Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/n25wXPSw9cQ6xK2gVRNl3q2X_GM.roa
File: n25wXPSw9cQ6xK2gVRNl3q2X_GM.roa (raw, json)
Hash identifier: RGJe5mOiLYPDuF5B+5TSUgCjmpyi4ks8/bFOBm9XSV0=
Subject key identifier: 9F:6E:70:5C:F4:B0:F5:C4:3A:C4:AD:A0:55:13:65:DE:AD:97:FC:63
Certificate issuer: /CN=d7880ed1021d0ecac71205673b004813b39dfc99
Certificate serial: 33A15B3B
Authority key identifier: D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/n25wXPSw9cQ6xK2gVRNl3q2X_GM.roa
Signing time: Mon 23 May 2022 13:19:29 +0000
ROA not before: Mon 23 May 2022 13:19:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29680
IP address blocks: 151.252.112.0/21 maxlen: 21
178.23.208.0/21 maxlen: 24
193.238.52.0/22 maxlen: 22
217.18.224.0/21 maxlen: 21
217.18.232.0/22 maxlen: 22
217.18.239.0/24 maxlen: 24
217.18.237.0/24 maxlen: 24
217.18.236.0/24 maxlen: 24
176.28.88.0/21 maxlen: 23
193.22.119.0/24 maxlen: 24
2a00:d60::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 866212667 (0x33a15b3b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7880ed1021d0ecac71205673b004813b39dfc99
Validity
Not Before: May 23 13:19:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9f6e705cf4b0f5c43ac4ada0551365dead97fc63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:58:b8:a3:52:23:4d:82:fb:8c:a5:3b:0b:71:
92:ec:8d:7b:5f:34:97:15:ac:6f:f0:1b:cc:f8:57:
cf:15:ea:e5:bf:f4:43:2b:8d:4b:9f:c5:9f:b9:89:
8a:cb:4d:7f:0b:4e:b8:66:59:b6:1c:0a:7c:3d:c8:
4d:21:89:30:0e:15:65:42:5a:06:24:97:46:34:89:
a8:0a:79:12:83:93:a1:0b:41:16:a6:b9:3b:91:27:
3b:8a:47:3b:bd:7f:43:3e:4a:fb:4e:9b:a0:af:d0:
c4:ee:ba:da:d4:a4:e8:b3:53:5c:a7:8d:fe:58:81:
69:10:1e:7b:8d:52:62:90:46:bc:16:90:be:a4:69:
74:5d:7a:3e:69:33:6e:9f:6b:87:ca:35:2d:82:db:
17:16:d4:12:18:e6:64:57:c7:fe:0d:7c:f1:18:02:
37:0b:da:33:ee:4e:9e:73:a4:8f:f5:1b:f4:5b:c6:
81:13:b4:df:c4:6b:0c:a9:a5:21:07:25:47:fc:db:
59:09:ae:e7:3b:31:e1:c4:cd:34:1c:9e:f8:e2:0b:
b3:0f:6f:9f:46:5d:59:8c:b8:20:aa:4c:a8:e1:a7:
ac:ef:eb:23:d4:95:c9:37:67:c8:08:b2:c4:a8:6f:
16:e1:61:39:3d:ae:2a:d7:29:6c:01:db:9e:18:43:
4f:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:6E:70:5C:F4:B0:F5:C4:3A:C4:AD:A0:55:13:65:DE:AD:97:FC:63
X509v3 Authority Key Identifier:
keyid:D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/n25wXPSw9cQ6xK2gVRNl3q2X_GM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.252.112.0/21
176.28.88.0/21
178.23.208.0/21
193.22.119.0/24
193.238.52.0/22
217.18.224.0-217.18.237.255
217.18.239.0/24
IPv6:
2a00:d60::/32
Signature Algorithm: sha256WithRSAEncryption
4d:95:b1:8f:01:3f:91:9d:55:34:a4:ae:7a:68:20:d8:08:a4:
b6:eb:04:b3:5c:e1:aa:88:f6:16:75:7c:72:6b:8c:15:88:71:
05:e3:03:3c:86:d4:a1:79:90:8c:5a:6b:32:02:52:f0:1e:61:
38:14:c8:28:42:fd:d9:ad:54:db:7a:7f:90:a3:09:1a:2d:65:
40:46:73:ca:fc:43:e1:eb:1a:a6:3e:94:6a:ca:11:fb:0c:6b:
e7:64:30:39:e7:fd:98:5f:5f:9b:63:3f:2d:0e:60:6a:2b:ca:
9e:f6:91:00:82:18:2e:d5:33:fe:3e:54:bd:85:9c:96:1d:81:
75:f5:6c:96:e2:db:b3:07:0e:fb:61:04:db:5c:60:4e:4b:b2:
16:83:a5:e3:11:12:77:0e:d8:82:1b:1b:24:80:38:4b:4e:91:
68:47:74:ec:f1:c8:1f:9f:0e:2c:d1:8f:90:cb:40:77:6b:71:
18:c0:9c:29:f0:ec:06:9a:09:fd:d0:d6:58:21:ab:9a:6b:c7:
1e:98:8b:2e:18:9b:79:0f:31:fd:fe:f9:a7:a8:23:1c:b8:1c:
00:90:ac:50:97:0e:1b:95:cc:17:50:5e:93:8e:63:1c:cb:12:
31:ad:66:c9:6b:e0:75:44:fb:91:4a:ad:fd:f0:5b:ab:e8:7c:
fd:51:8d:3a
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIEM6FbOzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
Nzg4MGVkMTAyMWQwZWNhYzcxMjA1NjczYjAwNDgxM2IzOWRmYzk5MB4XDTIyMDUy
MzEzMTkyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWY2ZTcwNWNmNGIw
ZjVjNDNhYzRhZGEwNTUxMzY1ZGVhZDk3ZmM2MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKFYuKNSI02C+4ylOwtxkuyNe180lxWsb/AbzPhXzxXq5b/0
QyuNS5/Fn7mJistNfwtOuGZZthwKfD3ITSGJMA4VZUJaBiSXRjSJqAp5EoOToQtB
Fqa5O5EnO4pHO71/Qz5K+06boK/QxO662tSk6LNTXKeN/liBaRAee41SYpBGvBaQ
vqRpdF16Pmkzbp9rh8o1LYLbFxbUEhjmZFfH/g188RgCNwvaM+5OnnOkj/Ub9FvG
gRO038RrDKmlIQclR/zbWQmu5zsx4cTNNBye+OILsw9vn0ZdWYy4IKpMqOGnrO/r
I9SVyTdnyAiyxKhvFuFhOT2uKtcpbAHbnhhDT5UCAwEAAaOCAkQwggJAMB0GA1Ud
DgQWBBSfbnBc9LD1xDrEraBVE2XerZf8YzAfBgNVHSMEGDAWgBTXiA7RAh0OyscS
BWc7AEgTs538mTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzE0Z08wUUlkRHNySEVnVm5Pd0JJRTdPZF9Kay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvNzU2NTA1LTIwNjItNDllNy05NGZlLTA0Nzc3YzE5OGVmMS8x
L24yNXdYUFN3OWNRNnhLMmdWUk5sM3EyWF9HTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
NzU2NTA1LTIwNjItNDllNy05NGZlLTA0Nzc3YzE5OGVmMS8xLzE0Z08wUUlkRHNy
SEVnVm5Pd0JJRTdPZF9Kay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBa
BggrBgEFBQcBBwEB/wRLMEkwOAQCAAEwMgMEA5f8cAMEA7AcWAMEA7IX0AMEAMEW
dwMEAsHuNDAMAwQF2RLgAwQB2RLsAwQA2RLvMA0EAgACMAcDBQAqAA1gMA0GCSqG
SIb3DQEBCwUAA4IBAQBNlbGPAT+RnVU0pK56aCDYCKS26wSzXOGqiPYWdXxya4wV
iHEF4wM8htSheZCMWmsyAlLwHmE4FMgoQv3ZrVTben+QowkaLWVARnPK/EPh6xqm
PpRqyhH7DGvnZDA55/2YX1+bYz8tDmBqK8qe9pEAghgu1TP+PlS9hZyWHYF19WyW
4tuzBw77YQTbXGBOS7IWg6XjERJ3DtiCGxskgDhLTpFoR3Ts8cgfnw4s0Y+Qy0B3
a3EYwJwp8OwGmgn90NZYIauaa8cemIsuGJt5DzH9/vmnqCMcuBwAkKxQlw4blcwX
UF6TjmMcyxIxrWbJa+B1RPuRSq398Fur6Hz9UY06
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:39 2023 by rpki-client on console-ams.rpki-client.org