Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EFRl41W7u2js-cRQ2pbKXNo1qQw.roa
File: EFRl41W7u2js-cRQ2pbKXNo1qQw.roa (raw, json)
Hash identifier: gEADFH3BsfKxHvjTuDzIswxSTEpDEuixkykPxgrlkgc=
Subject key identifier: 10:54:65:E3:55:BB:BB:68:EC:F9:C4:50:DA:96:CA:5C:DA:35:A9:0C
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 018498E8B0BA7B393494B26CFA813384BC51
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EFRl41W7u2js-cRQ2pbKXNo1qQw.roa
Signing time: Mon 21 Nov 2022 06:38:17 +0000
ROA not before: Mon 21 Nov 2022 06:38:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49999
IP address blocks: 88.216.187.0/24 maxlen: 24
84.32.88.0/24 maxlen: 24
84.32.220.0/22 maxlen: 24
84.32.224.0/24 maxlen: 24
84.32.14.0/24 maxlen: 24
84.32.34.0/24 maxlen: 24
88.216.40.0/24 maxlen: 24
84.32.40.0/22 maxlen: 24
84.32.254.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:98:e8:b0:ba:7b:39:34:94:b2:6c:fa:81:33:84:bc:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Nov 21 06:38:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=105465e355bbbb68ecf9c450da96ca5cda35a90c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:fb:b0:60:94:b3:4a:ab:cf:41:18:14:3e:4e:
55:9e:ac:f2:ca:58:b3:29:d7:bf:42:dc:df:42:6d:
65:bd:c2:be:aa:1b:0c:5e:2a:0a:88:16:04:00:9a:
72:5b:2f:d4:d9:16:d1:67:88:d2:65:ae:4c:93:02:
8e:b6:41:e5:1d:df:3e:47:14:f5:05:1f:ea:e1:16:
34:03:d8:cb:da:7e:c2:9e:93:2e:2f:73:21:86:51:
0a:31:e2:6c:1a:d9:be:89:41:d5:4d:75:0c:37:4b:
2b:e7:75:54:75:bd:8a:49:c3:c3:64:37:99:a0:26:
a2:98:33:8c:c0:8e:1f:17:9c:9a:af:72:81:f2:f7:
e4:82:2d:4d:d3:a5:c7:61:6d:00:b3:fd:3b:bf:6e:
d1:3d:8a:46:dd:40:c6:ed:bc:f9:6e:ab:a3:ff:fd:
9e:8d:2d:ad:36:b3:61:e8:b6:43:93:25:35:69:af:
ba:d0:c5:d3:61:3a:f9:f3:ea:7e:51:15:e3:8d:13:
8a:38:49:8f:b1:9f:12:8a:ba:77:71:eb:27:db:f4:
c1:b4:41:2e:f2:07:73:f4:96:15:8c:79:16:4a:99:
66:db:9e:8e:00:e7:3c:76:f5:f2:33:09:51:61:e8:
ca:f9:fc:f7:32:21:a1:94:c8:8c:29:c4:06:86:61:
8d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:54:65:E3:55:BB:BB:68:EC:F9:C4:50:DA:96:CA:5C:DA:35:A9:0C
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EFRl41W7u2js-cRQ2pbKXNo1qQw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.14.0/24
84.32.34.0/24
84.32.40.0/22
84.32.88.0/24
84.32.220.0-84.32.224.255
84.32.254.0/24
88.216.40.0/24
88.216.187.0/24
Signature Algorithm: sha256WithRSAEncryption
68:84:37:1b:b8:48:b6:a7:a0:cb:1a:a2:3a:25:84:ec:55:8d:
98:34:d3:88:fe:12:ea:30:83:76:31:8e:1a:6c:e0:ad:58:10:
24:54:de:43:49:c5:c7:07:61:4b:50:5a:84:7c:00:4c:87:17:
ab:d5:cd:00:1a:32:cf:5e:36:33:cb:8b:bd:42:87:22:1b:98:
8a:e8:43:1c:a7:d7:6d:58:9c:4d:39:fc:9d:54:25:c2:dc:e9:
25:59:71:44:14:ec:10:91:34:ad:0e:04:7c:98:1f:68:5a:6a:
fc:85:62:55:89:65:ea:88:40:f6:b4:76:70:f3:c1:27:a2:4f:
c1:67:5f:f7:2b:75:6c:7d:e9:25:12:70:49:5a:43:60:95:d8:
68:eb:be:bb:de:a5:e5:0e:5c:69:fd:f9:ef:80:d1:3b:51:65:
51:cd:f2:82:37:24:3e:b4:ed:a8:24:2a:32:6b:62:d8:4d:40:
e0:39:14:af:41:91:3e:ae:21:43:b8:1f:33:ff:f1:a2:98:fa:
87:42:03:02:ba:ad:7e:6a:ca:5c:5b:c7:60:2f:13:e4:c3:49:
66:6a:ab:57:0a:98:04:75:85:b1:8c:55:c4:42:01:c3:e4:73:
e5:7c:87:cb:3a:1c:3b:7e:ca:9d:07:dd:5e:a3:99:2a:a7:e6:
5f:10:85:d1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYSY6LC6ezk0lLJs+oEzhLxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTIxMDYzODE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDU0NjVlMzU1YmJiYjY4ZWNmOWM0NTBkYTk2Y2E1Y2RhMzVhOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfuwYJSzSqvPQRgUPk5Vnqzyyliz
Kde/QtzfQm1lvcK+qhsMXioKiBYEAJpyWy/U2RbRZ4jSZa5MkwKOtkHlHd8+RxT1
BR/q4RY0A9jL2n7CnpMuL3MhhlEKMeJsGtm+iUHVTXUMN0sr53VUdb2KScPDZDeZ
oCaimDOMwI4fF5yar3KB8vfkgi1N06XHYW0As/07v27RPYpG3UDG7bz5bquj//2e
jS2tNrNh6LZDkyU1aa+60MXTYTr58+p+URXjjROKOEmPsZ8Sirp3cesn2/TBtEEu
8gdz9JYVjHkWSplm256OAOc8dvXyMwlRYejK+fz3MiGhlMiMKcQGhmGN5wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBBUZeNVu7to7PnEUNqWylzaNakMMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRUZSbDQxVzd1MmpzLWNSUTJwYktYTm8xcVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVCAOAwQA
VCAiAwQCVCAoAwQAVCBYMAwDBAJUINwDBABUIOADBABUIP4DBABY2CgDBABY2Lsw
DQYJKoZIhvcNAQELBQADggEBAGiENxu4SLanoMsaojolhOxVjZg004j+Euowg3Yx
jhps4K1YECRU3kNJxccHYUtQWoR8AEyHF6vVzQAaMs9eNjPLi71ChyIbmIroQxyn
121YnE05/J1UJcLc6SVZcUQU7BCRNK0OBHyYH2haavyFYlWJZeqIQPa0dnDzwSei
T8FnX/crdWx96SUScElaQ2CV2GjrvrvepeUOXGn9+e+A0TtRZVHN8oI3JD607agk
KjJrYthNQOA5FK9BkT6uIUO4HzP/8aKY+odCAwK6rX5qylxbx2AvE+TDSWZqq1cK
mAR1hbGMVcRCAcPkc+V8h8s6HDt+yp0H3V6jmSqn5l8QhdE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:31 2024 by rpki-client on console-fra.rpki-client.org