Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/DsBxQzGuHkqC5UVn3k69Lw8FtD8.roa
File: DsBxQzGuHkqC5UVn3k69Lw8FtD8.roa (raw, json)
Hash identifier: 9fucSEgANZ5ISHQvpjFKOxs6mUAVYVWW3BWipoeZZek=
Subject key identifier: 0E:C0:71:43:31:AE:1E:4A:82:E5:45:67:DE:4E:BD:2F:0F:05:B4:3F
Certificate issuer: /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial: 1B43C10C
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/DsBxQzGuHkqC5UVn3k69Lw8FtD8.roa
Signing time: Sat 01 Jan 2022 10:59:20 +0000
ROA not before: Sat 01 Jan 2022 10:59:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34343
IP address blocks: 91.148.224.0/22 maxlen: 24
91.148.228.0/22 maxlen: 24
195.200.84.0/24 maxlen: 24
195.200.85.0/24 maxlen: 24
193.138.220.0/24 maxlen: 24
85.12.56.0/24 maxlen: 24
176.124.71.0/24 maxlen: 24
91.148.192.0/24 maxlen: 24
185.91.29.0/24 maxlen: 24
2a01:788:aaac::/48 maxlen: 48
2a01:788:aaaa::/48 maxlen: 48
2a01:788:aaab::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 457425164 (0x1b43c10c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
Validity
Not Before: Jan 1 10:59:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0ec0714331ae1e4a82e54567de4ebd2f0f05b43f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:3a:b3:ab:b4:a3:15:4c:09:d3:d2:d4:f4:35:
d3:d9:3a:17:d3:f9:da:e1:f6:df:98:c8:4f:ce:48:
7a:0d:be:19:02:94:dc:c9:b5:cc:b3:ff:9c:aa:11:
09:7f:54:1f:23:33:a7:4d:21:6c:90:63:23:20:1c:
69:8a:db:0e:c3:b1:eb:26:41:06:9d:16:79:19:94:
ea:47:b7:92:e0:3a:74:7d:8f:63:64:a3:bd:3e:d7:
cb:df:3b:d1:a4:49:40:e9:70:05:8f:05:12:b8:05:
63:2a:0e:90:8a:39:f3:2c:f9:69:0e:18:77:9c:7c:
de:c4:f5:69:8a:b6:ce:46:2a:ab:0b:53:ef:38:f2:
8b:8a:2a:4d:d1:ea:d2:1a:72:71:77:fa:97:76:6a:
01:45:73:5e:7b:6f:c9:a6:0f:8e:96:01:e8:95:d6:
95:2a:3b:3c:a9:fa:06:c4:08:be:d0:9f:77:12:c0:
12:2f:40:65:6c:8a:93:3f:59:3e:8b:76:3f:5e:7d:
ab:e6:4a:e3:5b:5a:85:2a:e1:a7:f8:5c:cd:12:65:
27:9d:a9:24:14:c9:bc:72:94:c4:14:c0:93:8e:2c:
73:2a:66:6e:25:3f:30:4c:72:b1:43:a2:c5:a5:94:
3e:fa:33:c1:e1:d0:74:55:61:c5:b7:94:50:39:f9:
e4:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:C0:71:43:31:AE:1E:4A:82:E5:45:67:DE:4E:BD:2F:0F:05:B4:3F
X509v3 Authority Key Identifier:
keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/DsBxQzGuHkqC5UVn3k69Lw8FtD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.12.56.0/24
91.148.192.0/24
91.148.224.0/21
176.124.71.0/24
185.91.29.0/24
193.138.220.0/24
195.200.84.0/23
IPv6:
2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
bd:e2:e2:e1:02:2e:97:0f:87:e4:10:e2:88:1d:d9:0c:ab:3d:
8b:54:ef:b0:ef:07:17:84:2b:34:33:23:4a:d4:22:0e:9c:71:
4b:ba:df:fc:ea:d1:37:94:f1:31:0d:83:a3:54:8a:32:08:97:
48:64:91:9c:6e:4f:60:59:c1:1a:ad:56:b4:cc:8c:64:44:a1:
a3:fc:b6:46:33:e2:a0:9c:53:0b:da:58:df:20:99:c8:6a:37:
d9:ec:ca:52:93:b5:ca:fa:56:24:c3:cf:31:c9:ab:da:0a:ed:
0a:e7:7e:97:4e:3f:69:7e:05:a4:ce:e1:90:44:4f:95:a9:92:
64:7d:49:2b:72:48:bb:4f:bf:17:40:a2:de:d5:bd:6e:cd:35:
54:a2:79:2a:03:66:66:52:d6:ea:94:94:6d:19:21:76:23:5b:
02:58:e4:31:b7:1a:3c:75:5d:32:38:a9:a8:c9:cf:3b:b9:e2:
30:94:c2:90:bd:17:bc:b1:03:7a:2e:fa:92:49:51:62:56:2c:
fb:5d:98:9f:44:ce:c8:3f:ab:5d:13:c4:af:29:ee:b8:40:e7:
81:bd:bd:6e:a9:29:bd:7c:86:a9:81:67:12:e5:1f:3d:66:d8:
62:7f:84:f0:8f:95:09:64:e4:1c:f1:83:18:9b:7c:a3:17:8d:
31:55:f4:73
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEG0PBDDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YjQ4Y2YxNDZiNGM3M2QyNzQwOTZkNzA1NzA4ZDI0YjcyOTMyOWY4MB4XDTIyMDEw
MTEwNTkyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGVjMDcxNDMzMWFl
MWU0YTgyZTU0NTY3ZGU0ZWJkMmYwZjA1YjQzZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALk6s6u0oxVMCdPS1PQ109k6F9P52uH235jIT85Ieg2+GQKU
3Mm1zLP/nKoRCX9UHyMzp00hbJBjIyAcaYrbDsOx6yZBBp0WeRmU6ke3kuA6dH2P
Y2SjvT7Xy9870aRJQOlwBY8FErgFYyoOkIo58yz5aQ4Yd5x83sT1aYq2zkYqqwtT
7zjyi4oqTdHq0hpycXf6l3ZqAUVzXntvyaYPjpYB6JXWlSo7PKn6BsQIvtCfdxLA
Ei9AZWyKkz9ZPot2P159q+ZK41tahSrhp/hczRJlJ52pJBTJvHKUxBTAk44scypm
biU/MExysUOixaWUPvozweHQdFVhxbeUUDn55PECAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBQOwHFDMa4eSoLlRWfeTr0vDwW0PzAfBgNVHSMEGDAWgBRLSM8Ua0xz0nQJ
bXBXCNJLcpMp+DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1MwalBGR3RNYzlKMENXMXdWd2pTUzNLVEtmZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjYvM2JiYjUyLTM5M2UtNDc2Mi1hNzBjLTY0YTZhMDViOTkwNS8x
L0RzQnhRekd1SGtxQzVVVm4zazY5THc4RnREOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYv
M2JiYjUyLTM5M2UtNDc2Mi1hNzBjLTY0YTZhMDViOTkwNS8xL1MwalBGR3RNYzlK
MENXMXdWd2pTUzNLVEtmZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wMAQCAAEwKgMEAFUMOAMEAFuUwAMEA1uU4AMEALB8
RwMEALlbHQMEAMGK3AMEAcPIVDAaBAIAAjAUMBIDBwEqAQeIqqoDBwAqAQeIqqww
DQYJKoZIhvcNAQELBQADggEBAL3i4uECLpcPh+QQ4ogd2QyrPYtU77DvBxeEKzQz
I0rUIg6ccUu63/zq0TeU8TENg6NUijIIl0hkkZxuT2BZwRqtVrTMjGREoaP8tkYz
4qCcUwvaWN8gmchqN9nsylKTtcr6ViTDzzHJq9oK7QrnfpdOP2l+BaTO4ZBET5Wp
kmR9SStySLtPvxdAot7VvW7NNVSieSoDZmZS1uqUlG0ZIXYjWwJY5DG3Gjx1XTI4
qajJzzu54jCUwpC9F7yxA3ou+pJJUWJWLPtdmJ9Ezsg/q10TxK8p7rhA54G9vW6p
Kb18hqmBZxLlHz1m2GJ/hPCPlQlk5BzxgxibfKMXjTFV9HM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:15 2023 by rpki-client on console-ams.rpki-client.org