Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OrRnWH2mOzy6Qjrznr01NYt392k.roa
File: OrRnWH2mOzy6Qjrznr01NYt392k.roa (raw, json)
Hash identifier: oAXXjuNkzV7vsgmleCBNbmWuPe1LZw9B5VqQe8EFtZc=
Subject key identifier: 3A:B4:67:58:7D:A6:3B:3C:BA:42:3A:F3:9E:BD:35:35:8B:77:F7:69
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 013E6AD7
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OrRnWH2mOzy6Qjrznr01NYt392k.roa
Signing time: Sat 01 Jan 2022 21:54:21 +0000
ROA not before: Sat 01 Jan 2022 21:54:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 397373
IP address blocks: 104.249.24.0/24 maxlen: 24
216.173.83.0/24 maxlen: 24
104.249.28.0/24 maxlen: 24
104.249.27.0/24 maxlen: 24
104.249.26.0/24 maxlen: 24
104.143.228.0/24 maxlen: 24
216.173.101.0/24 maxlen: 24
104.249.56.0/22 maxlen: 22
104.143.253.0/24 maxlen: 24
45.43.128.0/21 maxlen: 21
45.43.128.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20867799 (0x13e6ad7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jan 1 21:54:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3ab467587da63b3cba423af39ebd35358b77f769
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:42:b0:b1:1e:b0:b6:47:ce:8b:a4:0a:0e:f0:
8a:ee:23:27:f5:1e:52:c5:e3:f6:1b:cf:d6:a9:1a:
85:3e:c4:d8:9b:38:f6:95:d4:06:cb:4e:c7:5b:bd:
fc:75:ae:b9:0d:cb:e8:11:fe:42:1f:6b:87:69:df:
ec:01:1a:a3:6d:12:d4:86:8d:9a:9c:df:ac:6c:f2:
4c:e6:fb:9e:bc:ec:1a:ab:fe:d1:81:e9:34:76:a4:
6b:3a:b8:70:01:06:ae:79:f9:ed:73:9a:f0:57:df:
81:cb:25:8d:41:99:13:50:c9:6c:55:38:ff:30:7d:
83:0b:fc:38:11:46:d3:32:36:79:09:c7:ca:58:a1:
b3:fa:f7:d5:7b:ee:4f:bf:b4:5c:fa:5c:bc:82:4b:
04:37:67:ae:01:f3:9d:c3:e3:48:3f:87:52:3a:26:
f4:df:db:1d:30:8e:1c:78:b5:52:f4:18:b2:5c:35:
d1:32:10:c4:fe:5e:8d:f2:9b:f7:1e:62:77:22:26:
c9:75:ac:51:a2:09:46:a0:ee:b2:62:a3:85:db:34:
5f:74:98:19:5c:90:dd:e8:e3:bf:b7:e2:18:75:13:
00:0d:d2:a9:5e:3b:84:ec:4b:56:3d:e4:c2:c3:03:
6d:5c:9b:79:b9:ef:95:44:2c:81:50:21:28:72:79:
87:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:B4:67:58:7D:A6:3B:3C:BA:42:3A:F3:9E:BD:35:35:8B:77:F7:69
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OrRnWH2mOzy6Qjrznr01NYt392k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.128.0/21
104.143.228.0/24
104.143.253.0/24
104.249.24.0/24
104.249.26.0-104.249.28.255
104.249.56.0/22
216.173.83.0/24
216.173.101.0/24
Signature Algorithm: sha256WithRSAEncryption
60:38:b2:62:2c:5f:5f:c0:52:4a:93:b3:25:9e:d5:a3:5c:b6:
3d:7e:d4:26:af:e0:7f:93:1e:c8:03:54:b4:7a:17:7c:d5:57:
64:0a:72:44:03:56:5a:9f:3c:94:31:17:04:d2:68:42:c4:0f:
8a:d3:83:81:97:59:54:28:5e:c7:44:3a:c2:22:36:b3:7a:f0:
d8:5b:97:ef:9e:2e:2f:18:51:ab:5c:00:35:dd:32:de:cf:54:
04:c6:20:1c:18:5a:f4:a2:27:00:c6:2f:62:a1:40:77:32:ff:
93:72:f2:d4:30:39:2f:66:12:29:05:10:e2:9f:98:69:0a:e4:
7a:d7:06:b9:49:7e:83:f3:a9:5f:20:c6:23:2e:4e:08:bf:e0:
f0:c8:3f:75:52:c0:c0:e0:c4:86:2a:81:70:31:fd:64:44:10:
39:9d:e6:4a:40:86:5f:9f:ab:ae:bc:7f:cd:33:49:40:4a:64:
5f:c1:87:c0:18:22:c0:5c:45:91:13:1a:8a:98:b9:14:38:43:
24:75:ef:c4:7a:8d:91:17:5e:29:66:50:1e:ab:b8:4a:e3:2e:
73:67:5b:99:40:57:26:bd:02:c4:85:d6:9c:bc:40:ec:8d:7c:
f2:d3:dd:50:5b:76:e5:13:f8:92:88:a0:bf:97:54:89:b4:dd:
ec:40:6e:dd
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEAT5q1zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MDU4MWU2NzNkODBmNzQ3NDkzNmIyMTMzN2VhZmNjMWJkYzM4NWU5MB4XDTIyMDEw
MTIxNTQyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2FiNDY3NTg3ZGE2
M2IzY2JhNDIzYWYzOWViZDM1MzU4Yjc3Zjc2OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ9CsLEesLZHzoukCg7wiu4jJ/UeUsXj9hvP1qkahT7E2Js4
9pXUBstOx1u9/HWuuQ3L6BH+Qh9rh2nf7AEao20S1IaNmpzfrGzyTOb7nrzsGqv+
0YHpNHakazq4cAEGrnn57XOa8FffgcsljUGZE1DJbFU4/zB9gwv8OBFG0zI2eQnH
ylihs/r31XvuT7+0XPpcvIJLBDdnrgHzncPjSD+HUjom9N/bHTCOHHi1UvQYslw1
0TIQxP5ejfKb9x5idyImyXWsUaIJRqDusmKjhds0X3SYGVyQ3ejjv7fiGHUTAA3S
qV47hOxLVj3kwsMDbVybebnvlUQsgVAhKHJ5h6kCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBQ6tGdYfaY7PLpCOvOevTU1i3f3aTAfBgNVHSMEGDAWgBRgWB5nPYD3R0k2
shM36vzBvcOF6TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lGZ2VaejJBOTBkSk5ySVROLXI4d2IzRGhlay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWEvZmRkNjMzLWM2NTgtNDljNS05ZThmLWZiMDc5NTVmM2FhYS8x
L09yUm5XSDJtT3p5NlFqcnpucjAxTll0Mzkyay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWEv
ZmRkNjMzLWM2NTgtNDljNS05ZThmLWZiMDc5NTVmM2FhYS8xL1lGZ2VaejJBOTBk
Sk5ySVROLXI4d2IzRGhlay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAy0rgAMEAGiP5AMEAGiP/QMEAGj5
GDAMAwQBaPkaAwQAaPkcAwQCaPk4AwQA2K1TAwQA2K1lMA0GCSqGSIb3DQEBCwUA
A4IBAQBgOLJiLF9fwFJKk7MlntWjXLY9ftQmr+B/kx7IA1S0ehd81VdkCnJEA1Za
nzyUMRcE0mhCxA+K04OBl1lUKF7HRDrCIjazevDYW5fvni4vGFGrXAA13TLez1QE
xiAcGFr0oicAxi9ioUB3Mv+TcvLUMDkvZhIpBRDin5hpCuR61wa5SX6D86lfIMYj
Lk4Iv+DwyD91UsDA4MSGKoFwMf1kRBA5neZKQIZfn6uuvH/NM0lASmRfwYfAGCLA
XEWRExqKmLkUOEMkde/Eeo2RF14pZlAeq7hK4y5zZ1uZQFcmvQLEhdacvEDsjXzy
091QW3blE/iSiKC/l1SJtN3sQG7d
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:38 2023 by rpki-client on console-ams.rpki-client.org