Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/bQ3TFSTlxANuIRxRbkdIV0nNIzE.roa
File: bQ3TFSTlxANuIRxRbkdIV0nNIzE.roa (raw, json)
Hash identifier: yBetWrkNQ99YiufbwzEg3GHT/qNmy7Z8+5zrX/YJEQs=
Subject key identifier: 6D:0D:D3:15:24:E5:C4:03:6E:21:1C:51:6E:47:48:57:49:CD:23:31
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 2C3DD1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/bQ3TFSTlxANuIRxRbkdIV0nNIzE.roa
Signing time: Fri 04 Mar 2022 08:22:38 +0000
ROA not before: Fri 04 Mar 2022 08:22:38 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 88.216.180.0/22 maxlen: 24
88.216.188.0/22 maxlen: 24
88.216.196.0/22 maxlen: 24
88.216.209.0/24 maxlen: 24
88.216.210.0/23 maxlen: 24
88.216.212.0/22 maxlen: 24
84.32.4.0/22 maxlen: 24
88.216.16.0/24 maxlen: 24
88.216.33.0/24 maxlen: 24
88.216.32.0/24 maxlen: 24
88.216.47.0/24 maxlen: 24
88.216.46.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2899409 (0x2c3dd1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Mar 4 08:22:38 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6d0dd31524e5c4036e211c516e47485749cd2331
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:e4:ac:3b:6d:88:04:31:e4:84:a8:a8:0b:ad:
d7:c2:0e:c3:ce:44:a4:ad:41:4f:cc:04:da:d8:b0:
26:39:c8:a6:12:6a:21:8c:b5:8f:16:b1:a3:1f:aa:
48:19:84:b2:8e:62:ec:7c:fc:8a:b0:23:87:e5:45:
e0:5c:7f:4e:4a:a7:1e:8f:34:9f:fc:70:d1:49:f0:
bd:c2:4c:70:47:6b:d5:f4:39:42:48:2f:97:d0:4d:
81:8a:bd:b9:1d:78:be:8a:c4:d0:94:3f:fd:d0:5d:
c8:ce:70:f9:ef:d2:e7:1e:ca:82:44:68:1b:6c:56:
ee:b0:a0:76:67:98:19:56:a6:da:83:ca:c6:ff:17:
39:07:57:b1:70:03:c7:89:67:d5:5d:a9:e3:5d:88:
d9:d6:37:e5:66:39:ad:ca:48:ed:44:fc:40:cf:4c:
99:8a:c9:c0:da:18:83:45:44:79:c4:1d:b4:5f:28:
28:cf:17:84:0c:9d:a1:62:78:4f:6a:d4:04:81:b9:
5f:89:56:b2:19:c9:d0:94:48:b0:29:79:4f:25:11:
0c:50:22:a0:2e:39:09:6e:85:da:3e:b0:3e:26:f3:
5b:ae:86:fc:38:3d:14:0b:9a:97:36:42:0e:d8:c7:
c4:9a:a9:76:cb:f4:e2:16:8b:e1:6f:b6:bd:e3:cd:
25:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:0D:D3:15:24:E5:C4:03:6E:21:1C:51:6E:47:48:57:49:CD:23:31
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/bQ3TFSTlxANuIRxRbkdIV0nNIzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.4.0/22
88.216.16.0/24
88.216.32.0/23
88.216.46.0/23
88.216.180.0/22
88.216.188.0/22
88.216.196.0/22
88.216.209.0-88.216.215.255
Signature Algorithm: sha256WithRSAEncryption
9c:5a:a6:76:50:90:b2:9a:cc:71:af:a7:34:d9:29:ac:2a:27:
2b:1a:7c:fc:73:42:ca:93:2f:a3:bf:02:25:f2:d5:b4:bb:ae:
0f:35:fd:ff:1a:1d:5d:d9:34:6a:93:29:a4:2b:93:ec:95:c3:
a7:a7:cd:d5:1e:df:b6:4a:d0:38:6f:9e:dc:eb:ab:e3:d2:fa:
87:64:89:0d:d6:d4:19:b8:a9:68:66:f0:15:60:87:a4:f5:b0:
42:b2:dd:97:41:28:07:82:f4:07:f1:87:5a:82:9c:7b:69:95:
fc:df:a3:39:04:fb:7d:7f:09:4e:16:6d:5a:b3:b8:24:7d:85:
f7:54:4b:c6:c3:50:12:f5:a2:c2:ca:a6:09:c2:52:93:70:71:
19:ec:bb:00:be:2c:da:60:d9:e5:21:29:48:05:f4:c9:f2:d5:
00:5b:f8:0a:21:f8:1d:e0:e5:4f:3c:a3:38:1e:56:b1:07:e5:
69:09:b7:8d:53:5a:65:a3:46:ea:65:aa:74:95:1a:23:6a:e3:
e2:bf:dc:4b:63:d6:cb:7e:79:eb:18:c7:34:52:49:08:e6:89:
fe:a6:5d:fc:98:f4:ad:fe:b3:b8:ac:8e:c4:f8:6b:37:2d:3d:
dd:93:b5:5a:03:7a:7d:1f:d8:2c:a5:93:4a:8b:24:59:c5:f3:
c0:5f:71:2c
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIDLD3RMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDRm
YmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZiZGEzYzUwHhcNMjIwMzA0
MDgyMjM4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg2ZDBkZDMxNTI0ZTVj
NDAzNmUyMTFjNTE2ZTQ3NDg1NzQ5Y2QyMzMxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1OSsO22IBDHkhKioC63Xwg7DzkSkrUFPzATa2LAmOcimEmoh
jLWPFrGjH6pIGYSyjmLsfPyKsCOH5UXgXH9OSqcejzSf/HDRSfC9wkxwR2vV9DlC
SC+X0E2Bir25HXi+isTQlD/90F3IznD579LnHsqCRGgbbFbusKB2Z5gZVqbag8rG
/xc5B1excAPHiWfVXanjXYjZ1jflZjmtykjtRPxAz0yZisnA2hiDRUR5xB20Xygo
zxeEDJ2hYnhPatQEgblfiVayGcnQlEiwKXlPJREMUCKgLjkJboXaPrA+JvNbrob8
OD0UC5qXNkIO2MfEmql2y/TiFovhb7a9480l9wIDAQABo4ICOzCCAjcwHQYDVR0O
BBYEFG0N0xUk5cQDbiEcUW5HSFdJzSMxMB8GA1UdIwQYMBaAFE+9RfzjVuKmXx5N
Ha94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
VDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMzLzEv
YlEzVEZTVGx4QU51SVJ4UmJrZElWMG5OSXpFLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8z
OTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMzLzEvVDcxRl9PTlc0cVpm
SGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFEG
CCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCVCAEAwQAWNgQAwQBWNggAwQBWNgu
AwQCWNi0AwQCWNi8AwQCWNjEMAwDBABY2NEDBANY2NAwDQYJKoZIhvcNAQELBQAD
ggEBAJxapnZQkLKazHGvpzTZKawqJysafPxzQsqTL6O/AiXy1bS7rg81/f8aHV3Z
NGqTKaQrk+yVw6enzdUe37ZK0Dhvntzrq+PS+odkiQ3W1Bm4qWhm8BVgh6T1sEKy
3ZdBKAeC9Afxh1qCnHtplfzfozkE+31/CU4WbVqzuCR9hfdUS8bDUBL1osLKpgnC
UpNwcRnsuwC+LNpg2eUhKUgF9Mny1QBb+Aoh+B3g5U88ozgeVrEH5WkJt41TWmWj
RuplqnSVGiNq4+K/3Etj1st+eesYxzRSSQjmif6mXfyY9K3+s7isjsT4azctPd2T
tVoDen0f2Cylk0qLJFnF88BfcSw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:29 2024 by rpki-client on console-ams.rpki-client.org