Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/SgI5_9W6l6guNU4_w-WzAy2n5uA.roa
File: SgI5_9W6l6guNU4_w-WzAy2n5uA.roa (raw, json)
Hash identifier: 3oHLRHtf4mspbA2hMdk/pQBZ6WYCfdEUAEWJ7ICFlM8=
Subject key identifier: 4A:02:39:FF:D5:BA:97:A8:2E:35:4E:3F:C3:E5:B3:03:2D:A7:E6:E0
Certificate issuer: /CN=1da97cae7de6b29e56f0259af53c95926034a502
Certificate serial: 07B346EF
Authority key identifier: 1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/SgI5_9W6l6guNU4_w-WzAy2n5uA.roa
Signing time: Sat 01 Jan 2022 04:01:46 +0000
ROA not before: Sat 01 Jan 2022 04:01:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3399
IP address blocks: 45.141.108.0/22 maxlen: 22
185.242.228.0/22 maxlen: 22
178.132.72.0/21 maxlen: 21
185.86.104.0/22 maxlen: 22
195.128.240.0/23 maxlen: 23
185.147.236.0/22 maxlen: 22
195.128.254.0/23 maxlen: 23
2a03:8600::/32 maxlen: 32
2a07:5cc0::/29 maxlen: 29
2a07:5cc1::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 129189615 (0x7b346ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1da97cae7de6b29e56f0259af53c95926034a502
Validity
Not Before: Jan 1 04:01:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4a0239ffd5ba97a82e354e3fc3e5b3032da7e6e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:a4:ca:fe:2e:30:dd:cd:c3:42:dc:01:25:d0:
0b:61:4f:75:38:8a:e4:20:5e:c6:29:29:a4:d4:2e:
d9:d6:ce:69:91:12:8e:79:11:9c:33:ef:67:2a:79:
32:af:32:51:c9:82:35:8a:f2:0e:44:dd:3d:e4:9b:
10:81:16:94:9b:7e:43:05:57:5b:5d:8d:b2:5d:51:
95:b6:ef:3f:de:8e:d5:f5:77:82:12:ac:14:08:1c:
aa:84:2f:b8:89:8b:cf:18:1d:5b:4b:06:87:38:e4:
22:e4:71:41:e6:e3:4c:e0:da:52:92:e8:47:12:7e:
c9:d2:7f:af:eb:5d:62:08:06:76:b6:5b:f7:27:52:
47:70:20:15:95:a9:32:92:21:d7:5e:3d:1b:32:96:
24:47:76:25:a9:76:c5:de:c2:48:ad:a0:0a:21:bd:
69:e5:83:1a:b3:6c:0d:35:5a:65:d8:48:27:c7:21:
a0:5e:1f:27:08:35:ba:22:dc:98:a5:65:6d:ad:bb:
15:35:b5:02:e2:12:11:2c:ea:7c:b8:93:80:18:8c:
86:c5:62:87:2c:b5:2a:18:65:cc:78:ef:c4:b0:37:
1e:74:42:e3:18:80:5f:e1:91:16:3b:e6:3b:9c:dc:
d5:34:ea:81:c9:1f:c7:c7:89:7e:58:cc:a5:10:65:
79:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:02:39:FF:D5:BA:97:A8:2E:35:4E:3F:C3:E5:B3:03:2D:A7:E6:E0
X509v3 Authority Key Identifier:
keyid:1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/SgI5_9W6l6guNU4_w-WzAy2n5uA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.108.0/22
178.132.72.0/21
185.86.104.0/22
185.147.236.0/22
185.242.228.0/22
195.128.240.0/23
195.128.254.0/23
IPv6:
2a03:8600::/32
2a07:5cc0::/29
Signature Algorithm: sha256WithRSAEncryption
70:2c:89:22:48:60:52:1c:d3:f8:93:55:5c:2c:db:c6:4e:02:
fe:2c:5d:76:6b:bf:f8:9b:00:51:c0:19:b5:22:da:38:98:51:
c4:68:6c:bd:b8:f2:3a:5a:1a:ed:e3:96:03:13:83:e8:03:70:
5d:0e:8f:94:08:e0:b1:e3:29:e5:bf:9d:db:dd:d6:37:c0:7c:
78:3c:85:d7:5d:b0:46:ff:9d:09:7d:e1:81:2c:73:75:07:71:
02:58:9c:fa:91:82:87:c1:7a:d0:16:ab:6d:02:bf:0f:96:fb:
a9:d0:aa:9c:a6:36:61:c4:84:87:8d:68:2b:58:b4:cf:cd:1f:
02:e6:60:cf:0a:ee:6c:2e:53:3b:67:06:d5:01:cc:2d:98:0a:
51:5f:b0:fd:99:7f:ab:fe:38:98:c5:fd:a8:c6:75:f2:13:bd:
b6:8f:12:5e:be:aa:41:bc:c8:8f:41:fa:f1:fa:24:b4:13:5f:
e8:3f:ff:4b:6a:3f:3c:69:60:1b:08:e9:d8:29:2d:da:23:86:
e3:af:b0:2f:69:b2:89:15:68:52:40:e3:56:61:df:b5:ff:86:
32:1c:99:cb:60:d3:5c:ac:92:e6:37:78:54:0c:d2:5a:ca:07:
6a:cc:1c:37:69:7d:f2:d7:bf:d9:3b:ac:cf:df:f3:1e:ca:5b:
d9:69:5d:34
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIEB7NG7zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZGE5N2NhZTdkZTZiMjllNTZmMDI1OWFmNTNjOTU5MjYwMzRhNTAyMB4XDTIyMDEw
MTA0MDE0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGEwMjM5ZmZkNWJh
OTdhODJlMzU0ZTNmYzNlNWIzMDMyZGE3ZTZlMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALCkyv4uMN3Nw0LcASXQC2FPdTiK5CBexikppNQu2dbOaZES
jnkRnDPvZyp5Mq8yUcmCNYryDkTdPeSbEIEWlJt+QwVXW12Nsl1RlbbvP96O1fV3
ghKsFAgcqoQvuImLzxgdW0sGhzjkIuRxQebjTODaUpLoRxJ+ydJ/r+tdYggGdrZb
9ydSR3AgFZWpMpIh1149GzKWJEd2Jal2xd7CSK2gCiG9aeWDGrNsDTVaZdhIJ8ch
oF4fJwg1uiLcmKVlba27FTW1AuISESzqfLiTgBiMhsVihyy1KhhlzHjvxLA3HnRC
4xiAX+GRFjvmO5zc1TTqgckfx8eJfljMpRBledsCAwEAAaOCAkMwggI/MB0GA1Ud
DgQWBBRKAjn/1bqXqC41Tj/D5bMDLafm4DAfBgNVHSMEGDAWgBQdqXyufeaynlbw
JZr1PJWSYDSlAjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hhbDhybjNtc3A1VzhDV2E5VHlWa21BMHBRSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvODViNjczLWYxYWQtNDNlMi1iZmU3LTBjZDcyMzZiMjliNi8x
L1NnSTVfOVc2bDZndU5VNF93LVd6QXkybjV1QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
ODViNjczLWYxYWQtNDNlMi1iZmU3LTBjZDcyMzZiMjliNi8xL0hhbDhybjNtc3A1
VzhDV2E5VHlWa21BMHBRSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZ
BggrBgEFBQcBBwEB/wRKMEgwMAQCAAEwKgMEAi2NbAMEA7KESAMEArlWaAMEArmT
7AMEArny5AMEAcOA8AMEAcOA/jAUBAIAAjAOAwUAKgOGAAMFAyoHXMAwDQYJKoZI
hvcNAQELBQADggEBAHAsiSJIYFIc0/iTVVws28ZOAv4sXXZrv/ibAFHAGbUi2jiY
UcRobL248jpaGu3jlgMTg+gDcF0Oj5QI4LHjKeW/ndvd1jfAfHg8hdddsEb/nQl9
4YEsc3UHcQJYnPqRgofBetAWq20Cvw+W+6nQqpymNmHEhIeNaCtYtM/NHwLmYM8K
7mwuUztnBtUBzC2YClFfsP2Zf6v+OJjF/ajGdfITvbaPEl6+qkG8yI9B+vH6JLQT
X+g//0tqPzxpYBsI6dgpLdojhuOvsC9psokVaFJA41Zh37X/hjIcmctg01yskuY3
eFQM0lrKB2rMHDdpffLXv9k7rM/f8x7KW9lpXTQ=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:21 2023 by rpki-client on console-fra.rpki-client.org