Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/IIvekPedV8NEoWLdNQFrbZ8zEDc.roa
File: IIvekPedV8NEoWLdNQFrbZ8zEDc.roa (raw, json)
Hash identifier: 3umPKbroTE9Z/OmOXgxYGCyOvS3zL7rPZBvSCu4YRiQ=
Subject key identifier: 20:8B:DE:90:F7:9D:57:C3:44:A1:62:DD:35:01:6B:6D:9F:33:10:37
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 018484E44A4BCB95B1DB33140E15FDB8175B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/IIvekPedV8NEoWLdNQFrbZ8zEDc.roa
Signing time: Thu 17 Nov 2022 09:21:04 +0000
ROA not before: Thu 17 Nov 2022 09:21:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211237
IP address blocks: 84.32.58.0/24 maxlen: 24
84.32.71.0/24 maxlen: 24
88.216.199.0/24 maxlen: 24
84.32.93.0/24 maxlen: 24
88.216.223.0/24 maxlen: 24
88.216.21.0/24 maxlen: 24
84.32.41.0/24 maxlen: 24
84.32.48.0/24 maxlen: 24
84.32.51.0/24 maxlen: 24
84.32.50.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:84:e4:4a:4b:cb:95:b1:db:33:14:0e:15:fd:b8:17:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Nov 17 09:21:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=208bde90f79d57c344a162dd35016b6d9f331037
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:04:09:a8:74:32:50:e1:12:65:cb:c1:b2:22:
47:08:77:da:cd:5c:a2:e0:12:65:19:f1:b1:e9:17:
5d:ad:8d:59:06:1e:60:5c:50:9f:78:61:d5:68:78:
c2:6b:38:c8:aa:ae:4c:84:eb:d3:b7:4b:63:db:58:
19:18:76:5f:11:33:12:0f:6e:c5:2a:14:45:a3:7f:
df:47:e4:5e:68:c6:20:77:fe:61:75:78:75:1c:13:
1d:54:8f:3b:b4:c7:dd:ae:fe:e4:b9:26:ea:9d:37:
ba:db:0e:e7:56:da:d8:4a:82:86:38:75:a6:23:c6:
f9:75:25:04:9c:49:88:56:ff:e0:72:d5:52:5b:13:
99:f5:4d:2a:10:9c:9b:f8:ad:42:53:d3:28:10:4d:
72:89:c3:af:c4:33:cd:10:71:5e:7d:4c:11:96:ec:
87:96:38:4f:ad:12:df:a4:b0:3e:59:66:36:7d:4b:
49:59:5e:0e:b3:e5:b1:9e:d4:bb:3b:65:c2:b9:ca:
ee:42:4c:f7:53:ac:48:99:68:d8:d2:e4:75:33:cf:
b2:e0:78:6d:5e:1c:78:13:a5:da:b5:9a:4a:c0:00:
c0:74:00:d2:ea:b5:f9:b1:f1:ea:d4:04:50:10:a2:
44:d7:d2:f9:a7:4e:8a:38:30:d1:0a:a7:75:a2:97:
e0:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:8B:DE:90:F7:9D:57:C3:44:A1:62:DD:35:01:6B:6D:9F:33:10:37
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/IIvekPedV8NEoWLdNQFrbZ8zEDc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.41.0/24
84.32.48.0/24
84.32.50.0/23
84.32.58.0/24
84.32.71.0/24
84.32.93.0/24
88.216.21.0/24
88.216.199.0/24
88.216.223.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:ea:ae:67:74:55:b6:32:77:b4:12:a0:f6:08:da:29:74:53:
4a:38:9c:28:c1:12:02:57:7b:73:b0:be:25:ca:3f:43:62:4e:
97:29:e6:ac:56:86:64:1c:b9:bf:cc:3b:3b:e6:81:7c:15:12:
a2:52:7a:27:5b:2d:2f:2f:25:fd:bd:aa:b2:8e:3a:6f:81:13:
0b:cf:0d:8c:89:4a:26:34:52:da:6b:61:c4:cd:c0:3d:7e:13:
d4:ad:07:98:4b:fc:f2:af:6c:67:99:e1:b0:61:5a:9a:e4:80:
05:54:3c:fe:e8:7d:d3:b7:0c:04:3f:b7:ae:c4:19:a3:29:c0:
dd:3e:a4:2e:63:18:c6:d2:e7:a1:60:76:d5:f8:81:73:21:21:
05:5c:66:0d:c5:4b:19:ac:d6:62:4d:34:ff:7e:1b:c1:a8:93:
d2:d7:47:00:d6:e4:06:ce:59:fd:52:88:d9:5b:07:29:e9:cd:
22:73:c4:dc:80:94:27:3a:74:fc:a2:44:e1:a2:90:b8:1b:d1:
68:0d:f8:70:41:56:f4:39:28:84:09:49:b4:75:ce:7b:1a:33:
f4:5f:03:3d:32:3c:9a:41:89:f0:fb:1f:2c:32:79:da:30:3e:
f6:73:23:dd:85:ca:8d:20:ff:0e:d3:60:6f:3d:5f:50:fe:40:
1c:77:94:0b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYSE5EpLy5Wx2zMUDhX9uBdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTE3MDkyMTA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDhiZGU5MGY3OWQ1N2MzNDRhMTYyZGQzNTAxNmI2ZDlmMzMxMDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgQJqHQyUOESZcvBsiJHCHfazVyi
4BJlGfGx6RddrY1ZBh5gXFCfeGHVaHjCazjIqq5MhOvTt0tj21gZGHZfETMSD27F
KhRFo3/fR+ReaMYgd/5hdXh1HBMdVI87tMfdrv7kuSbqnTe62w7nVtrYSoKGOHWm
I8b5dSUEnEmIVv/gctVSWxOZ9U0qEJyb+K1CU9MoEE1yicOvxDPNEHFefUwRluyH
ljhPrRLfpLA+WWY2fUtJWV4Os+WxntS7O2XCucruQkz3U6xImWjY0uR1M8+y4Hht
Xhx4E6XatZpKwADAdADS6rX5sfHq1ARQEKJE19L5p06KODDRCqd1opfgKQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCCL3pD3nVfDRKFi3TUBa22fMxA3MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSUl2ZWtQZWRWOE5Fb1dMZE5RRnJiWjh6RURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVCApAwQA
VCAwAwQBVCAyAwQAVCA6AwQAVCBHAwQAVCBdAwQAWNgVAwQAWNjHAwQAWNjfMA0G
CSqGSIb3DQEBCwUAA4IBAQBb6q5ndFW2Mne0EqD2CNopdFNKOJwowRICV3tzsL4l
yj9DYk6XKeasVoZkHLm/zDs75oF8FRKiUnonWy0vLyX9vaqyjjpvgRMLzw2MiUom
NFLaa2HEzcA9fhPUrQeYS/zyr2xnmeGwYVqa5IAFVDz+6H3TtwwEP7euxBmjKcDd
PqQuYxjG0uehYHbV+IFzISEFXGYNxUsZrNZiTTT/fhvBqJPS10cA1uQGzln9UojZ
Wwcp6c0ic8TcgJQnOnT8okThopC4G9FoDfhwQVb0OSiECUm0dc57GjP0XwM9Mjya
QYnw+x8sMnnaMD72cyPdhcqNIP8O02BvPV9Q/kAcd5QL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:26 2024 by rpki-client on console-ams.rpki-client.org