Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/m9vxEL3r-2P4eNh-85yHYKzIThc.roa
File: m9vxEL3r-2P4eNh-85yHYKzIThc.roa (raw, json)
Hash identifier: U3c1+212JAj5a+6rWmfKvVd88OKEDycMvfx9d5+9ql0=
Subject key identifier: 9B:DB:F1:10:BD:EB:FB:63:F8:78:D8:7E:F3:9C:87:60:AC:C8:4E:17
Certificate issuer: /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial: 018447E8840B992EF84893D5E56F6AFD1DEE
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/m9vxEL3r-2P4eNh-85yHYKzIThc.roa
Signing time: Sat 05 Nov 2022 13:08:51 +0000
ROA not before: Sat 05 Nov 2022 13:08:51 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39650
IP address blocks: 185.161.36.0/22 maxlen: 24
185.229.28.0/24 maxlen: 24
185.229.29.0/24 maxlen: 24
185.229.30.0/24 maxlen: 24
185.229.31.0/24 maxlen: 24
185.164.75.0/24 maxlen: 24
185.164.74.0/24 maxlen: 24
2a0d:6600::/29 maxlen: 29
2a0a:d400::/29 maxlen: 29
2a06:5a40::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:47:e8:84:0b:99:2e:f8:48:93:d5:e5:6f:6a:fd:1d:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Validity
Not Before: Nov 5 13:08:51 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9bdbf110bdebfb63f878d87ef39c8760acc84e17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ba:30:ce:fd:a2:1c:f0:c5:3f:16:c1:c8:52:
29:dc:88:34:7f:0c:4e:1b:11:40:a9:fe:4b:e6:65:
9f:07:39:73:62:36:d2:e8:76:e7:32:1a:6c:27:de:
76:28:dc:91:a8:3a:2e:0e:d5:2f:da:b5:af:39:5a:
5d:aa:3e:c3:4d:63:22:8f:4d:62:55:35:5d:da:0a:
c4:54:f8:f6:49:d0:a1:34:b9:3a:7d:1f:20:bc:cb:
c0:fc:ac:f9:68:58:b4:56:0c:18:5c:90:4b:02:71:
73:09:6d:9c:e4:96:16:bb:1b:a3:e2:88:2d:33:2e:
37:e7:a7:35:fb:56:ac:42:83:b1:d5:80:47:86:2c:
94:08:ab:60:ef:91:d3:a1:6c:3b:f1:9b:3f:ee:ca:
05:64:8f:a2:61:40:98:56:ce:12:0b:53:68:35:f5:
dc:d2:22:24:5b:d2:4a:5d:5a:62:6e:48:09:02:4b:
a9:24:07:ea:0a:19:41:88:2b:a2:c4:a4:97:20:c8:
f8:4d:40:a8:37:19:77:16:37:32:8a:b8:f9:e8:00:
97:c0:3d:4d:16:36:6e:b7:2c:b8:8e:0f:ca:32:a2:
97:a4:94:20:f7:5c:37:58:95:50:71:ee:d4:bd:d9:
5c:30:aa:3f:5f:6d:91:14:d1:7d:86:2c:45:0e:21:
c7:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:DB:F1:10:BD:EB:FB:63:F8:78:D8:7E:F3:9C:87:60:AC:C8:4E:17
X509v3 Authority Key Identifier:
keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/m9vxEL3r-2P4eNh-85yHYKzIThc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.36.0/22
185.164.74.0/23
185.229.28.0/22
IPv6:
2a06:5a40::/29
2a0a:d400::/29
2a0d:6600::/29
Signature Algorithm: sha256WithRSAEncryption
27:79:27:92:5a:40:13:63:4d:f0:9b:a1:8d:5b:f2:d5:4c:94:
62:63:7e:44:34:60:f1:c8:ef:f1:94:e7:5d:de:c5:c9:fc:f8:
91:a3:3b:60:c0:af:d2:3e:a9:02:c4:6c:bd:92:81:39:6d:51:
e8:07:34:bf:8e:ea:0a:f9:bd:70:0b:da:26:75:78:0b:e6:b2:
67:21:b1:ab:8c:ea:29:6a:f9:e8:2a:08:f3:e1:c7:39:62:5c:
df:d3:2a:66:fd:64:e0:8e:fd:36:fe:5c:17:be:35:27:8f:08:
6d:9c:1b:5a:75:23:93:d8:5f:83:d2:35:7b:6c:54:58:b2:19:
36:4a:5d:13:7d:75:25:e3:01:8d:ee:dd:7f:16:b5:8c:78:9f:
00:04:f6:eb:9c:89:43:32:df:69:9c:5b:24:bc:31:6b:e5:b3:
89:bd:38:f8:3f:f0:85:f9:20:b4:37:21:20:5f:71:54:13:8d:
2e:a0:8c:bd:eb:48:64:27:33:7a:08:4d:f5:4d:e9:32:f1:17:
46:c4:2b:b3:c7:ad:1a:93:5c:d3:11:64:5a:5b:70:c2:43:f7:
ef:ac:b7:2b:98:00:d8:c5:84:a2:ac:da:dd:f2:98:0b:2e:33:
b4:9c:29:b0:d7:c3:a6:ca:5a:f6:3d:31:61:f4:f3:72:03:9f:
fe:85:14:2a
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYRH6IQLmS74SJPV5W9q/R3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTM4MWI2ZTc2Y2I5NTIwZThkOGY1Njc3NmVjYTBmZTE3
NmNjNDAwHhcNMjIxMTA1MTMwODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmRiZjExMGJkZWJmYjYzZjg3OGQ4N2VmMzljODc2MGFjYzg0ZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLowzv2iHPDFPxbByFIp3Ig0fwxO
GxFAqf5L5mWfBzlzYjbS6HbnMhpsJ952KNyRqDouDtUv2rWvOVpdqj7DTWMij01i
VTVd2grEVPj2SdChNLk6fR8gvMvA/Kz5aFi0VgwYXJBLAnFzCW2c5JYWuxuj4ogt
My4356c1+1asQoOx1YBHhiyUCKtg75HToWw78Zs/7soFZI+iYUCYVs4SC1NoNfXc
0iIkW9JKXVpibkgJAkupJAfqChlBiCuixKSXIMj4TUCoNxl3Fjcyirj56ACXwD1N
FjZutyy4jg/KMqKXpJQg91w3WJVQce7UvdlcMKo/X22RFNF9hixFDiHHawIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJvb8RC96/tj+HjYfvOch2CsyE4XMB8GA1UdIwQY
MBaAFKDjgbbnbLlSDo2PVnduyg/hdsxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEt
YTljMzg0MTI4ZDQyLzEvbTl2eEVMM3ItMlA0ZU5oLTg1eUhZS3pJVGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEtYTljMzg0MTI4ZDQy
LzEvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQCuaEkAwQB
uaRKAwQCueUcMBsEAgACMBUDBQMqBlpAAwUDKgrUAAMFAyoNZgAwDQYJKoZIhvcN
AQELBQADggEBACd5J5JaQBNjTfCboY1b8tVMlGJjfkQ0YPHI7/GU513excn8+JGj
O2DAr9I+qQLEbL2SgTltUegHNL+O6gr5vXAL2iZ1eAvmsmchsauM6ilq+egqCPPh
xzliXN/TKmb9ZOCO/Tb+XBe+NSePCG2cG1p1I5PYX4PSNXtsVFiyGTZKXRN9dSXj
AY3u3X8WtYx4nwAE9uuciUMy32mcWyS8MWvls4m9OPg/8IX5ILQ3ISBfcVQTjS6g
jL3rSGQnM3oITfVN6TLxF0bEK7PHrRqTXNMRZFpbcMJD9++styuYANjFhKKs2t3y
mAsuM7ScKbDXw6bKWvY9MWH083IDn/6FFCo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:46 2024 by rpki-client on console-ams.rpki-client.org