Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/iMfS1ZLmDQayby0ptTnBeH5w3is.roa
File: iMfS1ZLmDQayby0ptTnBeH5w3is.roa (raw, json)
Hash identifier: n0pM6FNfOf5t0SDq3kvOFFCUCrvXzCD7Mhb2Ky57aaU=
Subject key identifier: 88:C7:D2:D5:92:E6:0D:06:B2:6F:2D:29:B5:39:C1:78:7E:70:DE:2B
Certificate issuer: /CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Certificate serial: 0184189850313AE6D0F2A928935D953884F3
Authority key identifier: 5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/iMfS1ZLmDQayby0ptTnBeH5w3is.roa
Signing time: Thu 27 Oct 2022 08:39:05 +0000
ROA not before: Thu 27 Oct 2022 08:39:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34244
IP address blocks: 94.46.136.0/22 maxlen: 22
45.152.172.0/22 maxlen: 22
178.236.65.48/29 maxlen: 29
178.255.112.0/22 maxlen: 22
178.236.73.80/29 maxlen: 29
178.236.73.112/29 maxlen: 29
178.236.73.176/29 maxlen: 29
193.221.219.0/24 maxlen: 24
141.98.236.0/22 maxlen: 22
178.236.72.28/30 maxlen: 30
193.221.120.0/24 maxlen: 24
193.221.123.0/24 maxlen: 24
185.186.32.0/22 maxlen: 22
178.236.72.48/28 maxlen: 28
185.176.28.0/22 maxlen: 22
185.216.152.0/22 maxlen: 22
5.180.0.0/22 maxlen: 22
178.236.72.88/29 maxlen: 29
178.236.74.88/29 maxlen: 29
185.121.44.0/22 maxlen: 22
185.223.236.0/22 maxlen: 22
185.240.208.0/22 maxlen: 22
45.93.232.0/22 maxlen: 22
195.210.52.0/23 maxlen: 23
128.127.184.0/21 maxlen: 21
94.46.240.0/22 maxlen: 22
81.92.220.0/22 maxlen: 22
178.236.73.128/29 maxlen: 29
178.236.73.160/29 maxlen: 29
178.236.73.224/29 maxlen: 29
185.247.236.0/22 maxlen: 22
45.131.188.0/22 maxlen: 22
92.39.32.0/20 maxlen: 20
31.170.28.0/22 maxlen: 22
31.170.26.0/23 maxlen: 23
81.92.196.0/22 maxlen: 22
45.8.152.0/22 maxlen: 22
85.30.128.0/18 maxlen: 18
155.137.24.0/21 maxlen: 21
185.4.8.0/22 maxlen: 22
178.236.73.200/29 maxlen: 29
193.221.93.0/24 maxlen: 24
37.221.104.0/22 maxlen: 22
185.197.224.0/22 maxlen: 22
188.66.48.0/22 maxlen: 22
45.14.4.0/22 maxlen: 22
2a02:80::/32 maxlen: 32
2a02:80::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:18:98:50:31:3a:e6:d0:f2:a9:28:93:5d:95:38:84:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Validity
Not Before: Oct 27 08:39:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=88c7d2d592e60d06b26f2d29b539c1787e70de2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:08:31:d3:61:08:5c:13:57:7f:75:94:2c:6a:
cc:ec:57:bf:47:ce:1e:63:25:2f:34:d9:26:c4:b8:
cc:86:4b:ad:36:c8:11:47:dd:8e:e2:26:52:91:a6:
5f:12:3c:d2:83:45:61:df:32:22:dc:41:6d:76:59:
8c:72:0b:6b:dc:3d:61:a7:93:b5:02:4a:98:c0:8f:
21:b1:fd:4f:09:ac:fc:a2:9e:be:84:a6:7f:5d:50:
99:53:2e:08:7a:3a:b7:78:92:18:34:d2:f5:39:38:
9c:f4:fc:66:52:ee:c7:d7:c6:7a:2c:68:75:3b:cb:
bd:a6:28:73:8b:98:d1:43:98:cf:6d:fc:75:22:38:
97:42:c0:b6:cd:01:db:06:9a:e5:39:6c:c5:d1:1e:
4f:a8:db:5f:24:07:b5:3a:23:73:f3:7b:17:c8:19:
18:b5:16:40:92:4e:95:19:b6:40:ae:24:f5:5c:32:
83:a9:e6:c9:d9:45:70:2e:db:ac:2c:e1:34:4d:fc:
40:4c:de:ea:ef:e3:24:73:80:b3:ac:3c:38:a1:56:
23:69:ce:58:49:a4:fa:fd:ff:7f:28:1f:a2:03:7b:
eb:20:11:af:e1:9a:5f:93:5f:e8:d1:38:43:bf:ff:
89:36:1c:f6:ad:4c:db:e2:0e:ed:78:40:c7:d5:76:
c8:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:C7:D2:D5:92:E6:0D:06:B2:6F:2D:29:B5:39:C1:78:7E:70:DE:2B
X509v3 Authority Key Identifier:
keyid:5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/iMfS1ZLmDQayby0ptTnBeH5w3is.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.0.0/22
31.170.26.0-31.170.31.255
37.221.104.0/22
45.8.152.0/22
45.14.4.0/22
45.93.232.0/22
45.131.188.0/22
45.152.172.0/22
81.92.196.0/22
81.92.220.0/22
85.30.128.0/18
92.39.32.0/20
94.46.136.0/22
94.46.240.0/22
128.127.184.0/21
141.98.236.0/22
155.137.24.0/21
178.236.65.48/29
178.236.72.28/30
178.236.72.48/28
178.236.72.88/29
178.236.73.80/29
178.236.73.112/29
178.236.73.128/29
178.236.73.160/29
178.236.73.176/29
178.236.73.200/29
178.236.73.224/29
178.236.74.88/29
178.255.112.0/22
185.4.8.0/22
185.121.44.0/22
185.176.28.0/22
185.186.32.0/22
185.197.224.0/22
185.216.152.0/22
185.223.236.0/22
185.240.208.0/22
185.247.236.0/22
188.66.48.0/22
193.221.93.0/24
193.221.120.0/24
193.221.123.0/24
193.221.219.0/24
195.210.52.0/23
IPv6:
2a02:80::/29
Signature Algorithm: sha256WithRSAEncryption
a0:f7:6e:83:63:31:1e:ff:62:9d:ac:80:0c:e9:64:22:49:e9:
7a:52:8d:ac:7d:b6:46:97:a1:c2:38:bd:12:34:55:28:bf:72:
30:b3:99:6d:88:9e:9a:54:30:36:43:7b:15:3c:fc:5d:50:9b:
48:8f:da:88:f6:96:9d:4f:6f:40:c0:fc:45:7b:2c:c6:86:1c:
01:c4:9e:05:2c:66:8d:09:ac:96:d1:22:f8:96:97:59:c2:81:
d3:a5:1a:38:92:ef:5d:e2:50:c3:4a:ad:60:ed:93:1a:3a:87:
b4:d8:41:9b:51:9c:ea:9e:fb:81:0f:c4:b2:d0:e3:b5:48:ce:
85:6e:ea:47:82:eb:98:f4:f8:39:a6:29:fd:6f:93:49:fb:1d:
4d:21:82:d3:89:38:e8:54:56:b6:c1:b0:53:aa:09:c2:14:03:
ae:e7:93:9a:2b:d3:ca:74:00:8b:50:7e:fc:21:d2:c4:63:ee:
0b:a5:c7:f7:5e:de:90:f6:ef:96:b2:60:f8:ed:c2:61:66:11:
18:2b:b6:2c:53:eb:82:fa:e1:91:7f:97:c8:77:6b:28:0a:3f:
d9:83:6a:01:86:7b:1c:9d:15:b2:49:60:ee:04:92:7a:1a:25:
36:4f:38:22:fe:c3:d6:c3:ce:5f:78:dd:f0:92:e3:33:52:ce:
29:4a:d3:5c
-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgISAYQYmFAxOubQ8qkok12VOITzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWZhMDZkNWRiYWRhNDNkZTQ0ZjRlNGIxZGM5NDkyYmIy
ODdjOWQwHhcNMjIxMDI3MDgzOTA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGM3ZDJkNTkyZTYwZDA2YjI2ZjJkMjliNTM5YzE3ODdlNzBkZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuggx02EIXBNXf3WULGrM7Fe/R84e
YyUvNNkmxLjMhkutNsgRR92O4iZSkaZfEjzSg0Vh3zIi3EFtdlmMcgtr3D1hp5O1
AkqYwI8hsf1PCaz8op6+hKZ/XVCZUy4Iejq3eJIYNNL1OTic9PxmUu7H18Z6LGh1
O8u9pihzi5jRQ5jPbfx1IjiXQsC2zQHbBprlOWzF0R5PqNtfJAe1OiNz83sXyBkY
tRZAkk6VGbZAriT1XDKDqebJ2UVwLtusLOE0TfxATN7q7+Mkc4CzrDw4oVYjac5Y
SaT6/f9/KB+iA3vrIBGv4Zpfk1/o0ThDv/+JNhz2rUzb4g7teEDH1XbI5wIDAQAB
o4IDPjCCAzowHQYDVR0OBBYEFIjH0tWS5g0Gsm8tKbU5wXh+cN4rMB8GA1UdIwQY
MBaAFF8foG1dutpD3kT05LHclJK7KHydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUt
MjU4NDZkNTlmZDYwLzEvaU1mUzFaTG1EUWF5YnkwcHRUbkJlSDV3M2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUtMjU4NDZkNTlmZDYw
LzEvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUgYIKwYBBQUHAQcBAf8EggFBMIIBPTCCASoEAgABMIIB
IgMEAgW0ADAMAwQBH6oaAwQFH6oAAwQCJd1oAwQCLQiYAwQCLQ4EAwQCLV3oAwQC
LYO8AwQCLZisAwQCUVzEAwQCUVzcAwQGVR6AAwQEXCcgAwQCXi6IAwQCXi7wAwQD
gH+4AwQCjWLsAwQDm4kYAwUDsuxBMAMFArLsSBwDBQSy7EgwAwUDsuxIWAMFA7Ls
SVADBQOy7ElwAwUDsuxJgAMFA7LsSaADBQOy7EmwAwUDsuxJyAMFA7LsSeADBQOy
7EpYAwQCsv9wAwQCuQQIAwQCuXksAwQCubAcAwQCubogAwQCucXgAwQCudiYAwQC
ud/sAwQCufDQAwQCuffsAwQCvEIwAwQAwd1dAwQAwd14AwQAwd17AwQAwd3bAwQB
w9I0MA0EAgACMAcDBQMqAgCAMA0GCSqGSIb3DQEBCwUAA4IBAQCg926DYzEe/2Kd
rIAM6WQiSel6Uo2sfbZGl6HCOL0SNFUov3Iws5ltiJ6aVDA2Q3sVPPxdUJtIj9qI
9padT29AwPxFeyzGhhwBxJ4FLGaNCayW0SL4lpdZwoHTpRo4ku9d4lDDSq1g7ZMa
Ooe02EGbUZzqnvuBD8Sy0OO1SM6FbupHguuY9Pg5pin9b5NJ+x1NIYLTiTjoVFa2
wbBTqgnCFAOu55OaK9PKdACLUH78IdLEY+4Lpcf3Xt6Q9u+WsmD47cJhZhEYK7Ys
U+uC+uGRf5fId2soCj/Zg2oBhnscnRWySWDuBJJ6GiU2Tzgi/sPWw85feN3wkuMz
Us4pStNc
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:39 2023 by rpki-client on console-fra.rpki-client.org