Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/ot9bdhZ6eSNIEz0r0XLWIOA24S8.roa
File: ot9bdhZ6eSNIEz0r0XLWIOA24S8.roa (raw, json)
Hash identifier: W1t6vEZHLTKwswp+7K5tRwk/PtDYsMs/5zlvSiDsGfQ=
Subject key identifier: A2:DF:5B:76:16:7A:79:23:48:13:3D:2B:D1:72:D6:20:E0:36:E1:2F
Certificate issuer: /CN=fe31ddef25d96c84b001a2ac5047b04e060a0ac3
Certificate serial: 158BBB85
Authority key identifier: FE:31:DD:EF:25:D9:6C:84:B0:01:A2:AC:50:47:B0:4E:06:0A:0A:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/ot9bdhZ6eSNIEz0r0XLWIOA24S8.roa
Signing time: Sat 01 Jan 2022 11:04:17 +0000
ROA not before: Sat 01 Jan 2022 11:04:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3178
IP address blocks: 185.56.192.0/24 maxlen: 24
185.56.192.0/22 maxlen: 22
185.56.195.0/24 maxlen: 24
185.56.193.0/24 maxlen: 24
185.56.194.0/24 maxlen: 24
5.8.240.0/23 maxlen: 23
5.8.240.0/24 maxlen: 24
5.8.241.0/24 maxlen: 24
5.8.245.0/24 maxlen: 24
5.8.240.0/21 maxlen: 21
5.8.246.0/24 maxlen: 24
5.8.243.0/24 maxlen: 24
5.8.244.0/23 maxlen: 23
5.8.244.0/24 maxlen: 24
5.8.242.0/24 maxlen: 24
5.8.242.0/23 maxlen: 23
5.8.247.0/24 maxlen: 24
2a01:aa20::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 361479045 (0x158bbb85)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe31ddef25d96c84b001a2ac5047b04e060a0ac3
Validity
Not Before: Jan 1 11:04:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a2df5b76167a792348133d2bd172d620e036e12f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ce:25:71:72:78:80:6f:b6:1f:65:4e:4c:c4:
5c:18:c7:45:83:6c:9f:58:09:83:72:2c:47:99:c1:
c7:19:a9:18:b4:eb:27:71:03:d8:69:2d:f2:45:a1:
49:6c:86:21:57:58:f8:97:56:48:f7:b1:04:c1:a2:
b0:72:f4:0f:4f:18:4f:5b:1c:f3:10:4c:e9:9f:2b:
12:13:2a:52:07:b8:bf:a5:af:ac:d4:dc:c1:c9:4f:
10:40:52:10:aa:3d:71:f3:51:05:9f:f5:ee:40:9f:
0c:43:91:93:6c:59:92:b3:05:00:2c:03:8b:d1:4e:
b6:f8:b4:d5:11:ce:b9:f7:2e:ef:3f:5c:46:77:8f:
0f:3e:9f:4c:19:43:51:a7:d9:39:c1:1f:df:26:c3:
ce:7b:a6:1c:21:92:50:90:75:7f:97:53:9b:08:31:
2d:eb:d0:5a:76:bc:39:7c:8b:58:40:10:59:3d:0d:
fe:8b:8d:87:76:2d:20:d6:9c:58:32:d2:a7:5b:6b:
d8:86:14:64:3c:62:c5:ce:ec:b7:8b:14:db:08:1d:
17:0d:39:bd:68:f9:3e:10:60:2e:cd:7b:87:e7:fd:
ab:52:28:3b:97:db:2b:72:e7:cb:9c:2e:36:00:56:
90:66:75:49:23:18:ae:c6:7e:bf:fc:88:c5:5f:17:
00:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:DF:5B:76:16:7A:79:23:48:13:3D:2B:D1:72:D6:20:E0:36:E1:2F
X509v3 Authority Key Identifier:
keyid:FE:31:DD:EF:25:D9:6C:84:B0:01:A2:AC:50:47:B0:4E:06:0A:0A:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/ot9bdhZ6eSNIEz0r0XLWIOA24S8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/_jHd7yXZbISwAaKsUEewTgYKCsM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.240.0/21
185.56.192.0/22
IPv6:
2a01:aa20::/32
Signature Algorithm: sha256WithRSAEncryption
59:a0:1b:b2:77:41:f4:ee:b9:6b:df:a9:7f:3e:7a:a3:47:38:
70:46:4a:7e:bb:7d:9a:38:4f:95:72:fd:3d:a3:11:ea:f9:39:
de:0d:fb:dd:6e:ef:a8:e3:ca:75:ae:c9:e3:25:3e:30:37:41:
bf:d5:a4:fa:fc:0b:f3:b4:87:9f:71:64:c6:49:71:40:e9:1b:
6a:f6:89:b0:02:e5:04:fd:19:a1:10:9b:ac:2f:b6:21:da:e5:
74:d5:4d:db:8e:d4:87:ab:09:ca:88:74:81:43:0a:89:96:a7:
34:ef:da:6d:8a:8c:52:87:fb:a0:e0:29:b2:d5:b1:f1:dc:ef:
a1:86:ea:b1:82:a9:f0:b6:d8:de:cf:f2:4d:e9:61:67:6f:7a:
9d:a6:4f:84:a6:91:66:3b:f5:38:0e:bb:8a:1c:38:2d:1c:42:
0e:05:80:a7:38:1e:4d:22:35:f5:3e:00:57:10:aa:71:9b:da:
a7:00:5a:7f:40:27:9b:d5:8a:71:1f:d4:57:88:7c:6f:27:25:
f4:e0:40:dc:da:00:a4:98:04:79:05:3a:9b:28:3a:72:12:9e:
2f:47:98:b7:ce:9a:05:e8:49:ef:65:84:46:bc:ba:58:50:a6:
b9:b5:e7:5e:1c:20:ee:fe:4b:a9:c9:3e:3e:5a:ae:9e:65:ed:
63:0a:15:8d
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEFYu7hTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTMxZGRlZjI1ZDk2Yzg0YjAwMWEyYWM1MDQ3YjA0ZTA2MGEwYWMzMB4XDTIyMDEw
MTExMDQxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTJkZjViNzYxNjdh
NzkyMzQ4MTMzZDJiZDE3MmQ2MjBlMDM2ZTEyZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALbOJXFyeIBvth9lTkzEXBjHRYNsn1gJg3IsR5nBxxmpGLTr
J3ED2Gkt8kWhSWyGIVdY+JdWSPexBMGisHL0D08YT1sc8xBM6Z8rEhMqUge4v6Wv
rNTcwclPEEBSEKo9cfNRBZ/17kCfDEORk2xZkrMFACwDi9FOtvi01RHOufcu7z9c
RnePDz6fTBlDUafZOcEf3ybDznumHCGSUJB1f5dTmwgxLevQWna8OXyLWEAQWT0N
/ouNh3YtINacWDLSp1tr2IYUZDxixc7st4sU2wgdFw05vWj5PhBgLs17h+f9q1Io
O5fbK3Lny5wuNgBWkGZ1SSMYrsZ+v/yIxV8XACMCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBSi31t2Fnp5I0gTPSvRctYg4DbhLzAfBgNVHSMEGDAWgBT+Md3vJdlshLAB
oqxQR7BOBgoKwzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19qSGQ3eVhaYklTd0FhS3NVRWV3VGdZS0NzTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvN2MwZjE0LTViMjQtNGIxYi04ZWI1LWI0ZDhjMmI3YTEwMy8x
L290OWJkaFo2ZVNOSUV6MHIwWExXSU9BMjRTOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
N2MwZjE0LTViMjQtNGIxYi04ZWI1LWI0ZDhjMmI3YTEwMy8xL19qSGQ3eVhaYklT
d0FhS3NVRWV3VGdZS0NzTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAwUI8AMEArk4wDANBAIAAjAHAwUA
KgGqIDANBgkqhkiG9w0BAQsFAAOCAQEAWaAbsndB9O65a9+pfz56o0c4cEZKfrt9
mjhPlXL9PaMR6vk53g373W7vqOPKda7J4yU+MDdBv9Wk+vwL87SHn3FkxklxQOkb
avaJsALlBP0ZoRCbrC+2IdrldNVN247Uh6sJyoh0gUMKiZanNO/abYqMUof7oOAp
stWx8dzvoYbqsYKp8LbY3s/yTelhZ296naZPhKaRZjv1OA67ihw4LRxCDgWApzge
TSI19T4AVxCqcZvapwBaf0Anm9WKcR/UV4h8bycl9OBA3NoApJgEeQU6myg6chKe
L0eYt86aBehJ72WERry6WFCmubXnXhwg7v5Lqck+PlqunmXtYwoVjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:08 2024 by rpki-client on console-ams.rpki-client.org