Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/O7rx70V_YrygoIwLzRFJ1QyK1n0.roa
File: O7rx70V_YrygoIwLzRFJ1QyK1n0.roa (raw, json)
Hash identifier: 3ZTzIZvPfhfpf+gWx7tykRTV6KN6YWWb3bw3iGO9AT4=
Subject key identifier: 3B:BA:F1:EF:45:7F:62:BC:A0:A0:8C:0B:CD:11:49:D5:0C:8A:D6:7D
Certificate issuer: /CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
Certificate serial: 1576E3F2
Authority key identifier: A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/O7rx70V_YrygoIwLzRFJ1QyK1n0.roa
Signing time: Sat 01 Jan 2022 14:05:36 +0000
ROA not before: Sat 01 Jan 2022 14:05:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59414
IP address blocks: 5.102.144.0/21 maxlen: 24
185.79.232.0/22 maxlen: 24
185.98.120.0/22 maxlen: 24
45.81.68.0/22 maxlen: 24
45.11.220.0/22 maxlen: 24
185.72.238.0/23 maxlen: 24
2a06:c07::/32 maxlen: 48
2a06:c01::/32 maxlen: 48
2a06:c02::/32 maxlen: 48
2a06:c00::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 360113138 (0x1576e3f2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
Validity
Not Before: Jan 1 14:05:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3bbaf1ef457f62bca0a08c0bcd1149d50c8ad67d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:24:05:fa:76:a2:00:78:c8:d7:5e:68:98:d1:
e8:36:e9:7b:5a:df:1c:16:14:a0:ee:d7:e3:2a:20:
ae:96:1b:28:2d:26:56:70:ba:ea:69:2e:0c:19:64:
c6:e4:10:0b:0c:02:77:de:11:a7:62:13:9e:19:60:
11:3c:d1:bb:8d:25:93:6b:91:87:5c:2e:0d:70:e2:
da:9d:3c:f6:f9:0c:ea:06:06:28:fa:0d:e8:db:ce:
b2:d6:ad:71:40:7d:ca:e2:b5:6a:bf:5a:5a:63:33:
ef:84:86:c9:c7:40:54:31:07:e9:83:c5:e1:ea:7f:
c6:71:41:ef:aa:42:e2:68:75:a0:99:56:82:67:9f:
57:9e:c1:60:5d:f1:b2:58:b6:7d:95:1c:b9:58:64:
a1:6e:b0:12:be:45:6b:be:c1:92:43:70:a7:04:a6:
f0:c1:6e:ac:52:e6:2e:80:74:53:73:fc:25:56:a3:
b0:d4:71:92:3c:69:9f:67:99:d1:01:55:36:31:a5:
ee:1e:cb:af:a2:b1:c7:cf:aa:e5:d2:8b:c0:a0:6a:
4c:b6:fb:17:55:01:32:76:6b:82:f5:f5:f0:07:3e:
06:55:82:f0:a0:8b:d7:fb:63:d3:47:8f:f1:d2:47:
d8:cc:ed:e1:53:9c:c1:cb:b1:64:e2:40:dc:b8:42:
bb:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:BA:F1:EF:45:7F:62:BC:A0:A0:8C:0B:CD:11:49:D5:0C:8A:D6:7D
X509v3 Authority Key Identifier:
keyid:A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/O7rx70V_YrygoIwLzRFJ1QyK1n0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/pQHIn0SCnHLyqVPSorpK4Le1DYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.144.0/21
45.11.220.0/22
45.81.68.0/22
185.72.238.0/23
185.79.232.0/22
185.98.120.0/22
IPv6:
2a06:c00::-2a06:c02:ffff:ffff:ffff:ffff:ffff:ffff
2a06:c07::/32
Signature Algorithm: sha256WithRSAEncryption
42:0d:d9:6c:dd:78:55:bb:24:07:08:76:6e:ac:f7:51:47:d7:
b8:8d:e0:46:25:17:fb:19:29:26:4d:96:44:f1:0e:83:42:0b:
31:1c:ef:f9:07:b5:7e:91:1e:8a:07:69:16:1e:2e:09:5d:4a:
f9:37:8e:49:ce:93:81:50:1a:9c:5e:6a:fa:a4:56:b7:4c:f3:
f5:a7:72:d7:f1:94:42:e3:fe:00:05:d8:d9:4b:36:80:85:11:
be:db:6f:2d:e5:78:43:30:04:67:8c:e0:0f:18:26:2a:bc:14:
15:37:86:4d:e9:70:b1:af:e9:c6:e3:36:a6:d2:87:72:81:bc:
83:24:b1:bb:1b:a1:99:75:58:8a:93:b6:38:5a:8f:f6:18:3c:
e1:2c:c5:1d:1d:50:2c:ec:4a:af:20:f7:5d:a7:49:9e:49:e0:
34:76:dd:89:c5:18:cd:be:07:aa:9e:f5:ad:1b:53:c5:44:71:
a7:6f:b0:0a:3e:c5:85:c5:b6:3e:f2:21:6e:5d:e3:27:cb:25:
32:87:4c:e2:bb:2f:f3:fd:7c:4b:f7:56:f0:e5:31:01:ad:df:
bb:d4:a2:84:0b:10:98:c2:fc:b7:84:3d:f2:b1:61:fe:f7:f7:
71:cc:5e:da:aa:09:3c:e5:64:65:15:1b:8f:a8:c6:5f:dd:2b:
7d:1e:ab:98
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIEFXbj8jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NTAxYzg5ZjQ0ODI5YzcyZjJhOTUzZDJhMmJhNGFlMGI3YjUwZDhhMB4XDTIyMDEw
MTE0MDUzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2JiYWYxZWY0NTdm
NjJiY2EwYTA4YzBiY2QxMTQ5ZDUwYzhhZDY3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALwkBfp2ogB4yNdeaJjR6Dbpe1rfHBYUoO7X4yogrpYbKC0m
VnC66mkuDBlkxuQQCwwCd94Rp2ITnhlgETzRu40lk2uRh1wuDXDi2p089vkM6gYG
KPoN6NvOstatcUB9yuK1ar9aWmMz74SGycdAVDEH6YPF4ep/xnFB76pC4mh1oJlW
gmefV57BYF3xsli2fZUcuVhkoW6wEr5Fa77BkkNwpwSm8MFurFLmLoB0U3P8JVaj
sNRxkjxpn2eZ0QFVNjGl7h7Lr6Kxx8+q5dKLwKBqTLb7F1UBMnZrgvX18Ac+BlWC
8KCL1/tj00eP8dJH2Mzt4VOcwcuxZOJA3LhCu/cCAwEAAaOCAkUwggJBMB0GA1Ud
DgQWBBQ7uvHvRX9ivKCgjAvNEUnVDIrWfTAfBgNVHSMEGDAWgBSlAcifRIKccvKp
U9Kiukrgt7UNijAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BRSEluMFNDbkhMeXFWUFNvcnBLNExlMURZby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZDVlMTAzLTkwYjUtNDRmMS1iODY0LTE0YTFlYjU1MTJkNi8x
L083cng3MFZfWXJ5Z29Jd0x6UkZKMVF5SzFuMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZDVlMTAzLTkwYjUtNDRmMS1iODY0LTE0YTFlYjU1MTJkNi8xL3BRSEluMFNDbkhM
eXFWUFNvcnBLNExlMURZby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBb
BggrBgEFBQcBBwEB/wRMMEowKgQCAAEwJAMEAwVmkAMEAi0L3AMEAi1RRAMEAblI
7gMEArlP6AMEArlieDAcBAIAAjAWMA0DBAIqBgwDBQAqBgwCAwUAKgYMBzANBgkq
hkiG9w0BAQsFAAOCAQEAQg3ZbN14VbskBwh2bqz3UUfXuI3gRiUX+xkpJk2WRPEO
g0ILMRzv+Qe1fpEeigdpFh4uCV1K+TeOSc6TgVAanF5q+qRWt0zz9ady1/GUQuP+
AAXY2Us2gIURvttvLeV4QzAEZ4zgDxgmKrwUFTeGTelwsa/pxuM2ptKHcoG8gySx
uxuhmXVYipO2OFqP9hg84SzFHR1QLOxKryD3XadJnkngNHbdicUYzb4Hqp71rRtT
xURxp2+wCj7FhcW2PvIhbl3jJ8slModM4rsv8/18S/dW8OUxAa3fu9SihAsQmML8
t4Q98rFh/vf3ccxe2qoJPOVkZRUbj6jGX90rfR6rmA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:56 2023 by rpki-client on console-fra.rpki-client.org