Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xu1WycnrsfqQt7FjcEs6-oaLJak.roa
File: xu1WycnrsfqQt7FjcEs6-oaLJak.roa (raw, json)
Hash identifier: Ceqev/JH2RQpqnxPlKEVKWq/qlnS0U3bbCPX2hAZSZc=
Subject key identifier: C6:ED:56:C9:C9:EB:B1:FA:90:B7:B1:63:70:4B:3A:FA:86:8B:25:A9
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 01854DFA3843195BA4E0E66F25C738234369
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xu1WycnrsfqQt7FjcEs6-oaLJak.roa
Signing time: Mon 26 Dec 2022 10:28:42 +0000
ROA not before: Mon 26 Dec 2022 10:28:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 84.32.56.0/24 maxlen: 24
84.32.63.0/24 maxlen: 24
88.216.197.0/24 maxlen: 24
84.32.95.0/24 maxlen: 24
84.32.105.0/24 maxlen: 24
84.32.104.0/24 maxlen: 24
88.216.2.0/24 maxlen: 24
88.216.1.0/24 maxlen: 24
84.32.230.0/24 maxlen: 24
88.216.34.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:4d:fa:38:43:19:5b:a4:e0:e6:6f:25:c7:38:23:43:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Dec 26 10:28:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c6ed56c9c9ebb1fa90b7b163704b3afa868b25a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:6b:40:31:f3:c7:13:28:0c:97:c2:9f:77:cc:
f1:68:4a:5d:0e:4a:62:a5:32:e1:43:e9:d7:4d:0c:
84:d8:69:b3:ca:a6:49:7d:be:7f:a3:b8:d7:15:a4:
21:42:2c:ef:77:6d:82:c4:05:af:dd:1d:4f:59:1c:
3d:ef:9c:c0:e9:98:48:46:7c:c4:44:96:a7:64:2f:
08:e1:5a:40:e3:1a:90:08:da:bf:50:27:d0:d3:4b:
15:3f:fc:34:bb:c8:c0:c4:61:f3:18:80:e0:0a:ed:
e1:b2:f7:2b:c9:7d:cb:f6:d7:c1:af:13:39:7b:fb:
d4:e5:f6:be:7e:cc:b1:c6:77:c5:05:f4:87:8c:99:
2f:5e:25:9f:90:10:bc:dc:f2:e5:c3:9e:71:64:49:
05:ae:53:a7:36:4c:00:7d:31:c1:24:46:ca:b4:4e:
46:ab:ab:f3:4c:ad:66:74:b7:b1:1a:86:93:89:db:
12:30:ba:6a:b9:cc:08:d8:63:35:2d:bf:5a:23:2c:
06:24:fd:95:73:4d:2e:f2:b9:8e:b2:14:9c:d8:95:
9a:e2:6a:dd:50:59:de:4f:6f:30:4f:16:f1:a9:b3:
27:a6:fa:9e:da:89:86:44:34:c0:c6:38:c7:b3:7d:
b8:fd:1c:32:05:82:6f:a8:54:3e:1c:da:62:c4:67:
7f:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:ED:56:C9:C9:EB:B1:FA:90:B7:B1:63:70:4B:3A:FA:86:8B:25:A9
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xu1WycnrsfqQt7FjcEs6-oaLJak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.56.0/24
84.32.63.0/24
84.32.95.0/24
84.32.104.0/23
84.32.230.0/24
88.216.1.0-88.216.2.255
88.216.34.0/24
88.216.197.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:3f:b8:dc:c0:3d:39:61:08:f8:55:73:8c:4d:35:d9:82:f4:
f4:54:b9:fc:36:aa:2f:33:d6:58:25:b5:a8:35:fb:21:e8:2d:
95:aa:a3:c3:a9:4a:ff:a6:ee:d8:e7:c4:b3:57:4a:5b:55:81:
dd:39:02:1a:93:a1:46:84:9d:ea:8d:77:63:76:e1:80:14:ae:
72:78:35:d6:dc:f5:31:1b:44:a0:2e:a1:27:78:a8:83:33:9f:
0d:0b:c4:55:5d:b0:dd:41:89:33:af:1a:c0:77:39:6b:0d:b6:
02:1c:8c:ee:fa:93:c7:61:f5:8b:a2:3c:58:84:73:db:0f:29:
ec:5a:8b:d4:18:9d:12:b3:02:f2:92:d6:ac:10:3a:c0:2f:bb:
20:57:85:33:27:e4:28:0f:e8:58:5d:e1:91:0e:cb:19:19:e3:
82:ef:e0:c2:88:6b:93:6f:20:77:5b:98:0e:9e:4a:51:81:a3:
6c:c7:97:2a:46:84:2e:02:d3:ed:0f:82:d6:8f:10:31:3f:87:
39:4a:c7:72:96:69:67:cb:df:6c:3f:33:d9:44:32:fa:10:fb:
56:f2:11:4e:d4:0a:c7:83:5e:bc:9e:2b:b2:a7:29:d4:6d:26:
47:53:ab:30:eb:a1:e1:da:de:36:e0:34:88:a4:7d:37:68:64:
48:0c:83:f6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVN+jhDGVuk4OZvJcc4I0NpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjI2MTAyODQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmVkNTZjOWM5ZWJiMWZhOTBiN2IxNjM3MDRiM2FmYTg2OGIyNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmtAMfPHEygMl8Kfd8zxaEpdDkpi
pTLhQ+nXTQyE2GmzyqZJfb5/o7jXFaQhQizvd22CxAWv3R1PWRw975zA6ZhIRnzE
RJanZC8I4VpA4xqQCNq/UCfQ00sVP/w0u8jAxGHzGIDgCu3hsvcryX3L9tfBrxM5
e/vU5fa+fsyxxnfFBfSHjJkvXiWfkBC83PLlw55xZEkFrlOnNkwAfTHBJEbKtE5G
q6vzTK1mdLexGoaTidsSMLpqucwI2GM1Lb9aIywGJP2Vc00u8rmOshSc2JWa4mrd
UFneT28wTxbxqbMnpvqe2omGRDTAxjjHs324/RwyBYJvqFQ+HNpixGd/rwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFMbtVsnJ67H6kLexY3BLOvqGiyWpMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEveHUxV3ljbnJzZnFRdDdGamNFczYtb2FMSmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVCA4AwQA
VCA/AwQAVCBfAwQBVCBoAwQAVCDmMAwDBABY2AEDBABY2AIDBABY2CIDBABY2MUw
DQYJKoZIhvcNAQELBQADggEBAJs/uNzAPTlhCPhVc4xNNdmC9PRUufw2qi8z1lgl
tag1+yHoLZWqo8OpSv+m7tjnxLNXSltVgd05AhqToUaEneqNd2N24YAUrnJ4Ndbc
9TEbRKAuoSd4qIMznw0LxFVdsN1BiTOvGsB3OWsNtgIcjO76k8dh9YuiPFiEc9sP
Kexai9QYnRKzAvKS1qwQOsAvuyBXhTMn5CgP6Fhd4ZEOyxkZ44Lv4MKIa5NvIHdb
mA6eSlGBo2zHlypGhC4C0+0PgtaPEDE/hzlKx3KWaWfL32w/M9lEMvoQ+1byEU7U
CseDXryeK7KnKdRtJkdTqzDroeHa3jbgNIikfTdoZEgMg/Y=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:34 2023 by rpki-client on console-ams.rpki-client.org