8f:0f:3a:f3:fc:5f:17:c5:a3:24:21:e6:cb:
5d:bb:76:7e:5c:8e:c5:b5:08:c5:14:05:16:05:b6:
7d:07:1c:b4:6b:09:15:36:e5:e5:5d:83:42:8a:ed:
f2:69:44:4f:d7:23:d7:bd:dd:48:5e:83:87:bd:40:
f6:83:87:29:a6:ea:73:8f:28:d1:e3:bb:ee:93:bb:
a5:48:b0:6e:92:4f:9f:6d:05:40:a0:8e:9a:11:49:
10:0d:51:a9:5a:37:4d:1a:76:c9:91:e7:db:32:5b:
91:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:D9:C7:DD:0F:44:A9:96:A5:B3:67:80:0E:06:87:24:2E:84:CC:38
X509v3 Authority Key Identifier:
keyid:2A:CE:21:09:0E:E4:D7:86:77:41:34:23:DC:B2:FE:01:A6:E1:C6:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ks4hCQ7k14Z3QTQj3LL-AabhxiI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/stnH3Q9EqZals2eADgaHJC6EzDg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/Ks4hCQ7k14Z3QTQj3LL-AabhxiI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.238.152.0/23
217.117.64.0-217.117.66.255
217.117.68.0/23
217.117.74.0/23
217.117.77.0/24
IPv6:
2a03:9220::/32
Signature Algorithm: sha256WithRSAEncryption
4b:76:df:42:2d:21:24:f2:0c:6c:73:fd:5d:66:22:9c:73:f4:
2d:7c:1e:5d:77:b7:fd:1a:c9:a9:8a:d4:2d:ef:94:60:c3:89:
88:ca:c8:10:b1:ce:25:a4:6c:33:f8:8b:25:08:d6:fa:fb:b6:
66:f5:74:0d:70:6e:20:04:f3:c2:d4:b6:b4:1c:83:34:1c:ba:
5b:79:72:33:43:65:b4:4e:e1:b5:21:91:db:02:c2:10:c9:46:
d0:3a:e9:81:6b:38:6f:4e:23:f2:5a:c3:14:54:00:56:01:64:
63:1c:9a:25:e1:3b:ed:d2:45:05:a2:6b:e9:a3:96:da:3b:29:
d7:92:00:cb:b1:43:70:fb:e4:9e:42:5a:07:3d:c1:57:f4:42:
e5:1f:1a:48:54:55:04:d1:df:43:61:c9:5e:a3:c8:49:3d:b9:
df:67:6d:e1:26:2e:38:6f:98:1b:cb:7d:f4:f2:65:4b:d8:13:
dd:e9:aa:7c:38:81:99:8c:42:a2:6e:20:93:90:2b:f6:b3:24:
2c:79:7d:bf:15:03:75:52:99:d4:f1:47:17:2a:39:b3:05:82:
d8:90:84:b1:72:37:d0:85:33:05:18:c4:1e:c2:b9:52:35:36:
36:1b:d4:dd:d7:2a:6b:c3:81:82:ad:d2:af:9d:3f:b1:51:9d:
28:4b:34:c5
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIDBDrVMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDJh
Y2UyMTA5MGVlNGQ3ODY3NzQxMzQyM2RjYjJmZTAxYTZlMWM2MjIwHhcNMjIwMjE4
MTIxNjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiMmQ5YzdkZDBmNDRh
OTk2YTViMzY3ODAwZTA2ODcyNDJlODRjYzM4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAu9Du8VRpegw3BAbq4Tk1on6XcBLBw9DO22Zw75LgYJE7nEfT
g56axgPwgmmGHcLWHpVT7DIM8cbKHnNv/VKJpUROt4BJe8dySZb9Mt8e64+SH363
7DnFZcSLmHtQnZcl/o2hknQAsdYB97/fyu70a/gfJwRg8V5wqsuctf4zM67c+zxI
I1c3awKRWiiSeIB6/x/XeivVQY8POvP8XxfFoyQh5stdu3Z+XI7FtQjFFAUWBbZ9
Bxy0awkVNuXlXYNCiu3yaURP1yPXvd1IXoOHvUD2g4cppupzjyjR47vuk7ulSLBu
kk+fbQVAoI6aEUkQDVGpWjdNGnbJkefbMluR4wIDAQABo4ICODCCAjQwHQYDVR0O
BBYEFLLZx90PRKmWpbNngA4GhyQuhMw4MB8GA1UdIwQYMBaAFCrOIQkO5NeGd0E0
I9yy/gGm4cYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
S3M0aENRN2sxNFozUVRRajNMTC1BYWJoeGlJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8yMS8yOTE1ZjEtODdiYS00YzE4LWFhZjktNTkwYTk4MTNkZGRmLzEv
c3RuSDNROUVxWmFsczJlQURnYUhKQzZFekRnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8y
OTE1ZjEtODdiYS00YzE4LWFhZjktNTkwYTk4MTNkZGRmLzEvS3M0aENRN2sxNFoz
UVRRajNMTC1BYWJoeGlJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME4G
CCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQBV+6YMAwDBAbZdUADBADZdUIDBAHZ
dUQDBAHZdUoDBADZdU0wDQQCAAIwBwMFACoDkiAwDQYJKoZIhvcNAQELBQADggEB
AEt230ItISTyDGxz/V1mIpxz9C18Hl13t/0ayamK1C3vlGDDiYjKyBCxziWkbDP4
iyUI1vr7tmb1dA1wbiAE88LUtrQcgzQcult5cjNDZbRO4bUhkdsCwhDJRtA66YFr
OG9OI/JawxRUAFYBZGMcmiXhO+3SRQWia+mjlto7KdeSAMuxQ3D75J5CWgc9wVf0
QuUfGkhUVQTR30NhyV6jyEk9ud9nbeEmLjhvmBvLffTyZUvYE93pqnw4gZmMQqJu
IJOQK/azJCx5fb8VA3VSmdTxRxcqObMFgtiQhLFyN9CFMwUYxB7CuVI1NjYb1N3X
KmvDgYKt0q+dP7FRnShLNMU=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:28:22 2025 by rpki-client