Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/awEJO8U11A137sKjb6dylo58jps.roa
File: awEJO8U11A137sKjb6dylo58jps.roa (raw, json)
Hash identifier: NwAtWgJ4cxcveagh9nrQ5B6kKW/hOuG6vQni1xmBRKE=
Subject key identifier: 6B:01:09:3B:C5:35:D4:0D:77:EE:C2:A3:6F:A7:72:96:8E:7C:8E:9B
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0184F5CB6E5C7D39D40C67F77416261131B9
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/awEJO8U11A137sKjb6dylo58jps.roa
Signing time: Fri 09 Dec 2022 07:31:00 +0000
ROA not before: Fri 09 Dec 2022 07:31:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49581
IP address blocks: 84.32.174.0/24 maxlen: 24
84.32.173.0/24 maxlen: 24
88.216.181.0/24 maxlen: 24
88.216.90.0/24 maxlen: 24
84.32.213.0/24 maxlen: 24
84.32.240.0/24 maxlen: 24
84.32.243.0/24 maxlen: 24
84.32.251.0/24 maxlen: 24
84.32.249.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:f5:cb:6e:5c:7d:39:d4:0c:67:f7:74:16:26:11:31:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Dec 9 07:31:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6b01093bc535d40d77eec2a36fa772968e7c8e9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:a5:98:4d:9c:e8:11:2f:e5:57:32:76:66:78:
c1:d2:fc:04:30:91:69:b1:14:43:ef:38:77:fc:06:
48:c0:51:22:3a:ec:5e:d9:33:fc:bb:3e:5a:32:3e:
19:45:44:1b:d9:3c:04:91:03:3a:6c:f1:e3:7e:4c:
1c:f4:65:1c:d9:64:e3:7f:b7:f4:6d:16:bf:cb:1e:
c9:28:ed:a9:3e:ab:e7:04:31:9e:e5:5e:ba:3e:09:
4b:45:07:26:62:4f:e4:e1:9d:34:f0:70:20:8a:70:
cf:8e:76:f2:5f:ed:d6:c0:80:f8:c8:bf:64:5a:c6:
48:b7:b5:f7:c9:9b:15:f9:26:4a:f4:3e:9f:52:1b:
52:0a:9c:99:96:69:05:32:40:3f:dc:6e:20:05:fd:
f0:2b:fd:47:5f:c1:7a:fd:f3:a6:3b:02:ab:12:5f:
97:c8:05:6f:64:0a:85:e1:bd:ee:fb:25:8b:58:db:
2a:06:10:81:e6:c5:18:35:da:5d:e2:ce:b2:30:a2:
fb:99:e0:56:a7:d9:b6:61:a8:0f:16:31:35:b4:f4:
ec:a5:f7:01:5a:4c:f0:1f:da:67:96:9f:00:fd:85:
df:20:2a:9c:6c:a2:18:76:df:15:e7:02:b4:14:82:
9e:d3:20:66:ac:1d:33:b1:22:31:0d:6b:aa:f8:82:
ea:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:01:09:3B:C5:35:D4:0D:77:EE:C2:A3:6F:A7:72:96:8E:7C:8E:9B
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/awEJO8U11A137sKjb6dylo58jps.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.173.0-84.32.174.255
84.32.213.0/24
84.32.240.0/24
84.32.243.0/24
84.32.249.0/24
84.32.251.0/24
88.216.90.0/24
88.216.181.0/24
Signature Algorithm: sha256WithRSAEncryption
62:db:56:bf:74:3e:5d:58:4b:5f:f9:64:2b:bc:2e:dd:48:04:
89:e1:f7:7f:88:88:b3:e4:5d:ea:a8:59:78:47:6b:46:41:fc:
02:96:7b:55:08:87:db:5a:97:e5:dc:35:48:26:7d:c8:0b:13:
ba:80:45:03:24:a5:39:4d:d2:2e:ee:94:40:92:ce:aa:5c:90:
00:da:e2:73:56:ef:49:e9:33:94:c5:39:a0:f4:3b:2d:ed:72:
f4:af:82:b8:c9:ce:c1:90:08:63:f2:3b:fa:39:c3:4c:31:09:
eb:73:02:35:eb:93:56:48:85:da:b1:14:f7:03:88:73:31:39:
a9:08:30:3f:d2:c6:1d:22:05:bd:91:c8:06:68:e2:80:6a:ae:
b5:4a:ec:e6:74:5c:17:74:2d:0f:64:41:8a:9f:4a:8c:74:e7:
31:aa:ca:fc:d0:ad:9c:b0:e9:fb:9b:61:5e:2d:22:79:8a:3f:
1a:16:01:0a:9c:03:f0:1a:81:ec:67:a9:ec:53:0e:c1:0d:76:
d8:53:a7:db:29:5d:e9:cf:87:fe:17:3a:6f:e7:1c:25:c8:9a:
95:f0:74:06:1d:c6:71:ea:cd:09:36:c6:6a:6a:60:52:e1:8a:
ac:00:02:0f:17:7d:73:e9:2b:c8:41:e3:eb:8a:65:d9:bf:8e:
50:76:ce:f1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYT1y25cfTnUDGf3dBYmETG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjA5MDczMTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjAxMDkzYmM1MzVkNDBkNzdlZWMyYTM2ZmE3NzI5NjhlN2M4ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6WYTZzoES/lVzJ2ZnjB0vwEMJFp
sRRD7zh3/AZIwFEiOuxe2TP8uz5aMj4ZRUQb2TwEkQM6bPHjfkwc9GUc2WTjf7f0
bRa/yx7JKO2pPqvnBDGe5V66PglLRQcmYk/k4Z008HAginDPjnbyX+3WwID4yL9k
WsZIt7X3yZsV+SZK9D6fUhtSCpyZlmkFMkA/3G4gBf3wK/1HX8F6/fOmOwKrEl+X
yAVvZAqF4b3u+yWLWNsqBhCB5sUYNdpd4s6yMKL7meBWp9m2YagPFjE1tPTspfcB
WkzwH9pnlp8A/YXfICqcbKIYdt8V5wK0FIKe0yBmrB0zsSIxDWuq+ILqvwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGsBCTvFNdQNd+7Co2+ncpaOfI6bMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvYXdFSk84VTExQTEzN3NLamI2ZHlsbzU4anBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBABUIK0D
BABUIK4DBABUINUDBABUIPADBABUIPMDBABUIPkDBABUIPsDBABY2FoDBABY2LUw
DQYJKoZIhvcNAQELBQADggEBAGLbVr90Pl1YS1/5ZCu8Lt1IBInh93+IiLPkXeqo
WXhHa0ZB/AKWe1UIh9tal+XcNUgmfcgLE7qARQMkpTlN0i7ulECSzqpckADa4nNW
70npM5TFOaD0Oy3tcvSvgrjJzsGQCGPyO/o5w0wxCetzAjXrk1ZIhdqxFPcDiHMx
OakIMD/Sxh0iBb2RyAZo4oBqrrVK7OZ0XBd0LQ9kQYqfSox05zGqyvzQrZyw6fub
YV4tInmKPxoWAQqcA/AagexnqexTDsENdthTp9spXenPh/4XOm/nHCXImpXwdAYd
xnHqzQk2xmpqYFLhiqwAAg8XfXPpK8hB4+uKZdm/jlB2zvE=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:49 2023 by rpki-client on console-fra.rpki-client.org