Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZgU7BYf3fd6T-11h6ytfDLspNzA.roa
File: ZgU7BYf3fd6T-11h6ytfDLspNzA.roa (raw, json)
Hash identifier: nvNKhWNzxWsVH2kiRyAuh2VcL5dzIGoryCHQF/8Yack=
Subject key identifier: 66:05:3B:05:87:F7:7D:DE:93:FB:5D:61:EB:2B:5F:0C:BB:29:37:30
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0184DDA639CB099225613172013B878982A3
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZgU7BYf3fd6T-11h6ytfDLspNzA.roa
Signing time: Sun 04 Dec 2022 14:59:29 +0000
ROA not before: Sun 04 Dec 2022 14:59:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61138
IP address blocks: 84.32.57.0/24 maxlen: 24
84.32.67.0/24 maxlen: 24
88.216.187.0/24 maxlen: 24
84.32.85.0/24 maxlen: 24
84.32.91.0/24 maxlen: 24
88.216.101.0/24 maxlen: 24
88.216.130.0/24 maxlen: 24
88.216.38.0/24 maxlen: 24
84.32.39.0/24 maxlen: 24
88.216.39.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:dd:a6:39:cb:09:92:25:61:31:72:01:3b:87:89:82:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Dec 4 14:59:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=66053b0587f77dde93fb5d61eb2b5f0cbb293730
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:19:bd:ae:14:d2:ae:56:54:5d:c4:99:14:93:
95:4d:b2:00:58:b3:86:f2:ad:ba:7b:8b:4b:df:78:
73:01:12:4e:b0:e9:21:58:b0:bf:4c:ba:31:44:0e:
d9:6b:a9:68:6d:aa:90:78:23:91:fb:d6:bc:cc:3c:
39:36:23:d7:44:be:2b:de:4d:da:e7:da:4a:d8:3b:
f3:53:ee:4c:21:8b:95:27:08:5d:ad:6f:86:77:dc:
bb:49:60:58:be:72:67:47:38:75:44:1c:68:6e:a1:
f9:d2:7d:7a:38:2d:b6:ba:cd:7f:1b:1a:20:93:df:
41:85:82:f7:6b:39:5b:e9:4b:b3:1f:32:a7:f1:de:
67:df:68:fd:f6:71:37:b7:ca:88:02:81:dc:a6:a5:
b4:58:17:11:a3:4c:7d:b0:80:86:bd:fa:c5:b1:0d:
4f:fc:4d:73:3a:fa:ba:92:30:7c:25:36:00:4a:f0:
10:0b:3c:97:18:aa:c0:a1:dd:c8:0a:cb:fd:60:ac:
cb:65:f0:c9:7e:57:60:55:57:f6:8e:20:4c:a6:59:
a9:45:b4:d8:8f:99:6d:53:2a:24:e7:dd:81:8d:60:
1f:06:9a:58:f0:85:a8:a6:dc:20:69:e0:1d:e0:50:
70:71:f2:85:be:5b:03:01:75:46:6b:6a:85:d3:43:
23:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:05:3B:05:87:F7:7D:DE:93:FB:5D:61:EB:2B:5F:0C:BB:29:37:30
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZgU7BYf3fd6T-11h6ytfDLspNzA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.39.0/24
84.32.57.0/24
84.32.67.0/24
84.32.85.0/24
84.32.91.0/24
88.216.38.0/23
88.216.101.0/24
88.216.130.0/24
88.216.187.0/24
Signature Algorithm: sha256WithRSAEncryption
48:40:75:c8:92:b3:22:8d:9c:ca:5f:ef:5b:65:d0:9c:8d:26:
8f:c3:87:c8:e1:88:a3:d1:15:3d:b5:a0:c6:f2:90:39:3a:25:
fe:67:92:a3:29:99:d5:e6:2b:85:22:76:69:20:4e:b1:1e:e0:
f0:c0:28:5f:d1:6e:68:91:84:f5:b8:06:44:fe:18:f2:1c:5e:
36:61:a0:69:4c:71:79:96:3b:64:ca:77:45:4b:f0:1a:df:b5:
d5:c2:58:b8:2b:ce:f8:6a:0e:3b:34:0f:7c:b8:87:4f:6d:f0:
f5:3b:3f:03:7c:4b:db:45:06:19:6b:1b:d9:a3:df:72:a4:93:
84:cb:22:c7:ac:a4:96:99:00:47:45:a7:02:32:51:d7:88:c3:
c3:3e:6f:86:53:f4:fc:35:e9:24:d0:54:84:85:a0:38:20:b1:
37:73:89:ce:b8:2d:e4:84:ae:a2:bb:02:d4:ae:94:0d:05:11:
58:62:2b:36:0f:4f:14:40:65:04:85:4c:d6:7b:e1:3a:38:75:
b1:f9:75:11:94:3c:40:44:aa:45:ee:f2:35:3f:96:4b:70:ec:
00:c6:fe:ba:19:eb:9a:a1:82:d0:f0:5f:94:8a:34:26:97:ab:
16:44:1d:71:e7:d0:56:29:83:78:56:ba:5e:36:16:88:41:45:
8c:87:78:3b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYTdpjnLCZIlYTFyATuHiYKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjA0MTQ1OTI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjA1M2IwNTg3Zjc3ZGRlOTNmYjVkNjFlYjJiNWYwY2JiMjkzNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBm9rhTSrlZUXcSZFJOVTbIAWLOG
8q26e4tL33hzARJOsOkhWLC/TLoxRA7Za6lobaqQeCOR+9a8zDw5NiPXRL4r3k3a
59pK2DvzU+5MIYuVJwhdrW+Gd9y7SWBYvnJnRzh1RBxobqH50n16OC22us1/Gxog
k99BhYL3azlb6UuzHzKn8d5n32j99nE3t8qIAoHcpqW0WBcRo0x9sICGvfrFsQ1P
/E1zOvq6kjB8JTYASvAQCzyXGKrAod3ICsv9YKzLZfDJfldgVVf2jiBMplmpRbTY
j5ltUyok592BjWAfBppY8IWoptwgaeAd4FBwcfKFvlsDAXVGa2qF00MjRQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGYFOwWH933ek/tdYesrXwy7KTcwMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWmdVN0JZZjNmZDZULTExaDZ5dGZETHNwTnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVCAnAwQA
VCA5AwQAVCBDAwQAVCBVAwQAVCBbAwQBWNgmAwQAWNhlAwQAWNiCAwQAWNi7MA0G
CSqGSIb3DQEBCwUAA4IBAQBIQHXIkrMijZzKX+9bZdCcjSaPw4fI4Yij0RU9taDG
8pA5OiX+Z5KjKZnV5iuFInZpIE6xHuDwwChf0W5okYT1uAZE/hjyHF42YaBpTHF5
ljtkyndFS/Aa37XVwli4K874ag47NA98uIdPbfD1Oz8DfEvbRQYZaxvZo99ypJOE
yyLHrKSWmQBHRacCMlHXiMPDPm+GU/T8Nekk0FSEhaA4ILE3c4nOuC3khK6iuwLU
rpQNBRFYYis2D08UQGUEhUzWe+E6OHWx+XURlDxARKpF7vI1P5ZLcOwAxv66Geua
oYLQ8F+UijQml6sWRB1x59BWKYN4VrpeNhaIQUWMh3g7
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:48 2023 by rpki-client on console-fra.rpki-client.org