Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/2c58fa-06d5-4d39-8b5d-74acf82af596/1/Djq46ZTQzP-5WzC7egswFgp5icE.roa
File: Djq46ZTQzP-5WzC7egswFgp5icE.roa (raw, json)
Hash identifier: pIV3sonCWGflJmBH31mEzL86PN58HkZxXVfNbWy7XJA=
Subject key identifier: 0E:3A:B8:E9:94:D0:CC:FF:B9:5B:30:BB:7A:0B:30:16:0A:79:89:C1
Certificate issuer: /CN=7879eb9dd62d51afa5012efa1a9d10c66400c445
Certificate serial: 0185704BD668D25E0DE23A9916579C9D31B4
Authority key identifier: 78:79:EB:9D:D6:2D:51:AF:A5:01:2E:FA:1A:9D:10:C6:64:00:C4:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eHnrndYtUa-lAS76Gp0QxmQAxEU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/2c58fa-06d5-4d39-8b5d-74acf82af596/1/Djq46ZTQzP-5WzC7egswFgp5icE.roa
Signing time: Mon 02 Jan 2023 02:24:56 +0000
ROA not before: Mon 02 Jan 2023 02:24:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20546
IP address blocks: 91.198.250.0/24 maxlen: 24
195.10.208.0/24 maxlen: 24
91.223.20.0/24 maxlen: 24
80.241.56.0/21 maxlen: 24
80.241.60.0/24 maxlen: 24
185.97.172.0/22 maxlen: 24
2001:67c:2050::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:4b:d6:68:d2:5e:0d:e2:3a:99:16:57:9c:9d:31:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7879eb9dd62d51afa5012efa1a9d10c66400c445
Validity
Not Before: Jan 2 02:24:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0e3ab8e994d0ccffb95b30bb7a0b30160a7989c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:66:70:0f:96:c7:03:eb:bf:ee:bc:eb:4d:ea:
f0:b4:a5:47:6e:a1:df:e3:57:bb:50:dd:2c:d0:fc:
c0:c4:51:c2:b0:72:d8:35:cb:6f:30:fb:2e:e3:2e:
14:a4:95:e1:f1:03:02:82:a6:72:12:fa:b6:ae:36:
82:9b:81:88:b4:d1:5c:78:9d:89:28:0d:bc:fe:e5:
16:a5:a6:5f:05:97:4d:4f:02:9a:84:a0:f2:c2:55:
2a:b5:78:99:17:00:f0:98:9f:6b:01:24:7e:66:a5:
76:70:96:85:1f:c3:43:1c:55:d3:1d:5a:c1:52:c4:
85:20:28:f1:53:94:13:b3:ac:62:77:ed:38:47:52:
19:7c:a9:25:9e:41:04:9f:9c:5a:13:9d:d3:2c:8b:
88:fd:74:15:5a:78:23:38:dc:05:de:3c:f5:fb:bc:
15:c8:28:c1:5b:c8:89:fb:27:26:13:02:1d:53:26:
f2:dc:ec:9e:6b:6e:29:26:0f:28:e2:3a:86:d9:4d:
5e:72:65:b8:2d:b2:62:0e:91:91:6e:95:3b:00:d4:
d6:56:da:69:98:13:a6:0e:da:3f:48:70:1b:86:fd:
da:ff:ad:ed:78:c6:8c:0b:b6:8c:35:fc:3e:cc:3c:
73:18:b0:fa:5f:b2:d6:92:43:76:31:1a:aa:64:5d:
f8:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:3A:B8:E9:94:D0:CC:FF:B9:5B:30:BB:7A:0B:30:16:0A:79:89:C1
X509v3 Authority Key Identifier:
keyid:78:79:EB:9D:D6:2D:51:AF:A5:01:2E:FA:1A:9D:10:C6:64:00:C4:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHnrndYtUa-lAS76Gp0QxmQAxEU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/2c58fa-06d5-4d39-8b5d-74acf82af596/1/Djq46ZTQzP-5WzC7egswFgp5icE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/2c58fa-06d5-4d39-8b5d-74acf82af596/1/eHnrndYtUa-lAS76Gp0QxmQAxEU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.241.56.0/21
91.198.250.0/24
91.223.20.0/24
185.97.172.0/22
195.10.208.0/24
IPv6:
2001:67c:2050::/48
Signature Algorithm: sha256WithRSAEncryption
a2:af:89:18:41:1c:ed:55:ef:96:69:2a:50:f8:2e:c0:18:98:
4c:b9:ba:04:a9:80:93:c1:05:fc:12:c4:6a:5c:cf:f8:22:7d:
ca:82:cb:c1:19:e5:e5:4f:0d:01:d7:ac:44:58:80:83:52:79:
9d:f2:54:a5:47:3d:ab:c9:93:c1:2c:5d:66:dc:88:cc:ba:6c:
19:83:cd:46:6d:b8:2b:53:da:7c:0c:84:56:5e:a3:fe:d5:78:
7d:30:7a:2d:17:f1:6a:02:77:31:ed:f6:78:2b:db:d6:c1:a2:
2a:29:d5:60:58:3e:80:43:82:5e:82:14:b3:85:47:49:1e:bc:
ad:8d:83:9e:29:87:01:71:06:20:fe:58:0f:74:54:98:3a:36:
c4:39:e0:cc:b0:60:51:93:c6:2b:88:98:b9:30:ed:88:f9:b5:
ce:53:ba:83:08:d2:d2:ef:63:32:33:2f:25:32:07:f9:fe:5c:
b5:67:e1:38:2d:19:83:b6:e0:c8:93:81:fa:40:be:94:5a:ad:
a6:d6:36:48:06:35:c0:a1:d2:51:82:40:85:5c:cd:f5:3e:bf:
17:1a:28:70:0b:7d:94:96:17:cc:fd:ab:b5:9b:26:be:68:e2:
fc:e2:7c:9b:18:4f:84:10:7a:aa:b0:c8:66:a2:cb:c7:23:ae:
78:e1:19:43
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVwS9Zo0l4N4jqZFlecnTG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NzllYjlkZDYyZDUxYWZhNTAxMmVmYTFhOWQxMGM2NjQw
MGM0NDUwHhcNMjMwMTAyMDIyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTNhYjhlOTk0ZDBjY2ZmYjk1YjMwYmI3YTBiMzAxNjBhNzk4OWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWZwD5bHA+u/7rzrTerwtKVHbqHf
41e7UN0s0PzAxFHCsHLYNctvMPsu4y4UpJXh8QMCgqZyEvq2rjaCm4GItNFceJ2J
KA28/uUWpaZfBZdNTwKahKDywlUqtXiZFwDwmJ9rASR+ZqV2cJaFH8NDHFXTHVrB
UsSFICjxU5QTs6xid+04R1IZfKklnkEEn5xaE53TLIuI/XQVWngjONwF3jz1+7wV
yCjBW8iJ+ycmEwIdUyby3Oyea24pJg8o4jqG2U1ecmW4LbJiDpGRbpU7ANTWVtpp
mBOmDto/SHAbhv3a/63teMaMC7aMNfw+zDxzGLD6X7LWkkN2MRqqZF34jwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFA46uOmU0Mz/uVswu3oLMBYKeYnBMB8GA1UdIwQY
MBaAFHh5653WLVGvpQEu+hqdEMZkAMRFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhucm5kWXRVYS1sQVM3NkdwMFF4bVFBeEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8yYzU4ZmEtMDZkNS00ZDM5LThiNWQt
NzRhY2Y4MmFmNTk2LzEvRGpxNDZaVFF6UC01V3pDN2Vnc3dGZ3A1aWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8yYzU4ZmEtMDZkNS00ZDM5LThiNWQtNzRhY2Y4MmFmNTk2
LzEvZUhucm5kWXRVYS1sQVM3NkdwMFF4bVFBeEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQDUPE4AwQA
W8b6AwQAW98UAwQCuWGsAwQAwwrQMA8EAgACMAkDBwAgAQZ8IFAwDQYJKoZIhvcN
AQELBQADggEBAKKviRhBHO1V75ZpKlD4LsAYmEy5ugSpgJPBBfwSxGpcz/gifcqC
y8EZ5eVPDQHXrERYgINSeZ3yVKVHPavJk8EsXWbciMy6bBmDzUZtuCtT2nwMhFZe
o/7VeH0wei0X8WoCdzHt9ngr29bBoiop1WBYPoBDgl6CFLOFR0kevK2Ng54phwFx
BiD+WA90VJg6NsQ54MywYFGTxiuImLkw7Yj5tc5TuoMI0tLvYzIzLyUyB/n+XLVn
4TgtGYO24MiTgfpAvpRarabWNkgGNcCh0lGCQIVczfU+vxcaKHALfZSWF8z9q7Wb
Jr5o4vzifJsYT4QQeqqwyGaiy8cjrnjhGUM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:50:30 2025 by rpki-client