Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2h8cl_w4iIGLfFELm4seSX8QZO8.roa
File: 2h8cl_w4iIGLfFELm4seSX8QZO8.roa (raw, json)
Hash identifier: P2HSB6BDrUgi246CtZQNx2gZZkrgIY6iD4AjQD0mUSM=
Subject key identifier: DA:1F:1C:97:FC:38:88:81:8B:7C:51:0B:9B:8B:1E:49:7F:10:64:EF
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0184668687D03C85222FB97794AE513E5839
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2h8cl_w4iIGLfFELm4seSX8QZO8.roa
Signing time: Fri 11 Nov 2022 11:50:03 +0000
ROA not before: Fri 11 Nov 2022 11:50:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209371
IP address blocks: 84.32.64.0/24 maxlen: 24
84.32.70.0/24 maxlen: 24
88.216.185.0/24 maxlen: 24
88.216.186.0/24 maxlen: 24
84.32.82.0/24 maxlen: 24
88.216.96.0/24 maxlen: 24
88.216.128.0/24 maxlen: 24
88.216.42.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:66:86:87:d0:3c:85:22:2f:b9:77:94:ae:51:3e:58:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Nov 11 11:50:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=da1f1c97fc3888818b7c510b9b8b1e497f1064ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:11:86:78:ee:4f:1e:3f:48:8b:76:ed:11:6d:
7c:76:78:a5:b2:6c:c0:4b:18:94:a4:6d:6e:84:78:
12:2e:fc:cf:0b:8b:06:e3:82:71:92:3f:7e:9a:9f:
63:a4:fe:26:87:81:ab:24:6c:4f:d8:13:e8:aa:fb:
96:45:5a:cb:e8:5b:41:54:9f:48:a6:7d:82:c3:67:
f9:2c:49:32:93:24:96:fa:91:a3:94:77:08:05:db:
8d:5c:e1:b9:87:b5:d4:3b:15:d4:64:72:0d:95:62:
b9:25:8b:45:46:34:36:bf:5e:f9:fd:f4:e8:45:42:
12:b7:ca:b0:96:89:48:84:a7:e2:7d:fb:ef:5b:f0:
b0:29:2a:2a:14:9f:a5:e6:44:95:c2:9b:85:c5:2f:
6a:b1:1a:99:13:dd:f1:ff:aa:9d:a3:8c:ad:79:3d:
ae:07:9c:07:20:6d:a0:ba:5f:1c:ae:b1:7a:ca:77:
81:a0:d0:4a:f2:a1:8b:d1:0f:72:4b:40:45:58:76:
90:28:e3:80:8b:64:58:2f:4d:df:59:dc:bc:fe:41:
8f:b7:b5:ee:8a:ca:c8:15:18:da:d2:88:b7:5d:4d:
68:91:0c:03:1c:5e:00:35:d0:94:74:b3:07:89:f9:
34:14:6e:24:3e:17:e1:51:32:15:e1:3f:85:19:27:
ae:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:1F:1C:97:FC:38:88:81:8B:7C:51:0B:9B:8B:1E:49:7F:10:64:EF
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2h8cl_w4iIGLfFELm4seSX8QZO8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.64.0/24
84.32.70.0/24
84.32.82.0/24
88.216.42.0/24
88.216.96.0/24
88.216.128.0/24
88.216.185.0-88.216.186.255
Signature Algorithm: sha256WithRSAEncryption
6e:dc:08:53:9c:5a:af:a4:2f:65:a0:8e:01:f3:99:0d:07:bf:
e8:7e:54:cd:bc:6d:dc:4b:4f:aa:8a:08:e2:a5:30:0f:6a:b6:
cf:f6:56:cb:98:75:cb:dc:37:03:dd:2b:13:71:9b:d3:0b:98:
60:18:6e:96:12:a9:5d:6b:f3:60:04:e8:76:74:85:f8:8b:42:
ee:80:41:46:23:e9:cd:c6:e1:c3:4c:f1:d3:91:e9:7e:5e:97:
39:65:44:49:13:51:00:90:df:4a:d3:41:07:ce:f1:e2:30:e1:
fa:c0:a5:90:d6:e3:95:dd:39:16:c7:6e:26:60:2d:5f:d7:7f:
96:67:2f:21:c4:12:5d:6d:29:8d:11:7d:07:7c:0f:e4:01:66:
35:fa:43:77:fd:5b:a9:c8:ec:3f:d0:44:28:be:1d:45:b4:ce:
9f:80:da:2f:81:ad:05:fa:4f:88:0c:3d:37:64:de:25:1f:6b:
99:cc:38:c6:b0:43:e0:26:48:ed:89:0f:21:6f:10:ac:9a:de:
1c:a6:e8:19:6c:d1:6c:1c:90:7e:cd:ac:46:90:12:aa:f2:21:
31:8d:68:cd:58:71:8d:4e:e6:8e:de:4b:b6:d2:73:16:14:6e:
80:e8:6a:d6:72:bb:86:75:0c:76:ee:91:2e:bf:9c:3d:0f:80:
cd:15:ed:fc
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYRmhofQPIUiL7l3lK5RPlg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTExMTE1MDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTFmMWM5N2ZjMzg4ODgxOGI3YzUxMGI5YjhiMWU0OTdmMTA2NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshGGeO5PHj9Ii3btEW18dnilsmzA
SxiUpG1uhHgSLvzPC4sG44Jxkj9+mp9jpP4mh4GrJGxP2BPoqvuWRVrL6FtBVJ9I
pn2Cw2f5LEkykySW+pGjlHcIBduNXOG5h7XUOxXUZHINlWK5JYtFRjQ2v175/fTo
RUISt8qwlolIhKfiffvvW/CwKSoqFJ+l5kSVwpuFxS9qsRqZE93x/6qdo4yteT2u
B5wHIG2gul8crrF6yneBoNBK8qGL0Q9yS0BFWHaQKOOAi2RYL03fWdy8/kGPt7Xu
isrIFRja0oi3XU1okQwDHF4ANdCUdLMHifk0FG4kPhfhUTIV4T+FGSeumQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFNofHJf8OIiBi3xRC5uLHkl/EGTvMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMmg4Y2xfdzRpSUdMZkZFTG00c2VTWDhRWk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAVCBAAwQA
VCBGAwQAVCBSAwQAWNgqAwQAWNhgAwQAWNiAMAwDBABY2LkDBABY2LowDQYJKoZI
hvcNAQELBQADggEBAG7cCFOcWq+kL2WgjgHzmQ0Hv+h+VM28bdxLT6qKCOKlMA9q
ts/2VsuYdcvcNwPdKxNxm9MLmGAYbpYSqV1r82AE6HZ0hfiLQu6AQUYj6c3G4cNM
8dOR6X5elzllREkTUQCQ30rTQQfO8eIw4frApZDW45XdORbHbiZgLV/Xf5ZnLyHE
El1tKY0RfQd8D+QBZjX6Q3f9W6nI7D/QRCi+HUW0zp+A2i+BrQX6T4gMPTdk3iUf
a5nMOMawQ+AmSO2JDyFvEKya3hym6Bls0WwckH7NrEaQEqryITGNaM1YcY1O5o7e
S7bScxYUboDoatZyu4Z1DHbukS6/nD0PgM0V7fw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:23 2024 by rpki-client on console-ams.rpki-client.org