Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/VKxP6Ss6d0KZND5ogYO_hxna2-c.roa
File: VKxP6Ss6d0KZND5ogYO_hxna2-c.roa (raw, json)
Hash identifier: R1/L0RJ5als0zEmxWkabiZ03ThyOwc9VTqYqO/Fri9g=
Subject key identifier: 54:AC:4F:E9:2B:3A:77:42:99:34:3E:68:81:83:BF:87:19:DA:DB:E7
Certificate issuer: /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial: 09B9522F
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/VKxP6Ss6d0KZND5ogYO_hxna2-c.roa
Signing time: Mon 27 Jun 2022 20:04:32 +0000
ROA not before: Mon 27 Jun 2022 20:04:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 109.121.38.0/24 maxlen: 24
109.121.34.0/24 maxlen: 24
109.121.35.0/24 maxlen: 24
109.121.32.0/24 maxlen: 24
109.121.41.0/24 maxlen: 24
109.121.40.0/24 maxlen: 24
109.121.43.0/24 maxlen: 24
109.121.44.0/24 maxlen: 24
109.121.46.0/24 maxlen: 24
109.233.184.0/24 maxlen: 24
77.105.4.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 163140143 (0x9b9522f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Validity
Not Before: Jun 27 20:04:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=54ac4fe92b3a774299343e688183bf8719dadbe7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:b7:d2:e8:f4:26:a2:b7:47:e0:a7:e8:ca:f6:
1e:28:6f:b8:a7:34:f2:f7:16:14:c7:17:4e:48:ef:
19:cf:14:51:68:2d:b2:77:c5:a5:1e:76:db:ed:d9:
0f:fc:82:e9:0e:26:00:94:d8:57:08:b0:e3:ad:06:
a9:84:b5:88:e3:cc:92:fc:8f:9f:d4:84:b3:33:e2:
ff:a6:88:63:9b:07:32:21:93:aa:3f:e4:44:bd:24:
74:b7:a0:8d:25:36:47:22:65:e2:19:74:54:db:0f:
f9:c6:83:17:ea:a7:5b:1b:fe:4d:b7:6b:81:35:c8:
33:34:60:4a:a7:1f:27:fa:43:38:74:ab:72:5b:aa:
e5:9f:6a:ef:46:9f:6b:4f:35:35:26:65:53:6c:7a:
94:0f:73:ec:65:74:88:48:60:01:5d:55:9a:56:8f:
e1:d8:91:47:9f:84:7d:ed:db:c5:aa:d7:07:95:5c:
0e:54:e3:e9:a9:78:33:bf:53:20:1b:55:13:a6:20:
d3:95:83:e4:17:65:d7:ff:11:cf:44:33:8c:2f:78:
30:da:4f:1f:02:ba:fc:e1:27:76:5e:7b:24:e1:8a:
47:02:52:55:7b:f7:84:95:54:6a:9b:f3:d7:a2:82:
94:47:3b:2f:1b:ae:17:8d:37:43:b1:a9:57:7e:c9:
5a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:AC:4F:E9:2B:3A:77:42:99:34:3E:68:81:83:BF:87:19:DA:DB:E7
X509v3 Authority Key Identifier:
keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/VKxP6Ss6d0KZND5ogYO_hxna2-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.4.0/24
109.121.32.0/24
109.121.34.0/23
109.121.38.0/24
109.121.40.0/23
109.121.43.0-109.121.44.255
109.121.46.0/24
109.233.184.0/24
Signature Algorithm: sha256WithRSAEncryption
77:39:02:f8:4b:c0:e4:4b:54:96:dc:98:fb:7b:0d:cf:2a:8f:
cf:24:c4:de:02:64:4d:0a:43:ef:aa:96:e6:b7:ba:3c:67:88:
bb:5e:cc:3e:ab:c0:d2:f6:e3:9a:09:f4:e5:d6:e8:30:1c:74:
03:61:31:5e:ea:2b:38:2c:6c:fd:b1:bb:b3:5c:1c:4f:b4:98:
f6:93:43:2e:4d:c7:5b:13:1f:71:b2:2b:e6:60:a5:48:e0:de:
db:38:77:11:6a:49:d2:cb:03:8a:22:a4:55:c4:06:01:e3:44:
ac:8a:50:77:75:0a:fb:26:72:81:54:17:ff:2f:f3:e2:9f:a5:
bc:97:e2:96:8b:60:ed:4b:f7:1a:c2:26:17:d3:fc:87:14:25:
94:05:59:be:23:8e:69:99:2b:c3:59:99:a9:7e:65:98:bb:37:
83:6e:29:f4:7e:fe:2b:37:ba:0d:d2:03:03:c7:ef:9c:a5:5f:
98:91:55:34:5d:d0:3d:76:7c:8d:cd:00:97:4f:58:0f:d4:d5:
8b:6e:43:67:c5:b8:c8:1f:88:56:fe:72:43:62:93:7f:ea:e4:
9f:ca:2a:1a:5d:5e:65:4b:33:e2:68:d5:a0:d0:dd:3e:82:da:
e6:ef:39:02:20:bb:48:45:9f:2d:93:f0:94:f9:08:54:25:1a:
86:53:aa:93
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIECblSLzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Zjg0ZTQ3MzhhNzBlYTM5YzA4Y2VmMjEwNDMyYWUzOTllYzdlOTE1MB4XDTIyMDYy
NzIwMDQzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTRhYzRmZTkyYjNh
Nzc0Mjk5MzQzZTY4ODE4M2JmODcxOWRhZGJlNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM630uj0JqK3R+Cn6Mr2HihvuKc08vcWFMcXTkjvGc8UUWgt
snfFpR522+3ZD/yC6Q4mAJTYVwiw460GqYS1iOPMkvyPn9SEszPi/6aIY5sHMiGT
qj/kRL0kdLegjSU2RyJl4hl0VNsP+caDF+qnWxv+TbdrgTXIMzRgSqcfJ/pDOHSr
cluq5Z9q70afa081NSZlU2x6lA9z7GV0iEhgAV1VmlaP4diRR5+Efe3bxarXB5Vc
DlTj6al4M79TIBtVE6Yg05WD5Bdl1/8Rz0QzjC94MNpPHwK6/OEndl57JOGKRwJS
VXv3hJVUapvz16KClEc7LxuuF403Q7GpV37JWnMCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBRUrE/pKzp3Qpk0PmiBg7+HGdrb5zAfBgNVHSMEGDAWgBRvhORzinDqOcCM
7yEEMq45nsfpFTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2I0VGtjNHB3NmpuQWpPOGhCREt1T1o3SDZSVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2IxYi8x
L1ZLeFA2U3M2ZDBLWk5ENW9nWU9faHhuYTItYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2IxYi8xL2I0VGtjNHB3Nmpu
QWpPOGhCREt1T1o3SDZSVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAE1pBAMEAG15IAMEAW15IgMEAG15
JgMEAW15KDAMAwQAbXkrAwQAbXksAwQAbXkuAwQAbem4MA0GCSqGSIb3DQEBCwUA
A4IBAQB3OQL4S8DkS1SW3Jj7ew3PKo/PJMTeAmRNCkPvqpbmt7o8Z4i7Xsw+q8DS
9uOaCfTl1ugwHHQDYTFe6is4LGz9sbuzXBxPtJj2k0MuTcdbEx9xsivmYKVI4N7b
OHcRaknSywOKIqRVxAYB40SsilB3dQr7JnKBVBf/L/Pin6W8l+KWi2DtS/cawiYX
0/yHFCWUBVm+I45pmSvDWZmpfmWYuzeDbin0fv4rN7oN0gMDx++cpV+YkVU0XdA9
dnyNzQCXT1gP1NWLbkNnxbjIH4hW/nJDYpN/6uSfyioaXV5lSzPiaNWg0N0+gtrm
7zkCILtIRZ8tk/CU+QhUJRqGU6qT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:26 2024 by rpki-client on console-fra.rpki-client.org