Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/1fkNIXSjqAtu3BLMJFFm9Z2juGs.roa
File: 1fkNIXSjqAtu3BLMJFFm9Z2juGs.roa (raw, json)
Hash identifier: 9Tj4ALXiq8aOXpCf3k1SeCmu0GlmkHbWI4GFkvsTzts=
Subject key identifier: D5:F9:0D:21:74:A3:A8:0B:6E:DC:12:CC:24:51:66:F5:9D:A3:B8:6B
Certificate issuer: /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial: 018785D28F5A820E1D763B3F7545DFB1CDB6
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/1fkNIXSjqAtu3BLMJFFm9Z2juGs.roa
Signing time: Sat 15 Apr 2023 16:49:41 +0000
ROA not before: Sat 15 Apr 2023 16:49:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42337
IP address blocks: 2.188.225.0/24 maxlen: 24
2.188.224.0/20 maxlen: 20
2.188.232.0/23 maxlen: 23
2.188.234.0/24 maxlen: 24
2.188.236.0/23 maxlen: 23
2.188.240.0/20 maxlen: 20
2.188.164.0/22 maxlen: 22
2.188.160.0/22 maxlen: 22
2.188.165.0/24 maxlen: 24
2.188.161.0/24 maxlen: 24
2.188.192.0/19 maxlen: 19
2.188.212.0/23 maxlen: 23
2.188.60.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:85:d2:8f:5a:82:0e:1d:76:3b:3f:75:45:df:b1:cd:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Validity
Not Before: Apr 15 16:49:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d5f90d2174a3a80b6edc12cc245166f59da3b86b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:74:e9:af:bb:1b:59:6c:cb:b0:0e:c0:41:fe:
50:27:7c:bd:d7:34:0b:53:c4:6b:e4:2d:f9:50:c9:
e9:6c:55:dd:33:8b:5d:83:7e:33:cd:2d:66:52:72:
49:e0:ff:68:a9:ac:bb:8c:41:10:7a:b7:73:e1:3d:
a6:36:14:98:c1:f3:e8:bf:fc:b6:d7:3d:4d:24:c7:
51:a3:2b:5c:9f:54:16:90:d3:da:83:c9:1d:1c:3c:
f2:b5:64:52:13:12:c3:c3:69:a2:02:0d:29:4d:87:
8a:73:c2:3a:98:ee:7f:48:fb:06:4f:d8:65:be:98:
88:64:58:4d:ee:bd:e6:d5:28:20:ea:23:eb:24:5f:
ec:14:c0:e5:38:67:e7:a9:39:83:de:ae:92:0a:39:
ce:d9:a1:4d:af:37:eb:ea:59:a1:69:98:36:e0:f0:
af:9a:3a:ff:6d:92:0e:95:74:c8:bb:9d:8c:93:46:
b1:d9:c3:39:55:f2:ed:d7:7b:d9:25:1e:67:b4:82:
44:83:de:d1:ea:82:a0:c8:8e:f1:1b:41:88:39:14:
8e:73:94:07:f3:01:ac:d3:45:26:a3:9f:11:38:73:
1b:f9:c1:33:b8:5a:0d:39:77:4a:d5:4b:7d:70:d5:
64:f0:67:41:76:69:46:d0:d7:c9:56:bb:6e:e9:6c:
e9:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:F9:0D:21:74:A3:A8:0B:6E:DC:12:CC:24:51:66:F5:9D:A3:B8:6B
X509v3 Authority Key Identifier:
keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/1fkNIXSjqAtu3BLMJFFm9Z2juGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.188.60.0/22
2.188.160.0/21
2.188.192.0/18
Signature Algorithm: sha256WithRSAEncryption
00:60:53:3d:cb:20:4b:a9:02:d2:24:1d:a5:c2:b4:0c:da:e2:
f4:da:fb:3e:f6:a0:b9:9a:d4:b5:8d:df:66:86:07:4f:ac:b3:
4c:76:29:42:27:2e:80:00:4f:18:c3:db:b0:ec:99:c3:02:2a:
3c:c7:9d:9c:4c:64:61:7c:a7:bc:f9:dd:d6:b4:aa:64:db:87:
45:e7:38:17:0f:a0:06:32:80:bd:89:37:c3:41:e4:d6:89:b8:
8d:d5:0b:32:e9:d2:45:9b:6d:7b:af:1d:4b:6e:b1:5e:f2:ae:
62:df:6d:17:eb:bf:17:76:a6:1a:d9:31:fd:fb:b9:a2:45:d4:
fd:73:ec:dd:36:3a:4a:e6:fb:c2:95:42:13:39:2c:46:22:b6:
24:f7:eb:01:87:d3:56:1f:1f:39:f0:fe:c8:38:9e:d7:9d:87:
1b:c3:71:36:d4:94:aa:3f:81:1f:ab:b5:53:a9:7f:00:de:56:
0a:d7:ee:36:ae:4b:81:4f:1f:44:e3:d0:17:0c:f8:c2:cc:ec:
c9:0f:4a:30:56:3b:34:59:89:8d:8f:b2:72:05:97:83:51:ab:
86:23:dc:fd:29:7f:17:07:aa:cd:a2:1c:72:b5:dc:9b:95:41:
8d:42:82:ae:19:d8:27:ee:10:80:b9:52:81:3a:90:7a:58:e2:
5d:4d:2c:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYeF0o9agg4ddjs/dUXfsc22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMwNDE1MTY0OTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY5MGQyMTc0YTNhODBiNmVkYzEyY2MyNDUxNjZmNTlkYTNiODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Tpr7sbWWzLsA7AQf5QJ3y91zQL
U8Rr5C35UMnpbFXdM4tdg34zzS1mUnJJ4P9oqay7jEEQerdz4T2mNhSYwfPov/y2
1z1NJMdRoytcn1QWkNPag8kdHDzytWRSExLDw2miAg0pTYeKc8I6mO5/SPsGT9hl
vpiIZFhN7r3m1Sgg6iPrJF/sFMDlOGfnqTmD3q6SCjnO2aFNrzfr6lmhaZg24PCv
mjr/bZIOlXTIu52Mk0ax2cM5VfLt13vZJR5ntIJEg97R6oKgyI7xG0GIORSOc5QH
8wGs00Umo58ROHMb+cEzuFoNOXdK1Ut9cNVk8GdBdmlG0NfJVrtu6WzpAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNX5DSF0o6gLbtwSzCRRZvWdo7hrMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvMWZrTklYU2pxQXR1M0JMTUpGRm05WjJqdUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCArw8AwQD
ArygAwQGArzAMA0GCSqGSIb3DQEBCwUAA4IBAQAAYFM9yyBLqQLSJB2lwrQM2uL0
2vs+9qC5mtS1jd9mhgdPrLNMdilCJy6AAE8Yw9uw7JnDAio8x52cTGRhfKe8+d3W
tKpk24dF5zgXD6AGMoC9iTfDQeTWibiN1Qsy6dJFm217rx1LbrFe8q5i320X678X
dqYa2TH9+7miRdT9c+zdNjpK5vvClUITOSxGIrYk9+sBh9NWHx858P7IOJ7XnYcb
w3E21JSqP4Efq7VTqX8A3lYK1+42rkuBTx9E49AXDPjCzOzJD0owVjs0WYmNj7Jy
BZeDUauGI9z9KX8XB6rNohxytdyblUGNQoKuGdgn7hCAuVKBOpB6WOJdTSx2
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:26:05 2025 by rpki-client