Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/99JHE7LvXOS1Z73QqWlXgDI5kzw.roa
File: 99JHE7LvXOS1Z73QqWlXgDI5kzw.roa (raw, json)
Hash identifier: cMnwwTBO+06BLrYR56lvI1jO3M3SXoCVPyt0ze4tcQc=
Subject key identifier: F7:D2:47:13:B2:EF:5C:E4:B5:67:BD:D0:A9:69:57:80:32:39:93:3C
Certificate issuer: /CN=b3b6f54ea9b15a8bd4f33825386cb277b03439dd
Certificate serial: 0D780B0B
Authority key identifier: B3:B6:F5:4E:A9:B1:5A:8B:D4:F3:38:25:38:6C:B2:77:B0:34:39:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/99JHE7LvXOS1Z73QqWlXgDI5kzw.roa
Signing time: Sat 01 Jan 2022 13:07:03 +0000
ROA not before: Sat 01 Jan 2022 13:07:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42184
IP address blocks: 178.251.8.0/21 maxlen: 24
188.64.250.0/23 maxlen: 23
188.64.252.0/24 maxlen: 24
188.64.253.0/24 maxlen: 24
188.64.248.0/23 maxlen: 23
188.64.254.0/23 maxlen: 23
185.64.168.0/22 maxlen: 22
185.143.168.0/22 maxlen: 22
91.190.224.0/22 maxlen: 22
91.190.229.0/24 maxlen: 24
91.190.228.0/24 maxlen: 24
91.190.230.0/23 maxlen: 23
2a02:f08::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 225970955 (0xd780b0b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3b6f54ea9b15a8bd4f33825386cb277b03439dd
Validity
Not Before: Jan 1 13:07:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f7d24713b2ef5ce4b567bdd0a96957803239933c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:93:08:5e:f5:0f:9a:b8:41:8e:e0:db:2f:0b:
f6:96:f1:43:70:71:77:49:fd:2f:50:99:53:25:ed:
2b:2b:5c:0d:8e:8d:6a:ff:bd:d0:e1:51:ee:c8:8f:
b7:d0:42:7e:82:64:66:29:fe:9c:b7:21:bb:61:f6:
a3:a4:12:b9:2c:1c:2d:43:2f:bd:bd:92:5a:b8:02:
14:4b:2c:76:51:23:f8:58:df:01:44:49:e0:85:75:
95:cd:57:d9:4d:17:d7:16:91:f2:46:35:9d:27:3d:
a6:17:53:86:49:7a:48:f5:9c:6b:7a:e3:d0:cd:20:
33:eb:81:25:12:4d:7a:3e:12:01:b9:16:f4:ce:98:
36:69:34:00:fb:1a:74:1e:fa:18:d1:33:9e:14:23:
49:bb:66:e3:9e:d0:c9:f9:28:f5:88:0a:82:99:c3:
33:ab:75:f4:d3:df:d3:94:14:98:41:8b:27:99:7c:
a6:79:c6:01:10:78:9f:90:8f:b6:c0:1a:f0:c5:eb:
21:9e:40:76:a6:23:02:b5:dd:9d:96:a3:9e:28:0e:
99:89:fc:86:bf:bc:54:76:2d:e7:9a:1e:61:78:90:
72:41:24:c8:24:a3:77:5b:5d:66:4a:3f:67:fb:55:
93:96:c7:9c:4d:d5:57:36:7a:a1:09:70:bd:bf:22:
75:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:D2:47:13:B2:EF:5C:E4:B5:67:BD:D0:A9:69:57:80:32:39:93:3C
X509v3 Authority Key Identifier:
keyid:B3:B6:F5:4E:A9:B1:5A:8B:D4:F3:38:25:38:6C:B2:77:B0:34:39:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/99JHE7LvXOS1Z73QqWlXgDI5kzw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/s7b1TqmxWovU8zglOGyyd7A0Od0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.190.224.0/21
178.251.8.0/21
185.64.168.0/22
185.143.168.0/22
188.64.248.0/21
IPv6:
2a02:f08::/32
Signature Algorithm: sha256WithRSAEncryption
07:0a:58:82:84:31:2d:af:79:0b:78:c8:10:d9:4f:4d:1e:d0:
cf:8f:ed:57:46:2d:4f:0f:3c:30:ad:ba:2c:b3:1c:88:28:18:
61:aa:63:42:af:2d:02:42:36:40:48:62:da:c2:ed:53:f7:d3:
3d:4a:d9:96:b0:c5:4d:86:89:db:ff:9f:e0:2c:0d:10:49:19:
9b:e4:fa:c3:15:0d:80:56:39:40:cf:2c:96:ec:d2:5b:68:f6:
cb:17:23:33:66:ea:55:fb:0e:0e:dc:90:b7:8c:8c:13:9c:56:
b6:37:71:33:9f:cf:bb:12:81:14:55:12:76:38:e3:4d:95:16:
c2:a0:4e:b5:eb:87:93:b7:b3:e3:cc:6f:ca:77:6f:d6:19:22:
1a:43:3f:94:5c:d7:1b:8f:f5:f3:06:88:56:60:16:cc:b0:b8:
ad:f2:fd:81:ac:31:e5:55:34:0c:89:cd:4c:32:51:43:7b:9c:
92:41:e8:05:fc:77:a3:eb:35:8f:12:72:ae:8d:20:c0:94:95:
bf:a7:79:3c:66:67:40:10:e3:d8:95:07:79:52:56:59:eb:de:
4f:40:62:ae:b2:84:22:22:25:33:df:de:65:f8:2a:72:78:46:
6e:c1:2f:bb:d1:c0:97:78:3d:b4:87:ab:59:da:11:e4:c4:54:
70:b9:8e:aa
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEDXgLCzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
M2I2ZjU0ZWE5YjE1YThiZDRmMzM4MjUzODZjYjI3N2IwMzQzOWRkMB4XDTIyMDEw
MTEzMDcwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjdkMjQ3MTNiMmVm
NWNlNGI1NjdiZGQwYTk2OTU3ODAzMjM5OTMzYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANKTCF71D5q4QY7g2y8L9pbxQ3Bxd0n9L1CZUyXtKytcDY6N
av+90OFR7siPt9BCfoJkZin+nLchu2H2o6QSuSwcLUMvvb2SWrgCFEssdlEj+Fjf
AURJ4IV1lc1X2U0X1xaR8kY1nSc9phdThkl6SPWca3rj0M0gM+uBJRJNej4SAbkW
9M6YNmk0APsadB76GNEznhQjSbtm457Qyfko9YgKgpnDM6t19NPf05QUmEGLJ5l8
pnnGARB4n5CPtsAa8MXrIZ5AdqYjArXdnZajnigOmYn8hr+8VHYt55oeYXiQckEk
yCSjd1tdZko/Z/tVk5bHnE3VVzZ6oQlwvb8idaMCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBT30kcTsu9c5LVnvdCpaVeAMjmTPDAfBgNVHSMEGDAWgBSztvVOqbFai9Tz
OCU4bLJ3sDQ53TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3M3YjFUcW14V292VTh6Z2xPR3l5ZDdBME9kMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzIvOGRlNGEzLThkNWEtNDZiMS1hNzM1LTJmNDZlOTMxN2NjNi8x
Lzk5SkhFN0x2WE9TMVo3M1FxV2xYZ0RJNWt6dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIv
OGRlNGEzLThkNWEtNDZiMS1hNzM1LTJmNDZlOTMxN2NjNi8xL3M3YjFUcW14V292
VTh6Z2xPR3l5ZDdBME9kMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEA1u+4AMEA7L7CAMEArlAqAMEArmP
qAMEA7xA+DANBAIAAjAHAwUAKgIPCDANBgkqhkiG9w0BAQsFAAOCAQEABwpYgoQx
La95C3jIENlPTR7Qz4/tV0YtTw88MK26LLMciCgYYapjQq8tAkI2QEhi2sLtU/fT
PUrZlrDFTYaJ2/+f4CwNEEkZm+T6wxUNgFY5QM8sluzSW2j2yxcjM2bqVfsODtyQ
t4yME5xWtjdxM5/PuxKBFFUSdjjjTZUWwqBOteuHk7ez48xvyndv1hkiGkM/lFzX
G4/18waIVmAWzLC4rfL9gawx5VU0DInNTDJRQ3uckkHoBfx3o+s1jxJyro0gwJSV
v6d5PGZnQBDj2JUHeVJWWeveT0BirrKEIiIlM9/eZfgqcnhGbsEvu9HAl3g9tIer
WdoR5MRUcLmOqg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:00 2023 by rpki-client on console-ams.rpki-client.org